> On 25 Oct 2014, at 8:11 pm, Grüninger, Andreas (LGL Extern)
> <andreas.gruenin...@lgl.bwl.de> wrote:
>
> I guess corosync and pacemaker are started as user hacluster
>
> The method start of the init script managed by SMF:
> …
> start() {
> stop
> su ${CLUSTER_USER} -c ${APPPATH}${COROSYNC}
> sleep $sleep0
> su ${CLUSTER_USER} -c ${APPPATH}${PACEMAKERD} &
> return 0
> }
> ….
>
As long as people know this is unsupportable
> root@zd-sol-s1:~# ps -ef|grep lrmd
> hacluster 3886 3882 0 Oct 23 ? 0:06
> /opt/ha/libexec/pacemaker/lrmd
> root 17397 3312 0 11:03:59 pts/2 0:00 grep lrmd
>
> In this case you need sudo.
> Alternatively you may add the necessary RBAC roles.
>
>
> Von: Vincenzo Pii [mailto:p...@zhaw.ch]
> Gesendet: Freitag, 24. Oktober 2014 14:11
> An: Andrew Beekhof
> Cc: The Pacemaker cluster resource manager
> Betreff: Re: [Pacemaker] IPaddr resource agent on Illumos
>
> I think I have a pretty custom setup, so the IPaddr script is being run by
> hacluster (added a whoami echo and checked the logs to be sure).
>
> Anyway, the passwordless sudo works around the problem :)!
>
> Thanks,
> Vincenzo.
>
> 2014-10-24 7:37 GMT+02:00 Andrew Beekhof <and...@beekhof.net>:
>
> > On 24 Oct 2014, at 3:13 am, Andrei Borzenkov <arvidj...@gmail.com> wrote:
> >
> > В Thu, 23 Oct 2014 17:51:24 +0200
> > Vincenzo Pii <p...@zhaw.ch> пишет:
> >
> >> I am trying to run the IPaddr resource agent on an active/passive cluster
> >> on Illumos nodes (pacemaker, corosync, crm... built from updated sources).
> >>
> >> By reading the example from Saso here
> >> http://zfs-create.blogspot.ch/2013/06/building-zfs-storage-appliance-part-1.html,
> >> this would seem straightforward and this makes me think that I am doing
> >> something wrong :)!
> >>
> >> I patched the IPaddr script to use /usr/bin/gnu/sh and to avoid finding a
> >> free interface with \" grep "^$NIC:[0-9]" \" as that is just not the case,
> >> but now I am stuck at trying to configure the ip address.
> >>
> >> This, in the script, is done with ifconfig (something like
> >>
> >> ifconfig e1000g2 inet 10.0.100.4 && ifconfig e1000g2 netmask
> >> 255.255.255.0 && ifconfig e1000g2 up
> >>
> >> ).
> >>
> >> However, the script is run by the hacluster user, which cannot write
> >> network configuration settings.
> >>
> >
> > Unless I'm completely confused, resource scripts are launched by lrmd
> > which runs as root.
>
> Correct
>
> >
> >> To solve this problem, I am now looking at profiles, roles and
> >> authorizations, which seems to be a very "user friendly" way to handle
> >> permissions in Solaris.
> >>
> >> My question is: there is no mention of this in Saso's post, or other
> >> discussions (even thought old ones) that I've come across today; am I
> >> missing something obvious, or this is just the way it has to be?
> >>
> >> This is how I configure the IPaddr prmitive:
> >>
> >> # ipadm create-if e1000g2
> >> # crm configure primitive frontend_IP ocf:heartbeat:IPaddr params
> >> ip="10.0.100.4" cidr_netmask="255.255.255.0" nic="e1000g2"
> >>
> >> Many thanks,
> >> Vincenzo.
> >>
> >
> >
> > _______________________________________________
> > Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
> > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> > Project Home: http://www.clusterlabs.org
> > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > Bugs: http://bugs.clusterlabs.org
>
>
>
>
> --
> Vincenzo Pii
> Researcher, InIT Cloud Computing Lab
> Zurich University of Applied Sciences (ZHAW)
> blog.zhaw.ch/icclab
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
