Serviceguard Manager Version A.05.01 Release Notes, February 2007
Serviceguard Manager Version A.05.01 Release Notes
Patches and Fixes in this Version
Chapter 152
JAGaf45963 Cannot cmapplyconf from root from node in cluster
• What is the problem? Creating or modifying a cluster or package
within Serviceguard Manager (equivalent to using the cmapplyconf
command) may result in the inability for Serviceguard to resolve the
source IP address to a valid IP Address.
For redundancy, Serviceguard commands use all networks available
on a system to communicate with Serviceguard daemons. This
includes configured interfaces not listed in the cluster ASCII file. To
authorize these communications, Serviceguard must be able to
resolve the source IP address to a valid hostname. Valid hostnames
include every node in the cluster and any node outside the cluster
that needs to communicate with nodes within a cluster, which would
include a Session Server COM node in Serviceguard Manager.
A permission problem will result when Serviceguard cannot verify
that the source address of a message is authorized and cannot
resolve the source IP address to a valid hostname. The actual
symptoms of a permission problem will vary depending on what
operation is being performed. The following is an example of a
message which could be seen in syslog.log:
Dec 1 13:13:45 sly cmclconfd[15227]: WARNING: User root
from ip address 10.8.1.131 does not have privileges to
access this node. Either they are coming from a node
without enhanced security or somebody may be attempting
un-authorized access to this system.
• What is the workaround? To avoid permission problems, all
interfaces for all authorized nodes must be defined in /etc/hosts
on all nodes within the cluster. All interfaces on all nodes that may
be used as a Session Server, and all nodes that may be included in
their session, must share all of each other's interface definitions. The
name service switch policy for hosts must be set to files followed by
any other sources used such as DNS, NIS or LDAP.
Below is an example hosts file:
15.145.162.131 gryf.uksr.hp.com gryf
10.8.0.131 gryf.uksr.hp.com gryf
10.8.1.131 gryf.uksr.hp.com gryf
10.8.2.131 gryf.uksr.hp.com gryf
15.145.162.132 sly.uksr.hp.com sly
10.8.0.132 sly.uksr.hp.com sly
10.8.1.132 sly.uksr.hp.com sly