Manualshelf

HP Serviceguard Version A.11.17 on HP-UX 11i v3 Release Notes, February 2007

ManualsBrandsHP ManualsSoftwareHP Serviceguard Software
31323334353637383940
Serviceguard Version A.11.17 on HP-UX 11i v3 Release Notes
Compatibility Information and Installation Requirements
Chapter 1 37
After you complete a rolling upgrade, be sure to create and save a copy of
the new configuration, using the cmgetconf command. If a cmapplyconf
is issued, you want to be sure it applies the newly migrated Access
Control Policies.
Considerations when Installing Serviceguard
When you install Serviceguard for the first time on a node, the node is
not yet part of a cluster, and so there is no Access Control Policy. For
instructions on how to proceed, see the subsection “Setting Controls for
an Unconfigured Node” under “Access Roles” in chapter 5 of the
Managing Serviceguard’ manual.
Using Serviceguard A.11.17 to reach earlier versions
For Serviceguard clusters earlier than A.11.16, access is granted in the
cmclnodelist or .rhosts file. Only a root user can modify these files to
grant access.
In pre-A.11.16 clusters, the only role for a non-root user is Monitor.
To monitor a cluster, modify a (pre-A.11.16) cluster node’s cmclnodelist
file. Grant read-only access by entering the pair <user_hostname>
<NonRootUser_name>. Or, you can enter a + (plus) wild card to allow any
user.
A command line user can issue the cmviewcl command with this entry.
A Serviceguard Manager user can view a cluster in the map and tree,
and read Properties of all the cluster’s objects. A Serviceguard Manager
user can issue administrative commands if they log in to a Session
Server as root. They can issue configuration commands if they give the
root password for one of the cluster’s nodes.
Serviceguard Manager checks two places for access: once when the user
logs in to the Session Server, and again when the Session Server contacts
the target node. For more information about Serviceguard Manager
policies, see the Serviceguard Manager Release Notes, or the online help.
For versions earlier than A.11.16, the /.rhosts file must not allow write
access by group or other. If /.rhosts file write permission is enabled
for other or group, Serviceguard commands will fail, logging a
“Permission denied for user” message. This situation can arise when the
Serviceguard remote security file, /etc/cmcluster/cmclnodelist, is