Manualshelf

HP Serviceguard Version A.11.17 Release Notes, March 2006 (revised)

ManualsBrandsHP ManualsSoftwareHP Serviceguard Software
11121314151617181920
Serviceguard Version A.11.17 Release Notes
Compatibility Information and Installation Requirements
Chapter 1 19
In pre-A.11.16 clusters, the only role for a non-root user is Monitor.
To monitor a cluster, modify a (pre-A.11.16) cluster node’s cmclnodelist
file. Read-only access is granted by entering the pair
<user_hostname>
<NonRootUser_name>
. Or, you can enter a + (plus) wild card to allow any
user.
A command line user can issue the cmviewcl command with this entry.
A Serviceguard Manager user can view a cluster in the map and tree,
and read Properties of all the cluster’s objects. A Serviceguard Manager
user can issue administrative commands if they log in to a Session
Server as root. They can issue configuration commands if they give the
root password for one of the clusters nodes.
Serviceguard Manager checks two places for access: once when the user
logs in to the Session Server, and again when the Session Server contacts
the target node. For more information about Serviceguard Manager
policies, see the Serviceguard Manager Release Notes, or the online help.
For versions earlier than A.11.16, the /.rhosts file must not allow write
access by group or other. If /.rhosts file write permission is enabled
for other or group, Serviceguard commands will fail, logging a
“Permission denied for user” message. This situation can arise when the
Serviceguard remote security file, /etc/cmcluster/cmclnodelist, is
not used and remote node security is resolved with the .rhosts facility
instead. (These rules apply only to target nodes with versions earlier
than Serviceguard A.11.16.)
Upgraded Serviceguard
If you have a cluster with entries in cmclnodelist, those entries are
also updated when you update to version A.11.16.
Every
<host_node>
<user_name>
pair is now in the cluster configuration
file as an Access Control Policy triplet, with:
USER_NAME
<user_name>
USER_HOST
<host_node>
USER_ROLE Monitor
If you had a wild-card + (plus), you see an access policy with wildcards:
USER_NAME ANY_USER
USER_HOST ANY_SERVICEGUARD_NODE