Managing Serviceguard 13th Edition, February 2007
Building an HA Cluster Configuration
Preparing Your Systems
Chapter 5 193
NOTE When you upgrade a cluster from Version A.11.15 or earlier, entries in
$SGCONF/cmclnodelist are automatically updated into Access Control
Policies in the cluster configuration file. All non-root user-hostname
pairs are assigned the role of Monitor (view only).
Serviceguard uses different mechanisms for access control depending on
whether the node is configured into a cluster or not. The following two
subsections discuss how to configure access control policies in these two
cases.
Setting Controls for an Unconfigured Node
When Serviceguard is first installed on a system, no access control
policies are defined. To enable this system to be included in a cluster, you
must allow root access to the node for the root user of every other
potential cluster node. The mechanism for doing this is
$SGCONF/cmclnodelist. This file does not exist by default, but you
should create it, as described in the following subsection.
NOTE For the management-station version of Serviceguard Manager, you must
also allow remote COM servers to monitor or configure the node. These
policies will only be in effect while a node is not configured into a cluster.
Using the cmclnodelist File
The cmclnodelist file is not created by default in new installations.
When you create it, you may want to add a comment such as the
following at the top of the file:
###########################################################
# Do not edit this file!
# Serviceguard uses this file only to authorize access to an unconfigured
# node. Once a cluster is created, Serviceguard will not consult this file.
###########################################################
The format for entries in the cmclnodelist file is as follows:
[hostname or IP address] [user] [#Comment]