Manualshelf

Managing Serviceguard 13th Edition, February 2007

ManualsBrandsHP ManualsSoftwareHP Serviceguard Software
191192193194195196197198199200
Building an HA Cluster Configuration
Preparing Your Systems
Chapter 5194
For example:
gryf root #cluster1,node1
gryf user1 #cluster1,node 1
sly root # cluster1, node2
sly user1 #cluster1, node 2
bit root #Administration/COM Server
Users with root access can use any cluster configuration commands.
Users with non-root access are assigned the Monitor role, giving them
read-only access to the node’s configuration. In this example, root users
on the nodes gryf, sly, and bit have root access to the node on which
this cmclnodelist file resides. The non-root user user1 has the Monitor
role when connecting to this node from nodes gryf and sly.
Serviceguard also accepts the use of a “+” in the cmclnodelist file; this
indicates that any root user on any node can configure this node and any
non-root user has the Monitor role.
NOTE If $SGCONF/cmclnodelist does not exist, Serviceguard will look at
~/.rhosts. HP strongly recommends that you use cmclnodelist.
Setting Access Controls for Configured Cluster Nodes
Once nodes are configured in a cluster, access-control policies govern
cluster-wide security; changes to cmclnodelist are ignored. The root
user on each cluster node is automatically granted root access to all other
nodes. Other users can be authorized for non-root roles.
NOTE Users on systems outside the cluster cannot gain root access to cluster
nodes.
Define access control policies for a cluster in the cluster configuration
file, and for a specific package in the package configuration file. Any
combination of hosts and users can be assigned roles for the cluster. You
can define up to 200 access policies for each cluster.
Access policies are defined by three parameters in the configuration file: