Managing Serviceguard 13th Edition, February 2007

Building an HA Cluster Configuration

Preparing Your Systems

Chapter 5 195

• USER_NAME can either be ANY_USER, or a maximum of 8 login names

from the /etc/passwd file on USER_HOST. The names must be

separated by spaces or tabs, for example:

# Policy 1:

USER_NAME john fred patrick

USER_HOST bit

USER_ROLE PACKAGE_ADMIN

• USER_HOST is the node where USER_NAME will issue Serviceguard

commands. If you are using the management-station version of

Serviceguard Manager, USER_HOST is the COM server. Choose one of

these three values:

— ANY_SERVICEGUARD_NODE - any node on the subnet

— CLUSTER_MEMBER_NODE - any node in the cluster

— A specific node name - use the official hostname from domain

name server, not an IP addresses or fully qualified name.

• USER_ROLE must be one of these three values:

— MONITOR

— FULL_ADMIN

— PACKAGE_ADMIN

MONITOR and FULL_ADMIN can only be set in the cluster configuration

file and they apply to the entire cluster. PACKAGE_ADMIN can be set in

the cluster or a package configuration file. If it is set in the cluster

configuration file, PACKAGE_ADMIN applies to all configured packages;

if it is set in a package configuration file, it applies to that package

only. These roles are not exclusive; for example, you can configure

more than one PACKAGE_ADMIN for the same package.

NOTE You do not have to halt the cluster or package to configure or modify

access control policies.

Here is an example of an access control policy:

USER_NAME john

USER_HOST bit

USER_ROLE PACKAGE_ADMIN