Manualshelf

Managing Serviceguard 14th Edition, June 2007

ManualsBrandsHP ManualsSoftwareHP Serviceguard Software
201202203204205206207208209210
Building an HA Cluster Configuration
Preparing Your Systems
Chapter 5 207
Setting Access Controls for Configured Cluster Nodes
Once nodes are configured in a cluster, access-control policies govern
cluster-wide security; changes to cmclnodelist are ignored. The root
user on each cluster node is automatically granted root access to all other
nodes. Other users can be authorized for non-root roles.
NOTE Users on systems outside the cluster cannot gain root access to cluster
nodes.
Define access control policies for a cluster in the cluster configuration
file, and for a specific package in the package configuration file. Any
combination of hosts and users can be assigned roles for the cluster. You
can define up to 200 access policies for each cluster.
Access policies are defined by three parameters in the configuration file:
USER_NAME can either be ANY_USER, or a maximum of 8 login names
from the /etc/passwd file on USER_HOST. The names must be
separated by spaces or tabs, for example:
# Policy 1:
USER_NAME john fred patrick
USER_HOST bit
USER_ROLE PACKAGE_ADMIN
USER_HOST is the node where USER_NAME will issue Serviceguard
commands. Choose one of these three values:
ANY_SERVICEGUARD_NODE - any node on the subnet
CLUSTER_MEMBER_NODE - any node in the cluster
A specific node name - use the official hostname from domain
name server, not an IP addresses or fully qualified name.
USER_ROLE must be one of these three values:
MONITOR
FULL_ADMIN
PACKAGE_ADMIN