Managing HP Serviceguard A.11.20.20 for Linux, May 2013
The heartbeat can comprise multiple IPv4 subnets joined by a router. In this case at least two
heartbeat paths must be configured for each cluster node. See also the discussion of
HEARTBEAT_IP (page 95), and “Cross-Subnet Configurations” (page 27).
5.2.6 Specifying Maximum Number of Configured Packages
This value must be equal to or greater than the number of packages currently configured in the
cluster. The count includes all types of packages: failover, multi-node, and system multi-node. The
maximum number of packages per cluster is 300. The default is the maximum.
NOTE: Remember to tune kernel parameters on each node to ensure that they are set high enough
for the largest number of packages that will ever run concurrently on that node.
5.2.7 Modifying the MEMBER_TIMEOUT Parameter
The cmquerycl command supplies a default value of 14 seconds for the MEMBER_TIMEOUT
parameter. Changing this value will directly affect the cluster’s re-formation and failover times. You
may need to increase the value if you are experiencing cluster node failures as a result of heavy
system load or heavy network traffic; or you may need to decrease it if cluster re-formations are
taking a long time.
You can change MEMBER_TIMEOUT while the cluster is running.
For more information about node timeouts, see “What Happens when a Node Times Out” (page 75)
and the MEMBER_TIMEOUT parameter discussions under “Cluster Configuration Parameters ”
(page 91), and “Cluster Re-formations Caused by MEMBER_TIMEOUT Being Set too Low” (page 258).
5.2.8 Controlling Access to the Cluster
Serviceguard access-control policies define cluster users’ administrative or monitoring capabilities.
5.2.8.1 A Note about Terminology
Although you will also sometimes see the term role-based access (RBA) in the output of Serviceguard
commands, the preferred set of terms, always used in this manual, is as follows:
• Access-control policies - the set of rules defining user access to the cluster.
◦ Access-control policy - one of these rules, comprising the three parameters USER_NAME,
USER_HOST, USER_ROLE. See “Setting up Access-Control Policies” (page 160).
• Access roles - the set of roles that can be defined for cluster users (Monitor, Package Admin,
Full Admin).
◦ Access role - one of these roles (for example, Monitor).
5.2.8.2 How Access Roles Work
Serviceguard daemons grant access to Serviceguard commands by matching the command user’s
hostname and username against the access control policies you define. Each user can execute
only the commands allowed by his or her role.
The diagram that shows the access roles and their capabilities. The innermost circle is the most
trusted; the outermost the least. Each role can perform its own functions and the functions in all of
the circles outside it. For example, Serviceguard Root can perform its own functions plus all the
functions of Full Admin, Package Admin and Monitor; Full Admin can perform its own functions
plus the functions of Package Admin and Monitor; and so on.
158 Building an HA Cluster Configuration