Managing HP Serviceguard for Linux, Eighth Edition, March 2008
Building an HA Cluster Configuration
Preparing Your Systems
Chapter 5 145
This example grants root access to the node on which this cmclnodelist
file resides to root users on the nodes gryf, sly, and bit.
Serviceguard also accepts the use of a “+” in the cmclnodelist file; this
indicates that the root user on any Serviceguard node can configure
Serviceguard on this node.
IMPORTANT If $SGCONF/cmclnodelist does not exist, Serviceguard will look at
~/.rhosts. HP strongly recommends that you use cmclnodelist.
NOTE When you upgrade a cluster from Version A.11.15 or earlier, entries in
$SGCONF/cmclnodelist are automatically updated to Access Control
Policies in the cluster configuration file. All non-root user-hostname
pairs are assigned the role of Monitor.
Ensuring that the Root User on Another Node Is Recognized
The Linux root user on any cluster node can configure the cluster. This
requires that Serviceguard on one node be able to recognize the root user
on another.
Serviceguard uses the identd daemon to verify user names, and, in the
case of a root user, verification succeeds only if identd returns the
username root. Because identd may return the username for the first
match on UID 0, you must check /etc/passwd on each node you intend
to configure into the cluster, and ensure that the entry for the root user
comes before any other entry with a UID of 0.
About identd HP strongly recommends that you use identd for user
verification, so you should make sure that each prospective cluster node
is configured to run it. identd is usually started from
/etc/init.d/xinetd.
(It is possible to disable identd, though HP recommends against doing
so. If for some reason you have to disable identd, see “Disabling identd”
on page 196.)
For more information about identd, see the white paper Securing
Serviceguard at http://docs.hp.com -> High Availability ->
Serviceguard -> White Papers, and the identd manpage.