Manualshelf

Managing HP Serviceguard for Linux, Seventh Edition, July 2007

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux ProLiant Cluster
141142143144145146147148149150
Building an HA Cluster Configuration
Preparing Your Systems
Chapter 5148
NOTE Users on systems outside the cluster cannot gain root access to cluster
nodes.
Define access control policies for a cluster in the cluster configuration
file, and for a specific package in the package configuration file. Any
combination of hosts and users can be assigned roles for the cluster. You
can define up to 200 access policies for each cluster.
Access policies are defined by three parameters in the configuration file:
USER_NAME can either be ANY_USER, or a maximum of 8 login names
from the /etc/passwd file on USER_HOST. The names must be
separated by spaces or tabs, for example:
# Policy 1:
USER_NAME john fred patrick
USER_HOST bit
USER_ROLE PACKAGE_ADMIN
USER_HOST is the node where USER_NAME will issue Serviceguard
commands. Choose one of these three values:
ANY_SERVICEGUARD_NODE - any node on the subnet
CLUSTER_MEMBER_NODE - any node in the cluster
A specific node name - use the official hostname from domain
name server, not an IP addresses or fully qualified name.
USER_ROLE must be one of these three values:
MONITOR
FULL_ADMIN
PACKAGE_ADMIN
MONITOR and FULL_ADMIN can only be set in the cluster configuration
file and they apply to the entire cluster. PACKAGE_ADMIN can be set in
the cluster or a package configuration file. If it is set in the cluster
configuration file, PACKAGE_ADMIN applies to all configured packages;
if it is set in a package configuration file, it applies to that package
only. These roles are not exclusive; for example, you can configure
more than one PACKAGE_ADMIN for the same package.