Manualshelf

Managing HP Serviceguard for Linux Ninth Edition, April 2009

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux RH AS ProLiant Cluster
141142143144145146147148149150
Configuring Root-Level Access
The subsections that follow explain how to set up root access between the nodes in the
prospective cluster. (When you proceed to configuring the cluster, you will define
various levels of non-root access as well; see “Controlling Access to the Cluster
(page 176).)
NOTE: For more information and advice, see the white paper Securing Serviceguard
at http://docs.hp.com -> High Availability -> Serviceguard ->
White Papers.
Allowing Root Access to an Unconfigured Node
To enable a system to be included in a cluster, you must enable Linux root access to
the system by the root user of every other potential cluster node. The Serviceguard
mechanism for doing this is the file $SGCONF/cmclnodelist. This is sometimes
referred to as a “bootstrap” file because Serviceguard consults it only when configuring
a node into a cluster for the first time; it is ignored after that. It does not exist by default,
but you will need to create it.
You may want to add a comment such as the following at the top of the file:
###########################################################
# Do not edit this file!
# Serviceguard uses this file only to authorize access to an
# unconfigured node. Once the node is configured,
# Serviceguard will not consult this file.
###########################################################
The format for entries in cmclnodelist is as follows:
[hostname] [user] [#Comment]
For example:
gryf root #cluster1, node1
sly root #cluster1, node2
bit root #cluster1, node3
This example grants root access to the node on which this cmclnodelist file resides
to root users on the nodes gryf, sly, and bit.
Serviceguard also accepts the use of a “+” in the cmclnodelist file; this indicates that
the root user on any Serviceguard node can configure Serviceguard on this node.
Preparing Your Systems 149