Manualshelf

Managing HP Serviceguard for Linux Ninth Edition, April 2009

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux RH AS ProLiant Cluster
171172173174175176177178179180
NOTE: Remember to tune kernel parameters on each node to ensure that they are set
high enough for the largest number of packages that will ever run concurrently on that
node.
Modifying the MEMBER_TIMEOUT Parameter
The cmquerycl command supplies a default value of 14 seconds for the
MEMBER_TIMEOUT parameter. Changing this value will directly affect the clusters
re-formation and failover times. You may need to increase the value if you are
experiencing cluster node failures as a result of heavy system load or heavy network
traffic; or you may need to decrease it if cluster re-formations are taking a long time.
You can change MEMBER_TIMEOUT while the cluster is running.
For more information about node timeouts, see “What Happens when a Node Times
Out” (page 88) and the MEMBER_TIMEOUT parameter discussions under “Cluster
Configuration Parameters ” (page 100), and “Cluster Re-formations Caused by
MEMBER_TIMEOUT Being Set too Low” (page 282).
Controlling Access to the Cluster
Serviceguard access-control policies define cluster users’ administrative or monitoring
capabilities.
A Note about Terminology
Although you will also sometimes see the term role-based access (RBA) in the output
of Serviceguard commands, the preferred set of terms, always used in this manual, is
as follows:
Access-control policies - the set of rules defining user access to the cluster.
Access-control policy - one of these rules, comprising the three parameters
USER_NAME, USER_HOST, USER_ROLE. See “Setting up Access-Control
Policies” (page 178).
Access roles - the set of roles that can be defined for cluster users (Monitor, Package
Admin, Full Admin).
Access role - one of these roles (for example, Monitor).
How Access Roles Work
Serviceguard daemons grant access to Serviceguard commands by matching the
command users hostname and username against the access control policies you define.
Each user can execute only the commands allowed by his or her role.
The diagram that shows the access roles and their capabilities. The innermost circle is
the most trusted; the outermost the least. Each role can perform its own functions and
the functions in all of the circles outside it. For example Serviceguard Root can perform
176 Building an HA Cluster Configuration