Manualshelf

Managing HP Serviceguard for Linux Ninth Edition, April 2009

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux RH AS ProLiant Cluster
171172173174175176177178179180
NOTE: If you set USER_HOST to ANY_SERVICEGUARD_NODE, set
USER_ROLE to MONITOR; users connecting from outside the cluster cannot
have any higher privileges (unless they are connecting via rsh or ssh; this is
treated as a local connection).
Depending on your network configuration, ANY_SERVICEGUARD_NODE can
provide wide-ranging read-only access to the cluster.
CLUSTER_MEMBER_NODE - any node in the cluster
A specific node name - Use the hostname portion (the first part) of a
fully-qualified domain name that can be resolved by the name service you are
using; it should also be in each node’s /etc/hosts. Do not use an IP addresses
or the fully-qualified domain name. If there are multiple hostnames (aliases)
for an IP address, one of those must match USER_HOST. See “Configuring
Name Resolution” (page 150) for more information.
USER_ROLE must be one of these three values:
MONITOR
FULL_ADMIN
PACKAGE_ADMIN
MONITOR and FULL_ADMIN can be set only in the cluster configuration file and
they apply to the entire cluster. PACKAGE_ADMIN can be set in the cluster
configuration file or a package configuration file. If it is set in the cluster
configuration file, PACKAGE_ADMIN applies to all configured packages; if it is set
in a package configuration file, it applies to that package only. These roles are not
exclusive; for example, more than one user can have the PACKAGE_ADMIN role for
the same package.
NOTE: You do not have to halt the cluster or package to configure or modify access
control policies.
Here is an example of an access control policy:
USER_NAME john
USER_HOST bit
USER_ROLE PACKAGE_ADMIN
If this policy is defined in the cluster configuration file, it grants user john the
PACKAGE_ADMIN role for any package on node bit. User john also has the MONITOR
role for the entire cluster, because PACKAGE_ADMIN includes MONITOR. If the policy
is defined in the package configuration file for PackageA, then user john on node bit
has the PACKAGE_ADMIN role only for PackageA.
180 Building an HA Cluster Configuration