Thanks, it's working better now. Redeploying the service nodes under
the updated 2.8.3 seems to have fixed the issues where your default
policy list you've provided seems to be sufficient.
On 1/13/2014 9:38 AM, Lissa Valletta
wrote:
Here is an example of a policy
table in a hierarchical cluster. You do not have to add
anything to the defaults configured by xCAT for it to work.
#priority,name,host,commands,noderange,parameters,time,rule,comments,disable
"1","root",,,,,,"allow",,
"1.2","manage-02",,,,,,"trusted",,
"2",,,"getbmcconfig",,,,"allow",,
"2.3",,,"lsxcatd",,,,"allow",,
"3",,,"nextdestiny",,,,"allow",,
"4",,,"getdestiny",,,,"allow",,
"4.4",,,"getpostscript",,,,"allow",,
"4.5",,,"getcredentials",,,,"allow",,
"4.6",,,"syncfiles",,,,"allow",,
"4.7",,,"litefile",,,,"allow",,
"4.8",,,"litetree",,,,"allow",,
"2.1",,,"remoteimmsetup",,,,"allow",,
Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102
Lissa
Valletta---01/13/2014 08:19:02 AM---Make sure the credential
on the service node and manage node has master.local in it
all so look
From: Lissa
Valletta/Poughkeepsie/IBM@IBMUS
To: xCAT Users Mailing list
<xcat-user@lists.sourceforge.net>,
Cc: xCAT Users Mailing list
<xcat-user@lists.sourceforge.net>
Date: 01/13/2014 08:19 AM
Subject: Re: [xcat-user] Policy table
question
Make sure the credential on the
service node and manage node has master.local in it all so
look on the service node at the file
/etc/xcat/cert/server-cred.pem for the line Subject:
CN=manage-02 make sure it says master.local.
I should be the same as /etc/xcat/cert/server-cred.pem on the
management node. If it is not run updatenode
<servicenode> -K to update the credentials on the service
nodes from the MN.
Another problem could be the domain does not match what is in
site.domain.
What database are you running. Make sure you service node is
configured correctly . Run lsxcatd -a on the Service Node and
check that it is picking up the policy table from the database
on the Managment Node.
Monitoring the commands in syslog on the management node as Xiao
Peng suggests you should see the error from xcatd why the
command is rejected.
Also take these out, there is no need to add the service nodes.
"5.1",,"master.local",,,,,"allow",,
"6.1","root","master.local",,,,,"allow",,
"6.2","root","servicefarm01",,,,,"allow",,
"6.3","root","servicefarm02",,,,,"allow",,
"6.4","root","servicefarm03",,,,,"allow",,
You should only need the following:
"1","root",,,,,,"allow",,
"1.2","master.local",,,,,,"trusted",,
Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102
Xiao Peng Wang
---01/12/2014 08:54:14 PM---What I can think of is the
user/certificates/permission things are not correct on your
service node.
From: Xiao Peng Wang
<w...@cn.ibm.com>
To: xCAT Users Mailing
list <xcat-user@lists.sourceforge.net>,
Cc: xCAT Users Mailing
list <xcat-user@lists.sourceforge.net>
Date: 01/12/2014 08:54
PM
Subject: Re:
[xcat-user] Policy table question
What I can think of is the user/certificates/permission things
are not correct on your service node. Try to run 'rpower' or
'lsdef' on service node directly and check the syslog to see the
xCAT log like this 'xCAT: Allowing lsdef for <root> from
xxx' to get the current user.
Thanks
Best Regards
----------------------------------------------------------------------
Wang Xiaopeng (王晓朋)
IBM China System Technology Laboratory
Tel: 86-10-82453455
Email: w...@cn.ibm.com
Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West
Road, Haidian District Beijing P.R.China 100193
Russell Jones ---2014/01/11
04:34:56---Hi all, What are the default policy attributes
service nodes should have in the
From: Russell Jones
<russell-l...@jonesmail.me>
To: xCAT Users Mailing
list <xcat-user@lists.sourceforge.net>,
Date: 2014/01/11 04:34
Subject: [xcat-user]
Policy table question
Hi all,
What are the default policy attributes service nodes should
have in the
policy table for xCAT 2.8+? Unless I specifically add, for
example,
"rpower" to the below list, I get a "permission denied" when a
compute
node is configured to a service node. If the compute node is
not
configured to use a service node, it works fine.
This doesn't seem right given that I have granted the root
user full
access. Any ideas what's going on? Table is below. Thanks!
#priority,name,host,commands,noderange,parameters,time,rule,comments,disable
"1","root",,,,,,"allow",,
"1.2","master.local",,,,,,"trusted",,
"2",,,"getbmcconfig",,,,"allow",,
"2.1",,,"remoteimmsetup",,,,"allow",,
"2.3",,,"lsxcatd",,,,"allow",,
"3",,,"nextdestiny",,,,"allow",,
"4",,,"getdestiny",,,,"allow",,
"4.1",,,"rpower",,,,"allow",,
"4.2",,,"makedhcp",,,,"allow",,
"4.3",,,"nodeset",,,,"allow",,
"4.4",,,"getpostscript",,,,"allow",,
"4.5",,,"getcredentials",,,,"allow",,
"4.6",,,"syncfiles",,,,"allow",,
"4.7",,,"litefile",,,,"allow",,
"4.8",,,"litetree",,,,"allow",,
"5.1",,"master.local",,,,,"allow",,
"6.1","root","master.local",,,,,"allow",,
"6.2","root","servicefarm01",,,,,"allow",,
"6.3","root","servicefarm02",,,,,"allow",,
"6.4","root","servicefarm03",,,,,"allow",,
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything
In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything
In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything
In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
|