Re: cmcheckconf generates: Permission denied accessing node

Kasper_USB · ‎08-22-2007

We have changed the .ascii file and want to apply but we get some errors (see below).

Our question:

Where is the bug ?

slapx02:/etc/cmcluster# cmcheckconf -v -C cmclconfig.ascii
Checking cluster file: cmclconfig.ascii
Checking nodes ... Done
Checking existing configuration ... Done
Checking for inconsistencies
Permission denied accessing node slapx01.
Run script /etc/cmcluster/imed/imed.cntl for package imed
does not exist on node slapx01.
Permission denied accessing node slapx02.
Run script /etc/cmcluster/imed/imed.cntl for package imed
does not exist on node slapx02.
Permission denied accessing node slapx02.
Run script /etc/cmcluster/xlab/xlab.cntl for package xlab
does not exist on node slapx02.
Permission denied accessing node slapx01.
Run script /etc/cmcluster/xlab/xlab.cntl for package xlab
does not exist on node slapx01.
Permission denied accessing node slapx01.
Run script /etc/cmcluster/samba/samba.cntl for package samba
does not exist on node slapx01.
Permission denied accessing node slapx02.
Run script /etc/cmcluster/samba/samba.cntl for package samba
does not exist on node slapx02.
cmcheckconf: Unable to verify cluster file: cmclconfig.ascii.

AwadheshPandey · ‎08-22-2007

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=875761&admit=-682735245+1187786354743+28353475

It's kind of fun to do the impossible

Stephen Doud · ‎08-22-2007

This is a common problem Kasper.

Insure:
1) there is a /etc/cmcluster/cmclnodelist on each node, and that the file contains a list of nodes in the cluster, each given root access:

slapx01 root
slapx02 root

2) Set /etc/nsswitch.conf 'hosts' line thus:
hosts: files dns

3) Configure /etc/hosts on each node, listing EVERY fixed IP on each server, including Heartbeat IP. At the end of every line, include the simple hostname.
Example:
16.113.1.214 helix.alf.cpqcorp.net helix
16.113.1.215 helix-hb.alf.cpqcorp.net helix-hb helix
16.113.1.218 torus.alf.cpqcorp.net torus
16.113.1.219 torus-hb.alf.cpqcorp.net torus-hb torus

Note the simple hostname is on every line.

If this doesn't help, insert the string 'Permission denied accessing node' in the search bar at the top of the forum window and press the >> button and you will get several threads that can help you.

Also note in the messages, that the package control scripts were not copied to the slapx01 server. When you create packages, you need to create the same directory structures on the adoptive node(s) before cmapplyconf will accept them.

Kasper_USB · ‎08-22-2007

I found, that the member which has 2 networkcards into now trys to communicate over the second card within the chcheckconf.
But we configure the cluster only with the names and ip's of the first network. The default-route gw points to the first network.
So i don't understand this behaviour.
I try to reboot the member and retry the chcheckconf with the same or nearly result.
We found a appropriate entry in our syslog.log:
Aug 22 17:19:56 slapx02 cmclconfd[4132]: WARNING: User (root) from ip address 10.250.7.46 does not have privileges to retrieve file attri
butes for /etc/cmcluster/imed/imed.cntl. Either they are coming from a node without enhanced security or somebody may be attempting un-a
uthorized access to this system.
The named ip in this entry is the ip from the second network.
How can i achieve that i work with the primary IP from the first network ???

Kasper_USB · ‎08-22-2007

The next thing i've found is the following:
slapx02:/etc/cmcluster# traceroute slapx01
traceroute: Warning: Multiple interfaces found; using 10.250.7.46 @ lan2
traceroute to slapx01 (10.67.7.215), 30 hops max, 40 byte packets
1 slapx01.uhbs.ch (10.67.7.215) 0.147 ms 0.108 ms 0.106 ms

slapx02:/etc/cmcluster# netstat -r
Routing tables
Destination Gateway Flags Refs Interface Pmtu
localhost localhost UH 0 lo0 4136
slapx02.uhbs.ch slapx02.uhbs.ch UH 0 lan0 4136
slapx02b.uhbs.ch slapx02b.uhbs.ch UH 0 lan2 4136
10.67.0.0 slapx02.uhbs.ch U 2 lan0 1500
10.250.0.0 slapx02b.uhbs.ch U 2 lan2 1500
loopback localhost U 0 lo0 0
default serv_2.uhbs.ch UG 0 lan0 0

Why goes the traceroute over lan2 and not over lan0 ???
How can i train the HPUX to the right behavior ?

Shardha · ‎08-22-2007

Dear Kesper,

in HP UX it is strickly mentioned that all the the network cards should be connected via different nets. No two or more cards are connected on the same physical network.
Once you sort out this issue and the permission issue as our collegues mentioned.
You will be able to configure the cluster like peice of cake.

If you face any problem, please post the errors.

Shardha

Shardha · ‎08-22-2007

Dear Kesper,

I will send you one sample diagram, which i have designed for our one customer.

Shardha

Joelmel Roche · ‎08-22-2007

Hi,
If you using this version A.11.16, check are patched with [PHSS_32733]

I will recommend this be modified as per the Securing SG manual at:
http://docs.hp.com/en/6283/SGsecurityfiles.pdf

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: cmcheckconf generates: Permission denied accessing node

cmcheckconf generates: Permission denied accessing node