HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Serviceguard
cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot update a new configuration on serviceguard-A.11.16.11-0

 
Rui Vilao
Regular Advisor

Cannot update a new configuration on serviceguard-A.11.16.11-0

Hi,

I tried to change the config of my cluster and got the error:

root@node1 conf]# cmapplyconf -v -C CLUSTER.config -P sshv/sshv.config

Checking cluster file: CLUSTER.config
Note : a NODE_TIMEOUT value of 2000000 was found in line 143. For a
significant portion of installations, a higher setting is more appropriate.
Refer to the comments in the cluster configuration ascii file or Serviceguard
manual for more information on this parameter.
Checking nodes ... Done
Checking existing configuration ... Done
Gathering configuration information ... Done
Gathering configuration information ... Done
Gathering configuration information ..
Gathering storage information ..
Found 1 devices on node node1
Found 1 devices on node nodenrdb2
Analysis of 2 devices should take approximately 1 seconds
0%----10%----20%----30%----40%----50%----60%----70%----80%----90%----100%
.....
Gathering Network Configuration ........ Done
Cluster CLUSTER is an existing cluster
Parsing package file: sshv/sshv.config.
Package sshv already exists. It will be modified.
Checking for inconsistencies .. Done
Cluster CLUSTER is an existing cluster
Maximum configured packages parameter is 2.
Configuring 1 package(s).
1 package(s) can be added to this cluster.
199 access policies can be added to this cluster.
Modifying configuration on node node1
Modifying configuration on node nodenrdb2

Modify the cluster configuration ([y]/n)? y
Modifying the cluster configuration for cluster CLUSTER.
Modifying node node1 in cluster CLUSTER.
Modifying node nodenrdb2 in cluster CLUSTER.
Modifying the package configuration for package sshv.
Error: Unable to copy file to node1: Input/output error
Error: Unable to copy file to nodenrdb2: Input/output error
Error: A temporary configuration file ($SGCONF/cmclconfig.tmp) cannot be written to disk on one or more nodes: Permission denied
Error: Unable to copy file to node1: Input/output error
Error: Unable to copy file to nodenrdb2: Input/output error
Error: A temporary configuration file ($SGCONF/cmclconfig.tmp) cannot be removed from one or more nodes: Permission denied
Error: Unable to apply the configuration change: Permission denied
. Check the syslog file(s) for additional information.
cmapplyconf : Unable to apply the configuration
[root@node1 conf]#


In the message file, the error is:

Jul 25 01:29:43 node1 CM-CMD[29914]: cmapplyconf -v -C CLUSTER.config -P sshv/sshv.config
Jul 25 01:29:47 node1 cmclconfd[29918]: WARNING: User root from node node1-priv (ip address 10.0.0.1) does not have privileges to access this node. Either they are coming from a node without enhanced security or somebody may be attempting un-authorized access to this system.
Jul 25 01:29:47 node1 cmclconfd[29918]: WARNING: User root from node node1-priv (ip address 10.0.0.1) does not have privileges to access this node. Either they are coming from a node without enhanced security or somebody may be attempting un-authorized access to this system.
Jul 25 01:30:01 node1 crond(pam_unix)[30435]: session opened for user root by (uid=0)

-------------


Jul 25 01:29:47 nodenrdb2 cmclconfd[22098]: WARNING: User root from node node1-priv (ip address 10.0.0.1) does not have privileges to access this node. Either they are coming from a node without enhanced security or somebody may be attempting un-authorized access to this system.
Jul 25 01:29:47 nodenrdb2 cmclconfd[22098]: WARNING: User root from node node1-priv (ip address 10.0.0.1) does not have privileges to access this node. Either they are coming from a node without enhanced security or somebody may be attempting un-authorized access to this system.

The file /usr/local/cmcluster/conf/cmclnodelist is unchaged and contains the hostnames and root user of both nodes.

TIA.

Any help/suggestion is highly apreciated.

Rui Vilao
"We should never stop learning"_________ rui.vilao@rocketmail.com
3 REPLIES
Serviceguard for Linux
Honored Contributor

Re: Cannot update a new configuration on serviceguard-A.11.16.11-0

Do you have the host "node1-priv" with root listed in cmclnodelist on both nodes?

Is 10.0.0.1 a dedicated heartbeat? Do you have names associated with that IP in /etc/hosts (I don't think it is necessary)?
skt_skt
Honored Contributor

Re: Cannot update a new configuration on serviceguard-A.11.16.11-0

is 10.0.0.1 a Heartbeat IP or node(node1-priv)IP?

John Bigg
Esteemed Contributor

Re: Cannot update a new configuration on serviceguard-A.11.16.11-0

This is the standard sort of error you get when you do not have /etc/hosts or DNS setup correctly to resolve all IP addresses on your cluster nodes to the hostname of the node. i.e. you will probably find that if you lookup 10.0.0.1 it does not resolve to the hostname on which this address resides.

This is mandatory for Serviceguard and is especially important from release 11.16 onwards.

The particular error you see occurs during the cmapplyconf when Serviceguard switches from using cmclnodelist which is used pre-configuration to access control policies used post configuration.

Correct /etc/hosts or DNS and you will be fine.

Note that this really does mean that you have multiple IP addresses for a single system resolving to the hostname of that system.