HPE Community
Operating System - HP-UX
1833648 Members
4941 Online
110062 Solutions
New Discussion

cmapplyconf gives second time a error

 
SOLVED
Go to solution
Co van Berkel
Regular Advisor

‎12-13-2004 11:56 PM

‎12-13-2004 11:56 PM

cmapplyconf gives second time a error

Hi,
I try to configure a cluster on two rp4440-8 servers (PA-RISC), HP-UX 11i v1 (11.11) an MC/SG vB.11.16.
WHen i do the first time a cmapplyconf all goes oke.
But when I do it the second time I get the message's:
Error: Permission denied accessing node nlunx1n3.
Error: Failed to initialize volume group /dev/vg03
Error: Unable to initialize cluster lock /dev/dsk/c6t0d0 on node nlunx1n3.

The only thing to do than is do a "cmdeleteconf" on both the servers and do a "vgchange -c n /dev/vg03".
After that I can run the "cmapplyconf".

This is not normal I think, so does enybody now what is the problem here?

Rgrds CvB.
0 Kudos
6 REPLIES 6
melvyn burnard
Honored Contributor

‎12-14-2004 12:48 AM

‎12-14-2004 12:48 AM

Solution

Re: cmapplyconf gives second time a error

Is the disk c6t0d0 on the vg03 volume group?
Is this vg active on the node you run the cmapplyconf command at the time of running the command?

Finally (and probably most important) with 11.16 of Serviceguard we no implement a new security methodology for the cluster nodes.
Prior to 11.16, the cmclnodelist file was used to validate security, but with 11.16 this is only used at initial cluster configuration.
From then on, you need to look at using the new Role Based access in 11.16 as documented in the manuals.
Also, For redundancy, Serviceguard commands use all networks available on a system to communicate with Serviceguard daemons. This includes configured interfaces not listed in the cluster acsii file. To authorise these communications, Serviceguard must be able to resolve the source IP address to a valid hostname. Valid hostnames include every node in the cluster and any node outside the cluster which needs to communicate with nodes within a cluster.

A permission problem will result when serviceguard cannot verify that the source address of a message is authorised and cannot resolve the source IP address to a valid hostname. The actual symptoms of a
permission problem will vary depending on what operation is being performed. The following is an example of a message which could be seen in syslog.log:

Dec 1 13:13:45 sly cmclconfd[15227]: WARNING: User root from ip address 10.8.1.131 does not have privileges to access this node. Either they are coming from a node without enhanced security or somebody may be
attempting un-authorized access to this system.

To avoid permission problems, all interfaces for all authorised nodes
must be defined in /etc/hosts on all nodes within the cluster. The name
service switch policy for hosts must be set to files followed by any
other sources used such as DNS, NIS or LDAP.

An example host entry from /etc/nsswitch.conf:

hosts: files [NOTFOUND=continue] dns

This is a new requirement which was added to Serviceguard A.11.16 and in
the latest patches for Serviceguard A.11.13 (PHSS_29120), A.11.14
(PHSS_31065) and A.11.15 (PHSS_31067 and PHSS_31068).
.

HTH
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Co van Berkel
Regular Advisor

‎12-14-2004 12:59 AM

‎12-14-2004 12:59 AM

Re: cmapplyconf gives second time a error

Hi,
I have configured per server three lan cards:

- node1:
- Hostname: nlunx1n3
- lan0 - x1.x1.x1.x1 - DNS-name: nlhpunx1n3i
- lan1 - x2.x2.x2.x2 - DNS-name: nlhpunx1n3
- lan2 - Failover lan.

- node2:
- Hostname: nlunx1n4
- lan0 - y1.y1.y1.y1 - DNS-name: nlhpunx1n4i
- lan1 - y2.y2.y2.y2 - DNS-name: nlhpunx1n4
- lan2 - Failover lan.

The two lan0 cards are connected with a cross-cabel.

What do i have to insert in my /etc/hosts file?

Rgrds CvB.
0 Kudos
melvyn burnard
Honored Contributor

‎12-14-2004 01:12 AM

‎12-14-2004 01:12 AM

Re: cmapplyconf gives second time a error

Your hosts file must show all interfaces configured with an ip address, regardless of whether they are in the cluster ascii file, as per example:

11.14.62.131 nodeA.mydomain.com nodeA
10.3.0.131 nodeA.mydomain.com nodeA
10.3.1.131 nodeA.mydomain.com nodeA
10.3.2.131 nodeA.mydomain.com nodeA
11.14.62.132 nodeB.mydomain.com nodeB
10.3.0.132 nodeB.mydomain.com nodeB
10.3.1.132 nodeB.mydomain.com nodeB
10.3.2.132 nodeB.mydomain.com nodeB
11.14.62.67 nodeC.mydomain.com nodeC
10.3.8.8 nodeC.mydomain.com nodeC
11.14.62.69 nodeC.mydomain.com nodeC
10.3.8.7 nodeC.mydomain.com nodeC
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Co van Berkel
Regular Advisor

‎12-14-2004 01:43 AM

‎12-14-2004 01:43 AM

Re: cmapplyconf gives second time a error

Hi,
What about package i.p.-adressen?

Rgrds CvB.
0 Kudos
melvyn burnard
Honored Contributor

‎12-14-2004 02:07 AM

‎12-14-2004 02:07 AM

Re: cmapplyconf gives second time a error

you do not need to include the floating package addresses, but I always think it worthwhile
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Co van Berkel
Regular Advisor

‎12-14-2004 02:13 AM

‎12-14-2004 02:13 AM

Re: cmapplyconf gives second time a error

Hi,

Many thanks to you Melvyn.

Problem solved by adding all i.p.-addresses of a node in the /etc/hosts file with the same hostname for all nodes in the cluster.

Thread closed.

Greetins CvB.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.