HPE Community
Operating System - HP-UX
1834101 Members
2880 Online
110063 Solutions
New Discussion

Re: Cmquerycl:Permission denied Error.

 
shabash
Frequent Advisor

‎09-04-2010 06:51 PM

‎09-04-2010 06:51 PM

Cmquerycl:Permission denied Error.

i have checked .rhost,cmclnodelist,/etc/hosts all are properly configured.

Nslookup is also working fine.

The is the new node which is going to be add in running 2 cluster node.

The new node HeartBeat cable is not connected with current running 2 node cluster and will plan when we have downtime arranged.

Meanwhile we are testing cluster prerequi and find that cmquerycl giving permission error

The service guard version is A.18
hp-ux v2

when we run cmquerycl -n newnode
it will not give any problem.

but when we run cmquerycl -n othernode(one from the currenly running cluster) it gives error

newnode ihasde01-only Primary ip connected with current nodes.Heart beat cable will be connected once downtime arranged
cureent nodes having cross Heartbeat cables ihasde01 and ihasde02

# cmquerycl -n ihasde01
Permission denied to 172.31.71.31
Warning: Unable to determine local domain name for ihasde03
Node ihasde01 is refusing Serviceguard communication.
Please make sure that the proper security access is configured on node
ihasde01 through either file-based access (pre-A.11.16 version) or role-based
access (version A.11.16 or higher) and/or that the host name lookup
on node ihasde01 resolves the IP address correctly.
Failed to gather configuration information.
0 Kudos
Reply
5 REPLIES 5
DeafFrog
Valued Contributor

‎09-04-2010 09:53 PM

‎09-04-2010 09:53 PM

Re: Cmquerycl:Permission denied Error.

Hi ,

Please check the entiries in /etc/hosts file of the node ihasde03 .. her's the hint
"on node ihasde01 resolves the IP address correctly"

Regards,
FrogIsDeaf
0 Kudos
Reply
Ishwar_1
Frequent Advisor

‎09-05-2010 12:02 AM

‎09-05-2010 12:02 AM

Re: Cmquerycl:Permission denied Error.

The ServiceGuard Rely heavily on the network communication and name resolution, the files to focus are /etc/hosts and /etc/nsswitch.conf on every other node in the cluster. To ensure reliable name resolution, the /etc/nsswitch.conf file should be modified such that the /etc/hosts file is used as the primary source for resolving hostnames. Insure that all fixed IPs on each node are listed in /etc/hosts. All fixed IPs are also aliased to the simply hostname of the server. <-- This last configuration requirement is -THE- most common cause of "permission denied" and errors such as the one that you are seeing.

This message is seen in conjunction with configuration oversights based on the document "Editing Security Files for Serviceguard" you can find it at this site :-
http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02054412/c02054412.pdf

For Some Reason Serviceguard may be Disabled on the New Node, Check and Rectify it, Procedure to disable ServiceGuard. Follow the Reverse Order to Enable it.
==============================================================
You can disable Serviceguard on a system, by commenting out the following entries in /etc/inetd.conf:
hacl-cfg dgram udp wait root /usr/lbin/cmclconfd cmclconfd -p
hacl-cfg stream tcp nowait root /usr/lbin/cmclconfd cmclconfd -c
Then force inetd to re-read inetd.conf:
/usr/sbin/inetd -c
You can check that this did in fact disable Serviceguard by trying the following
command:
cmquerycl -n nodename
where nodename is the name of the local system. If the command fails, you have
successfully disabled Serviceguard.

You can Refer the below document for your further reference.

http://docs.hp.com/en/B3936-90117/ch05s02.html

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02437444/c024374
44.pdf
0 Kudos
Reply
shabash
Frequent Advisor

‎09-05-2010 04:26 AM

‎09-05-2010 04:26 AM

Re: Cmquerycl:Permission denied Error.

# nslookup ihasde01
Using /etc/hosts on: ihasde03

looking up FILES
Name: ihasde01
Address: 172.31.71.31
Aliases: ihasde01.ptcl.net.pk

# nslookup ihasde03
Using /etc/hosts on: ihasde03

looking up FILES
Name: ihasde03
Address: 172.31.71.37
Aliases: ihasde03.ptcl.net.pk

# cmquerycl -n ihasde01
Permission denied to 172.31.71.31
Warning: Unable to determine local domain name for ihasde03
Node ihasde01 is refusing Serviceguard communication.
Please make sure that the proper security access is configured on node
ihasde01 through either file-based access (pre-A.11.16 version) or role-based
access (version A.11.16 or higher) and/or that the host name lookup
on node ihasde01 resolves the IP address correctly.
Failed to gather configuration information.
**************************************

One thing i have noted the /etc/resolv.conf file have doman entry

when i comment it,it will not give permission denied error but other errors related to service guard comunication comes.

i have checked all /etc/hosts file inface rcp file from running nodes but still problem same.
0 Kudos
Reply
shabash
Frequent Advisor

‎09-05-2010 05:05 AM

‎09-05-2010 05:05 AM

Re: Cmquerycl:Permission denied Error.

more /etc/inetd.sec file from both servers are attached.
0 Kudos
Reply
Muhammad Ahmad
Frequent Advisor

‎09-05-2010 10:18 AM

‎09-05-2010 10:18 AM

Re: Cmquerycl:Permission denied Error.

Hi Fellows,

Please note, we did'nt do the vgimport of vglock till now.

does there any effect of this to the current "permission denied" errors. . . .

please comment . . .
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.