HPE Community
Operating System - HP-UX
1833875 Members
1687 Online
110063 Solutions
New Discussion

Re: cmruncl permission denied (node 2 ip)

 
diego delgado
Advisor

‎06-09-2010 06:16 AM

‎06-09-2010 06:16 AM

cmruncl permission denied (node 2 ip)

hi,
when i tried to run cmviewcl i received :

cmviewcl -v
Error: Permission denied to 10.204.159.69 (node 2 ip)

CLUSTER STATUS
oraclu up

NODE STATUS STATE
node1 up running

Network_Parameters:
INTERFACE STATUS PATH NAME
PRIMARY up 1/0/2/1/0/6/0 lan3
PRIMARY up 1/0/2/1/0/6/1 lan4
PRIMARY up 1/0/1/1/0/4/0 lan0
STANDBY up 1/0/14/1/1 lan8
STANDBY up 1/0/14/1/0 lan7

PACKAGE STATUS STATE AUTO_RUN NODE
ora-pkg up running enabled node1

Policy_Parameters:
POLICY_NAME CONFIGURED_VALUE
Failover configured_node
Failback manual

Script_Parameters:
ITEM STATUS MAX_RESTARTS RESTARTS NAME
Subnet up 10.204.159.64
Subnet up 10.204.159.192

Node_Switching_Parameters:
NODE_TYPE STATUS SWITCHING NAME
Primary up enabled node1 (current)
Alternate unknown node 2

NODE STATUS STATE
node 2 down unknown

Network_Parameters:
INTERFACE STATUS PATH NAME
PRIMARY unknown 1/0/2/1/0/6/0 lan3
STANDBY unknown 1/0/14/1/1 lan8
PRIMARY unknown 1/0/2/1/0/6/1 lan4
STANDBY unknown 1/0/14/1/0 lan7
PRIMARY unknown 1/0/1/1/0/4/0 lan0


and the second node can't startup the cluster's node.

cmrunnode -v node 2
cmrunnode : Unable to communicate with a running cluster or with all nodes in the cluster.
cmrunnode : In order to use cmrunnode, the cluster must already be running on a subset of reachable nodes or else all cluster nodes must be reachable.
cmrunnode : Issuing cmrunnode again may succeed.

O.S = HP.UX 11.11
SG = 11.16

thanks in advance

diego
0 Kudos
Reply
6 REPLIES 6
Asif Sharif
Honored Contributor

‎06-09-2010 07:05 AM

‎06-09-2010 07:05 AM

Re: cmruncl permission denied (node 2 ip)

Hi diego,

Please run "cmruncl -v" on node2.

Regards,
Asif Sharif
Regards,
Asif Sharif
0 Kudos
Reply
diego delgado
Advisor

‎06-09-2010 07:08 AM

‎06-09-2010 07:08 AM

Re: cmruncl permission denied (node 2 ip)

cmruncl -v
cmruncl : Validating network configuration...
Gathering configuration information ..
Gathering Network Configuration ...... Done
Not probing node node1 as it is currently unreachable.
cmruncl : Network validation complete
Warning: The configuration file on node node1 will not be checked.
Error: Cannot reach node "node1"
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎06-09-2010 11:30 AM

‎06-09-2010 11:30 AM

Re: cmruncl permission denied (node 2 ip)

Shalom diego,

Usually this is a problem in the cmnodesecurity(I think that is the name). cmnode I'm sure of.

This file permits the nodes to talk to each other.

Also see that SG is correctly installed and the daemons are enabled the same way in inetd.conf file

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Venkata Nagesh
Occasional Advisor

‎06-09-2010 09:35 PM

‎06-09-2010 09:35 PM

Re: cmruncl permission denied (node 2 ip)

Take a look at "/etc/cmcluster/cmclnodelist" file. If this file exists, rename this and try again.

Regards,
Nagesh
0 Kudos
Reply
diego delgado
Advisor

‎06-09-2010 10:08 PM

‎06-09-2010 10:08 PM

Re: cmruncl permission denied (node 2 ip)

thanks SEP i'll try it,
venkata i tried yet with the nodelist files but without any good results.
today i'll try the SEP suggestion ,
see you later
0 Kudos
Reply
Stephen Doud
Honored Contributor

‎06-10-2010 04:20 AM

‎06-10-2010 04:20 AM

Re: cmruncl permission denied (node 2 ip)

There are many reasons the 'permission denied' error can occur, but all center on /usr/lbin/identd being unable to relate the node 2 ip to a member of the cluster.
Serviceguard uses this daemon (via /etc/inetd.conf) to insure SG commands are coming from authorized nodes.
'identd' requires that:
1) First time cluster builds: /etc/cmcluster/cmclnodelist exist on each node, and give each node root access (just like a .rhosts file).
2) /etc/nsswitch.conf points 'hosts' to 'files' before 'dns'
3) /etc/hosts identifies all IPs that are listed in the cluster ASCII file (and applied in the cluster binary file)
- all such IPs must be aliased to the sponsoring hostname. (Yes - it sounds strange, but it works) See "Hostname resolution" in the Managing Serviceguard manual.
- use the same sequence on each IP line. Example:
16.113.145.28 roller-hb.atl.hp.com roller
- /etc/hosts must contain a loopback line:
127.0.0.1 localhost loopback

4) If /var/adm/inetd.sec is configured, insure auth (identd) and hacl-cfg services are "allow"ed and associated with all IPs and loopback. (rename the file to temporarily diagnose whether it is part of the problem).

5) Insure the line referencing /usr/lbin/ident in /etc/inetd.conf is uncommented.

6) If /etc/cmcluster/cmclconfig is missing on a node that -is- a member of the cluster, copy to file from another member node to the node lacking the file. (use 'strings' command on the file to verify the hostname of the node is in there)

After all this, reset inetd:
# inetd -k
# inetd (-l)

Then test again.
If you still have trouble - consider opening a support case with HP.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.