Re: Error: Node is refusing Serviceguard communication.

zafar.rizvi · ‎06-06-2007

Hi all,
I have a two node cluster running and i want to add one new node in it. I copied all cmcluster directory from my running node. I present the cluster qurum disk on new node as well. I change the file of ascii with new node ip and disk. When i try to execute this command cmquerycl -v -c staging -n test1 -n test2 -n test3 (test3 i need to add in cluster)on new node then i got msg that the apple node is refusing service gurad communication and Please make sure that the proper security access is configured on node
tppora50 through either file-based access (pre-A.11.16 version) or role-based
access (version A.11.16 or higher) and/or that the host name lookup
on node tppora50 resolves the IP address correctly.

But all nodes can communicate without any error and root login is available for login for any node. I add all nodes name and username in the .rhosts file and respected /etc/hosts exist in the file. But can't understand why it is not communicating with already running cluster nodes.

I check all things from ITRC posted msgs but did't succeed in adding new node. Any person have an idea.......why this thing happening.

For furthur information, feel free to contact.

Matti_Kurkela · ‎06-06-2007

Do you have the /etc/cmcluster/cmclnodelist files configured, especially on the new node?

Chapter 5, subchapter 1 of the "Managing ServiceGuard" manual has the details:

http://docs.hp.com/en/B3936-90079/ch05s01.html#d0e9758

Which version of ServiceGuard are you using?

If it's A.11.16 or newer, remember that A.11.16 changed many things about ServiceGuard access control. The .rhosts files should no longer be needed for ServiceGuard.

MK

MK

Ludovic Derlyn · ‎06-06-2007

hi

have you checked /etc/inetd.conf
this two lines will be uncommented :

hacl-cfg dgram udp wait root /usr/lbin/cmclconfd cmclconfd -p
hacl-cfg stream tcp nowait root /usr/lbin/cmclconfd cmclconfd -c

regards
L-DERLYN

Ludovic Derlyn · ‎06-06-2007

if response is correct don't forget to assign points ;-)

Your profil indicates 0 points to 17 questions

zafar.rizvi · ‎06-06-2007

I am using serviceguard 11.16 and i configure the cmclnodelist with following host entries.

test50 root
test51 root
test52 root

and same thing was defined in the .rhosts before but no configuration working and same results after running cmquerycl command.

hacl-cfg dgram udp wait root /usr/lbin/cmclconfd cmclconfd -p
hacl-cfg stream tcp nowait root /usr/lbin/cmclconfd cmclconfd -c
these two lines exist there in the inetd.conf.....But same results.
I will rank it confirm after this problem solution.

zafar

Stephen Doud · ‎06-06-2007

Insure /etc/cmcluster/cmclnodelist lists EVERY node, on EVERY nodes' /etc/cmcluster/cmclnodelist file.

On the new node, remove /etc/cmcluster/cmclconfig - it only contains references for the older 2-node cluster, so it is not accurate for the new node

Check /etc/inetd.conf - look for the 'ident' line and insure it matches the cluster nodes.

Insure /etc/hosts lists every fixed IP assigned to all nodes in the cluster. Insure each line entry also contains the simple hostname of the server, even though the IP is not aliased directly to the hostname.

zafar.rizvi · ‎06-06-2007

My all nodes using 11.16 service guard. But both existing cluster nodes contains cmclnodelist file with + sign entry and .rhosts file contains hosts and username. On new node cmclnodelist created with cluster nodes and root access.

Also
ident stream tcp wait bin /usr/lbin/identd identd line exist in the inetd.conf.

so what else i have to check because nothing seems wrong.

melvyn burnard · ‎06-06-2007

I recommend you take a read of the following:

http://docs.hp.com/en/6283/SGsecurityfiles.pdf
http://docs.hp.com/en/5874/securingserviceguard_nov2005.pdf

They may explain your symptoms, which are indicative of a communications configuration issue

My house is the bank's, my money the wife's, But my opinions belong to me, not HP!

zafar.rizvi · ‎06-07-2007

I tried everything and found these results

Begin checking the nodes...
Error: Permission denied to
Error: Permission denied to
Error: Node test1 is refusing Serviceguard communication.
Please make sure that the proper security access is configured on node
tppora50 through either file-based access (pre-A.11.16 version) or role-based
access (version A.11.16 or higher) and/or that the host name lookup
on node tppora50 resolves the IP address correctly.
Failed to gather configuration information.

so now what will be reason after all security options checked.

zafar.rizvi · ‎06-15-2007

Any body have idea......about my problem.

I am really stucked here......

Stephen Doud · ‎06-15-2007

Unfortunately the causes of "permission denied" messages are many.
I recommend that you use the Technical Knowledge Database in this ITRC csnter and look for documents that discuss this problem.
In particular, have a look at this document:
emr_na-c01028325-3
It contains a significant number of causes and remedies.

Murat SULUHAN · ‎06-15-2007

Hi

check your name resolution type from /etc/nsswitch.conf and you must sure each node has no problem with adres resolution. Each node can ping others and itself with names. You must also check /etc/hosts

each node has /.rhosts file and it must contains each node in cluster not only other nodes. I mean test1, test2 and test3's .rhosts files like below
test1
test2
test3

Regards
Murat
HP

Don't forget the points

Murat Suluhan

Mridul Shrivastava · ‎06-15-2007

have you tried nslookup using hostname and IP address?
Does it returns the corect details...

Time has a wonderful way of weeding out the trivial

zafar.rizvi · ‎07-06-2007

Yest i am am looking up host using file based and its communication on lookup is fine. Both ping to each other successfully.

From existing node i am able to cmquerycl and it gives complete results but when i tried cmquerycl -v -n then it says.
Begin checking the nodes...
Error: Permission denied to 10.1.4.120
Error: Node tppora50 is refusing Serviceguard communication.
Please make sure that the proper security access is configured on node
tppora50 through either file-based access (pre-A.11.16 version) or role-based
access (version A.11.16 or higher) and/or that the host name lookup
on node tppora50 resolves the IP address correctly.
Failed to gather configuration information.

so what we can do in this situation.

skt_skt · ‎07-07-2007

check the patch level for "cluster object manager and MC/ServiceGuard.

What do you see in syslog when you get the permission enied error?(check in all nodes)

skt_skt · ‎07-07-2007

check the patch level for "cluster object manager and MC/ServiceGuard".

What do you see in syslog when you get the permission enied error?(check in all nodes)

zafar.rizvi · ‎07-07-2007

kindly suggest how can i check these patch level....or Which patch numbers existance i need to check.

Thanks for your response. waiting more kind reply.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Error: Node is refusing Serviceguard communication.

Error: Node is refusing Serviceguard communication.