HPE Community
Operating System - HP-UX
1834164 Members
2419 Online
110064 Solutions
New Discussion

Is rhosts file required for mcsg with ops ?

 
SOLVED
Go to solution
Sammy_2
Super Advisor

‎07-06-2004 01:00 AM

‎07-06-2004 01:00 AM

Is rhosts file required for mcsg with ops ?

Security folks are coming after me for having
.rhosts file for root and oracle. ? Can I remove .rhosts file and put all entries in that file in /etc/cmcluster/cmclnodelist. , without causing any problem ?
Does oracle also need to have .rhosts file ? DBA thinks .rhost file needed for OS and oracle OPS equivalency ?
Thanks
good judgement comes from experience and experience comes from bad judgement.
0 Kudos
Reply
6 REPLIES 6
Simon Hargrave
Honored Contributor

‎07-06-2004 01:04 AM

‎07-06-2004 01:04 AM

Solution

Re: Is rhosts file required for mcsg with ops ?

.rhosts is not needed by Service Guard itself, nor I would guess OPS. What you have to ask yourself is, do any of your scripts that run on the servers need it?

If you don't know your systems, you'll need to check through your crontabs (and on any 3rd party schedulers you may have), and see if there is any rcp, remsh reference etc.

If there is you should really, for best security, replace it with secure shell alternatives.

Your cluster control scripts shouldn't rely on any "r" commands either, since the idea of a cluster is that they can continue regardless of other hosts availability. So I'd check your /etc/cmcluster/package/*.cntl scripts etc, to see if there are any references, and consider if they really need to be there.
Reply
Geoff Wild
Honored Contributor

‎07-06-2004 01:05 AM

‎07-06-2004 01:05 AM

Re: Is rhosts file required for mcsg with ops ?

/etc/cmcluster/cmclnodelist is used for security among nodes in a cluster - for cluster commands - can give individuals the ability to run ServiceGuard commands. It does NOT grant say a user the ability to rcp files from one node to another - still need .rhosts for that.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Carsten Krege
Honored Contributor

‎07-06-2004 06:44 PM

‎07-06-2004 06:44 PM

Re: Is rhosts file required for mcsg with ops ?

SG and SGOPS require either .rhosts to be configured or the file /etc/cmcluster/cmclnodelist. THere is no difference in SG functionality no matter which file you're using. If cmclnodelist is configured, SG will use this.

Starting with SG A.11.16 (released soon), a new method for non-root access for Serviceguard commands, both on command line and with Serviceguard Manager, the graphical interface will become available. Non-root access to view or to issue administration commands, is now defined in the new Access Control Policy parameter in the configuration files of the cluster or one of its packages.
Once a node has been configured into a cluster, Serviceguard will consult only the configuration files, checking access roles; it will no longer look at the .rhosts or cmclnodelist file. Root user on a node is always allowed access, but all other users must have an Access Control Policy configured.

Carsten
-------------------------------------------------------------------------------------------------
In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move. -- HhGttG
Reply
YoungHwan, Ko
Valued Contributor

‎07-06-2004 07:01 PM

‎07-06-2004 07:01 PM

Re: Is rhosts file required for mcsg with ops ?

For the ServiceGuard commands to work properly each host in the
node must have its own name as well as the other nodes in its
own .rhosts file.

After write all node .rhost file,
try cmquerycl again and then run cmruncl.
0 Kudos
Reply
Kent Ostby
Honored Contributor

‎07-07-2004 12:17 AM

‎07-07-2004 12:17 AM

Re: Is rhosts file required for mcsg with ops ?

For SG-OPS you can use cmnodelist or .rhosts as Carsten states above.

One other thing you need to make sure of with regards to connectivity when setting up the cluster is that each node exists in the /etc/hosts file of each of the machines as well.

Best regards,

Kent M. Ostby
"Well, actually, she is a rocket scientist" -- Steve Martin in "Roxanne"
Reply
Sammy_2
Super Advisor

‎07-07-2004 01:03 AM

‎07-07-2004 01:03 AM

Re: Is rhosts file required for mcsg with ops ?

I concur that if you have cmclnodelist file , then rhosts is not needed for MCSG functionality (cmapplyconf, etc commands). Thanks to Simon and Geoff for clarifying that first. I checked and we don't use any r command. Carsten, Much thanks on advising on upcoming MCSG product. Very Helpful.Kent has similiar suggestion. MAthais, I guess, from everyone answers , I have to believe though rhosts file is fine but cmclnodelist would suffice. So, I removed all occurennces of rhsots file and made sure I have entries in cmclnodelist file.
THANKS TO ALL
good judgement comes from experience and experience comes from bad judgement.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.