HPE Community
Operating System - HP-UX
1837260 Members
3133 Online
110115 Solutions
New Discussion

mcsg 11.16 rolling upgrade and cmclnodelist

 
SOLVED
Go to solution
Denver Osborn
Honored Contributor

‎08-08-2006 08:05 AM

‎08-08-2006 08:05 AM

mcsg 11.16 rolling upgrade and cmclnodelist

Hey all,

I've seen ralphs thread re: ACP's and cmclnodelist at http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1042110

However, it doesn't really address my problem.

I'm planning on an 11.14 rolling upgrade to 11.16. However in testing I've had a problem with cmviewcl running as a nonroot user on the 11.16 node. The debug output points to no ACP for the nonroot user. Problem here is we can't add the ACP entry until after the other node is at 11.16. The way a package was designed is the nonroot user needs to run some mcsg commands (don't ask me why...). If it can't it fails. I hope this makes sense to someone. :)

Anyhow, long story short. From what I've read I thought that the ACP entries wouldn't be a factor until all nodes were at 11.16. Until then, it should still use cmclnodelist file. Right?

Thanks for the feedback!
-denver

0 Kudos
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎08-08-2006 08:23 AM

‎08-08-2006 08:23 AM

Re: mcsg 11.16 rolling upgrade and cmclnodelist

Shalom Denver,

I think you should use cmclnodelist because thats where SG is going as it moves away from rhost based security, which really is not secure.

You will need to modify your inetd.conf file for the ha entries and add the -i parameter.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Stephen Doud
Honored Contributor

‎08-09-2006 12:46 AM

‎08-09-2006 12:46 AM

Solution

Re: mcsg 11.16 rolling upgrade and cmclnodelist

So on the node that is still at 11.14, do you have the following syntax in cmclnodelist?




Under normal circumstances, this would allow the non-root user to perform cmviewcl.
However, once upgraded to 11.16, I believe cmclnodelist is no longer consulted by that node, so no permission will be granted to non-root for that node and cmviewcl will fail. Since package startup is dependent on this, suggest completing the rolling upgrade as quickly as possible.
0 Kudos
Denver Osborn
Honored Contributor

‎08-09-2006 12:52 AM

‎08-09-2006 12:52 AM

Re: mcsg 11.16 rolling upgrade and cmclnodelist

Thanks Stephen (and Steven)

We'll just have to plan an outage for the upgrade. It'll make life easier on us to have the package down if cmclnodelist on the 11.16 node won't work.

-denver
0 Kudos
Denver Osborn
Honored Contributor

‎08-09-2006 04:33 AM

‎08-09-2006 04:33 AM

Re: mcsg 11.16 rolling upgrade and cmclnodelist

ok, I missed something w/ my orignal post. Upgrading mcsg ops 11.14 to sgerac 11.16. Rel Notes state rolling upgrade isn't supported from 11.14 ops to 11.16 sgerac. Could explain some of the other issues seen in testing.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.