HPE Community
Operating System - HP-UX
1834164 Members
2934 Online
110064 Solutions
New Discussion

Re: Node is refusing service gaurd communications

 
SOLVED
Go to solution
Mohamed shamy
Occasional Advisor

‎11-05-2006 09:25 PM

‎11-05-2006 09:25 PM

Node is refusing service gaurd communications

HI all
I'm trying to build a 2 node cluster using Serviceguard 11.17 but each time i run the command # cmquerycl -C /etc/cmcluster/test.conf -n momsrv02 -n momsrv01
I receive the following output message:
Permission denied to 172.20.10.9
Permission denied to 172.20.51.46
Permission denied to 100.100.1.2
Permission denied to 127.0.0.1
Looking for other clusters ... Done
Node momsrv02 is refusing Serviceguard communication.
Please make sure that the proper security access is configured on node
momsrv02 through either file-based access (pre-A.11.16 version) or role-based
access (version A.11.16 or higher) and/or that the host name lookup
on node momsrv02 resolves the IP address correctly.
Failed to gather configuration information.


although my .rhosts is configured well and i'm allowed to rlogin and remsh between the 2 servers also the /etc/hosts contains all the entries for both servers .

thanks

attached is a snap shot of the error.
0 Kudos
Reply
9 REPLIES 9
melvyn burnard
Honored Contributor

‎11-05-2006 10:00 PM

‎11-05-2006 10:00 PM

Re: Node is refusing service gaurd communications

It look slike you have an issue with your hostname lookups.
Please make sure you read:
http://docs.hp.com/en/6283/SGsecurityfiles.pdf
http://docs.hp.com/en/5874/securingserviceguard_nov2005.pdf
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
Reply
Jeff Schussele
Honored Contributor

‎11-06-2006 01:46 AM

‎11-06-2006 01:46 AM

Re: Node is refusing service gaurd communications

Hi memo,

This is probably due to the 11.16 MC/SG requirement for identd.
Edit your /etc/inetd.conf adding -i files as follows:

hacl-cfg stream tcp nowait root /usr/lbin/cmclconfd -c -i
hacl-probe stream tcp nowait root /opt/cmom/lbin/cmomd /opt/cmom/lbin/cmomd -i -f /var/opt/cmom/cmomd.log -r /var/opt/cmom

Remember to reread inetd.conf with inetd -c
You'll get "weak security" msgs in syslog.log but the nodes will at least talk to each other.
We're forbiden to use identd in our shop so we had no choice but to use the above fix.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-06-2006 01:52 AM

‎11-06-2006 01:52 AM

Re: Node is refusing service gaurd communications

Shalom,

I think there is an access problem between the noces.

Perhaps a conflict between /etc/hosts networking and the cmnodelist file that controls access.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Stephen Doud
Honored Contributor

‎11-06-2006 02:48 AM

‎11-06-2006 02:48 AM

Solution

Re: Node is refusing service gaurd communications

Use the ITRC Knowledge Database to view the document titled:
Cluster Configuration Commands Fail with "permission denied"

Doc. ID:UMCSGKBRC00008185

Reply
Mohamed shamy
Occasional Advisor

‎11-06-2006 04:27 PM

‎11-06-2006 04:27 PM

Re: Node is refusing service gaurd communications

Dear doud
I couldn't find the document you mentioned in you reply in the ITRC knowledge base.

0 Kudos
Reply
Mohamed shamy
Occasional Advisor

‎11-06-2006 04:34 PM

‎11-06-2006 04:34 PM

Re: Node is refusing service gaurd communications

Dear all

When it continued troubleshooting the problem i found that an old cluster was already running on the 2 nodes at the time when i changed the hostname of the 2 nodes , so i decided to return back the old hostnames and it worked.
Now how can i change the hostnames of the 2 nodes in the presence of a cluster , do i have to just halt down the cluster before going for the hostname changes because i tried to do that using the command #cmhaltcl but the same problem continued , or is there is another way to destroy the old cluster completely .

thanks
0 Kudos
Reply
Stephen Doud
Honored Contributor

‎11-07-2006 02:22 AM

‎11-07-2006 02:22 AM

Re: Node is refusing service gaurd communications

I was able to locate UMCSGKBRC00008185 in the knowledge database.
But now your issue has changed.
The cluster expects the old hostnames.
To migrate the cluster to new hostnames, do the following:
# cd /etc/cmcluster
# cmgetconf cluster.ascii
o Edit cluster.ascii - updating the hostnames with the new names.
# cmhaltcl -f
# cmdeleteconf -f == does more than zero out the cluster binary file... it also de-clusters the shared volume groups. ie, it removes the cluster ID from those VGs so that they will be marked with the new cluster ID.

ON BOTH NODES:
o Edit /etc/rc.config.d/netconf, modify the hostname entry.
# hostname
o Add hostnames to /etc/cmcluster/cmclnodelist, on both nodes.
o Activate cluster lock VG (if any)
# cmapplyconf -C /etc/cmcluster/cluster.ascii
# cmapplyconf -P -P ...
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎11-07-2006 02:44 AM

‎11-07-2006 02:44 AM

Re: Node is refusing service gaurd communications

Rename cmclconfig and move it to a different directory and then run cmquerycl
-USA..
Good Luck..
0 Kudos
Reply
Stephen Doud
Honored Contributor

‎11-07-2006 03:43 AM

‎11-07-2006 03:43 AM

Re: Node is refusing service gaurd communications

Renaming cmclconfig will not remove the cluster ID from the volume groups. When building a new cluster, the old cluster ID must be removed from the VGs or they will not pass a cmapplyconf due to the old cluster ID.
Removing the cluster ID from a VG can be done by:
# cmdeleteconf -f
# cmapplyconf -C ... with a VG NOT listed in the cluster.ascii
# vgchange -c n
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.