Re: SG 11.18. cmclconfd[]: Permission denied for root

Pavlo Zhuk · ‎01-18-2008

Hi,

I have rx3600 servers, and want to configure 2 cluster nodes.

HP-UX 11.23
ServiceGuard 11.18.0

During configuration check I can see error:

# cmcheckconf -k -v -C /etc/cmcluster/cluster.conf
Begin cluster verification...
Checking cluster file: /etc/cmcluster/cluster.conf
Checking nodes ... Done
Checking existing configuration ... Done
Node ussdg2_A is refusing Serviceguard communication.
Please make sure that the proper security access is configured on node
ussdg2_A through either file-based access (pre-A.11.16 version) or role-based
access (version A.11.16 or higher) and/or that the host name lookup
on node ussdg2_A resolves the IP address correctly.
cmcheckconf: Failed to gather configuration information

And syslog show this error:

# tail -5 syslog.log
Jan 17 17:07:07 ussdg2_A inetd[6197]: rpc.cmsd/udp: Added service, server /usr/dt/bin/rpc.cmsd
Jan 17 17:07:07 ussdg2_A inetd[6197]: rpc.ttdbserver /tcp: Added service, server /usr/dt/bin/rpc.ttdbserver
Jan 17 17:07:07 ussdg2_A inetd[6197]: Configuration complete
Jan 17 17:07:13 ussdg2_A cmclconfd[6199]: Permission denied for root@ussdg2_A (RBA)
Jan 17 17:07:29 ussdg2_A cmclconfd[6207]: Permission denied for root@ussdg2_A (RBA)

I have checked name resolve on both nodes:

# nslookup 10.44.2.21
Using /etc/hosts on: ussdg2_A

looking up FILES
Name: ussdg2_A
Address: 10.44.2.21

# nslookup ussdg2_A
Using /etc/hosts on: ussdg2_A

looking up FILES
Name: ussdg2_A
Address: 10.44.2.21

# cat /etc/nsswitch.conf
hosts: files dns

# cat /etc/hosts
# @(#)B11.23_LRhosts $Revision: 1.9.214.1 $ $Date: 96/10/08 13:20:01 $

10.44.2.21 ussdg2_A
10.44.2.22 ussdg2_B
127.0.0.1 localhost loopback

Also, .rhosts and cmclnodelist had been created:

#cat /.rhosts
127.0.0.1 root
10.44.2.21 root
10.44.2.22 root

# cat /etc/cmcluster/cmclnodelist
ussdg2_A root
ussdg2_B root
10.44.2.21 root
10.44.2.22 root
127.0.0.1 root

identd is running on port 113/TCP
HP ServiceGuard daemons exist in inetd.conf and running. Ports ate listened and NOT filetered.

HP Bastille is NOT installed.

Please, advice, what to do.

Thanks.

Pavlo Zhuk · ‎01-18-2008

In addition:

HPSS_37094 had been installed, but it doesn't help to resolve the problem.

Ivan Krastev · ‎01-18-2008

Please ensure that reverse resolving is working on the both nodes.

regards,
ivan

Pavlo Zhuk · ‎01-18-2008

Ivan,

Thanks for answer.

Direct and reverse resolve is working:

# nslookup 10.44.2.21
Using /etc/hosts on: ussdg2_A

looking up FILES
Name: ussdg2_A
Address: 10.44.2.21

# nslookup ussdg2_A
Using /etc/hosts on: ussdg2_A

looking up FILES
Name: ussdg2_A
Address: 10.44.2.21

Or may be I misundersand what you mean? How to check reverse resolve?

Pavlo Zhuk · ‎01-18-2008

Problem still exists...Need help! :(

Hasan Atasoy · ‎01-18-2008

hi pavlo ;

look at inetd.conf file , identd must be enabled ( there is no # at the beginning of the file ) . open it and inetd -c

Hasan

Pavlo Zhuk · ‎01-18-2008

identd is running, enabled from inetd.conf

Ivan Krastev · ‎01-18-2008

On the both nodes check:

nslookup 10.44.2.21
nslookup 10.44.2.22

regards,
ivan

Pavlo Zhuk · ‎01-18-2008

Yes, Reverse resolve is working on both node correctly. Direct resolve is working as well.

Hasan Atasoy · ‎01-18-2008

run

/sbin/init.d/cmcluster start

on both nodes and try again.

Hasan

Pavlo Zhuk · ‎01-18-2008

Hasan,

Thanks for reply.
Here is attempt to start cmcluster:

# ./cmcluster start

# cmviewconf: Unable to connect to Serviceguard daemon or cmclconfd on the local node.

Check the syslog file for more information.

cmrunnode : Unable to connect to the local cluster: Permission denied.

User root on node ussdg2_A doesn't have access to view the configuration

ERROR: Unable to join cluster

# tail -5 /var/adm/syslog/syslog.log

Jan 18 15:04:51 ussdg2_A cmclconfd[8322]: Permission denied for root@ussdg2_A (RBA)

Jan 18 15:03:41 ussdg2_A syslog: /usr/sbin/cmrunnode -v

Jan 18 15:05:16 ussdg2_A above message repeats 10 times

Jan 18 15:05:16 ussdg2_A cmclconfd[8357]: Permission denied for root@ussdg2_A (RBA)

Jan 18 15:05:16 ussdg2_A syslog: /usr/sbin/cmrunnode -v

Hasan Atasoy · ‎01-18-2008

hi ;

is there a secondary ip's on the nodes . if so please add them to /etc/hosts with their alias names ..

Ivan Krastev · ‎01-18-2008

Enable more verbose logging for SG:

# cmsetlog 5

this will log everything in syslog.log file.
If you want to redirect to another file use:

# cmsetlog -f /PATH/FILE.log

To revert back to normal logging use:
# cmsetlog -r
and
# cmsetlog -s
if you have redirected messages to other file.

regards,
ivan

Pavlo Zhuk · ‎01-18-2008

Ivan,

thanks for reply.
But this command is also fails by the same reason. I can not change log level because root access is denied.

Pavlo Zhuk · ‎01-18-2008

I have reinstalled the package, but still I have same issue.

Mridul Shrivastava · ‎01-18-2008

Have you copied the cluster configuration files on both the nodes and they have the same copy. Is both node names are entered in cmclnodelist ???

Check the permission for the cluster files and then try running cmquerycl ?

Time has a wonderful way of weeding out the trivial

Mridul Shrivastava · ‎01-18-2008

Sorry I missed SG version.. so cmclnodelist is not relevant any more...

If everything else mentioned in the last post is correct and it is not working then try modifying the main sG configuration file in /etc/cmcluster and add lines like this:

USER_NAME
USER_HOST
USER_ROLE

Then save the file and run

cmapplyconf -f -C

Time has a wonderful way of weeding out the trivial

Mridul Shrivastava · ‎01-18-2008

Sorry I missed SG version.. so cmclnodelist is not relevant any more...

If everything else mentioned in the last post is correct and it is not working then try modifying the main sG configuration file in /etc/cmcluster and add lines like this:

USER_NAME
USER_HOST
USER_ROLE

Then save the file and run

cmcheckconf -f -C

Time has a wonderful way of weeding out the trivial

Pavlo Zhuk · ‎01-18-2008

Mridul,

Thanks for answer.

If I am adding USER specification into cluster.conf and trying to check configuration, I have error:

user root can not be limited, cluster and configuration fails.

Mridul Shrivastava · ‎01-18-2008

Could you please post the hacl-cfg lines from identd.conf file ?

Please check the file /var/adm/inetd.sec is present ??

Time has a wonderful way of weeding out the trivial

Gary L. Paveza, Jr. · ‎01-18-2008

/etc/hosts on both nodes must contain all IP addresses from both nodes. Actually it only must contain any IP addresses that may be used for cluster communication, but it's easier to just add them all.

Robert Salter · ‎01-22-2008

Don't know if you tried this or not but, uncomment the 'hacl-probe' and 'hacl-cfg' entries in /etc/inetd.conf, run 'inetd -c'.

Time to smoke and joke

Pavlo Zhuk · ‎01-28-2008

The problem was - a binary config file stored in /etc/cmcluster/

I have copied full directory from /etc/cmcluster from another server, where ServiceGuard was running. And binary cofig was there.

It is strange, that ServiceGuard creates binary configs in /etc, and also - there are no any note about this configs in documentation.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: SG 11.18. cmclconfd[]: Permission denied for root

SG 11.18. cmclconfd[]: Permission denied for root