Using hacli for non root users - VCS 5.0
Hi,
We've upgraded VCS from 4.0 to 5.0 and discovered that we're not able anymore use hacli for non root user (execute command on another nodes in cluster)
HacliUserLevel parameter in 5.0 can be set to COMMANDROOT/NONE only, which restricts using hacli for root user.
The problem is that root access very limited on the customer site...
Is there any solution for that ?
Thanks
If it is a bunch of scripts, rather than adhoc commands, you could use VCS actions something like this:
- Create a dummy FileOnOff resource - this could be in any service group, but if scripts are run against resources in a particular resource, then add it to this service group(s). Make resource non-critical and do not make any resources dependent on it so that it does not effect servicegroup in any way (although there is not much that can go wrong with just a creating file).
- Create an "actions" directory in /opt/VRTSvcs/bin/FileOnOff and place your scripts in this directory on all nodes
- Populate SupportedActions attribute on FileOnOff type with a list of your scripts
You can now run your scripts from command line from on any node specifying what node you want script to run on with "-sys" option like:
hares -action FileOnOff_res_name script_name [-actionargs arg1 arg2 ...] -sys system
You can also run from VCS GUI by right clicking on resource and choosing "actions"
The scripts will be passed the name of the resource so you can use this to determine what service group the resource is in if your scripts performs actions relative to service group. The way args are passed changed, but not sure if this was 5.0 or 5.1 so I think they passed something like:
resource_name 1 arg1_value 2 arg2_value
as oppose to
resource_name arg1_value arg2_value
But you can put "echo $* > /tmp/args" at start of your script to see what args are passed.
If you wanted to run adhoc commands you could probably have your script run "sh arg1"
Mike
- Create a dummy FileOnOff resource - this could be in any service group, but if scripts are run against resources in a particular resource, then add it to this service group(s). Make resource non-critical and do not make any resources dependent on it so that it does not effect servicegroup in any way (although there is not much that can go wrong with just a creating file).