07-18-2011 10:50 PM
Hi,
We've upgraded VCS from 4.0 to 5.0 and discovered that we're not able anymore use hacli for non root user (execute command on another nodes in cluster)
HacliUserLevel parameter in 5.0 can be set to COMMANDROOT/NONE only, which restricts using hacli for root user.
The problem is that root access very limited on the customer site...
Is there any solution for that ?
Thanks
Solved! Go to Solution.
07-19-2011 12:41 AM
If it is a bunch of scripts, rather than adhoc commands, you could use VCS actions something like this:
You can now run your scripts from command line from on any node specifying what node you want script to run on with "-sys" option like:
hares -action FileOnOff_res_name script_name [-actionargs arg1 arg2 ...] -sys system
You can also run from VCS GUI by right clicking on resource and choosing "actions"
The scripts will be passed the name of the resource so you can use this to determine what service group the resource is in if your scripts performs actions relative to service group. The way args are passed changed, but not sure if this was 5.0 or 5.1 so I think they passed something like:
resource_name 1 arg1_value 2 arg2_value
as oppose to
resource_name arg1_value arg2_value
But you can put "echo $* > /tmp/args" at start of your script to see what args are passed.
If you wanted to run adhoc commands you could probably have your script run "sh arg1"
Mike
07-19-2011 12:05 AM
Why do you need to run commands from another node - why not log on to that node - you could use ssh/rsh. What commands are you running - adhoc commands or specific commands?
Mike
07-19-2011 12:17 AM
you are right, basically I can use silent ssh
the problem is that bunch of scripts written with hacli (for VCS 4.0), so it will create a lot work ...
This is the reason I'm looking for VCS backward compatibility soltion
07-19-2011 12:41 AM
If it is a bunch of scripts, rather than adhoc commands, you could use VCS actions something like this:
You can now run your scripts from command line from on any node specifying what node you want script to run on with "-sys" option like:
hares -action FileOnOff_res_name script_name [-actionargs arg1 arg2 ...] -sys system
You can also run from VCS GUI by right clicking on resource and choosing "actions"
The scripts will be passed the name of the resource so you can use this to determine what service group the resource is in if your scripts performs actions relative to service group. The way args are passed changed, but not sure if this was 5.0 or 5.1 so I think they passed something like:
resource_name 1 arg1_value 2 arg2_value
as oppose to
resource_name arg1_value arg2_value
But you can put "echo $* > /tmp/args" at start of your script to see what args are passed.
If you wanted to run adhoc commands you could probably have your script run "sh arg1"
Mike
07-19-2011 12:54 AM
Thanks Mike
I understand proposed solution, but creating silent ssh and replace hacli commands to ssh style seems to me easier...
The goal of my post was actually to find out if VCS 5.0 keeps a backward compatibility for hacli (some kind of new attribute,flag etc...)
and thus reduce production changes to minimum.
07-19-2011 05:47 AM
You already stated you have issues running root on source box, so I guess it depends on whether scripts need to run as root on target box - i.e with VCS 4.0 hacli you would have run command as non-root on node1 which would have run commands as root on node2. If you use ssh on node1, then if root access is restricted, then it can't run as root on node2 and this may (or maynot be an issue). Even if script needs to be run as a specifc user then this means original script would have run "su - user" and if you run this script as non-root, even with the same user you do the "su -" to, you will be prompted with a password so you will have to ammend scripts. With action scripts, once you have added FileOnOff resource and modified Type, if you don't need to pass any args then you just need to replace:
hacli -cmd full_path/script_name -sys system
hares -action FileOnOff_res_name script_name -sys system
hares -action FileOnOff_res_name run_command -args ls -sys system
# Remove "resource_name" from args shift # Run command $*
I don't know of any backward compatibility for hacli.
07-19-2011 06:26 AM
10x guys
I'll try it