Discussion:
[drbd-mc] Using sudo.
Caspar Smit
2011-02-09 09:53:58 UTC
Permalink
Hi,

I'm using the DRBD-MC more and more and getting really enthuasiastic. Keep
up the good work :)

I would like to give a colleague access to the DRBD-MC but I don't want him
having root privileges on the cluster nodes.
Is this possible by using sudo? I saw an option named sudo at the host
configuration wizard.

What commands does his account need to run under sudo? (like cibadmin,
drbdadm, etc)

Another question: is it possible to start the DRBD-MC in operator and/or
read-only mode?

And another: is it possible to disable the "check for drbd-mc update"
feature?

Kind regards,

Caspar Smit
Systemengineer
True Bit Resources B.V.
Amp?restraat 13E
1446 TP Purmerend

T: +31(0)299 410 475
F: +31(0)299 410 476
@: c.smit at truebit.nl
W: www.truebit.nl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/drbd-mc/attachments/20110209/f96d7a1a/attachment.htm>
Rasto Levrinc
2011-02-09 10:58:40 UTC
Permalink
Post by Caspar Smit
Hi,
I'm using the DRBD-MC more and more and getting really enthuasiastic. Keep
up the good work :)
I would like to give a colleague access to the DRBD-MC but I don't want
him having root privileges on the cluster nodes. Is this possible by using
sudo? I saw an option named sudo at the host configuration wizard.
What commands does his account need to run under sudo? (like cibadmin,
drbdadm, etc)
You can use the sudo, without any problems.

you need /usr/local/bin/drbd-gui-helper* for sure. Note the wildcard,
there's a suffix that changes with every version

For pacemaker you need at least these I think:

/usr/sbin/crm_attribute
/usr/sbin/crm_mon
/usr/sbin/crm_resource
/usr/sbin/crm_standby

Maybe I'll compile the whole list one day.
Post by Caspar Smit
Another question: is it possible to start the DRBD-MC in operator and/or
read-only mode?
yes, the

java -jar DMC-....jar --help

gives you a list of options, so for example

java -jar DMC-0.8.12.jar --op-mode=ro
java -jar DMC-0.8.12.jar --op-mode=op

starts it in readonly or operator mode and it is not possible to change it
to the administrator mode.
Post by Caspar Smit
And another: is it possible to disable the "check for drbd-mc update"
feature?
Yes, there is --no-upgrade-check option and --no-plugin-check option, if
you don't want contact the linbit servers.

Rasto
--
: Dipl-Ing Rastislav Levrinc
: DRBD MC http://oss.linbit.com/drbd-mc/
: DRBD MC http://www.drbd.org/mc/management-console/
: DRBD/HA support and consulting http://www.linbit.com/
DRBD(R) and LINBIT(R) are registered trademarks of LINBIT, Austria.
Caspar Smit
2011-02-09 11:29:01 UTC
Permalink
2011/2/9 Rasto Levrinc <rasto.levrinc at linbit.com>
Post by Rasto Levrinc
Post by Caspar Smit
Hi,
I'm using the DRBD-MC more and more and getting really enthuasiastic. Keep
up the good work :)
I would like to give a colleague access to the DRBD-MC but I don't want
him having root privileges on the cluster nodes. Is this possible by
using
Post by Caspar Smit
sudo? I saw an option named sudo at the host configuration wizard.
What commands does his account need to run under sudo? (like cibadmin,
drbdadm, etc)
You can use the sudo, without any problems.
you need /usr/local/bin/drbd-gui-helper* for sure. Note the wildcard,
there's a suffix that changes with every version
/usr/sbin/crm_attribute
/usr/sbin/crm_mon
/usr/sbin/crm_resource
/usr/sbin/crm_standby
Maybe I'll compile the whole list one day.
Thanks, I will start testing right away.
Post by Rasto Levrinc
Post by Caspar Smit
Another question: is it possible to start the DRBD-MC in operator and/or
read-only mode?
yes, the
java -jar DMC-....jar --help
gives you a list of options, so for example
java -jar DMC-0.8.12.jar --op-mode=ro
java -jar DMC-0.8.12.jar --op-mode=op
starts it in readonly or operator mode and it is not possible to change it
to the administrator mode.
Great, couldn't get this to work at first because the correct syntax is:

java -jar DMC-0.8.12.jar --op-mode ro (without the '=' )

Now it's working :)
Post by Rasto Levrinc
Post by Caspar Smit
And another: is it possible to disable the "check for drbd-mc update"
feature?
Yes, there is --no-upgrade-check option and --no-plugin-check option, if
you don't want contact the linbit servers.
Works like a charm, thanks :)
Post by Rasto Levrinc
Rasto
--
: Dipl-Ing Rastislav Levrinc
: DRBD MC http://oss.linbit.com/drbd-mc/
: DRBD MC http://www.drbd.org/mc/management-console/
: DRBD/HA support and consulting http://www.linbit.com/
DRBD(R) and LINBIT(R) are registered trademarks of LINBIT, Austria.
_______________________________________________
drbd-mc mailing list
drbd-mc at lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-mc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/drbd-mc/attachments/20110209/8a285fe3/attachment.htm>
Caspar Smit
2011-02-09 13:09:37 UTC
Permalink
Hi Rasto,

I created a user "john" which has sudo access.

When I add a host and type john as username and select "use sudo" i
immediatly get the following error:

Failed.
Command failed.1

And in the console is see:

[john at 192.168.0.12:~#] /usr/local/bin/drbd-gui-helper-0.8.12 all
DRBD MC sudo pwd:
[john at 192.168.0.12:~#]

Shouldn't there be a "sudo" command before /usr/local/etc.....

Because when I type the command in an ssh shell it works (but only with the
sudo command):

$ sudo /usr/local/bin/drbd-gui-helper-0.8.12 all

net-info
eth0 192.168.0.12 00:30:48:f3:2f:d4 255.255.255.0
eth0:0 192.168.0.30 00:30:48:f3:2f:d4 255.255.255.0
eth0:1 192.168.0.31 00:30:48:f3:2f:d4 255.255.255.0
eth0:2 192.168.0.32 00:30:48:f3:2f:d4 255.255.255.0
eth0:3 192.168.0.33 00:30:48:f3:2f:d4 255.255.255.0
eth2 10.0.0.1 00:15:17:eb:a6:b5 255.255.255.0
eth3 10.0.1.1 00:15:17:eb:a6:b4 255.255.255.0
eth4 10.0.2.1 00:15:17:eb:a6:b7 255.255.255.0
eth5 10.0.3.1 00:15:17:eb:a6:b6 255.255.255.0
disk-info
/dev/md0 rl:/dev/md0 size:976762496
/dev/md1 rl:/dev/md1 size:976762496
/dev/md2 rl:/dev/md2 size:976762496
/dev/md3 rl:/dev/md3 size:976762496

Kind regards,

Caspar Smit
Systemengineer
True Bit Resources B.V.
Amp?restraat 13E
1446 TP Purmerend

T: +31(0)299 410 475
F: +31(0)299 410 476
@: c.smit at truebit.nl
W: www.truebit.nl



2011/2/9 Rasto Levrinc <rasto.levrinc at linbit.com>
Post by Rasto Levrinc
Post by Caspar Smit
Hi,
I'm using the DRBD-MC more and more and getting really enthuasiastic. Keep
up the good work :)
I would like to give a colleague access to the DRBD-MC but I don't want
him having root privileges on the cluster nodes. Is this possible by
using
Post by Caspar Smit
sudo? I saw an option named sudo at the host configuration wizard.
What commands does his account need to run under sudo? (like cibadmin,
drbdadm, etc)
You can use the sudo, without any problems.
you need /usr/local/bin/drbd-gui-helper* for sure. Note the wildcard,
there's a suffix that changes with every version
/usr/sbin/crm_attribute
/usr/sbin/crm_mon
/usr/sbin/crm_resource
/usr/sbin/crm_standby
Maybe I'll compile the whole list one day.
Post by Caspar Smit
Another question: is it possible to start the DRBD-MC in operator and/or
read-only mode?
yes, the
java -jar DMC-....jar --help
gives you a list of options, so for example
java -jar DMC-0.8.12.jar --op-mode=ro
java -jar DMC-0.8.12.jar --op-mode=op
starts it in readonly or operator mode and it is not possible to change it
to the administrator mode.
Post by Caspar Smit
And another: is it possible to disable the "check for drbd-mc update"
feature?
Yes, there is --no-upgrade-check option and --no-plugin-check option, if
you don't want contact the linbit servers.
Rasto
--
: Dipl-Ing Rastislav Levrinc
: DRBD MC http://oss.linbit.com/drbd-mc/
: DRBD MC http://www.drbd.org/mc/management-console/
: DRBD/HA support and consulting http://www.linbit.com/
DRBD(R) and LINBIT(R) are registered trademarks of LINBIT, Austria.
_______________________________________________
drbd-mc mailing list
drbd-mc at lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-mc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/drbd-mc/attachments/20110209/c5fd156c/attachment.htm>
Rasto Levrinc
2011-02-09 13:44:56 UTC
Permalink
Post by Caspar Smit
Hi Rasto,
I created a user "john" which has sudo access.
When I add a host and type john as username and select "use sudo" i
Heh, unfortunately right now you would have to add /bin/bash command to
the sudoers file and this is equivalent to allowing all commands, I guess.

Rasto
--
: Dipl-Ing Rastislav Levrinc
: DRBD MC http://oss.linbit.com/drbd-mc/
: DRBD MC http://www.drbd.org/mc/management-console/
: DRBD/HA support and consulting http://www.linbit.com/
DRBD(R) and LINBIT(R) are registered trademarks of LINBIT, Austria.
Caspar Smit
2011-02-09 14:30:38 UTC
Permalink
Rasto,

When adding /bin/bash it works indeed but this makes using sudo pretty much
useless :)

Will this be fixed any time soon?

Kind regards,

Caspar Smit

2011/2/9 Rasto Levrinc <rasto.levrinc at linbit.com>
Post by Rasto Levrinc
Post by Caspar Smit
Hi Rasto,
I created a user "john" which has sudo access.
When I add a host and type john as username and select "use sudo" i
Heh, unfortunately right now you would have to add /bin/bash command to
the sudoers file and this is equivalent to allowing all commands, I guess.
Rasto
--
: Dipl-Ing Rastislav Levrinc
: DRBD MC http://oss.linbit.com/drbd-mc/
: DRBD MC http://www.drbd.org/mc/management-console/
: DRBD/HA support and consulting http://www.linbit.com/
DRBD(R) and LINBIT(R) are registered trademarks of LINBIT, Austria.
_______________________________________________
drbd-mc mailing list
drbd-mc at lists.linbit.com
http://lists.linbit.com/mailman/listinfo/drbd-mc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/drbd-mc/attachments/20110209/3b27daed/attachment.htm>
Rasto Levrinc
2011-02-09 14:56:03 UTC
Permalink
Post by Caspar Smit
Rasto,
When adding /bin/bash it works indeed but this makes using sudo pretty
much useless :)
Will this be fixed any time soon?
Yup, I could fix it, somewhat painstakingly. But ok, if there's demand for
it... :)

Rasto
--
: Dipl-Ing Rastislav Levrinc
: DRBD MC http://oss.linbit.com/drbd-mc/
: DRBD MC http://www.drbd.org/mc/management-console/
: DRBD/HA support and consulting http://www.linbit.com/
DRBD(R) and LINBIT(R) are registered trademarks of LINBIT, Austria.
Loading...