Document Type | Technical Information
Category | Administration
Applicable Product Versions | 6FS07PS, 7FS01, 7FS02, 7FS02PS
Document Number | TADTI003
Overview
This article explains the differences between root and user permissions based on the startup user of Cluster Manager (hereafter CM), and how to check the CM startup user.
Method
Differences in root and user permissions depending on CM startup user
CM starts with root or user permissions depending on the startup user, and CM started with user permissions cannot manage VIP resources.
Checking the CM startup user
1. Check the user of the tbcm process using ps -ef|grep tbcm
2. Check the Status / Mst in NODE LIST using the cmrctl show cluster command
- When running with root permission, Status: UP (ROOT) and the Mst column contains R are shown
- When running with user permission, Status: UP
3. Check the cm log (cm log: the trace_cm.log file located at the CM_LOG_DEST path specified in cm tip)
- When started with user permission, the log No root permission! vip is not available. appears
CautionIf there is a CM running with root permission in the cluster, and another node's CM starts with user permission, the cluster will go down.
node 2 : (root) cm log | node 2 : (root) cm log |
| 2025/04/24 09:53:22.640 [3] cm_netwo:0956(00) socket fd:11 is set with the priority 2 (accp) 2025/04/24 09:53:22.640 [1] cm_netwo:0967(00) CONNECTION ESTABLISHED FROM [192.168.37.200:46800] (11) 2025/04/24 09:53:22.640 [3] cm_conn.:0632(00) [CONN] CM_GREETING msg (000000000349e360) 2025/04/24 09:53:23.027 [1] cm_actio:3747(04) [cls] [ROOKIE] CM_CLS_JOIN msg (000000000349f380) 2025/04/24 09:53:23.027 [1] cm_actio:1287(04) [cls] cls_name: cls 2025/04/24 09:53:23.027 [1] cm_actio:1288(04) [cls] node_name: cm2 2025/04/24 09:53:23.027 [1] cm_actio:1305(04) [cls] [ERROR] Refuse the cluster join request(no root permission). cluster name:cm2 2025/04/24 09:53:23.027 [1] cm_actio:1422(04) [cls] Send CM_CLS_JOIN_REPLY (-8) to node cm2 2025/04/24 09:53:23.030 [2] cm_netwo:0386(00) connection closed. fd:11 2025/04/24 09:53:23.030 [2] cm_netwo:0498(00) delayed close done. fd:11 | 2025/04/24 09:53:22.629 [1] cm_main.:1370(00) CM Boot Start (omitted) ... 2025/04/24 09:53:22.632 [1] cm_ui.c :2595(02) No root permission! vip is not available. (omitted) ... 2025/04/24 09:53:23.029 [2] cm_actio:8253(04) [cls] cluster join failed. ec:-8 2025/04/24 09:53:23.029 [1] cm_actio:8623(04) [cls] Failed to join cluster cls! 2025/04/24 09:53:23.029 [1] cm_actio:9275(04) [cls] [ERROR] Failed to init ACTION thread 2025/04/24 09:53:23.030 [1] cm_actio:7682(04) [cls] all cluster resource down 2025/04/24 09:53:23.031 [1] cm_actio:9475(04) [cls] Cluster 'cls' down 2025/04/24 09:53:23.137 [1] cm_ui.c :5652(02) [ERROR] Cannot start cluster resource 'cls' |
CautionWhen starting cluster on node2 cm2 with user permission, a cluster cannot start error occurs.
$ cmrctl show
Resource List of Node cm2
=====================================================================
CLUSTER TYPE NAME STATUS DETAIL
----------- -------- -------------- -------- ------------------------
COMMON network pub2 UP (public) ens160
COMMON network int2 UP (private) 192.168.37.200/19629
COMMON cluster cls DOWN inc: int2, pub: pub2
cls service tas DOWN Active Storage, Active Cluster (auto-restart: OFF)
cls service tac DOWN Database, Active Cluster (auto-restart: OFF)
cls as tas2 DOWN tas, /db/tibero7, failed retry cnt: 0
cls db tac2 DOWN tac, /db/tibero7, failed retry cnt: 0
cls vip vip1 UNKNOWN tac, 192.168.56.11/255.255.255.0/192.168.56.255 (1)
failed retry cnt: 0
cls vip vip2 UNKNOWN tac, 192.168.56.21/255.255.255.0/192.168.56.255 (-1)
failed retry cnt: 0
=====================================================================
$ cmrctl start cluster --name cls
No root permission! vip is not available.
[ERROR] cluster (cls) cannot start.
Please run CM as root.