Open topic with navigation
lkGUIserver, lkGUIapp, lkpasswd - LifeKeeper GUI utilities
LKROOT/bin/lkpasswd [-administrator | -operator | -guest | -delete]user
The lkGUIserver command starts and stops the LifeKeeper GUI Server. Once the GUI Server has been started manually following an initial installation, starting and stopping LifeKeeper will start and stop all LifeKeeper daemon processes including the GUI Server.
If the LifeKeeper GUI Server is not running, the command lkGUIserver start starts all LifeKeeper GUI Server daemon processes on the server being administered if they are not currently running.
If the LifeKeeper GUI Server is running, the command lkGUIserver stop halts all LifeKeeper GUI Server daemon processes on the server being administered if they are currently running.
The command lkGUIserver restart restarts all LifeKeeper GUI Server daemon processes on the server being administered through the stop and start options.
The lkGUIapp command runs the LifeKeeper GUI as a Java application. It should be invoked on a server that is running LifeKeeper and the LifeKeeper GUI Server. As the application is loading, an application identity dialog or splash screen for LifeKeeper appears. Once it is loaded, the LifeKeeper GUI and cluster connect dialog are displayed. When a server name is entered and connection to the cluster established, the GUI window displays a visual representation and status of the resources protected by the LifeKeeper cluster.
The lkpasswd command configures GUI users for monitoring or administering LifeKeeper. There are three possible permissions for LifeKeeper GUI users:
Users with Administrator permission through out a cluster can perform all possible actions through the GUI.
Users with Operator permission on a server can view LifeKeeper configuration and status information, and can bring resources into service and take them out of service on that server.
Users with Guest permission on a server can view LifeKeeper configuration and status information on that server.
During installation of the GUI package, an entry for the root login and password is automatically configured with Administrator permission, allowing root to perform all LifeKeeper tasks on that server via the GUI application or web client. If you plan to allow users other than root to use LifeKeeper GUI clients, then you need to configure LifeKeeper GUI users.
The commands for configuring LifeKeeper GUI users are given below. Unless otherwise specified, all commands require you to enter the user's password twice. They take effect on the user's next login, or when the GUI server is restarted, whichever comes first. Each user has a single permission on a given server, and any existing permission entry on that server is deleted whenever a new permission is specified for that user.
The best practice is to always grant permissions on a cluster-wide basis. It is possible to grant permissions on a single-server basis, but that is confusing to users, and makes it impossible to perform administrative tasks. These commands update the password file only on the server being administered, so you should repeat the command on all other servers in the LifeKeeper cluster.
lkpasswd -administrator <user>
This command grants the user Administrator permission for the LifeKeeper GUI.
lkpasswd -operator <user>
This command grants the user Operator permission for the LifeKeeper GUI.
lkpasswd -guest <user>
This command grants the user Guest permission for the LifeKeeper GUI
This command changes the password for an existing user, without affectingt heir permission level.
lkpasswd -delete <user>
This command prevents an existing user from using the LifeKeeper GUI by removing the entry for that user from the password file. It does not require you to enter the user's password.
The LifeKeeper GUI utilities exit with zero upon success and non-zero on failure.
The location of these utilities, LKROOT, is defined in the default file /etc/default/LifeKeeper. The LifeKeeper GUI uses ports 81 and 82 on each server for its administration web server and Java remote object registry. If another application is using the same ports, the LifeKeeper GUI will not function properly. These values may be changed by editing the following entries in the LifeKeeper default file /etc/default/LifeKeeper.
These port values are initialized in the GUI server at start time. If you alter them, you will need to stop and restart the GUI server. These values must be the same across all clusters to which you connect.
The LifeKeeper GUI application uses policy based access control. When the application is loaded, it is assigned permissions based on the Java security policy currently in effect. There is by default a single system-wide policy file, and an optional user policy file located in <HOME>/.java.policy, where HOME specifies the user's home directory. The following permissions must be added to a user's .java.policy file in order to run the LifeKeeper GUI as an application.
* You may want to restrict this by code base. However, if you
* do, remember that the LifeKeeper Recovery Kits can have an
* arbitrary jar component with an arbitrary code base, so
* you'll need to alter the grant to cover these as well.
* Need to be able to do this to all machines in the
* LifeKeeper cluster. You may restrict the network
* specification accordingly.
permission java.net.SocketPermission "*","accept,connect,resolve";
* We use URLClassLoaders to get remote properties files and
* jar pieces.
permission java.lang.RuntimePermission "createClassLoader";
* The following are needed only for the GUI to run as an
* application (the default RMI security manager is more
* restrictive than the one a browser installs for its
permission java.util.PropertyPermission "*","read";
permission java.awt.AWTPermission "*";
permission java.io.FilePermission "<<ALL FILES>>","read,execute";
© 2012 SIOS Technology Corp., the industry's leading provider of business continuity solutions, data replication for continuous data protection.
Open topic with navigation