HA users have Group Operator privileges, instead of Group Administrator for the service groups.

1.) Steps to remove GroupOperator 'username' for the Service Group:
Check the current privileges for the VCS user:
Syntax:
# hauser -display
Example:
# hauser -display coracle
coracle : ClusterOperator
          GroupOperator for group(s) ( prdclm01_grp )
Remove Operator privileges from user:
# haconf -makerw
Syntax:
# hauser -delpriv OperatorGroup -group
Example:
# hauser -delpriv coracle OperatorGroup -group prdclm01_grp
--- This is the workaround for the above, if issues are found with doing it:
# hastop -all -force     :keeps zones, databases, and applications running outside of vcs. 
Then 'vi' on the main.cf to remove the Service Group(s) Operators=.  
Next Verify the VCS configuration:
# cd /etc/VRTSvcs/conf/config
# hacf -verify .
If this comes back good:
# hastart
.. on all nodes.
2.) Steps to add Administrator to 'username' for the Service Group
Make VCS configuration writable:
# haconf -makerw 
Syntax:
# hauser -addpriv Administrator -group
Example:
# hauser -addpriv coracle Administrator -group prdclm01_grp
# haconf -dump -makero
Check after resetting the vcs user to be group administrator:
Syntax:
# hauser -display
Example:
# hauser -display coracle
coracle : ClusterOperator
          GroupAdministrator for group(s) ( prdclm01_grp )
3.) Next reset the 'coracle' halogin password:
Syntax:
# /opt/VRTS/bin/hauser - update
Example:
# /opt/VRTS/bin/hauser -update coracle
Enter Password:   <--- enter password
Enter Again:          <--- re-enter to confirm the password
 
Now log onto the system as the VCS user other than root, and log onto the zone:
# /usr/sbin/zlogin prdclm01
Run 'hastatus -sum' command:
# /opt/VRTSvcs/bin/hastatus -sum
VCS NOTICE V-16-1-52563 VCS Login:coracle
Enter Password:
-- SYSTEM STATE
-- System               State                Frozen
A  mtvav240-b2a         RUNNING              0
A  mtvav240-b2b         RUNNING              0
-- GROUP STATE
-- Group           System               Probed     AutoDisabled    State
B  prdclm01_grp    mtvav240-b2a         Y          N               ONLINE

 

 

Applies To

Lab replication setup: zones = prdclm01 mount: prdclm01 = /zone/prdclm01 Zone user: coracle = prdclm01 VCS privilege for user Service Group Operator: bash-3.00# hauser -display coracle coracle : ClusterOperator GroupOperator for group(s) ( prdclm01_grp )

Customer reports that all 'ha' commands work excepting 'hastatus -sum' from in the local zones for VCS user. Customer request for zone user: The local zone user is different {than root}. The username/password is created in VCS configuration. This is done for the oracle owner to manager the Oracle DB/Listener resources from within the local zone (i.e. local zone user clmoracle ssh into the zone, issues halogin clmoracle, provides password and should be able to take a single resource offline/online or switch-over the whole group). The point is to isolate the oracle user from everything else on the physical system, but to give him/her control over the appropriate VCS resources. Customer reports that hagrp -state, hares -state, hagrp -display, hares -display and even hastatus (by itself) return the proper information.