分类:
2009-09-09 16:30:35
A.系统级别的MC配置
A-1: 指定群集节点和生成群集配置模版文件并改动模版文件
# cmquerycl –v –C /etc/cmcluster/cmclconf.ascii –n hp1–n hp2
注意:有时候系统的CLUSTER里面主机不止两个,要在-n跟上各个主机的名字.
两个主机版本不同,密码不同有时候会有问题
生成文件后,用vi改动,粽色表示需要人工干预的参数
#vi /etc/cmcluster/cmclconf.ascii
脚本
# *************************************************************************************
# ********* HIGH AVAILABILITY CLUSTER CONFIGURATION FILE #
# ***** For complete details about cluster parameters and how to #
# ***** set them, consult the Serviceguard manual. #
# ************************************************************************************ #
# Enter a name for this cluster. This name will be used to identify the
# cluster when viewing or manipulating it.
CLUSTER_NAME cluster1 (集群名字)
# Cluster Lock Parameters
# The cluster lock is used as a tie-breaker for situations
# in which a running cluster fails, and then two equal-sized
# sub-clusters are both trying to form a new cluster. The
# cluster lock may be configured using only one of the
# following alternatives on a cluster:
# the LVM lock disk
# the quorom server
#
#
# Consider the following when configuring a cluster.
# For a two-node cluster, you must use a cluster lock. For
# a cluster of three or four nodes, a cluster lock is strongly
# recommended. For a cluster of more than four nodes, a
# cluster lock is recommended. If you decide to configure
# a lock for a cluster of more than four nodes, it must be
# a quorum server.
# Lock Disk Parameters. Use the FIRST_CLUSTER_LOCK_VG and
# FIRST_CLUSTER_LOCK_PV parameters to define a lock disk.
# The FIRST_CLUSTER_LOCK_VG is the LVM volume group that
# holds the cluster lock. This volume group should not be
# used by any other cluster as a cluster lock device.
# Quorum Server Parameters. Use the QS_HOST, QS_POLLING_INTERVAL,
# and QS_TIMEOUT_EXTENSION parameters to define a quorum server.
# The QS_HOST is the host name or IP address of the system
# that is running the quorum server process. The
# QS_POLLING_INTERVAL (microseconds) is the interval at which
# Serviceguard checks to make sure the quorum server is running.
# The optional QS_TIMEOUT_EXTENSION (microseconds) is used to increase
# the time interval after which the quorum server is marked DOWN.
#
# The default quorum server timeout is calculated from the
# Serviceguard cluster parameters, including NODE_TIMEOUT and
# HEARTBEAT_INTERVAL. If you are experiencing quorum server
# timeouts, you can adjust these parameters, or you can include
# the QS_TIMEOUT_EXTENSION parameter.
#
# The value of QS_TIMEOUT_EXTENSION will directly effect the amount
# of time it takes for cluster reformation in the event of failure.
# For example, if QS_TIMEOUT_EXTENSION is set to 10 seconds, the cluster
# reformation will take 10 seconds longer than if the QS_TIMEOUT_EXTENSION
# was set to 0. This delay applies even if there is no delay in
# contacting the Quorum Server. The recommended value for
# QS_TIMEOUT_EXTENSION is 0, which is used as the default
# and the maximum supported value is 30000000 (5 minutes).
#
# For example, to configure a quorum server running on node
# "qshost" with 120 seconds for the QS_POLLING_INTERVAL and to
# add 2 seconds to the system assigned value for the quorum server
# timeout, enter:
#
# QS_HOST qshost
# QS_POLLING_INTERVAL 120000000
# QS_TIMEOUT_EXTENSION 2000000
FIRST_CLUSTER_LOCK_VG /dev/vglock(锁盘VG)
# Definition of nodes in the cluster.
# Repeat node definitions as necessary for additional nodes.
# NODE_NAME is the specified nodename in the cluster.
# It must match the hostname and both cannot contain full domain name.
# Each NETWORK_INTERFACE, if configured with IPv4 address,
# must have ONLY one IPv4 address entry with it which could
# be either HEARTBEAT_IP or STATIONARY_IP.
# Each NETWORK_INTERFACE, if configured with IPv6 address(es)
# can have multiple IPv6 address entries(up to a maximum of 2,
# only one IPv6 address entry belonging to site-local scope
# and only one belonging to global scope) which must be all
# STATIONARY_IP. They cannot be HEARTBEAT_IP.
NODE_NAME hp1 (1号机名字)
NETWORK_INTERFACE lan0 (心跳网卡)
HEARTBEAT_IP 192.168.0.1(心跳IP地址,请注意,请改成HEARTBEAT_IP)
NETWORK_INTERFACE lan2 (业务网卡)
HEARTBEAT_IP 10.157.166.1(1号机业务用IP地址)
NETWORK_INTERFACE lan3(不需要配置)
FIRST_CLUSTER_LOCK_PV /dev/dsk/c8t0d0 (LOCK VG 物理地址)
# List of serial device file names
# For example:
# SERIAL_DEVICE_FILE /dev/tty0p0
# Warning: There are no standby network interfaces for lan0.
# Possible standby Network Interfaces for lan2: lan3.
NODE_NAME hp1 (2号机名字)
NETWORK_INTERFACE lan0 (心跳网卡)
HEARTBEAT_IP 192.168.0.2 (心跳IP地址,请注意,请改成HEARTBEAT_IP)
NETWORK_INTERFACE lan2 (业务网卡)
HEARTBEAT_IP 10.157.166.2 (1号机业务用IP地址)
NETWORK_INTERFACE lan3(不需要配置)
FIRST_CLUSTER_LOCK_PV /dev/dsk/c8t0d0 (LOCK VG 物理地址)
#注意:物理路径要符合,不要把vgdb和vglock两个vg的物理地址混淆
# List of serial device file names
# For example:
# SERIAL_DEVICE_FILE /dev/tty0p0
# Warning: There are no standby network interfaces for lan0.
# Possible standby Network Interfaces for lan2: lan3.
# Cluster Timing Parameters (microseconds).
# The NODE_TIMEOUT parameter defaults to 2000000 (2 seconds).
# This default setting yields the fastest cluster reformations.
# However, the use of the default value increases the potential
# for spurious reformations due to momentary system hangs or
# network load spikes.
# For a significant portion of installations, a setting of
# 5000000 to 8000000 (5 to 8 seconds) is more appropriate.
# The maximum value recommended for NODE_TIMEOUT is 30000000
# (30 seconds).
HEARTBEAT_INTERVAL 1000000
NODE_TIMEOUT 2000000
#注意:节点轮询时间和超时设置,一般不动,毫秒为单位
# Configuration/Reconfiguration Timing Parameters (microseconds).
AUTO_START_TIMEOUT 600000000
NETWORK_POLLING_INTERVAL 2000000
#注意:网络启动时间,失败时候的顺序,一般不动, 毫秒为单位
# Network Monitor Configuration Parameters.
# The NETWORK_FAILURE_DETECTION parameter determines how LAN card failures are d
etected.
# If set to INONLY_OR_INOUT, a LAN card will be considered down when its inbound
# message count stops increasing or when both inbound and outbound
# message counts stop increasing.
# If set to INOUT, both the inbound and outbound message counts must
# stop increasing before the card is considered down.
NETWORK_FAILURE_DETECTION INOUT
# Package Configuration Parameters.
# Enter the maximum number of packages which will be configured in the cluster.
# You can not add packages beyond this limit.
# This parameter is required.
MAX_CONFIGURED_PACKAGES 3
注意:MC里面需要预留几个程序包,有的环境是2个,3个,多个程序包多会耗费一定的内存
如果程序包只预留了一个,以后要加程序包,这个参数不可逆,所以要重新做MC生成模版
# Access Control Policy Parameters.
#
# Three entries set the access control policy for the cluster:
# First line must be USER_NAME, second USER_HOST, and third USER_ROLE.
# Enter a value after each.
#
# 1. USER_NAME can either be ANY_USER, or a maximum of
# 8 login names from the /etc/passwd file on user host.
# 2. USER_HOST is where the user can issue Serviceguard commands.
# If using Serviceguard Manager, it is the COM server.
# Choose one of these three values: ANY_SERVICEGUARD_NODE, or
# (any) CLUSTER_MEMBER_NODE, or a specific node. For node,
# use the official hostname from domain name server, and not
# an IP addresses or fully qualified name.
# 3. USER_ROLE must be one of these three values:
# * MONITOR: read-only capabilities for the cluster and packages
# * PACKAGE_ADMIN: MONITOR, plus administrative commands for packages
# in the cluster
# * FULL_ADMIN: MONITOR and PACKAGE_ADMIN plus the administrative
# commands for the cluster.
#
# Access control policy does not set a role for configuration
# capability. To configure, a user must log on to one of the
# cluster's nodes as root (UID=0). Access control
# policy cannot limit root users' access.
#
# MONITOR and FULL_ADMIN can only be set in the cluster configuration file,
# and they apply to the entire cluster. PACKAGE_ADMIN can be set in the
# cluster or a package configuration file. If set in the cluster
# configuration file, PACKAGE_ADMIN applies to all configured packages.
# If set in a package configuration file, PACKAGE_ADMIN applies to that
# package only.
#
# Conflicting or redundant policies will cause an error while applying
# the configuration, and stop the process. The maximum number of access
# policies that can be configured in the cluster is 200.
#
# Example: to configure a role for user john from node noir to
# administer a cluster and all its packages, enter:
# USER_NAME john
# USER_HOST noir
# USER_ROLE FULL_ADMIN
# List of cluster aware LVM Volume Groups. These volume groups will
# be used by package applications via the vgchange -a e command.
# Neither CVM or VxVM Disk Groups should be used here.
# For example:
# VOLUME_GROUP /dev/vgdatabase
# VOLUME_GROUP /dev/vg02
VOLUME_GROUP /dev/vglock 与集群有关的VG请全部列出
VOLUME_GROUP /dev/vgdata1
VOLUME_GROUP /dev/vgdata2
1-2: 验证群集配置
# cmcheckconf –k –v –C /etc/cmcluster/cmclconf.ascii
如果没有报错信息,显示完成信息,即表示通过。有的时候有一些有关CDROM的小警告,但是只要系统建议你可以做下一步,只要提示是complete就OK
1-3:在节点间分发配置文件
# vgchange –a y /dev/vglock
(在HP1号机上激活VGLOCK,请检查一下HP2号机上VG的激活情况)。
请不要激活所有与数据VG相关的VG 只激活VGLOCK
因为分发是正式的要发二进制的控制文件,一定要提前激活vglock的属性,否则以后MC启动有小问题
# cmapplyconf –k –v –C /etc/cmcluster/cmclconf.ascii
编辑文件/etc/rc.config.d/cmcluster,将参数AUTOSTART_CMCLD设为1,则在系统自举时自动启动CLUSTER。我们一般不自动启动群集,请将其设置为0,或者跳过这一步}
#vgchange –a n /dev/vglock
运行 群集
Cmruncl –v
查看群集
Cmviewcl –v
B、应用级别的ORACLE程序包配置
B-1: 创建程序包配置模板, 编辑这些模板文件,以指定程序包名称、按优先级排序的节点列表、控制脚本的位置以及各个程序包的故障切换参数。
# mkdir /dev/cmcluster/pkg1
# cmmakepkg –p /etc/cmcluster/pkg1/pkg1.conf
#vi /etc/cmcluser/pkg1/pkg1.conf
脚本
# ********************************************************************** *******
# ****** HIGH AVAILABILITY PACKAGE CONFIGURATION FILE (template)
# *********************************************************************** *******
# ******* Note: This file MUST be edited before it can be used.
# * For complete details about package parameters and how to set them, *
# * consult the Serviceguard Extension for RAC manuals.
# ******************************************************************************
# Enter a name for this package. This name will be used to identify the
# package when viewing or manipulating it. It must be different from
# the other configured package names.
PACKAGE_NAME pkg1 (程序包的名字)
# Enter the package type for this package. PACKAGE_TYPE indicates
# whether this package is to run as a FAILOVER or SYSTEM_MULTI_NODE
# package.
#
# FAILOVER package runs on one node at a time and if a failure
# occurs it can switch to an alternate node.
#
# SYSTEM_MULTI_NODE
# package runs on multiple nodes at the same time.
# It can not be started and halted on individual nodes.
# Both NODE_FAIL_FAST_ENABLED and AUTO_RUN must be set
# to YES for this type of package. All SERVICES must
# have SERVICE_FAIL_FAST_ENABLED set to YES.
#
# NOTE: Packages which have a PACKAGE_TYPE of SYSTEM_MULTI_NODE are
# not failover packages and should only be used for applications
# provided by Hewlett-Packard.
#
# Since SYSTEM_MULTI_NODE packages run on multiple nodes at
# one time, following parameters are ignored:
#
# FAILOVER_POLICY
# FAILBACK_POLICY
#
# Since an IP address can not be assigned to more than node at a
# time, relocatable IP addresses can not be assigned in the
# package control script for multiple node packages. If
# volume groups are assigned to multiple node packages they must
# activated in a shared mode and data integrity is left to the
# application. Shared access requires a shared volume manager.
#
#
# Examples : PACKAGE_TYPE FAILOVER (default)
# PACKAGE_TYPE SYSTEM_MULTI_NODE
#
PACKAGE_TYPE FAILOVER(默认数值,不需更改)
# Enter the failover policy for this package. This policy will be used
# to select an adoptive node whenever the package needs to be started.
# The default policy unless otherwise specified is CONFIGURED_NODE.
# This policy will select nodes in priority order from the list of
# NODE_NAME entries specified below.
#
# The alternative policy is MIN_PACKAGE_NODE. This policy will select
# the node, from the list of NODE_NAME entries below, which is
# running the least number of packages at the time this package needs
# to start.
FAILOVER_POLICY CONFIGURED_NODE(默认数值,不需更改)
# Enter the failback policy for this package. This policy will be used
# to determine what action to take when a package is not running on
# its primary node and its primary node is capable of running the
# package. The default policy unless otherwise specified is MANUAL.
# The MANUAL policy means no attempt will be made to move the package
# back to its primary node when it is running on an adoptive node.
#
# The alternative policy is AUTOMATIC. This policy will attempt to
# move the package back to its primary node whenever the primary node
# is capable of running the package.
FAILBACK_POLICY MANUAL(默认数值,不需更改)
# Enter the names of the nodes configured for this package. Repeat
# this line as necessary for additional adoptive nodes.
#
# NOTE: The order is relevant.
# Put the second Adoptive Node after the first one.
#
# Example : NODE_NAME original_node
# NODE_NAME adoptive_node
#
# If all nodes in the cluster are to be specified and order is not
# important, "NODE_NAME *" may be specified.
#
# Example : NODE_NAME *
NODE_NAME hp1 (节点1名字)
NODE_NAME hp2 (节点2名字)
# Enter the value for AUTO_RUN. Possible values are YES and NO.
# The default for AUTO_RUN is YES. When the cluster is started the
# package will be automatically started. In the event of a failure the
# package will be started on an adoptive node. Adjust as necessary.
#
# AUTO_RUN replaces obsolete PKG_SWITCHING_ENABLED.
AUTO_RUN YES(默认参数,不要更改)
# Enter the value for LOCAL_LAN_FAILOVER_ALLOWED.
# Possible values are YES and NO.
# The default for LOCAL_LAN_FAILOVER_ALLOWED is YES. In the event of a
# failure, this permits the cluster software to switch LANs locally
# (transfer to a standby LAN card). Adjust as necessary.
#
# LOCAL_LAN_FAILOVER_ALLOWED replaces obsolete NET_SWITCHING_ENABLED.
LOCAL_LAN_FAILOVER_ALLOWED YES (默认参数,不要更改)
# Enter the value for NODE_FAIL_FAST_ENABLED.
# Possible values are YES and NO.
# The default for NODE_FAIL_FAST_ENABLED is NO. If set to YES,
# in the event of a failure, the cluster software will halt the node
# on which the package is running. All SYSTEM_MULTI_NODE packages must have
# NODE_FAIL_FAST_ENABLED set to YES. Adjust as necessary.
NODE_FAIL_FAST_ENABLED NO (默认参数,不要更改)
# Enter the complete path for the run and halt scripts. In most cases
# the run script and halt script specified here will be the same script,
# the package control script generated by the cmmakepkg command. This
# control script handles the run(ning) and halt(ing) of the package.
# Enter the timeout, specified in seconds, for the run and halt scripts.
# If the script has not completed by the specified timeout value,
# it will be terminated. The default for each script timeout is
# NO_TIMEOUT. Adjust the timeouts as necessary to permit full
# execution of each script.
# Note: The HALT_SCRIPT_TIMEOUT should be greater than the sum of
# all SERVICE_HALT_TIMEOUT values specified for all services.
RUN_SCRIPT /etc/cmcluster/pkg1/pkg1.cntl
RUN_SCRIPT_TIMEOUT NO_TIMEOUT
HALT_SCRIPT /etc/cmcluster/pkg1/pkg1.cntl
HALT_SCRIPT_TIMEOUT NO_TIMEOUT
这里请注意,在ORACLE还未安装时,我们如何用脚本来验证集群是否安装完毕呢,我们可以编译一条语句放在脚本里 如“echo hello”就行了。
START脚本示列(请向ORACLE工程师要脚本)
Su – oracle –c sqlplux /nolog <
Startup
Exit
EOF
Su – oracle –c << EOF
STOP脚本示列(请向ORACLE工程师要脚本)
Su – oracle –c sqlplux /nolog << EOF
Alter system checkpoint;
Shutdown immediate
Exit
EOF
Su –oracle –c << EOF
Lsnrctl stop
EOF
# Enter the names of the storage groups configured for this package.
# Repeat this line as necessary for additional storage groups.
#
# Storage groups are only used with CVM disk groups. Neither
# VxVM disk groups or LVM volume groups should be listed here.
# By specifying a CVM disk group with the STORAGE_GROUP keyword
# this package will not run until the VxVM-CVM-pkg package is
# running and thus the CVM shared disk groups are ready for
# activation.
#
# NOTE: Should only be used by applications provided by
# Hewlett-Packard.
#
# Example : STORAGE_GROUP dg01
# STORAGE_GROUP dg02
# STORAGE_GROUP dg03
# STORAGE_GROUP dg04
#
# Enter the SERVICE_NAME, the SERVICE_FAIL_FAST_ENABLED and the
# SERVICE_HALT_TIMEOUT values for this package. Repeat these
# three lines as necessary for additional service names. All
# service names MUST correspond to the SERVICE_NAME[] entries in
# the package control script.
#
# The value for SERVICE_FAIL_FAST_ENABLED can be either YES or
# NO. If set to YES, in the event of a service failure, the
# cluster software will halt the node on which the service is
# running. If SERVICE_FAIL_FAST_ENABLED is not specified, the
# default will be NO.
#
# SERVICE_HALT_TIMEOUT is represented as a number of seconds.
# This timeout is used to determine the length of time (in
# seconds) the cluster software will wait for the service to
# halt before a SIGKILL signal is sent to force the termination
# of the service. In the event of a service halt, the cluster
# software will first send a SIGTERM signal to terminate the
# service. If the service does not halt, after waiting for the
# specified SERVICE_HALT_TIMEOUT, the cluster software will send
# out the SIGKILL signal to the service to force its termination.
# This timeout value should be large enough to allow all cleanup
# processes associated with the service to complete. If the
# SERVICE_HALT_TIMEOUT is not specified, a zero timeout will be
# assumed, meaning the cluster software will not wait at all
# before sending the SIGKILL signal to halt the service.
#
# Example: SERVICE_NAME DB_SERVICE
# SERVICE_FAIL_FAST_ENABLED NO
# SERVICE_HALT_TIMEOUT 300
#
# To configure a service, uncomment the following lines and
# fill in the values for all of the keywords.
#SERVICE_NAME dbservice
#SERVICE_FAIL_FAST_ENABLED NO
#SERVICE_HALT_TIMEOUT 300
#注意:名字一定要和后面的/etc/cmcluster/pkg1/control.sh文件的名字吻合,一般无需配置
# Enter the network subnet name that is to be monitored for this package.
# Repeat this line as necessary for additional subnet names. If any of
# the subnets defined goes down, the package will be switched to another
# node that is configured for this package and has all the defined subnets
# available.
#SERVICE_FAIL_FAST_ENABLED NO
#SERVICE_HALT_TIMEOUT 300
表示是否发生TOC(全面恢复),不需要修改参数。
# Enter the network subnet name that is to be monitored for this package.
# Repeat this line as necessary for additional subnet names. If any of
# the subnets defined goes down, the package will be switched to another
# node that is configured for this package and has all the defined subnets
# available.
# The subnet names could be IPv4 or IPv6. The network subnet
# names that are to be monitored for this package could be a mix
# of IPv4 or IPv6 subnet names
SUBNET 10.157.166.0
子网网段,定义浮动IP地址所在网段,跟主机业务所用IP地址处于同一网段
请用netstat –in LAN 0 (心跳线的IP) 名称为NETWORK 做为SUBNET
# The keywords RESOURCE_NAME, RESOURCE_POLLING_INTERVAL,
# RESOURCE_START, and RESOURCE_UP_VALUE are used to specify Package
# Resource Dependencies. To define a package Resource Dependency, a
# RESOURCE_NAME line with a fully qualified resource path name, and
# one or more RESOURCE_UP_VALUE lines are required. The
# RESOURCE_POLLING_INTERVAL and the RESOURCE_START are optional.
#
# The RESOURCE_POLLING_INTERVAL indicates how often, in seconds, the
# resource is to be monitored. It will be defaulted to 60 seconds if
# RESOURCE_POLLING_INTERVAL is not specified.
#
# The RESOURCE_START option can be set to either AUTOMATIC or DEFERRED.
# The default setting for RESOURCE_START is AUTOMATIC. If AUTOMATIC
# is specified, Serviceguard will start up resource monitoring for
# these AUTOMATIC resources automatically when the node starts up.
# If DEFERRED is selected, Serviceguard will not attempt to start
# resource monitoring for these resources during node start up. User
# should specify all the DEFERRED resources in the package run script
# so that these DEFERRED resources will be started up from the package
# run script during package run time.
#
# RESOURCE_UP_VALUE requires an operator and a value. This defines
# the resource 'UP' condition. The operators are =, !=, >, <, >=,
# and <=, depending on the type of value. Values can be string or
# numeric. If the type is string, then only = and != are valid
# operators. If the string contains whitespace, it must be enclosed
# in quotes. String values are case sensitive. For example,
#
# Resource is up when its value is
# --------------------------------
# RESOURCE_UP_VALUE = UP "UP"
# RESOURCE_UP_VALUE != DOWN Any value except "DOWN"
# RESOURCE_UP_VALUE = "On Course" "On Course"
#
# If the type is numeric, then it can specify a threshold, or a range to
# define a resource up condition. If it is a threshold, then any operator
# may be used. If a range is to be specified, then only > or >= may be used
# for the first operator, and only < or <= may be used for the second operator.
# For example,
# Resource is up when its value is
# --------------------------------
# RESOURCE_UP_VALUE = 5 5 (threshold)
# RESOURCE_UP_VALUE > 5.1 greater than 5.1 (threshold)
# RESOURCE_UP_VALUE > -5 and < 10 between -5 and 10 (range)
#
# Note that "and" is required between the lower limit and upper limit
# when specifying a range. The upper limit must be greater than the lower
# limit. If RESOURCE_UP_VALUE is repeated within a RESOURCE_NAME block, then
# they are inclusively OR'd together. Package Resource Dependencies may be
# defined by repeating the entire RESOURCE_NAME block.
#
# Example : RESOURCE_NAME /net/interfaces/lan/status/lan0
# RESOURCE_POLLING_INTERVAL 120
# RESOURCE_START AUTOMATIC
# RESOURCE_UP_VALUE = RUNNING
# RESOURCE_UP_VALUE = ONLINE
#
# Means that the value of resource /net/interfaces/lan/status/lan0
# will be checked every 120 seconds, and is considered to
# be 'up' when its value is "RUNNING" or "ONLINE".
#
# Uncomment the following lines to specify Package Resource Dependencies.
#
#RESOURCE_NAME
#RESOURCE_POLLING_INTERVAL
#RESOURCE_START
#RESOURCE_UP_VALUE
# Access Control Policy Parameters.
#
# Three entries set the access control policy for the package:
# First line must be USER_NAME, second USER_HOST, and third USER_ROLE.
# Enter a value after each.
#
# 1. USER_NAME can either be ANY_USER, or a maximum of
# 8 login names from the /etc/passwd file on user host.
# 2. USER_HOST is where the user can issue Serviceguard commands.
# If using Serviceguard Manager, it is the COM server.
# Choose one of these three values: ANY_SERVICEGUARD_NODE, or
# (any) CLUSTER_MEMBER_NODE, or a specific node. For node,
# use the official hostname from domain name server, and not
# an IP addresses or fully qualified name.
# 3. USER_ROLE must be PACKAGE_ADMIN. This role grants permission
# to MONITOR, plus for administrative commands for the package.
#
# These policies do not effect root users. Access Policies here
# should not conflict with policies defined in the cluster configuration file.
#
# Example: to configure a role for user john from node noir to
# administer the package, enter:
# USER_NAME john
# USER_HOST noir
# USER_ROLE PACKAGE_ADMIN