I am trying to create a role that will limit a user to login via ssh and only halt the nodes in the Cluster, using the -inhibit-takeover true and -skip-lif-migration-before-shutdown true options.
The user will connect to the first node and run:
cluster1::> system node halt -node Cluster-01 -inhibit-takeover true -skip-lif-migration-before-shutdown true
Connect second controller and run:
cluster1::> system node halt -node Cluster-02 -inhibit-takeover true -skip-lif-migration-before-shutdown true
I have created a role named rHaltUser with the following permissions:
cluster1::> security login role create -role rHaltUser -access admin -cmddirname "system node halt"
Also created a user named haltuser and assigned the rHaltUser role..
cluster1::> security login create -vserver cluster1 -user-or-group-name haltuser -application ontapi -authmethod password -role rHaltUser
cluster1::> security login create -vserver cluster1 -user-or-group-name haltuser -application ssh -authmethod password -role rHaltUser
I am able to halt the nodes, but not invoke the -inhibit-takeover true and -skip-lif-migration-before-shutdown true options.
do I need to add addtional -cmddirname permissions?
Any suggestions welcomed. Thanks