[Pacemaker] authentication in the cluster
Kostiantyn Ponomarenko
konstantin.ponomarenko at gmail.com
Tue Jan 27 15:56:01 UTC 2015
Hi all,
Here is a situation - there are two "two-node" clusters.
They have totally identical configuration.
Nodes in the clusters are connected directly, without any switches.
Here is a part of corosync.comf file:
totem {
version: 2
cluster_name: mycluster
transport: udpu
crypto_hash: sha256
crypto_cipher: none
rrp_mode: passive
}
nodelist {
node {
name: node-a
nodeid: 1
ring0_addr: 169.254.0.2
ring1_addr: 169.254.1.2
}
node {
name: node-b
nodeid: 2
ring0_addr: 169.254.0.3
ring1_addr: 169.254.1.3
}
}
The only difference between those two clusters is authentication key (
/etc/corosync/authkey ) - it is different for both clusters.
QUESTION:
------------------
What will be the behavior if the next mess in connection occurs:
"ring1_addr" of node-a (cluster-A) is connected to "ring1_addr" of node-b
(cluster-B)
"ring1_addr" of node-a (cluster-B) is connected to "ring1_addr" of node-b
(cluster-A)
I attached a pic which shows the connections.
My actual goal - do not let the clusters work in such case.
To achieve it, I decided to use "authentication key" mechanism.
But I don't know the result in the situation which I described ... .
Thank you,
Kostya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20150127/cea3a90e/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: two_two-node_clusters.png
Type: image/png
Size: 32125 bytes
Desc: not available
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20150127/cea3a90e/attachment-0003.png>
More information about the Pacemaker
mailing list