[ Reposting as I sent it to linux-ha-devel instead of linux-ha-devel the first time around ]
This seems to be a bit of an easy trap to fall into. Are there any fixes floating around? I was thinking that perhaps a cluster id of some sort would be a good idea. But I'm not sure. -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/ ----- Forwarded message from Russell Coker <[EMAIL PROTECTED]> ----- Subject: Bug#418210: heartbeat-2: /etc/ha.d/authkeys should not determine which nodes are in the cluster From: Russell Coker <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Date: Sun, 08 Apr 2007 10:53:02 +1000 Package: heartbeat-2 Version: 2.0.8-1 Severity: normal Currently if you have two clusters using broadcast heartbeats on the same network and they have the same contents of /etc/ha.d/authkeys then Heartbeat will get confused as to which nodes are in the cluster. The "node" config directive determines which nodes are permitted in the cluster, this should be authoritative and any nodes which aren't listed with a node statement should not be permitted to join. It's not uncommon to configure multiple clusters on one VLAN. It's also common to duplicate servers by copying the hard drive and changing the relevant config file settings. When duplicating a server in such a manner it's common to leave the passwords unchanged. http://www.linux-ha.org/authkeys The above URL says "The authkeys configuration file contains information for Heartbeat to use when authenticating cluster members". Authentication and authorisation are separate issues, the current implementation apparently uses the authkeys file for authorisation as well as authentication, the authorisation should only be the node line in ha.cf. -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-xen-686 Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) ----- End forwarded message ----- ----- End forwarded message ----- -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/
