[Pacemaker] Remote Access not Working

Colin colin.hch at gmail.com
Mon Nov 16 10:54:37 EST 2009 

On Mon, Nov 16, 2009 at 4:42 PM, Andrew Beekhof <andrew at beekhof.net> wrote:
> On Mon, Nov 16, 2009 at 4:31 PM, Colin <colin.hch at gmail.com> wrote:
>>
>> On Mon, Nov 16, 2009 at 3:19 PM, Andrew Beekhof <andrew at beekhof.net> wrote:
>>> On Thu, Nov 12, 2009 at 4:46 PM, Colin <colin.hch at gmail.com> wrote:
>>>> On Thu, Nov 12, 2009 at 3:36 PM, Andrew Beekhof <andrew at beekhof.net> wrote:
>>>
>>>> 5) The log message "cib: [2941]: debug: cib_remote_listen: New
>>>> clear-text connection" should include from where the connection came.
>>>
>>> why and how?
>>
>> Why: It's like "file not found" without the info which file wasn't
>> found ... perhaps it's just me, but I would like to see the source IP
>> and port of the connection.
>>
>> How: You're probably not asking me how to implement the feature, so
>> I'm assuming that you misunderstood what exactly I was asking for(?).
>
> No, I'm saying that I'm pretty sure we don't have access to the IP information.

In cib/remote.c the call to accept(2) which fills in the data
structure with the IP is just 2 lines after the call to crm_debug(),
is it a problem to change the order?

>>>> 6) The log message "cib: [2941]: ERROR: cib_remote_listen: User is not
>>>> a member of the required group" might mention which user and which
>>>> group...
>>>
>>> it doesn't do so for security reasons
>>
>> Hm.
>>
>> Security? I see, that's when you use unencrypted remote syslogging --
>> anybody already on the machine could just use ps(1).
>>
>> How about logging it in the ERROR messages, but only when
>> debug-logging is enabled?
>
> No, because then I'll get confused emails from people wondering why
> there are a stream of ERRORs in the logs.

Erm, I don't want to change the frequency or the level of any message,
just that the one ERROR message quoted above is changed in content to
include the uid/user and gid/group to which it refers when
debug-logging is enabled.

>> Weird. I'm using the precompiled Debian packages for Pacemaker 1.0.6
>> with Corosync. Anything that might help debug the problem?
>
> add more hours to the day? :)

One-way ticket to Mars help?

Colin ;-)

More information about the Pacemaker mailing list