[Pacemaker] Remote Access not Working

Andrew Beekhof andrew at beekhof.net
Thu Nov 19 14:31:28 EST 2009 

Fixed the plaintext connections and made a couple of the changes you suggested.

http://hg.clusterlabs.org/pacemaker/stable-1.0/rev/971d8989e9f0

On Mon, Nov 16, 2009 at 4:54 PM, Colin <colin.hch at gmail.com> wrote:
> On Mon, Nov 16, 2009 at 4:42 PM, Andrew Beekhof <andrew at beekhof.net> wrote:
>> On Mon, Nov 16, 2009 at 4:31 PM, Colin <colin.hch at gmail.com> wrote:
>>>
>>> On Mon, Nov 16, 2009 at 3:19 PM, Andrew Beekhof <andrew at beekhof.net> wrote:
>>>> On Thu, Nov 12, 2009 at 4:46 PM, Colin <colin.hch at gmail.com> wrote:
>>>>> On Thu, Nov 12, 2009 at 3:36 PM, Andrew Beekhof <andrew at beekhof.net> wrote:
>>>>
>>>>> 5) The log message "cib: [2941]: debug: cib_remote_listen: New
>>>>> clear-text connection" should include from where the connection came.
>>>>
>>>> why and how?
>>>
>>> Why: It's like "file not found" without the info which file wasn't
>>> found ... perhaps it's just me, but I would like to see the source IP
>>> and port of the connection.
>>>
>>> How: You're probably not asking me how to implement the feature, so
>>> I'm assuming that you misunderstood what exactly I was asking for(?).
>>
>> No, I'm saying that I'm pretty sure we don't have access to the IP information.
>
> In cib/remote.c the call to accept(2) which fills in the data
> structure with the IP is just 2 lines after the call to crm_debug(),
> is it a problem to change the order?
>
>>>>> 6) The log message "cib: [2941]: ERROR: cib_remote_listen: User is not
>>>>> a member of the required group" might mention which user and which
>>>>> group...
>>>>
>>>> it doesn't do so for security reasons
>>>
>>> Hm.
>>>
>>> Security? I see, that's when you use unencrypted remote syslogging --
>>> anybody already on the machine could just use ps(1).
>>>
>>> How about logging it in the ERROR messages, but only when
>>> debug-logging is enabled?
>>
>> No, because then I'll get confused emails from people wondering why
>> there are a stream of ERRORs in the logs.
>
> Erm, I don't want to change the frequency or the level of any message,
> just that the one ERROR message quoted above is changed in content to
> include the uid/user and gid/group to which it refers when
> debug-logging is enabled.
>
>>> Weird. I'm using the precompiled Debian packages for Pacemaker 1.0.6
>>> with Corosync. Anything that might help debug the problem?
>>
>> add more hours to the day? :)
>
> One-way ticket to Mars help?
>
> Colin ;-)
>
> _______________________________________________
> Pacemaker mailing list
> Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>

More information about the Pacemaker mailing list