[Pacemaker] authentication in the cluster

Kostiantyn Ponomarenko konstantin.ponomarenko at gmail.com
Tue Jan 27 10:56:01 EST 2015

Hi all,

Here is a situation - there are two "two-node" clusters.
They have totally identical configuration.
Nodes in the clusters are connected directly, without any switches.

Here is a part of corosync.comf file:

totem {
version: 2

cluster_name: mycluster
transport: udpu

crypto_hash: sha256
crypto_cipher: none
rrp_mode: passive

nodelist {
node {
name: node-a
nodeid: 1

node {
name: node-b
nodeid: 2

The only difference between those two clusters is authentication key (
/etc/corosync/authkey ) - it is different for both clusters.

What will be the behavior if the next mess in connection occurs:
"ring1_addr" of node-a (cluster-A) is connected to "ring1_addr" of node-b
"ring1_addr" of node-a (cluster-B) is connected to "ring1_addr" of node-b

I attached a pic which shows the connections.

My actual goal - do not let the clusters work in such case.
To achieve it, I decided to use "authentication key" mechanism.
But I don't know the result in the situation which I described ... .

Thank you,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clusterlabs.org/pipermail/pacemaker/attachments/20150127/cea3a90e/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: two_two-node_clusters.png
Type: image/png
Size: 32125 bytes
Desc: not available
URL: <http://lists.clusterlabs.org/pipermail/pacemaker/attachments/20150127/cea3a90e/attachment-0002.png>

More information about the Pacemaker mailing list