On 17/04/19 12:09 -0500, Ken Gaillot wrote:
> Without the patches, a mitigation is to prevent local user access to
> cluster nodes except for cluster administrators (which is the
> recommended and most common deployment model).
Not trying to artificially amplify the risk in response to the above,
Thanks. I most assuredly will, but first I have to run some experiments, to
get a feeling for it.
On Wed, Apr 17, 2019 at 3:56 PM digimer wrote:
> Happy to help you understand, just keep asking questions. :)
>
> The point can be explained this way;
>
> * If two nodes can work without
On Wed, 2019-04-17 at 15:17 -0600, JCA wrote:
> Here is what I did:
>
> # pcs stonith create disk_fencing fence_scsi pcmk_host_list="one two"
> pcmk_monitor_action="metadata" pcmk_reboot_action="off"
> devices="/dev/disk/by-id/ata-VBOX_HARDDISK_VBaaa429e4-514e8ecb" meta
> provides="unfencing"
>
Happy to help you understand, just keep asking questions. :)
The point can be explained this way;
* If two nodes can work without coordination, you don't need a cluster,
just run your services everywhere. If that is not the case, then you
require coordination. Fencing ensures that a node that
Thanks. This implies that I officially do not understand what it is that
fencing can do for me, in my simple cluster. Back to the drawing board.
On Wed, Apr 17, 2019 at 3:33 PM digimer wrote:
> Fencing requires some mechanism, outside the nodes themselves, that can
> terminate the nodes.
Fencing requires some mechanism, outside the nodes themselves, that can
terminate the nodes. Typically, IPMI (iLO, iRMC, RSA, DRAC, etc) is used
for this. Alternatively, switched PDUs are common. If you don't have
these but do have a watchdog timer on your nodes, SBD (storage-based
death) can
Hello all,
Jan Pokorný of Red Hat discovered three security-related issues in
Pacemaker that have been publicly disclosed today.
The most significant is a privilege escalation vulnerability (assigned
CVE-2018-16877). An unprivileged attacker with local access to a
pacemaker node when pacemaker
