geo-DR: remove need to have ssh #16
Comments
|
We could use xinetd for example. That does introduce an extra dependency though, ssh is usually already installed. Do you have security concerns? |
|
Yes, indeed. Many environments I work on do not allow root ssh automatically |
|
we definitely could use remote connections but, in an environment that prohibit ssh, do you think allowing remote cib connection is not even more dangerous? I kind of like the limited capability of an xinetd frontend which just output data and allow not modification. |
|
That's a good point, I wonder though the portability of xinetd? Remote CIB connections just appeals to me as its builtin :-) |
|
remote cib access can be configured with readonly ACL, I'll look into this. |
|
Rumor has it that @dotmanila has a non-root ssh implementation with sudo almost ready as intermediate measure :) |
|
Checking @dotmanila code right now |
|
@dotmanila code has been merged in 1.0.0, I'll explore the possibility of using pacemaker directly with ACL |
Why do we need ssh from every machine to every machine?
For geo-DR, this is used to fetch who the master is and it's binary log information.
Can't we just have a small daemon that runs in the cluster and serves those requests?
Or are there other ways through booth itself?
The text was updated successfully, but these errors were encountered: