On Mon, Feb 23, 2009 at 02:24:13PM -0600, Ryan O'Hara wrote: > On Mon, Feb 23, 2009 at 01:09:58PM -0600, David Teigland wrote: > > On Mon, Feb 23, 2009 at 07:52:55PM +0100, Fabio M. Di Nitto wrote: > > > What can stop a user to run fence_node -U from another node to do remote > > > (un)fencing? > > > > It would work. Users can do anything they like, that's beside the point. > > It would not work for scsi reservations. With scsi reservations, an > unfence operation is as simple a registering with the device(s). It > cannot be done remotely. A registration exists on an "IT nexus"; the > relationship between initiator and target. Bottom line is that a > remote node cannot register another node --- the registration > (sg_persist command) has to be run on the node that wants to "unfence" > itself.
OK, thanks, that's good to keep in mind. The "other scheme" I mentioned originally where *other* nodes would unfence a node (instead of self-unfencing) wouldn't work for scsi. Dave