On Fri, Sep 26, 2008 at 4:39 PM, Steven S. Critchfield <[EMAIL PROTECTED]>wrote:
> > I am implementing a DRBD cluster for a nfs fileserver. > > I have the following IPs setup. > data0 192.168.0.3 > data1 192.168.0.4 > cluster 192.168.0.2 > > So basically I can log into either of the machines via their own > IP address or the current primary machine via the cluster address. > > As I just experienced, if I had been logged in to a machine and it > fails(reboots), the secondary takes over as primary and assumes the > cluster address. When this happens right now, if I log back into the > cluster IP, I get ssh whining about the key being different. > > Does anyone have a good reason why one couldn't just use the same ssh > key on both machines so it doesn't cause ssh to whine after fail over? > Obligatory obvious question: Can you ensure that both machines are equally secure? If you did share a key and if someone did compromise data1, then how would you keep data0 from being 0wned as well, much less the cluster? If you have to revoke that key, do you really want to have to revoke a single key for all devices or a single key for a single device? /got no other paranoia past those questions. > BTW, I do think I may have a write up if not a presentation eventually > out of this project. This sounds like a very interesting project. I would be interested in seeing how xen would perform on top of this setup. > > -- > Steven Critchfield [EMAIL PROTECTED] > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~----------~----~----~----~------~----~------~--~---
