Bug 231246 - fence_xvm programs do not correctly use incorporate key data for operations
fence_xvm programs do not correctly use incorporate key data for operations
Status: CLOSED ERRATA
Product: Red Hat Cluster Suite
Classification: Red Hat
Component: fence (Show other bugs)
4
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Lon Hohberger
Cluster QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-06 17:59 EST by Lon Hohberger
Modified: 2009-04-16 15:48 EDT (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2007:0138
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-16 12:13:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
fix (1.00 KB, patch)
2007-03-06 17:59 EST, Lon Hohberger
no flags Details | Diff

  None (edit)
Description Lon Hohberger 2007-03-06 17:59:02 EST
+++ This bug was initially created as a clone of Bug #231241 +++

Description of problem:

Fence_xvm and fence_xvmd do not correctly use the contents of
/etc/cluster/fence_xvm.key.

If multiple clusters are run on the same subnet without the multicast packets
being filtered, then it is possible for the following to occur:

* If another cluster has a virtual machine with the same name, it can
inadvertently fence the virtual machine.
* Due to a previous behavioral change, fence_xvmd now returns success if it has
never heard of the domain.

Both lead to false-success scenarios where a virtual machine has not been
correctly fenced.

It may be advantageous to give the virtual machine cluster the name or ID of its
parent (host) cluster in order to prevent these behaviors from occurring when no
authentication is used.

-- Additional comment from lhh@redhat.com on 2007-03-06 17:47 EST --
Created an attachment (id=149400)
Fixes behavior
Comment 1 Lon Hohberger 2007-03-06 17:59:02 EST
Created attachment 149404 [details]
fix

Note You need to log in before you can comment on or make changes to this bug.