On Thu, Jan 12, 2012 at 11:50:31AM -0700, Steven Dake wrote: > > With a node list, corosync *should* care about it, and should fail to > > start on a node if that node cannot find itself in the node list. Also, > > if a node does start, the other nodes should reject it if the joining node > > is not in *their* node list (can happen if the joining node has an old > > copy of the node list and has since been removed.) > > > > This is basic but important stuff that's been in cman for years, and it's > > easy to take it for granted. > > The authkey serves this purpose. If you have concerns that old nodes > (or others) that have a copy of the auth key will join, then you should > be changing the auth key on the existing cluster when permanently > removing a node in any regard (since the auth key has now leaked into a > re-purposed machine). That's fine, it's not mutually exclusive with what I described. e.g. cman+corosync in RHEL6 does both. _______________________________________________ discuss mailing list discuss@xxxxxxxxxxxx http://lists.corosync.org/mailman/listinfo/discuss
