CTDB 2.0: how to get rid of these messages?
u.sibiller at science-computing.de
Tue Jun 18 01:40:25 MDT 2013
Am 14.06.2013 22:55, schrieb Martin Schwenke:
> This message comes from the code that registers client connections so
> that they can be handled efficiently during an IP failover. This
> means that a client (probably Samba) is accepting connections on
> private addresses. That's bad because those connections won't failover
> if a node has a problem.
> Your options include:
> * If you're using round-robin DNS then ensure that the DNS name for the
> cluster does not map to any private addresses.
> * Configuring clients more carefully. This is like the above but if
> the clients are using IPs (instead of a DNS name) to connect to
> Samba then they should not be configured to use private IPs.
Users use the round-robin DNS name to connect.
> * Configure Samba to only accept connections on public IPs.
This is what I added on all nodes:
interfaces = xx.yy.zz.216/24, xx.yy.zz.217/24, xx.yy.zz.219/24, xx.yy.zz.220/24, xx.yy.zz.221/24,
cluster addresses = xx.yy.zz.216, xx.yy.zz.217, xx.yy.zz.219, xx.yy.zz.220, xx.yy.zz.221, xx.yy.zz.218
At first the messages were gone for some hours but they have started to appear again.
Do I need to add "bind interfaces only = yes"?
I also discovered that there is no nmbd running when I add the "interfaces" line to the config. When
I remove the line and restart ctdb it is back again. Is this correct behaviour?
> * Add firewall rules to block SMB connections to private IPs.
I have not done this yet because I think the solution above should be sufficient. Apparently it is
not. But why?
> You should also note that CTDB does not have any security on the
> private network. If the private node IPs are exposed via the public
> network then it may be possible for users on the public network to do
> bad things to CTDB. You might want to consider securing the private
> IPs/CTDB ports in some way.
Ok, this is on my todo list now.
Vorstandsvorsitzender/Chairman of the board of management:
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Michael Heinrichs,
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
More information about the samba-technical