help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bootstrapping

From: Luke A. Kanies
Subject: Re: Bootstrapping
Date: Mon, 16 Feb 2004 12:46:08 -0600 (CST) 
On Mon, 16 Feb 2004, John Sechrest wrote:

> "Luke A. Kanies" <luke@madstop.com> writes:
>
>  % The problem isn't really in getting a unique name for each ip address or
>  % interface; the problem is basically that I want to be able choose from
>  % which IP address I connect.  Clusters are one of the main sources of
>  % problems here -- you have multiple IP addresses (one per cluster service)
>  % that move around between multiple servers.  Each server has at least one
>  % non-clustered IP address.  You'd rather connect out of this unique
>  % address, but it's not really possible.
>
>  But if that unique IP address has a unique name, then can't you just
>  call it by that name?

Cfagent determines which IP address to connect out of, and this
decision in turn determines which IP the server sees, which in turn
decides the hostname that the server gets.

If I can't control which IP cfagent connects from, then I can't really
control any of it.  And that's my problem here.  I have precise control
over all but one address, but that one address is the primary address on
the live node in the cluster, so all connections go out from it.

>  % > If you can't, then one solution is to spoof the return address lookup
>  % > by creating your own reverse maps in your own dns server for those
>  % > domains.
>
>  % Unfortunately, cfservd uses gethostbyaddr, so I pretty much have to use
>  % reverse DNS or /etc/hosts.  And I hate /etc/hosts.
>
>  Yes. But because you configure /etc/resolv.conf, you can point the
>  resolver to a machine that you control, where you can build the spoofed
>  reverse DNS addresses.
>
>  A hack at best, but a possible path.

Yeah, the reverse info isn't as much a problem here as the IP that's being
reversed, and that's essentially intractable in this case, at least from
what I can tell.

>  % This problem could largely be solved if cfagent could relatively easily be
>  % configured to use a specific address and have a specific host name; then
>  % you just create a mechanism for collecting the right information when
>  % cfagent runs, and you should be good.
>
>  Yes. I am trying to understand the boundries of the cfengine expectations.

Constantly. :)

Luke

-- 
SELF-EVIDENT, adj.  Evident to one's self and to nobody else.
                -- Ambrose Bierce
reply via email to
[Prev in Thread] Current Thread [Next in Thread]