Enhance galera to interact over multiple clusters #1141
Conversation
|
Can one of the admins verify this patch? |
|
add to whitelist |
heartbeat/galera
Outdated
| @@ -215,6 +218,7 @@ mapping in option cluster_host_map. | |||
| <content type="string" default=""/> | |||
| </parameter> | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
Why are you adding empty lines to the longdesc?
There was a problem hiding this comment.
likely an editor artifact. I'm also looking for reaction to the overall concept of embedding SSH commands into a resource agent and communicating with other clusters (hence WIP).
heartbeat/galera
Outdated
| fi | ||
| } | ||
|
|
||
|
|
There was a problem hiding this comment.
Another new empty line with no reason.
heartbeat/galera
Outdated
| local remote_ssh=$(get_remote_node $node) | ||
|
|
||
| if [ -z "$remote_ssh" ]; then | ||
| $CRM_MASTER -N $node $@ |
There was a problem hiding this comment.
CI fails due to missing quotes around $@ it seems:
heartbeat/galera:498:30: error: Double quote array expansions to avoid re-splitting elements. [SC2068]
heartbeat/galera:500:76: error: Double quote array expansions to avoid re-splitting elements. [SC2068]
heartbeat/galera:512:47: error: Double quote array expansions to avoid re-splitting elements. [SC2068]
heartbeat/galera:514:68: error: Double quote array expansions to avoid re-splitting elements. [SC2068]
zzzeek
force-pushed
the
stretch_galera
branch
2 times, most recently
from
1fd8fc3
to
8ca2886
Compare
|
cc @beekhof |
heartbeat/galera
Outdated
| # | ||
| # a. ssh as some other locked down account that can still run the | ||
| # necessary pcs commands on the other cluster? or some setuid script that | ||
| # does the things we need? |
There was a problem hiding this comment.
This sounds like the nicer solution.
heartbeat/galera
Outdated
| # b. totally other means of invoking pcs commands on remote cluster? web | ||
| # service or something? | ||
| # | ||
| SSH_CMD="${SSH} -oStrictHostKeyChecking=no" |
There was a problem hiding this comment.
can we make this configurable?
There was a problem hiding this comment.
yeah, what other commands might we be using?
|
TBH, this scares the heck out of me. At the minimum, can we put this in a new agent (source the original then add the new functionality)? I can see the need for special handling (what to do if the remote isn't reachable for example) that I'd not want to complicate the non-stretch version with. |
|
@beekhof as far as sourcing the original, I will need to add a line to the case statement at the end that upon passing a command like "sourceonly" does a simple "return", to avoid the "exit" call. am not finding any bash magic to source all the variables and having them survive past an "exit". |
|
@beekhof note this change no longer writes any data over SSH, and only reports status, and to that end we can also replace the usage of SSH with an xinetd service linked to a script. however, in the xinetd case, authentication and encryption go out the window as far as I understand being able to create xinetd services. the security audit will then say, if the xinetd script itself has a vulnerability, it's openly exposed. another option is to use SSH but to limit the commands / scripts that the user can execute. this can be done either with a custom shell in /etc/passwd or apparently you can limit commands for a specific key in authorized_keys, been googling that a bit. I think having a "front end" that is reached via ssh but nonetheless is just a single script with an argument is the least we can do. |
|
@zzzeek can you fix the quote-issues reported by Travis CI? |
zzzeek
force-pushed
the
stretch_galera
branch
from
b8547ae
to
ed121e4
Compare
This change adds a new resource agent "stretch_galera" which builds off of the existing "galera" agent. To accommodate this, the "galera" agent's shell script structure is modified slightly so that it can be sourced for its functions. The new resource agent adds a new parameter "remote_node_map" to the Galera resource agent which allows it to consider galera node names that are in other clusters as part of its Galera quorum. To achieve this, it launches read-only pcs commands to the remote clusters in order to view and modify remote state variables. Additionally, the stretch agent honors an optional pcs attribute <node>-initial-bootstrap which when applied to the local pcs nodes, will allow Galera to be bootstrapped with only that subset of nodes, without the additional remote nodes being available yet. An installer can set these attributes to allow the first pcs cluster to come online before subsequent clusters, and then remove the attributes.
zzzeek
force-pushed
the
stretch_galera
branch
from
ed121e4
to
9689ea2
Compare
This change adds a new resource agent "stretch_galera"
which builds off of the existing "galera" agent.
To accommodate this, the "galera" agent's shell script
structure is modified slightly so that it can be sourced
for its functions.
The new resource agent adds a new parameter "remote_node_map"
to the Galera resource agent which allows it to consider
galera node names that are in other clusters as part of its
Galera quorum. To achieve this, it launches read-only pcs
commands to the remote clusters in order to view and modify
remote state variables.
Additionally, the stretch agent honors an optional pcs
attribute -initial-bootstrap which when applied to the
local pcs nodes, will allow Galera to be bootstrapped with only
that subset of nodes, without the additional remote nodes
being available yet. An installer can set these attributes
to allow the first pcs cluster to come online before subsequent
clusters, and then remove the attributes.