3 Replies Latest reply on Jun 25, 2009 6:28 PM by brian.stansberry

Disallowing nodes from entering the cluster without permissi

ricardocampos Jun 23, 2009 10:31 AM

OlÃ¡!

First of all, nice work on mod_cluster! This kind of effort is much welcomed!

It works with very little configuration, which is great! But than, it created a newbie doubt for me...

It seems that any jboss instance could join the cluster, without authorization... I wanted to be able to control which nodes can join the cluster, but still be able to use advertise, auto-discovering, etc...

I thought AdvertiseSecurityKey would do the trick. Thought it was kind of a password for joining the cluster. Didn't work!

The documentation isn't very clear on this issue. At least, I am having difficulties with finding the solution with it... If anyone could help me, I would appreciate it!

Obrigado!

1. Re: Disallowing nodes from entering the cluster without perm

jfclere Jun 24, 2009 2:47 AM (in response to ricardocampos)
I am not sure it is what you want but in the http://www.jboss.org/mod_cluster/native/config.html in the example of VirtualHost you have:
<VirtualHost 10.33.144.3:6666> <Directory /> Order deny,allow Deny from all Allow from 10.33.144. </Directory>

In the Allow from just put the list of box IPs you want httpd to receive (space separated IPs).
Actions
2. Re: Disallowing nodes from entering the cluster without perm

pferraro Jun 24, 2009 11:10 AM (in response to ricardocampos)

"ricardocampos" wrote:
I thought AdvertiseSecurityKey would do the trick. Thought it was kind of a password for joining the cluster. Didn't work!

This is noted in the "Current Limitations" section of the project home page.
Actions
3. Re: Disallowing nodes from entering the cluster without perm

brian.stansberry Jun 25, 2009 6:28 PM (in response to ricardocampos)

The AdvertiseSecurityKey would prevent unwanted httpd instances from adding themselves to the set of proxies the java side knows about, but not the opposite.

Won't configuring SSL appropriate client certificates on the java servers do what you want?

http://www.jboss.org/mod_cluster/ssl.html
Actions

Go to original post