Bug 4584 - HA shouldn't assume that there is only one relevant IP for the machine
Summary: HA shouldn't assume that there is only one relevant IP for the machine
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VSM Server (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Peter Åstrand
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-05 09:54 CEST by Pierre Ossman
Modified: 2016-03-02 11:01 CET (History)
2 users (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio 2013-04-05 09:54:23 CEST 
The HA code unfortunately makes assumptions about the machine only having a single relevant IP. The current assumptions are these:

 - Connections to the other node will be done using one of the addresses in /vsmserver/HA/nodes

 - Connections to 192.168.1.1 will be done using one of the addresses in /vsmserver/HA/nodes

These assumptions break under two circumstances:

 - When a different IP (e.g. the shared IP) ends up being the one used for outgoing connections

 - When the machine is multi-homed and HA connections uses a different interface than for 192.168.1.1


We need to rethink the design here so it is more robust. One component of this could be to move away from IP based security and use something like a shared key instead.
Comment 1 Fredrik Nyström 2013-10-18 12:39:15 CEST 
Hello,

we also ran in to this bug last night and would like to see a future fix.
- Two servers which are both multi homed.
- Both servers have hostname assiciatedwith  external ip.
- We want to keep xmlrpc communication between servers on internal network.

In my opinion "/vsmserver/HA/nodes" should be matched against names and aliases for all local interfaces.

Ugly workaround:
- Replace gethostname() with hardcoded name in sessionstore.py.

Regards / Fredrik, NSC
Note You need to log in before you can comment on or make changes to this bug.