Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

verification of cluster password

 
SOLVED
Go to solution
Peter Zeiszler
Trusted Contributor

verification of cluster password

Hi,

I have a cluster that was built about 5 years ago. I want to add another node into the cluster but do not remember the cluster password. I have an idea of what it is but would like to verify the password prior to me adding the node. Getting a cluster reboot of the current cluster would be a stretch until the christmas downtime window (assuming I get one this year) which would be about 1.5 months past the date the new member should be added.

Is there any tool that is around to verify the cluster password?
18 REPLIES 18
Steven Schweda
Honored Contributor

Re: verification of cluster password

> Is there any tool [...]

I know of none.

The usual method is to steal a copy of
SYS$COMMON:[SYSEXE]CLUSTER_AUTHORIZE.DAT
from a cluster member, and copy it to the new
node. It works, and it's normally pretty
easy to do
Hoff
Honored Contributor

Re: verification of cluster password

It'd likely be feasible to find a password sequence that hashes into the same current value given how fast that processing is these days (and if you're really interested), though copying CLUSTER_AUTHORIZE around is way easier.

There's a write-up (including the cluster password) for adding or removing nodes from a cluster here:

http://64.223.189.234/node/169
John Gillings
Honored Contributor

Re: verification of cluster password

Peter,

Copying the cluster authorize data base is simple and reliable.

That said, for the future, I recommend using some kind of simple method to generate the cluster password from the cluster name, or the foundation node name.

Realistically, the cluster password is no longer necessary for security. Long gone are the days when a hostile OpenVMS node on the same LAN might be a security threat by joining the cluster.

Maybe it's not a good idea to advertise the mechanism explicitly, but having it derivable and documented somewhere would avoid the issue you're facing here. For example, I think I used to use the SCSSYSTEMID of the foundation node as the cluster number, and some combination of he node name and ID for the password.
A crucible of informative mistakes
Wim Van den Wyngaert
Honored Contributor

Re: verification of cluster password

I have no cluster to test this but based upon cluster_config.com I see that the pwd is set by
$ sysman
set env/clu
con set clu /group=xx/password=yy

Doing this requires a cluster reboot afterwards but then you know the password.

Wim
Wim
Robert Gezelter
Honored Contributor

Re: verification of cluster password

Peter,

I concur with Steve, Hoff, and John: Copy the cluster authorization file from the running system ([Smile] after first checking SYS$SYSROOT to confirm the correct disk and root).

- Bob Gezelter, http://www.rlgsc.com
Jan van den Ende
Honored Contributor

Re: verification of cluster password

Peter,
let me add another voice to the choir:
copying SYS$COMMON:[SYSEXE]CLUSTER_AUTHORIZE.DAT is simple and reliable.
Note, that if you have a common system disk, it IS there already, so you have no need to do even that.

hth

Poost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Wim Van den Wyngaert
Honored Contributor

Re: verification of cluster password

"Long gone are the days when a hostile OpenVMS node on the same LAN might be a security threat by joining the cluster."

Wouldn't count on that. Someone once did a setup with a default password over here and he hung the production cluster because the node was of the same group number as an existing cluster. I was in holiday at the time and have no details of it (was 2002).

Any PC hooked up the network could be running a alpha emulator. So, I would make sure the password is not too simple, and include the group number in it as a protection.

fwiw

Wim
Wim
Martin Vorlaender
Honored Contributor

Re: verification of cluster password

>>>
"Long gone are the days when a hostile OpenVMS node on the same LAN might be a security threat by joining the cluster."

Wouldn't count on that. Someone once did a setup with a default password over here and he hung the production cluster because the node was of the same group number as an existing cluster.
<<<

I wouldn't count on that either. At a customer's site, a production system halted because some node tried to join the LAVC cluster with the wrong password. The cluster generated a message in the system error log every two seconds - until the system disk had 0 blocks free.

cu,
Martin
Peter Zeiszler
Trusted Contributor

Re: verification of cluster password

In this config it would be a new node joining an existing cluster and would be sharing the system disk. So I couldn't just do the copy.

I think I remember what the password was set to. There are a few possibilities, depending on which "standard" I used. :D

Unfortunately I can't find my original documents with the password. I can find my original console outputs as I created the cluster (but of course, the password isn't listed).

Guess I try to schedule a cluster reboot to reset the password or just guess and try to make the node join the cluster and if it can't get the reset/reboot scheduled.