verification of cluster password

Peter Zeiszler · ‎10-07-2008

Hi,

I have a cluster that was built about 5 years ago. I want to add another node into the cluster but do not remember the cluster password. I have an idea of what it is but would like to verify the password prior to me adding the node. Getting a cluster reboot of the current cluster would be a stretch until the christmas downtime window (assuming I get one this year) which would be about 1.5 months past the date the new member should be added.

Is there any tool that is around to verify the cluster password?

Steven Schweda · ‎10-07-2008

> Is there any tool [...]

I know of none.

The usual method is to steal a copy of
SYS$COMMON:[SYSEXE]CLUSTER_AUTHORIZE.DAT
from a cluster member, and copy it to the new
node. It works, and it's normally pretty
easy to do

Hoff · ‎10-07-2008

It'd likely be feasible to find a password sequence that hashes into the same current value given how fast that processing is these days (and if you're really interested), though copying CLUSTER_AUTHORIZE around is way easier.

There's a write-up (including the cluster password) for adding or removing nodes from a cluster here:

http://64.223.189.234/node/169

John Gillings · ‎10-07-2008

Peter,

Copying the cluster authorize data base is simple and reliable.

That said, for the future, I recommend using some kind of simple method to generate the cluster password from the cluster name, or the foundation node name.

Realistically, the cluster password is no longer necessary for security. Long gone are the days when a hostile OpenVMS node on the same LAN might be a security threat by joining the cluster.

Maybe it's not a good idea to advertise the mechanism explicitly, but having it derivable and documented somewhere would avoid the issue you're facing here. For example, I think I used to use the SCSSYSTEMID of the foundation node as the cluster number, and some combination of he node name and ID for the password.

A crucible of informative mistakes

Wim Van den Wyngaert · ‎10-07-2008

I have no cluster to test this but based upon cluster_config.com I see that the pwd is set by
$ sysman
set env/clu
con set clu /group=xx/password=yy

Doing this requires a cluster reboot afterwards but then you know the password.

Wim

Wim

Robert Gezelter · ‎10-07-2008

Peter,

I concur with Steve, Hoff, and John: Copy the cluster authorization file from the running system ([Smile] after first checking SYS$SYSROOT to confirm the correct disk and root).

- Bob Gezelter, http://www.rlgsc.com

Jan van den Ende · ‎10-07-2008

Peter,
let me add another voice to the choir:
copying SYS$COMMON:[SYSEXE]CLUSTER_AUTHORIZE.DAT is simple and reliable.
Note, that if you have a common system disk, it IS there already, so you have no need to do even that.

hth

Poost.

Have one on me.

jpe

Don't rust yours pelled jacker to fine doll missed aches.

Wim Van den Wyngaert · ‎10-08-2008

"Long gone are the days when a hostile OpenVMS node on the same LAN might be a security threat by joining the cluster."

Wouldn't count on that. Someone once did a setup with a default password over here and he hung the production cluster because the node was of the same group number as an existing cluster. I was in holiday at the time and have no details of it (was 2002).

Any PC hooked up the network could be running a alpha emulator. So, I would make sure the password is not too simple, and include the group number in it as a protection.

fwiw

Wim

Wim

Martin Vorlaender · ‎10-08-2008

>>>
"Long gone are the days when a hostile OpenVMS node on the same LAN might be a security threat by joining the cluster."

Wouldn't count on that. Someone once did a setup with a default password over here and he hung the production cluster because the node was of the same group number as an existing cluster.
<<<

I wouldn't count on that either. At a customer's site, a production system halted because some node tried to join the LAVC cluster with the wrong password. The cluster generated a message in the system error log every two seconds - until the system disk had 0 blocks free.

cu,
Martin

Peter Zeiszler · ‎10-08-2008

In this config it would be a new node joining an existing cluster and would be sharing the system disk. So I couldn't just do the copy.

I think I remember what the password was set to. There are a few possibilities, depending on which "standard" I used. :D

Unfortunately I can't find my original documents with the password. I can find my original console outputs as I created the cluster (but of course, the password isn't listed).

Guess I try to schedule a cluster reboot to reset the password or just guess and try to make the node join the cluster and if it can't get the reset/reboot scheduled.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

verification of cluster password

verification of cluster password

Re: verification of cluster password

Re: verification of cluster password

Re: verification of cluster password

Re: verification of cluster password

Re: verification of cluster password

Re: verification of cluster password

Re: verification of cluster password

Re: verification of cluster password

Re: verification of cluster password