Connecting cluster with different cookies

Mark Sheldon msheldon@REDACTED
Wed Aug 11 00:37:32 CEST 2021 

Yes, I think so.  

Of course, the client and server suctions are in the same source file.  The client functions all eventually do erlang:set_cookie(node(), ?COOKIE), which is exactly what you are proposing.  The server boot process does erlang:set_cookie(?SERVER_NODE, ?COOKIE), but that is only run when booting the server, i. e., that code is running on the server node and node() would be the same thing.  So, again, a long-winded yes, for my current stuff, it should be sufficient to set the current node’s cookie -)

-Mark


Mark A. Sheldon
msheldon@REDACTED



> On 10Aug, 2021, at 04:57, Raimo Niskanen <raimo+erlang-questions@REDACTED> wrote:
> 
> Would it be sufficient to be able to set the default cookie
> for a node with e.g a new API function erlang:set_cookie(Cookie)?
> 
> / Raimo Niskanen
> 
> 
> On Mon, Aug 09, 2021 at 01:29:15PM -0400, Mark Sheldon wrote:
>> I don’t represent a large application, but perhaps this is a common use case — or perhaps someone can give me a better way to do this.
>> 
>> I use erlang:set_cookie/2 in escripts I have my students (and potentially teaching assistants) use to communicate with Erlang services I provide.  For example, I have a script for submitting late work that captures dates on students files and sends the student’s submission and metadata to an Erlang server.
>> 
>> These programs are run by students whose accounts I cannot control.  They are not in any privileged Unix group, and they will not have a cookie file in their home directories.  So, the scripts explicitly set the cookie so that they can communicate with my server(s).
>> 
>> An analogous situation could arise if I want to have a web page interact with a service.  The department uses Apache and supports CGI scripts.  I can write an escripts in the same way as above. 
>> 
>> I don’t run that many services, but it seems reasonable to have services available to staff that are different from students and to use different cookies for the two groups of nodes.
>> 
>> I understand that it’s not great security.  But the scripts can only be run people with department accounts, and the network is behind a firewall.
>> 
>> If I have missed a better solution, I’d be interested to hear about it.  I mostly hacked the late submission system together one afternoon as a more fun approach to a common problem, and I’ve been using it ever since.  
>> 
>> -Mark
>> 
>> 
>> Mark A. Sheldon
>> Associate Teaching Professor
>> Department of Computer Science
>> Tufts University
>> 
>> 
>>> On 9Aug, 2021, at 12:40, James Aimonetti <james@REDACTED> wrote:
>>> 
>>> 
>>> Raimo Niskanen writes:
>>> 
>>>> The question is now, is this an essential feature / how
>>>> important is this feature?
>>>> 
>>> 
>>> In the KAZOO project, we support setting different cookies for
>>> connecting to our C-node code in the FreeSWITCH project. This has been
>>> in place for over 8 years.
>>> 
>>> While I do not think anyone really uses this feature, I also know that
>>> with our recent preliminary release of KAZOO 5.0, we've found folks
>>> using corners of the software that we did not anticipate.
>>> 
>>> I would not call this an essential feature for our project, personally,
>>> but I am also not relishing finding that one cluster which relies on
>>> unique cookies for some reason.
>>> 
>>> I've put out a question to our OPS team and our open source forum. If
>>> any users require it as part of their operations, I'll forward that
>>> along.
>>> 
>>> --
>>> James Aimonetti
>>> 
>>> Lead Systems Architect
>>> 2600Hz | http://2600hz.com | UCaaS CPaaS CCaaS
>>> tel:415.886.7905
>>> irc:mc_ @ libera.chat #2600hz
>> 
> 
> -- 
> 
> / Raimo Niskanen, Erlang/OTP, Ericsson AB

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20210810/7ac6492b/attachment.htm>

More information about the erlang-questions mailing list