qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Re: Add qmf shutdown command to the broker [was Re: QPID C++ - Dynamically Managing Broker]
Date Wed, 24 Sep 2014 18:29:06 GMT
What do you expect the shutdown call to do in clustered brokers? Shutdown
the whole cluster or just the active node?

Personally, I don't really see the value in it. But at the same time - if
it is properly secured with ACLs - I don't think its a big security issue.

Regards
Jakub

On Mon, Sep 22, 2014 at 10:10 PM, Alan Conway <aconway@redhat.com> wrote:

> On Thu, 2014-09-18 at 15:12 -0700, Spencer.Doak wrote:
> > Hey Gordon,
> >
> > Thank you very much! That should give me a great start on this task.
> >
> > As for the 'shutdown' command, that's actually exactly what I was
> thinking
> > too. I'm thinking about running a receiver process on the broker machine.
> > When it receives a message that says "shutdown" from an authenticated
> user,
> > it will perform 'system("/sbin/service qpid-stop");' or whatever the
> > relevant OS command is. In your opinion, is this a reasonable way to
> > accomplish this task? Would there perhaps be a better way than creating a
> > system call?
>
> Not presently. I've long thought we should have a qmf shutdown command
> on the broker but never actually did anything about it. Mucking about
> with extra processes is painful for such a basic task.
>
> There is a denial of service security concern, my feeling is that adding
> a "shutdown" permission to the ACL rules would cover that.
>
> Anyone think this is a bad idea, or have a better idea?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message