9

Can someone give me more then one possibility to how to connect two Erlang nodes. I know one way using erlang:set_cookie/2 and curious if there is another way.

erlang
  • 263
  • 4
  • 10
  • Setting a cookie doesn't connect nodes. It's just the shared secret that's used for security. Are you asking for different ways to set the cookie, different ways to cause a node to connect to another, different mechanisms by which erlang nodes can connect to each other, or something else? – Ryan Stewart Dec 09 '16 at 03:17
  • Yes different ways to connect two erlang nodes – erlang Dec 09 '16 at 10:57

3 Answers3

8

1. Use -setcookie.

You can also use -setcookie when erlang execute,

In first terminal of my local machine,

hyun@hyun-VirtualBox:~$ erl -sname a -setcookie guitar
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [async-threads:10] [hipe] [kernel-poll:false]

And second terminal of my local machine,

hyun@hyun-VirtualBox:~$ erl -sname b -setcookie guitar
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [async-threads:10] [hipe] [kernel-poll:false]

Lastly, in first terminal,

Eshell V7.0  (abort with ^G)
(a@hyun-VirtualBox)1> net_adm:ping('b@hyun-VirtualBox').
pong

2. Copy $HOME/.erlang.cookie

you can just copy $HOME/.erlang.cookie to other remote pc for sharing same cookie value.

Also, you have to think about security.

getting_started

An Erlang node is completely unprotected when running erlang:set_cookie(node(), nocookie). This can sometimes be appropriate for systems that are not normally networked, or for systems which are run for maintenance purposes only. Refer to auth(3) for details on the security system.

hyun
  • 2,135
  • 2
  • 18
  • 20
4

According to "Erlang Security 101" by NCC Group (https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2014/erlang_security_101_v1-0.pdf), you should not use -setcookie, as other users of the server will be able to see the cookie using ps ax | grep erl. For example, from a terminal on my local computer:

zed@blargh:~$ erl -setcookie abc -sname e1
Erlang R16B03-1 (erts-5.10.4) [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V5.10.4  (abort with ^G)
(e1@blargh)1>

And then from a second terminal, as a different user:

eks@blargh:~$ ps ax | grep erl
 2035 pts/7    Sl+    0:00 /usr/lib/erlang/erts-5.10.4/bin/beam.smp -- -root /usr/lib/erlang -progname erl -- -home /home/zed -- -setcookie abc -sname e1
 2065 pts/8    S+     0:00 grep --color=auto erl
 9841 ?        S      0:00 /usr/lib/erlang/erts-5.10.4/bin/epmd -daemon

And you can clearly see the cookie in the output of ps. Having the cookie allows a third party to join the erlang cluster. You should instead use the cookie file method, with restrictive permissions on the file.

streetcornerlurker
  • 501
  • 1
  • 7
  • 14
2

You should set cookies (in console as you written or on erl execute) Also, if you set shortname (sname) second node should be running with shortname If you set nodename, second node also may run with -name

Works:

 erl -name obsrv@127.0.0.1 -setcookie democookie
 erl -name n2@127.0.0.1 -setcookie democookie

Do not work:

erl -name obsrv@127.0.0.1 -setcookie democookie
erl -name n2 -setcookie democookie

If nodes run on different machines, check port it open 40293 or set port(and set min, max) when erl executing

erl \
-kernel inet_dist_listen_min 40293\
-setcookie democookie\
-name erl_node_1
Maryna Shabalina
  • 450
  • 3
  • 15