Hi,
On 30/01/2023 07:14, S Sathish S via Users wrote:
Hi Team,
In our application we are currently using UDPU as transport protocol with
single ring, while migrated to corosync 3.x knet become default protocol.
We need to understand any maintenance overhead that any required certificate/key management would bring in for knet transport protocol (or) it will use existing authorization key /etc/corosync/authkey file for secure communication between nodes using
yes, as long as secauth or crypto_cipher/crypto_hash is configured,
corosync 3.x will happily use existing /etc/corosync/authkey. Eventho I
would recommend to generate new one because new one is longer by default
(2024 bits vs old 1024).
knet transport protocol.
https://access.redhat.com/solutions/5963941
https://access.redhat.com/solutions/1182463
We shouldn't end up in a case where Pacemaker stops working due to some
certificate/key expiry?
It's symmetric key so there is no key expiration.
Regards,
Honza
Thanks and Regards,
S Sathish S
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/