[ClusterLabs] Corosync-Qdevice SSL Ciphers
Hi , Is there a way to find/restrict the list of ciphers used by corosync-qnetd similar to the PCSD_SSL_CIPHERS variable in /etc/sysconfig/pcsd configuration file. With Regards Somanath Thilak J ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] Saving secret locally
On Tue, 2020-01-21 at 06:29 +0200, Strahil Nikolov wrote: > On January 20, 2020 5:57:18 PM GMT+02:00, Ken Gaillot < > kgail...@redhat.com> wrote: > > On Sat, 2020-01-18 at 20:54 +, Strahil Nikolov wrote: > > > Hello Community, > > > > > > > > > I have been using pacemaker in the last 2 years on SUSE who use > > > crmsh > > > and now I struggle to recall some of the knowledge I had. Cluster > > > is > > > RHEL 7.7 on oVirt/RHV . > > > > > > > > > Can someone tell me the pcs command that matches to this one, as > > > I > > > don't want the password for the fencing user in the CIB : > > > > > > > > > crm resource secret set > > > > > > > > > I've been searching in the pcs --help and on > > > > > > > https://github.com/ClusterLabs/pacemaker/blob/master/doc/pcs-crmsh-quick-ref.md > > > md , but it seems it's not there or I can't find it. > > > > > > Thanks in advance. > > > > > > > > > Best Regards, > > > Strahil Nikolov > > > > Not only does pcs not have an equivalent, but CIB secrets aren't > > even > > enabled in RHEL (it's a compile-time option). I'm not aware of any > > particular reason; it probably goes back to when the feature was > > experimental. Feel free to file a bug with Red Hat asking for it to > > be > > enabled. > > Hi Ken, > > > Thanks for your reply. > I will open a bug for RHEL 8 - my guess is that it also lacks that > feature, right ? > > Best Regards, > Strahil Nikolov Correct -- Ken Gaillot ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] SSL Certificates in Corosync-Qdevice.
Somanath, Hi , We are corosync-qdevice version 3.0.0 in a two node cluster setup. During qnetd configuration, ssl certificates with 100 year validity is generated. I want to know if it is possible to use custom generated certificates with different validity ,similar to the option available for PCSD certificates. It is possible, but there is no user option (may make sense to add one?). Take a look to corosync-qnetd-certutil. It is just shell script, where you can change CRT_VALIDITY variable (default is 1200). Regards, Honza With Regards Somanath Thilak J ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/ ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
[ClusterLabs] SSL Certificates in Corosync-Qdevice.
Hi , We are corosync-qdevice version 3.0.0 in a two node cluster setup. During qnetd configuration, ssl certificates with 100 year validity is generated. I want to know if it is possible to use custom generated certificates with different validity ,similar to the option available for PCSD certificates. With Regards Somanath Thilak J ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
