[root@node3 corosync]# corosync -v Corosync Cluster Engine, version '1.4.7' Copyright (c) 2006-2009 Red Hat, Inc.
So it is 1.x :( When I begun I was following multiple tutorials and ended up installing multiple packages. Let me try moving to corosync 2.0. I suppose it should be as easy as doing yum install. On Wed, Mar 16, 2016 at 10:29 PM, Jan Friesse <jfrie...@redhat.com> wrote: > Nikhil Utane napsal(a): > >> Honza, >> >> In my CIB I see the infrastructure being set to cman. pcs status is >> reporting the same. >> >> <nvpair id="cib-bootstrap-options-cluster-infrastructure" >> name="cluster-infrastructure" value="*cman*"/> >> >> [root@node3 corosync]# pcs status >> Cluster name: mycluster >> Last updated: Wed Mar 16 16:57:46 2016 >> Last change: Wed Mar 16 16:56:23 2016 >> Stack: *cman* >> >> But corosync also is running fine. >> >> [root@node2 nikhil]# pcs status nodes corosync >> Corosync Nodes: >> Online: node2 node3 >> Offline: node1 >> >> I did a cibadmin query and replace from cman to corosync but it doesn't >> change (even though replace operation succeeds) >> I read that CMAN internally uses corosync but in corosync 2 CMAN support >> is >> removed. >> Totally confused. Please help. >> > > Best start is to find out what versions you are using? If you have > corosync 1.x and really using cman (what is highly probable), corosync.conf > is completely ignored and instead cluster.conf (/etc/cluster/cluster.conf) > is used. cluster.conf uses cman keyfile and if this is not provided, > encryption key is simply cluster name. This is probably reason why > everything worked when you haven't had authkey on one of nodes. > > Honza > > > >> -Thanks >> Nikhil >> >> On Mon, Mar 14, 2016 at 1:19 PM, Jan Friesse <jfrie...@redhat.com> wrote: >> >> Nikhil Utane napsal(a): >>> >>> Follow-up question. >>>> I noticed that secauth was turned off in my corosync.conf file. I >>>> enabled >>>> it on all 3 nodes and restarted the cluster. Everything was working >>>> fine. >>>> However I just noticed that I had forgotten to copy the authkey to one >>>> of >>>> the node. It is present on 2 nodes but not the third. And I did a >>>> failover >>>> and the third node took over without any issue. >>>> How is the 3rd node participating in the cluster if it doesn't have the >>>> authkey? >>>> >>>> >>> It's just not possible. If you would enabled secauth correctly and you >>> didn't have /etc/corosync/authkey, message like "Could not open >>> /etc/corosync/authkey: No such file or directory" would show up. There >>> are >>> few exceptions: >>> - you have changed totem.keyfile with file existing on all nodes >>> - you are using totem.key then everything works as expected (it has >>> priority over default authkey file but not over totem.keyfile) >>> - you are using COROSYNC_TOTEM_AUTHKEY_FILE env with file existing on all >>> nodes >>> >>> Regards, >>> Honza >>> >>> >>> >>> On Fri, Mar 11, 2016 at 4:15 PM, Nikhil Utane < >>>> nikhil.subscri...@gmail.com> >>>> wrote: >>>> >>>> Perfect. Thanks for the quick response Honza. >>>> >>>>> >>>>> Cheers >>>>> Nikhil >>>>> >>>>> On Fri, Mar 11, 2016 at 4:10 PM, Jan Friesse <jfrie...@redhat.com> >>>>> wrote: >>>>> >>>>> Nikhil, >>>>> >>>>>> >>>>>> Nikhil Utane napsal(a): >>>>>> >>>>>> Hi, >>>>>> >>>>>>> >>>>>>> I changed some configuration and captured packets. I can see that the >>>>>>> data >>>>>>> is already garbled and not in the clear. >>>>>>> So does corosync already have this built-in? >>>>>>> Can somebody provide more details as to what all security features >>>>>>> are >>>>>>> incorporated? >>>>>>> >>>>>>> >>>>>>> See man page corosync.conf(5) options crypto_hash, crypto_cipher (for >>>>>> corosync 2.x) and potentially secauth (for coorsync 1.x and 2.x). >>>>>> >>>>>> Basically corosync by default uses aes256 for encryption and sha1 for >>>>>> hmac authentication. >>>>>> >>>>>> Pacemaker uses corosync cpg API so as long as encryption is enabled in >>>>>> the corosync.conf, messages interchanged between nodes are encrypted. >>>>>> >>>>>> Regards, >>>>>> Honza >>>>>> >>>>>> >>>>>> -Thanks >>>>>> >>>>>>> Nikhil >>>>>>> >>>>>>> On Fri, Mar 11, 2016 at 11:38 AM, Nikhil Utane < >>>>>>> nikhil.subscri...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>>> Does corosync provide mechanism to secure the communication path >>>>>>>> between >>>>>>>> nodes of a cluster? >>>>>>>> I would like all the data that gets exchanged between all nodes to >>>>>>>> be >>>>>>>> encrypted. >>>>>>>> >>>>>>>> A quick google threw up this link: >>>>>>>> https://github.com/corosync/corosync/blob/master/SECURITY >>>>>>>> >>>>>>>> Can I make use of it with pacemaker? >>>>>>>> >>>>>>>> -Thanks >>>>>>>> Nikhil >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing list: Users@clusterlabs.org >>>>>>> http://clusterlabs.org/mailman/listinfo/users >>>>>>> >>>>>>> Project Home: http://www.clusterlabs.org >>>>>>> Getting started: >>>>>>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>>>>>> Bugs: http://bugs.clusterlabs.org >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>> Users mailing list: Users@clusterlabs.org >>>>>> http://clusterlabs.org/mailman/listinfo/users >>>>>> >>>>>> Project Home: http://www.clusterlabs.org >>>>>> Getting started: >>>>>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>>>>> Bugs: http://bugs.clusterlabs.org >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Users mailing list: Users@clusterlabs.org >>>> http://clusterlabs.org/mailman/listinfo/users >>>> >>>> Project Home: http://www.clusterlabs.org >>>> Getting started: >>>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>>> Bugs: http://bugs.clusterlabs.org >>>> >>>> >>>> >>> _______________________________________________ >>> Users mailing list: Users@clusterlabs.org >>> http://clusterlabs.org/mailman/listinfo/users >>> >>> Project Home: http://www.clusterlabs.org >>> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>> Bugs: http://bugs.clusterlabs.org >>> >>> >> >> >> _______________________________________________ >> Users mailing list: Users@clusterlabs.org >> http://clusterlabs.org/mailman/listinfo/users >> >> Project Home: http://www.clusterlabs.org >> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >> Bugs: http://bugs.clusterlabs.org >> >> > > _______________________________________________ > Users mailing list: Users@clusterlabs.org > http://clusterlabs.org/mailman/listinfo/users > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org >
_______________________________________________ Users mailing list: Users@clusterlabs.org http://clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org