Honza, In my CIB I see the infrastructure being set to cman. pcs status is reporting the same.
<nvpair id="cib-bootstrap-options-cluster-infrastructure" name="cluster-infrastructure" value="*cman*"/> [root@node3 corosync]# pcs status Cluster name: mycluster Last updated: Wed Mar 16 16:57:46 2016 Last change: Wed Mar 16 16:56:23 2016 Stack: *cman* But corosync also is running fine. [root@node2 nikhil]# pcs status nodes corosync Corosync Nodes: Online: node2 node3 Offline: node1 I did a cibadmin query and replace from cman to corosync but it doesn't change (even though replace operation succeeds) I read that CMAN internally uses corosync but in corosync 2 CMAN support is removed. Totally confused. Please help. -Thanks Nikhil On Mon, Mar 14, 2016 at 1:19 PM, Jan Friesse <jfrie...@redhat.com> wrote: > Nikhil Utane napsal(a): > >> Follow-up question. >> I noticed that secauth was turned off in my corosync.conf file. I enabled >> it on all 3 nodes and restarted the cluster. Everything was working fine. >> However I just noticed that I had forgotten to copy the authkey to one of >> the node. It is present on 2 nodes but not the third. And I did a failover >> and the third node took over without any issue. >> How is the 3rd node participating in the cluster if it doesn't have the >> authkey? >> > > It's just not possible. If you would enabled secauth correctly and you > didn't have /etc/corosync/authkey, message like "Could not open > /etc/corosync/authkey: No such file or directory" would show up. There are > few exceptions: > - you have changed totem.keyfile with file existing on all nodes > - you are using totem.key then everything works as expected (it has > priority over default authkey file but not over totem.keyfile) > - you are using COROSYNC_TOTEM_AUTHKEY_FILE env with file existing on all > nodes > > Regards, > Honza > > > >> On Fri, Mar 11, 2016 at 4:15 PM, Nikhil Utane < >> nikhil.subscri...@gmail.com> >> wrote: >> >> Perfect. Thanks for the quick response Honza. >>> >>> Cheers >>> Nikhil >>> >>> On Fri, Mar 11, 2016 at 4:10 PM, Jan Friesse <jfrie...@redhat.com> >>> wrote: >>> >>> Nikhil, >>>> >>>> Nikhil Utane napsal(a): >>>> >>>> Hi, >>>>> >>>>> I changed some configuration and captured packets. I can see that the >>>>> data >>>>> is already garbled and not in the clear. >>>>> So does corosync already have this built-in? >>>>> Can somebody provide more details as to what all security features are >>>>> incorporated? >>>>> >>>>> >>>> See man page corosync.conf(5) options crypto_hash, crypto_cipher (for >>>> corosync 2.x) and potentially secauth (for coorsync 1.x and 2.x). >>>> >>>> Basically corosync by default uses aes256 for encryption and sha1 for >>>> hmac authentication. >>>> >>>> Pacemaker uses corosync cpg API so as long as encryption is enabled in >>>> the corosync.conf, messages interchanged between nodes are encrypted. >>>> >>>> Regards, >>>> Honza >>>> >>>> >>>> -Thanks >>>>> Nikhil >>>>> >>>>> On Fri, Mar 11, 2016 at 11:38 AM, Nikhil Utane < >>>>> nikhil.subscri...@gmail.com> >>>>> wrote: >>>>> >>>>> Hi, >>>>> >>>>>> >>>>>> Does corosync provide mechanism to secure the communication path >>>>>> between >>>>>> nodes of a cluster? >>>>>> I would like all the data that gets exchanged between all nodes to be >>>>>> encrypted. >>>>>> >>>>>> A quick google threw up this link: >>>>>> https://github.com/corosync/corosync/blob/master/SECURITY >>>>>> >>>>>> Can I make use of it with pacemaker? >>>>>> >>>>>> -Thanks >>>>>> Nikhil >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list: Users@clusterlabs.org >>>>> http://clusterlabs.org/mailman/listinfo/users >>>>> >>>>> Project Home: http://www.clusterlabs.org >>>>> Getting started: >>>>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>>>> Bugs: http://bugs.clusterlabs.org >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> Users mailing list: Users@clusterlabs.org >>>> http://clusterlabs.org/mailman/listinfo/users >>>> >>>> Project Home: http://www.clusterlabs.org >>>> Getting started: >>>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>>> Bugs: http://bugs.clusterlabs.org >>>> >>>> >>> >>> >> >> >> _______________________________________________ >> Users mailing list: Users@clusterlabs.org >> http://clusterlabs.org/mailman/listinfo/users >> >> Project Home: http://www.clusterlabs.org >> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >> Bugs: http://bugs.clusterlabs.org >> >> > > _______________________________________________ > Users mailing list: Users@clusterlabs.org > http://clusterlabs.org/mailman/listinfo/users > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org >
_______________________________________________ Users mailing list: Users@clusterlabs.org http://clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org