Nikhil Utane napsal(a):
[root@node3 corosync]# corosync -v
Corosync Cluster Engine, version '1.4.7'
Copyright (c) 2006-2009 Red Hat, Inc.
So it is 1.x :(
When I begun I was following multiple tutorials and ended up installing
multiple packages. Let me try moving to corosync 2.0.
I suppose it should be as easy as doing yum install.
It depends of what distribution are you using (for example RHEL/CentOS
has only 1.x + cman in 6.x and 2.x in 7.x). But main question is, why
you want to upgrade? 1.x is fully supported and if it works for you
there is no reason to upgrade to 2.x. It's best to stay with whatever
your distro ships.
Honza
On Wed, Mar 16, 2016 at 10:29 PM, Jan Friesse <jfrie...@redhat.com> wrote:
Nikhil Utane napsal(a):
Honza,
In my CIB I see the infrastructure being set to cman. pcs status is
reporting the same.
<nvpair id="cib-bootstrap-options-cluster-infrastructure"
name="cluster-infrastructure" value="*cman*"/>
[root@node3 corosync]# pcs status
Cluster name: mycluster
Last updated: Wed Mar 16 16:57:46 2016
Last change: Wed Mar 16 16:56:23 2016
Stack: *cman*
But corosync also is running fine.
[root@node2 nikhil]# pcs status nodes corosync
Corosync Nodes:
Online: node2 node3
Offline: node1
I did a cibadmin query and replace from cman to corosync but it doesn't
change (even though replace operation succeeds)
I read that CMAN internally uses corosync but in corosync 2 CMAN support
is
removed.
Totally confused. Please help.
Best start is to find out what versions you are using? If you have
corosync 1.x and really using cman (what is highly probable), corosync.conf
is completely ignored and instead cluster.conf (/etc/cluster/cluster.conf)
is used. cluster.conf uses cman keyfile and if this is not provided,
encryption key is simply cluster name. This is probably reason why
everything worked when you haven't had authkey on one of nodes.
Honza
-Thanks
Nikhil
On Mon, Mar 14, 2016 at 1:19 PM, Jan Friesse <jfrie...@redhat.com> wrote:
Nikhil Utane napsal(a):
Follow-up question.
I noticed that secauth was turned off in my corosync.conf file. I
enabled
it on all 3 nodes and restarted the cluster. Everything was working
fine.
However I just noticed that I had forgotten to copy the authkey to one
of
the node. It is present on 2 nodes but not the third. And I did a
failover
and the third node took over without any issue.
How is the 3rd node participating in the cluster if it doesn't have the
authkey?
It's just not possible. If you would enabled secauth correctly and you
didn't have /etc/corosync/authkey, message like "Could not open
/etc/corosync/authkey: No such file or directory" would show up. There
are
few exceptions:
- you have changed totem.keyfile with file existing on all nodes
- you are using totem.key then everything works as expected (it has
priority over default authkey file but not over totem.keyfile)
- you are using COROSYNC_TOTEM_AUTHKEY_FILE env with file existing on all
nodes
Regards,
Honza
On Fri, Mar 11, 2016 at 4:15 PM, Nikhil Utane <
nikhil.subscri...@gmail.com>
wrote:
Perfect. Thanks for the quick response Honza.
Cheers
Nikhil
On Fri, Mar 11, 2016 at 4:10 PM, Jan Friesse <jfrie...@redhat.com>
wrote:
Nikhil,
Nikhil Utane napsal(a):
Hi,
I changed some configuration and captured packets. I can see that the
data
is already garbled and not in the clear.
So does corosync already have this built-in?
Can somebody provide more details as to what all security features
are
incorporated?
See man page corosync.conf(5) options crypto_hash, crypto_cipher (for
corosync 2.x) and potentially secauth (for coorsync 1.x and 2.x).
Basically corosync by default uses aes256 for encryption and sha1 for
hmac authentication.
Pacemaker uses corosync cpg API so as long as encryption is enabled in
the corosync.conf, messages interchanged between nodes are encrypted.
Regards,
Honza
-Thanks
Nikhil
On Fri, Mar 11, 2016 at 11:38 AM, Nikhil Utane <
nikhil.subscri...@gmail.com>
wrote:
Hi,
Does corosync provide mechanism to secure the communication path
between
nodes of a cluster?
I would like all the data that gets exchanged between all nodes to
be
encrypted.
A quick google threw up this link:
https://github.com/corosync/corosync/blob/master/SECURITY
Can I make use of it with pacemaker?
-Thanks
Nikhil
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started:
http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started:
http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started:
http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
