On Sun, 2023-03-26 at 10:42 +0000, S Sathish S via Users wrote: > Hi Jan, > > In Corosync which all scenario it send cpg message and what is impact > if we are not secure communication.
Pacemaker uses CPG extensively to communicate between nodes. Sensitive information such as the entire CIB is passed via CPG. > Any outsider attacker can manipulate the system using unencrypted > communication. An outsider who can intercept network traffic between cluster nodes could view data such as the CIB when encryption is not used. If the outsider can also sit as a "man-in-the-middle," manipulating the network traffic, then it could also easily gain access to cluster nodes. > Corosync used for heartbeat communication in that we don’t have any > sensitive data really need to secure ? if not then any other > sensitive data transferred via corosync communication. Corosync's cluster membership protocol handles the heartbeat; CPG is a cluster messaging protocol, allowing cluster nodes to send data to each other, so it depends on what uses CPG. In this case, Pacemaker uses CPG for sensitive data. > > Thanks and Regards, > S Sathish S -- Ken Gaillot <kgail...@redhat.com> _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/