[ClusterLabs] Security with Corosync
Jan Friesse
jfriesse at redhat.com
Fri Mar 11 10:40:29 UTC 2016
Nikhil,
Nikhil Utane napsal(a):
> Hi,
>
> I changed some configuration and captured packets. I can see that the data
> is already garbled and not in the clear.
> So does corosync already have this built-in?
> Can somebody provide more details as to what all security features are
> incorporated?
See man page corosync.conf(5) options crypto_hash, crypto_cipher (for
corosync 2.x) and potentially secauth (for coorsync 1.x and 2.x).
Basically corosync by default uses aes256 for encryption and sha1 for
hmac authentication.
Pacemaker uses corosync cpg API so as long as encryption is enabled in
the corosync.conf, messages interchanged between nodes are encrypted.
Regards,
Honza
>
> -Thanks
> Nikhil
>
> On Fri, Mar 11, 2016 at 11:38 AM, Nikhil Utane <nikhil.subscribed at gmail.com>
> wrote:
>
>> Hi,
>>
>> Does corosync provide mechanism to secure the communication path between
>> nodes of a cluster?
>> I would like all the data that gets exchanged between all nodes to be
>> encrypted.
>>
>> A quick google threw up this link:
>> https://github.com/corosync/corosync/blob/master/SECURITY
>>
>> Can I make use of it with pacemaker?
>>
>> -Thanks
>> Nikhil
>>
>>
>
>
>
> _______________________________________________
> Users mailing list: Users at clusterlabs.org
> http://clusterlabs.org/mailman/listinfo/users
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>
More information about the Users
mailing list