[ClusterLabs] Security with Corosync
Nikhil Utane
nikhil.subscribed at gmail.com
Fri Mar 11 10:45:59 UTC 2016
Perfect. Thanks for the quick response Honza.
Cheers
Nikhil
On Fri, Mar 11, 2016 at 4:10 PM, Jan Friesse <jfriesse at redhat.com> wrote:
> Nikhil,
>
> Nikhil Utane napsal(a):
>
>> Hi,
>>
>> I changed some configuration and captured packets. I can see that the data
>> is already garbled and not in the clear.
>> So does corosync already have this built-in?
>> Can somebody provide more details as to what all security features are
>> incorporated?
>>
>
> See man page corosync.conf(5) options crypto_hash, crypto_cipher (for
> corosync 2.x) and potentially secauth (for coorsync 1.x and 2.x).
>
> Basically corosync by default uses aes256 for encryption and sha1 for hmac
> authentication.
>
> Pacemaker uses corosync cpg API so as long as encryption is enabled in the
> corosync.conf, messages interchanged between nodes are encrypted.
>
> Regards,
> Honza
>
>
>> -Thanks
>> Nikhil
>>
>> On Fri, Mar 11, 2016 at 11:38 AM, Nikhil Utane <
>> nikhil.subscribed at gmail.com>
>> wrote:
>>
>> Hi,
>>>
>>> Does corosync provide mechanism to secure the communication path between
>>> nodes of a cluster?
>>> I would like all the data that gets exchanged between all nodes to be
>>> encrypted.
>>>
>>> A quick google threw up this link:
>>> https://github.com/corosync/corosync/blob/master/SECURITY
>>>
>>> Can I make use of it with pacemaker?
>>>
>>> -Thanks
>>> Nikhil
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> Users mailing list: Users at clusterlabs.org
>> http://clusterlabs.org/mailman/listinfo/users
>>
>> Project Home: http://www.clusterlabs.org
>> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
>> Bugs: http://bugs.clusterlabs.org
>>
>>
>
> _______________________________________________
> Users mailing list: Users at clusterlabs.org
> http://clusterlabs.org/mailman/listinfo/users
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clusterlabs.org/pipermail/users/attachments/20160311/cdcb10b3/attachment-0002.html>
More information about the Users
mailing list