[ClusterLabs] corosync 2.4.4 version provide secure the communication by default
Jan Friesse
jfriesse at redhat.com
Mon Jan 23 04:20:20 EST 2023
Hi,
On 23/01/2023 01:37, S Sathish S via Users wrote:
> Hi Team,
>
> corosync 2.4.4 version provide mechanism to secure the communication path between nodes of a cluster by default? bcoz in our configuration secauth is turned off but still communication occur is encrypted.
>
> Note : Capture tcpdump for port 5405 and I can see that the data is already garbled and not in the clear.
It's binary protocol so don't expect some really readable format (like
xml/json/...). But with your config it should be unencrypted. You can
check message "notice [TOTEM ] Initializing transmit/receive security
(NSS) crypto: none hash: none" during start of corosync.
Regards,
Honza
>
> [root at node1 ~]# cat /etc/corosync/corosync.conf
> totem {
> version: 2
> cluster_name: OCC
> secauth: off
> transport: udpu
> }
>
> nodelist {
> node {
> ring0_addr: node1
> nodeid: 1
> }
>
> node {
> ring0_addr: node2
> nodeid: 2
> }
>
> node {
> ring0_addr: node3
> nodeid: 3
> }
> }
>
> quorum {
> provider: corosync_votequorum
> }
>
> logging {
> to_logfile: yes
> logfile: /var/log/cluster/corosync.log
> to_syslog: no
> timestamp: on
> }
>
> Thanks and Regards,
> S Sathish S
>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>
More information about the Users
mailing list