[ClusterLabs] Antw: [EXT] Re: corosync 2.4.4 version provide secure the communication by default

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Mon Jan 23 06:51:51 EST 2023


>>> Jan Friesse <jfriesse at redhat.com> schrieb am 23.01.2023 um 10:20 in Nachricht
<d0e27873-4249-0bab-fc24-b97130555fef at redhat.com>:
> Hi,
> 
> On 23/01/2023 01:37, S Sathish S via Users wrote:
>> Hi Team,
>> 
>> corosync 2.4.4 version provide mechanism to secure the communication path 
> between nodes of a cluster by default? bcoz in our configuration secauth is 
> turned off but still communication occur is encrypted.
>> 
>> Note : Capture tcpdump for port 5405 and I can see that the data is already 
> garbled and not in the clear.
> 
> It's binary protocol so don't expect some really readable format (like 
> xml/json/...). But with your config it should be unencrypted. You can 
> check message "notice  [TOTEM ] Initializing transmit/receive security 
> (NSS) crypto: none hash: none" during start of corosync.

Probably a good example for "a false feeling of security" (you think the comminication is encrypted, while in fact it is not).

> 
> Regards,
>    Honza
> 
> 
>> 
>> [root at node1 ~]# cat /etc/corosync/corosync.conf
>> totem {
>>      version: 2
>>      cluster_name: OCC
>>     secauth: off
>>      transport: udpu
>> }
>> 
>> nodelist {
>>      node {
>>          ring0_addr: node1
>>          nodeid: 1
>>      }
>> 
>>      node {
>>          ring0_addr: node2
>>          nodeid: 2
>>      }
>> 
>>      node {
>>          ring0_addr: node3
>>          nodeid: 3
>>      }
>> }
>> 
>> quorum {
>>      provider: corosync_votequorum
>> }
>> 
>> logging {
>>      to_logfile: yes
>>      logfile: /var/log/cluster/corosync.log
>>      to_syslog: no
>>      timestamp: on
>> }
>> 
>> Thanks and Regards,
>> S Sathish S
>> 
>> 
>> _______________________________________________
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users 
>> 
>> ClusterLabs home: https://www.clusterlabs.org/ 
>> 
> 
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users 
> 
> ClusterLabs home: https://www.clusterlabs.org/ 






More information about the Users mailing list