[ClusterLabs] Migrated to corosync 3.x knet become default protocol
Jan Friesse
jfriesse at redhat.com
Mon Jan 30 05:11:04 EST 2023
On 30/01/2023 10:16, Jan Friesse wrote:
> Hi,
>
> On 30/01/2023 07:14, S Sathish S via Users wrote:
>> Hi Team,
>>
>> In our application we are currently using UDPU as transport protocol
>> with single ring, while migrated to corosync 3.x knet become default
>> protocol.
>>
>> We need to understand any maintenance overhead that any required
>> certificate/key management would bring in for knet transport protocol
>> (or) it will use existing authorization key /etc/corosync/authkey file
>> for secure communication between nodes using
>
> yes, as long as secauth or crypto_cipher/crypto_hash is configured,
> corosync 3.x will happily use existing /etc/corosync/authkey. Eventho I
> would recommend to generate new one because new one is longer by default
> (2024 bits vs old 1024).
Typo, 2048 of course ;)
>
> knet transport protocol.
>>
>>
>>
>> https://access.redhat.com/solutions/5963941
>>
>> https://access.redhat.com/solutions/1182463
>>
>>
>> We shouldn't end up in a case where Pacemaker stops working due to
>> some certificate/key expiry?
>
> It's symmetric key so there is no key expiration.
>
>
> Regards,
> Honza
>
>>
>> Thanks and Regards,
>> S Sathish S
>>
>>
>> _______________________________________________
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users
>>
>> ClusterLabs home: https://www.clusterlabs.org/
>>
>
More information about the Users
mailing list