[ClusterLabs] corosync 2.4.4 version provide secure the communication by default
Ken Gaillot
kgaillot at redhat.com
Mon Mar 27 09:55:28 EDT 2023
On Sun, 2023-03-26 at 10:42 +0000, S Sathish S via Users wrote:
> Hi Jan,
>
> In Corosync which all scenario it send cpg message and what is impact
> if we are not secure communication.
Pacemaker uses CPG extensively to communicate between nodes. Sensitive
information such as the entire CIB is passed via CPG.
> Any outsider attacker can manipulate the system using unencrypted
> communication.
An outsider who can intercept network traffic between cluster nodes
could view data such as the CIB when encryption is not used. If the
outsider can also sit as a "man-in-the-middle," manipulating the
network traffic, then it could also easily gain access to cluster
nodes.
> Corosync used for heartbeat communication in that we don’t have any
> sensitive data really need to secure ? if not then any other
> sensitive data transferred via corosync communication.
Corosync's cluster membership protocol handles the heartbeat; CPG is a
cluster messaging protocol, allowing cluster nodes to send data to each
other, so it depends on what uses CPG. In this case, Pacemaker uses CPG
for sensitive data.
>
> Thanks and Regards,
> S Sathish S
--
Ken Gaillot <kgaillot at redhat.com>
More information about the Users
mailing list