[ClusterLabs] corosync 2.4.4 version provide secure the communication by default

Ken Gaillot kgaillot at redhat.com
Mon Mar 27 09:55:28 EDT 2023


On Sun, 2023-03-26 at 10:42 +0000, S Sathish S via Users wrote:
> Hi Jan,
>  
> In Corosync which all scenario it send cpg message and what is impact
> if we are not secure communication.

Pacemaker uses CPG extensively to communicate between nodes. Sensitive
information such as the entire CIB is passed via CPG.
 
> Any outsider attacker can manipulate the system using unencrypted
> communication.

An outsider who can intercept network traffic between cluster nodes
could view data such as the CIB when encryption is not used. If the
outsider can also sit as a "man-in-the-middle," manipulating the
network traffic, then it could also easily gain access to cluster
nodes.

> Corosync used for heartbeat communication in that we don’t have any
> sensitive data really need to secure ? if not then any other
> sensitive data transferred via corosync communication.

Corosync's cluster membership protocol handles the heartbeat; CPG is a
cluster messaging protocol, allowing cluster nodes to send data to each
other, so it depends on what uses CPG. In this case, Pacemaker uses CPG
for sensitive data.

>  
> Thanks and Regards,
> S Sathish S

-- 
Ken Gaillot <kgaillot at redhat.com>



More information about the Users mailing list