<div dir="ltr">Perfect. Thanks for the quick response Honza.<div><br></div><div>Cheers</div><div>Nikhil</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 11, 2016 at 4:10 PM, Jan Friesse <span dir="ltr"><<a href="mailto:jfriesse@redhat.com" target="_blank">jfriesse@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Nikhil,<br>
<br>
Nikhil Utane napsal(a):<span class=""><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
I changed some configuration and captured packets. I can see that the data<br>
is already garbled and not in the clear.<br>
So does corosync already have this built-in?<br>
Can somebody provide more details as to what all security features are<br>
incorporated?<br>
</blockquote>
<br></span>
See man page corosync.conf(5) options crypto_hash, crypto_cipher (for corosync 2.x) and potentially secauth (for coorsync 1.x and 2.x).<br>
<br>
Basically corosync by default uses aes256 for encryption and sha1 for hmac authentication.<br>
<br>
Pacemaker uses corosync cpg API so as long as encryption is enabled in the corosync.conf, messages interchanged between nodes are encrypted.<br>
<br>
Regards,<br>
Honza<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
-Thanks<br>
Nikhil<br>
<br>
On Fri, Mar 11, 2016 at 11:38 AM, Nikhil Utane <<a href="mailto:nikhil.subscribed@gmail.com" target="_blank">nikhil.subscribed@gmail.com</a>><br>
wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
Does corosync provide mechanism to secure the communication path between<br>
nodes of a cluster?<br>
I would like all the data that gets exchanged between all nodes to be<br>
encrypted.<br>
<br>
A quick google threw up this link:<br>
<a href="https://github.com/corosync/corosync/blob/master/SECURITY" rel="noreferrer" target="_blank">https://github.com/corosync/corosync/blob/master/SECURITY</a><br>
<br>
Can I make use of it with pacemaker?<br>
<br>
-Thanks<br>
Nikhil<br>
<br>
<br>
</blockquote>
<br>
<br>
<br></span>
_______________________________________________<br>
Users mailing list: <a href="mailto:Users@clusterlabs.org" target="_blank">Users@clusterlabs.org</a><br>
<a href="http://clusterlabs.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://clusterlabs.org/mailman/listinfo/users</a><br>
<br>
Project Home: <a href="http://www.clusterlabs.org" rel="noreferrer" target="_blank">http://www.clusterlabs.org</a><br>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" rel="noreferrer" target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a><br>
Bugs: <a href="http://bugs.clusterlabs.org" rel="noreferrer" target="_blank">http://bugs.clusterlabs.org</a><br>
<br>
</blockquote>
<br>
<br>
_______________________________________________<br>
Users mailing list: <a href="mailto:Users@clusterlabs.org" target="_blank">Users@clusterlabs.org</a><br>
<a href="http://clusterlabs.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://clusterlabs.org/mailman/listinfo/users</a><br>
<br>
Project Home: <a href="http://www.clusterlabs.org" rel="noreferrer" target="_blank">http://www.clusterlabs.org</a><br>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" rel="noreferrer" target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a><br>
Bugs: <a href="http://bugs.clusterlabs.org" rel="noreferrer" target="_blank">http://bugs.clusterlabs.org</a><br>
</blockquote></div><br></div>