The man page change set looks good for commit I didn't notice Makefile.am changes though, maybe something is needed there.
regards -steve On 05/26/2010 10:12 PM, Angus Salkeld wrote: > Signed-off-by: Angus Salkeld<[email protected]> > --- > man/corosync-keygen.8 | 83 > +++++++++++++++++++++++++++++++++++++++++++++++ > man/corosync_overview.8 | 28 +++++++++------- > 2 files changed, 99 insertions(+), 12 deletions(-) > create mode 100644 man/corosync-keygen.8 > > diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8 > new file mode 100644 > index 0000000..b161569 > --- /dev/null > +++ b/man/corosync-keygen.8 > @@ -0,0 +1,83 @@ > +.\"/* > +.\" * Copyright (C) 2010 Red Hat, Inc. > +.\" * > +.\" * All rights reserved. > +.\" * > +.\" * Author: Angus Salkeld<[email protected]> > +.\" * > +.\" * This software licensed under BSD license, the text of which follows: > +.\" * > +.\" * Redistribution and use in source and binary forms, with or without > +.\" * modification, are permitted provided that the following conditions are > met: > +.\" * > +.\" * - Redistributions of source code must retain the above copyright > notice, > +.\" * this list of conditions and the following disclaimer. > +.\" * - Redistributions in binary form must reproduce the above copyright > notice, > +.\" * this list of conditions and the following disclaimer in the > documentation > +.\" * and/or other materials provided with the distribution. > +.\" * - Neither the name of the MontaVista Software, Inc. nor the names of > its > +.\" * contributors may be used to endorse or promote products derived from > this > +.\" * software without specific prior written permission. > +.\" * > +.\" * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > "AS IS" > +.\" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, > THE > +.\" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR > PURPOSE > +.\" * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS > BE > +.\" * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR > +.\" * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > +.\" * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > +.\" * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN > +.\" * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) > +.\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF > +.\" * THE POSSIBILITY OF SUCH DAMAGE. > +.\" */ > +.TH COROSYNC-KEYGEN 8 2010-05-30 > +.SH NAME > +corosync-keygen \- Generate an authentication key for Corosync. > +.SH SYNOPSIS > +.B "corosync-keygen" > +.SH DESCRIPTION > + > +If you want to configure corosync to use cryptographic techniques to ensure > authenticity > +.br > +and privacy of the messages, you will need to generate a private key. > +.PP > +.B corosync-keygen > +creates this key and writes it to /etc/corosync/authkey. > +.PP > +This private key must be copied to every processor in the cluster. If the > +.br > +private key isn't the same for every node, those nodes with nonmatching > private > +.br > +keys will not be able to join the same configuration. > +.PP > +Copy the key to some security transportable storage or use ssh to transmit > the > +.br > +key from node to node. Then install the key with the command: > +.PP > +unix#: install -D --group=0 --owner=0 --mode=0400 /path_to_authkey/authkey > /etc/corosync/authkey > +.PP > +If a message "Invalid digest" appears from the corosync executive, the keys > +.br > +are not consistent between processors. > +.PP > +.B Note: corosync-keygen > +will ask for user input to assist in generating entropy. > +.SH EXAMPLES > +.TP > +Generate the key. > +.PP > +$ corosync-keygen > +.br > +Corosync Cluster Engine Authentication key generator. > +.br > +Gathering 1024 bits for key from /dev/random. > +.br > +Press keys on your keyboard to generate entropy. > +.br > +.SH SEE ALSO > +.BR corosync_overview (8), > +.BR corosync.conf (5), > +.SH AUTHOR > +Angus Salkeld > +.PP > diff --git a/man/corosync_overview.8 b/man/corosync_overview.8 > index 9c9de2d..989b762 100644 > --- a/man/corosync_overview.8 > +++ b/man/corosync_overview.8 > @@ -102,15 +102,18 @@ a private key must be generated and shared to all > processors. > > First generate the key on one of the nodes: > > -unix# ais-keygen > -corosync authentication key generator. > -.PP > +unix# corosync-keygen > +.br > +Corosync Cluster Engine Authentication key generator. > +.br > Gathering 1024 bits for key from /dev/random. > -.PP > -Writing corosync key to /etc/ais/authkey. > +.br > +Press keys on your keyboard to generate entropy. > +.br > +Writing corosync key to /etc/corosync/authkey. > .PP > > -After this operation, a private key will be in the file /etc/ais/authkey. > +After this operation, a private key will be in the file > /etc/corosync/authkey. > This private key must be copied to every processor in the cluster. If the > private key isn't the same for every node, those nodes with nonmatching > private > keys will not be able to join the same configuration. > @@ -118,7 +121,7 @@ keys will not be able to join the same configuration. > Copy the key to some security transportable storage or use ssh to transmit > the > key from node to node. Then install the key with the command: > > -unix#: install -D --group=0 --owner=0 --mode=0400 /path_to_authkey/authkey > /etc/ais/authkey > +unix#: install -D --group=0 --owner=0 --mode=0400 /path_to_authkey/authkey > /etc/corosync/authkey > > If a message "Invalid digest" appears from the corosync executive, the keys > are not consistent between processors. > @@ -127,7 +130,7 @@ Finally run the corosync executive. If corosync is > packaged from a distro, it > may be set to start on system start. It may also be turned off by default > in > which case the init script for corosync must be enabled. > > -After running aisexec, a list of all processors IP addresses running the ais > +After running aisexec, a list of all processors IP addresses running the > corosync > executive and configured on the same multicast address will appear. If they > don't appear, there may be a problem with multicast in the distro or > hardware. > If this happens, participation in the corosync mailing list may help solve > the > @@ -204,14 +207,14 @@ If these environment variables are not set, defaults > will be used. > COROSYNC_MAIN_CONFIG_FILE > This specifies the fully qualified path to the corosync configuration file. > > -The default is /etc/ais/corosync.conf. > +The default is /etc/corosync/corosync.conf. > > .TP > COROSYNC_AMF_CONFIG_FILE > This specifies the fully qualified path to the corosync Availability > Management > Framework configuration file. > > -The default is /etc/ais/amf.conf. > +The default is /etc/corosync/amf.conf. > > .TP > COROSYNC_DEFAULT_CONFIG_IFACE > @@ -226,7 +229,7 @@ COROSYNC_TOTEM_AUTHKEY_FILE > This specifies the fully qualified path to the shared key used to > authenticate and encrypt data used within the Totem protocol. > > -The default is /etc/ais/authkey. > +The default is /etc/corosync/authkey. > > .SH SECURITY > The corosync executive optionally encrypts all messages sent over the > network > @@ -246,7 +249,7 @@ automated fashion to determine the shared key. No such > automated attack has > been published as of yet. In this scenario, the cluster is likely already > compromised to allow the long-term capture of transmitted data. > > -For security reasons, the corosync executive binary aisexec should NEVER > +For security reasons, the corosync executive binary should NEVER > be setuid or setgid in the filesystem. > > .PP > @@ -264,5 +267,6 @@ deployment.. > > .SH "SEE ALSO" > .BR corosync.conf (5), > +.BR corosync-keygen (8), > .BR evs_overview (8) > .PP man _______________________________________________ Openais mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/openais
