Honza, Actually this is only for a PoC (Proof of Concept) setup. Next step is to move it to a different platform where we are cross-compiling from the sources. I'd like the PoC setup to have the same version as the final one.
Thanks. On Thu, Mar 17, 2016 at 1:07 PM, Jan Friesse <[email protected]> wrote: > Nikhil Utane napsal(a): > >> [root@node3 corosync]# corosync -v >> Corosync Cluster Engine, version '1.4.7' >> Copyright (c) 2006-2009 Red Hat, Inc. >> >> So it is 1.x :( >> When I begun I was following multiple tutorials and ended up installing >> multiple packages. Let me try moving to corosync 2.0. >> I suppose it should be as easy as doing yum install. >> > > It depends of what distribution are you using (for example RHEL/CentOS has > only 1.x + cman in 6.x and 2.x in 7.x). But main question is, why you want > to upgrade? 1.x is fully supported and if it works for you there is no > reason to upgrade to 2.x. It's best to stay with whatever your distro ships. > > Honza > > > > >> On Wed, Mar 16, 2016 at 10:29 PM, Jan Friesse <[email protected]> >> wrote: >> >> Nikhil Utane napsal(a): >>> >>> Honza, >>>> >>>> In my CIB I see the infrastructure being set to cman. pcs status is >>>> reporting the same. >>>> >>>> <nvpair id="cib-bootstrap-options-cluster-infrastructure" >>>> name="cluster-infrastructure" value="*cman*"/> >>>> >>>> [root@node3 corosync]# pcs status >>>> Cluster name: mycluster >>>> Last updated: Wed Mar 16 16:57:46 2016 >>>> Last change: Wed Mar 16 16:56:23 2016 >>>> Stack: *cman* >>>> >>>> But corosync also is running fine. >>>> >>>> [root@node2 nikhil]# pcs status nodes corosync >>>> Corosync Nodes: >>>> Online: node2 node3 >>>> Offline: node1 >>>> >>>> I did a cibadmin query and replace from cman to corosync but it doesn't >>>> change (even though replace operation succeeds) >>>> I read that CMAN internally uses corosync but in corosync 2 CMAN support >>>> is >>>> removed. >>>> Totally confused. Please help. >>>> >>>> >>> Best start is to find out what versions you are using? If you have >>> corosync 1.x and really using cman (what is highly probable), >>> corosync.conf >>> is completely ignored and instead cluster.conf >>> (/etc/cluster/cluster.conf) >>> is used. cluster.conf uses cman keyfile and if this is not provided, >>> encryption key is simply cluster name. This is probably reason why >>> everything worked when you haven't had authkey on one of nodes. >>> >>> Honza >>> >>> >>> >>> -Thanks >>>> Nikhil >>>> >>>> On Mon, Mar 14, 2016 at 1:19 PM, Jan Friesse <[email protected]> >>>> wrote: >>>> >>>> Nikhil Utane napsal(a): >>>> >>>>> >>>>> Follow-up question. >>>>> >>>>>> I noticed that secauth was turned off in my corosync.conf file. I >>>>>> enabled >>>>>> it on all 3 nodes and restarted the cluster. Everything was working >>>>>> fine. >>>>>> However I just noticed that I had forgotten to copy the authkey to one >>>>>> of >>>>>> the node. It is present on 2 nodes but not the third. And I did a >>>>>> failover >>>>>> and the third node took over without any issue. >>>>>> How is the 3rd node participating in the cluster if it doesn't have >>>>>> the >>>>>> authkey? >>>>>> >>>>>> >>>>>> It's just not possible. If you would enabled secauth correctly and you >>>>> didn't have /etc/corosync/authkey, message like "Could not open >>>>> /etc/corosync/authkey: No such file or directory" would show up. There >>>>> are >>>>> few exceptions: >>>>> - you have changed totem.keyfile with file existing on all nodes >>>>> - you are using totem.key then everything works as expected (it has >>>>> priority over default authkey file but not over totem.keyfile) >>>>> - you are using COROSYNC_TOTEM_AUTHKEY_FILE env with file existing on >>>>> all >>>>> nodes >>>>> >>>>> Regards, >>>>> Honza >>>>> >>>>> >>>>> >>>>> On Fri, Mar 11, 2016 at 4:15 PM, Nikhil Utane < >>>>> >>>>>> [email protected]> >>>>>> wrote: >>>>>> >>>>>> Perfect. Thanks for the quick response Honza. >>>>>> >>>>>> >>>>>>> Cheers >>>>>>> Nikhil >>>>>>> >>>>>>> On Fri, Mar 11, 2016 at 4:10 PM, Jan Friesse <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> Nikhil, >>>>>>> >>>>>>> >>>>>>>> Nikhil Utane napsal(a): >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>>> I changed some configuration and captured packets. I can see that >>>>>>>>> the >>>>>>>>> data >>>>>>>>> is already garbled and not in the clear. >>>>>>>>> So does corosync already have this built-in? >>>>>>>>> Can somebody provide more details as to what all security features >>>>>>>>> are >>>>>>>>> incorporated? >>>>>>>>> >>>>>>>>> >>>>>>>>> See man page corosync.conf(5) options crypto_hash, crypto_cipher >>>>>>>>> (for >>>>>>>>> >>>>>>>> corosync 2.x) and potentially secauth (for coorsync 1.x and 2.x). >>>>>>>> >>>>>>>> Basically corosync by default uses aes256 for encryption and sha1 >>>>>>>> for >>>>>>>> hmac authentication. >>>>>>>> >>>>>>>> Pacemaker uses corosync cpg API so as long as encryption is enabled >>>>>>>> in >>>>>>>> the corosync.conf, messages interchanged between nodes are >>>>>>>> encrypted. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Honza >>>>>>>> >>>>>>>> >>>>>>>> -Thanks >>>>>>>> >>>>>>>> Nikhil >>>>>>>>> >>>>>>>>> On Fri, Mar 11, 2016 at 11:38 AM, Nikhil Utane < >>>>>>>>> [email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> >>>>>>>>> Does corosync provide mechanism to secure the communication path >>>>>>>>>> between >>>>>>>>>> nodes of a cluster? >>>>>>>>>> I would like all the data that gets exchanged between all nodes to >>>>>>>>>> be >>>>>>>>>> encrypted. >>>>>>>>>> >>>>>>>>>> A quick google threw up this link: >>>>>>>>>> https://github.com/corosync/corosync/blob/master/SECURITY >>>>>>>>>> >>>>>>>>>> Can I make use of it with pacemaker? >>>>>>>>>> >>>>>>>>>> -Thanks >>>>>>>>>> Nikhil >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>> Users mailing list: [email protected] >>>>>>>>> http://clusterlabs.org/mailman/listinfo/users >>>>>>>>> >>>>>>>>> Project Home: http://www.clusterlabs.org >>>>>>>>> Getting started: >>>>>>>>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>>>>>>>> Bugs: http://bugs.clusterlabs.org >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> >>>>>>>> Users mailing list: [email protected] >>>>>>>> http://clusterlabs.org/mailman/listinfo/users >>>>>>>> >>>>>>>> Project Home: http://www.clusterlabs.org >>>>>>>> Getting started: >>>>>>>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>>>>>>> Bugs: http://bugs.clusterlabs.org >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing list: [email protected] >>>>>> http://clusterlabs.org/mailman/listinfo/users >>>>>> >>>>>> Project Home: http://www.clusterlabs.org >>>>>> Getting started: >>>>>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>>>>> Bugs: http://bugs.clusterlabs.org >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>> Users mailing list: [email protected] >>>>> http://clusterlabs.org/mailman/listinfo/users >>>>> >>>>> Project Home: http://www.clusterlabs.org >>>>> Getting started: >>>>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>>>> Bugs: http://bugs.clusterlabs.org >>>>> >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Users mailing list: [email protected] >>>> http://clusterlabs.org/mailman/listinfo/users >>>> >>>> Project Home: http://www.clusterlabs.org >>>> Getting started: >>>> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>>> Bugs: http://bugs.clusterlabs.org >>>> >>>> >>>> >>> _______________________________________________ >>> Users mailing list: [email protected] >>> http://clusterlabs.org/mailman/listinfo/users >>> >>> Project Home: http://www.clusterlabs.org >>> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>> Bugs: http://bugs.clusterlabs.org >>> >>> >> >> >> _______________________________________________ >> Users mailing list: [email protected] >> http://clusterlabs.org/mailman/listinfo/users >> >> Project Home: http://www.clusterlabs.org >> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >> Bugs: http://bugs.clusterlabs.org >> >> > > _______________________________________________ > Users mailing list: [email protected] > http://clusterlabs.org/mailman/listinfo/users > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org >
_______________________________________________ Users mailing list: [email protected] http://clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
