Hi,
On 23/01/2023 01:37, S Sathish S via Users wrote:
Hi Team,
corosync 2.4.4 version provide mechanism to secure the communication path
between nodes of a cluster by default? bcoz in our configuration secauth is
turned off but still communication occur is encrypted.
Note : Capture tcpdump for port 5405 and I can see that the data is already
garbled and not in the clear.
It's binary protocol so don't expect some really readable format (like
xml/json/...). But with your config it should be unencrypted. You can
check message "notice [TOTEM ] Initializing transmit/receive security
(NSS) crypto: none hash: none" during start of corosync.
Regards,
Honza
[root@node1 ~]# cat /etc/corosync/corosync.conf
totem {
version: 2
cluster_name: OCC
secauth: off
transport: udpu
}
nodelist {
node {
ring0_addr: node1
nodeid: 1
}
node {
ring0_addr: node2
nodeid: 2
}
node {
ring0_addr: node3
nodeid: 3
}
}
quorum {
provider: corosync_votequorum
}
logging {
to_logfile: yes
logfile: /var/log/cluster/corosync.log
to_syslog: no
timestamp: on
}
Thanks and Regards,
S Sathish S
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/