On 30/01/2023 10:16, Jan Friesse wrote:
Hi,
On 30/01/2023 07:14, S Sathish S via Users wrote:
Hi Team,
In our application we are currently using UDPU as transport protocol
with single ring, while migrated to corosync 3.x knet become default
protocol.
We need to understand any maintenance overhead that any required
certificate/key management would bring in for knet transport protocol
(or) it will use existing authorization key /etc/corosync/authkey file
for secure communication between nodes using
yes, as long as secauth or crypto_cipher/crypto_hash is configured,
corosync 3.x will happily use existing /etc/corosync/authkey. Eventho I
would recommend to generate new one because new one is longer by default
(2024 bits vs old 1024).
Typo, 2048 of course ;)
knet transport protocol.
https://access.redhat.com/solutions/5963941
https://access.redhat.com/solutions/1182463
We shouldn't end up in a case where Pacemaker stops working due to
some certificate/key expiry?
It's symmetric key so there is no key expiration.
Regards,
Honza
Thanks and Regards,
S Sathish S
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/