>>> Jan Friesse <[email protected]> schrieb am 23.01.2023 um 15:54 in
>>> Nachricht
<[email protected]>:
> On 23/01/2023 12:51, Ulrich Windl wrote:
>>>>> Jan Friesse <[email protected]> schrieb am 23.01.2023 um 10:20 in
>>>>> Nachricht
>> <[email protected]>:
>>> Hi,
>>>
>>> On 23/01/2023 01:37, S Sathish S via Users wrote:
>>>> Hi Team,
>>>>
>>>> corosync 2.4.4 version provide mechanism to secure the communication path
>>> between nodes of a cluster by default? bcoz in our configuration secauth is
>>> turned off but still communication occur is encrypted.
>>>>
>>>> Note : Capture tcpdump for port 5405 and I can see that the data is already
>>> garbled and not in the clear.
>>>
>>> It's binary protocol so don't expect some really readable format (like
>>> xml/json/...). But with your config it should be unencrypted. You can
>>> check message "notice [TOTEM ] Initializing transmit/receive security
>>> (NSS) crypto: none hash: none" during start of corosync.
>>
>> Probably a good example for "a false feeling of security" (you think the
> comminication is encrypted, while in fact it is not).
>
> Yeah, "none" and "none" is definitively "false feeling of security" and
> definitively suggest communication is encrypted. Sigh...
I meant "looking at the bytes on the network", not at the tool's output...
>
>
>>
>>>
>>> Regards,
>>> Honza
>>>
>>>
>>>>
>>>> [root@node1 ~]# cat /etc/corosync/corosync.conf
>>>> totem {
>>>> version: 2
>>>> cluster_name: OCC
>>>> secauth: off
>>>> transport: udpu
>>>> }
>>>>
>>>> nodelist {
>>>> node {
>>>> ring0_addr: node1
>>>> nodeid: 1
>>>> }
>>>>
>>>> node {
>>>> ring0_addr: node2
>>>> nodeid: 2
>>>> }
>>>>
>>>> node {
>>>> ring0_addr: node3
>>>> nodeid: 3
>>>> }
>>>> }
>>>>
>>>> quorum {
>>>> provider: corosync_votequorum
>>>> }
>>>>
>>>> logging {
>>>> to_logfile: yes
>>>> logfile: /var/log/cluster/corosync.log
>>>> to_syslog: no
>>>> timestamp: on
>>>> }
>>>>
>>>> Thanks and Regards,
>>>> S Sathish S
>>>>
>>>>
>>>> _______________________________________________
>>>> Manage your subscription:
>>>> https://lists.clusterlabs.org/mailman/listinfo/users
>>>>
>>>> ClusterLabs home: https://www.clusterlabs.org/
>>>>
>>>
>>> _______________________________________________
>>> Manage your subscription:
>>> https://lists.clusterlabs.org/mailman/listinfo/users
>>>
>>> ClusterLabs home: https://www.clusterlabs.org/
>>
>>
>>
>>
>> _______________________________________________
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users
>>
>> ClusterLabs home: https://www.clusterlabs.org/
>>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
