I'm trying to set up a new pacemaker/corosync stack of 2 machines.
I was using it before with corosync1, but on Ubuntu 14.04 I've got corosync 2.3.3 OK - I said, and tried to use this version of software.
When i Prepare basic configuration with one ring - everything is ok. nodes are visible, and everything works super fine.
What i want to do is to enable encryption between nodes. Documentation is not very helpful ;/ or maybe i'm just too stupid ;)
. How to enable cipher on corosync ?
In manual We can read:
crypto_hash
This specifies which HMAC authentication should be used to authenticate all messages. Valid values are none (no authentication), md5, sha1, sha256, sha384 and sha512.
The default is sha1.
crypto_cipher
This specifies which cipher should be used to encrypt all messages. Valid values are none (no encryption), aes256, aes192, aes128 and 3des. Enabling crypto_cipher, requires also enabling of crypto_hash.
The default is aes256.
Superb! So let's try to use it: So in config, I've changed:
crypto_cipher: none
crypto_hash: none
to
crypto_cipher: sha1
crypto_hash: aes256
And What I've got?
Restarting corosync daemon corosync
error [MAIN ] Invalid cipher type
error [MAIN ] Corosync Cluster Engine exiting with status 8 at main.c:1158.
Whaaat? But It was said, that this is default. I can successfully use option secauth, but it is deprecated.
Every setting available for crypto_cipher is not recognized by corosync. WTF?
