Hi Sathish,
apology for the super late reply. I have been on sick leave for a long time.
comments inline
On 30/01/2023 08.38, S Sathish S wrote:
> Hi Team,
>
> In our application we are currently using UDPU as transport protocol
> with single ring, while migrated to corosync 3.x knet become default
> protocol.
>
> We need to understand any maintenance overhead that any required
> certificate/key management would bring in for knet transport protocol
> (or) it
>
> will use existing authorization key /etc/corosync/authkey file for
> secure communication between nodes using knet transport protocol.
there is no extra maintenance. In fact, knet should make it easier.
corosync will continue to use the same authkey and load it into knet.
knet and corosync, in recent versions also allow runtime change of the
authkey without shutting down the cluster and restart. It should be
possible to update authkey and issue a config reload for corosync.
This feature requires all nodes of the cluster to be online.
>
> https://access.redhat.com/solutions/5963941
> <https://access.redhat.com/solutions/5963941>
>
> https://access.redhat.com/solutions/1182463
> <https://access.redhat.com/solutions/1182463>
>
> We shouldn't end up in a case where Pacemaker stops working due to some
> certificate/key expiry?
No, that won´t be the case as knet and corosync use a different
encryption method than pacemaker.
Cheers
Fabio
>
> Thanks and Regards,
>
> S Sathish S
>
>
> _______________________________________________
> Users mailing list -- users(a)lists.kronosnet.org
> To unsubscribe send an email to users-leave(a)lists.kronosnet.org
