Hi Sathish,
apology for the super late reply. I have been on sick leave for a long time.
comments inline
On 30/01/2023 08.38, S Sathish S wrote:
Hi Team,
In our application we are currently using UDPU as transport protocol with single ring, while migrated to corosync 3.x knet become default protocol.
We need to understand any maintenance overhead that any required certificate/key management would bring in for knet transport protocol (or) it
will use existing authorization key /etc/corosync/authkey file for secure communication between nodes using knet transport protocol.
there is no extra maintenance. In fact, knet should make it easier.
corosync will continue to use the same authkey and load it into knet.
knet and corosync, in recent versions also allow runtime change of the authkey without shutting down the cluster and restart. It should be possible to update authkey and issue a config reload for corosync.
This feature requires all nodes of the cluster to be online.
https://access.redhat.com/solutions/5963941 https://access.redhat.com/solutions/5963941
https://access.redhat.com/solutions/1182463 https://access.redhat.com/solutions/1182463
We shouldn't end up in a case where Pacemaker stops working due to some certificate/key expiry?
No, that won´t be the case as knet and corosync use a different encryption method than pacemaker.
Cheers Fabio
Thanks and Regards,
S Sathish S
Users mailing list -- users@lists.kronosnet.org To unsubscribe send an email to users-leave@lists.kronosnet.org