| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 |
- .\"/*
- .\" * Copyright (C) 2010-2019 Red Hat, Inc.
- .\" *
- .\" * All rights reserved.
- .\" *
- .\" * Author: Angus Salkeld <asalkeld@redhat.com>
- .\" *
- .\" * This software licensed under BSD license, the text of which follows:
- .\" *
- .\" * Redistribution and use in source and binary forms, with or without
- .\" * modification, are permitted provided that the following conditions are met:
- .\" *
- .\" * - Redistributions of source code must retain the above copyright notice,
- .\" * this list of conditions and the following disclaimer.
- .\" * - Redistributions in binary form must reproduce the above copyright notice,
- .\" * this list of conditions and the following disclaimer in the documentation
- .\" * and/or other materials provided with the distribution.
- .\" * - Neither the name of the MontaVista Software, Inc. nor the names of its
- .\" * contributors may be used to endorse or promote products derived from this
- .\" * software without specific prior written permission.
- .\" *
- .\" * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- .\" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- .\" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- .\" * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- .\" * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- .\" * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- .\" * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- .\" * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- .\" * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- .\" * THE POSSIBILITY OF SUCH DAMAGE.
- .\" */
- .TH COROSYNC-KEYGEN 8 2019-04-09
- .SH NAME
- corosync-keygen \- Generate an authentication key for Corosync.
- .SH SYNOPSIS
- .B "corosync-keygen [\-k <filename>] [-m <randomfile>] [\-s size] [\-l] [\-h]"
- .SH DESCRIPTION
- If you want to configure corosync to use cryptographic techniques to ensure authenticity
- and privacy of the messages, you will need to generate a private key.
- .PP
- .B corosync-keygen
- creates this key and writes it to /etc/corosync/authkey or to file specified by
- -k option.
- .PP
- This private key must be copied to every processor in the cluster. If the
- private key isn't the same for every node, those nodes with nonmatching private
- keys will not be able to join the same configuration.
- .PP
- Copy the key to some security transportable storage or use ssh to transmit the
- key from node to node. Then install the key with the command:
- .PP
- unix#: install -D --group=0 --owner=0 --mode=0400 /path_to_authkey/authkey /etc/corosync/authkey
- .PP
- If a message "Invalid digest" appears from the corosync executive, the keys
- are not consistent between processors.
- .PP
- .SH OPTIONS
- .TP
- .B -k <filename>
- This specifies the fully qualified path to the shared key to create.
- .br
- The default is /etc/corosync/authkey.
- .TP
- .B -r
- Random number source file. Default is /dev/urandom. As an example /dev/random may be
- used when really superb randomness is needed.
- .TP
- .B -s size
- Size of the generated key in bytes. Default is 256 bytes. Allowed range is <128, 4096>.
- .TP
- .TP
- .B -l
- Option is not used and it's kept only for compatibility.
- .TP
- .B -h
- Print basic usage.
- .SH EXAMPLES
- .TP
- Generate the key.
- .nf
- # corosync-keygen
- Corosync Cluster Engine Authentication key generator.
- Gathering 2048 bits for key from /dev/urandom.
- Writing corosync key to /etc/corosync/authkey
- .fi
- .TP
- Generate longer key and store it in the /tmp/authkey file.
- .nf
- $ corosync-keygen -s 2048 -k /tmp/authkey
- Corosync Cluster Engine Authentication key generator.
- Gathering 16384 bits for key from /dev/urandom.
- Writing corosync key to /tmp/authkey.
- .fi
- .TP
- Generate superb key using /dev/random
- .nf
- # corosync-keygen -r /dev/random
- Gathering 2048 bits for key from /dev/random.
- Press keys on your keyboard to generate entropy.
- Press keys on your keyboard to generate entropy (1128 bits still needed).
- Press keys on your keyboard to generate entropy (504 bits still needed).
- Press keys on your keyboard to generate entropy (128 bits still needed).
- Press keys on your keyboard to generate entropy (32 bits still needed).
- Writing corosync key to /etc/corosync/authkey.
- .fi
- .SH SEE ALSO
- .BR corosync_overview (7),
- .BR corosync.conf (5),
- .SH AUTHOR
- Angus Salkeld
- .PP
|
