diff options
Diffstat (limited to 'man/corosync-keygen.8')
| -rw-r--r-- | man/corosync-keygen.8 | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8 new file mode 100644 index 0000000..8767ddc --- /dev/null +++ b/man/corosync-keygen.8 @@ -0,0 +1,118 @@ +.\"/* +.\" * Copyright (C) 2010-2019 Red Hat, Inc. +.\" * +.\" * All rights reserved. +.\" * +.\" * Author: Angus Salkeld <asalkeld@redhat.com> +.\" * +.\" * This software licensed under BSD license, the text of which follows: +.\" * +.\" * Redistribution and use in source and binary forms, with or without +.\" * modification, are permitted provided that the following conditions are met: +.\" * +.\" * - Redistributions of source code must retain the above copyright notice, +.\" * this list of conditions and the following disclaimer. +.\" * - Redistributions in binary form must reproduce the above copyright notice, +.\" * this list of conditions and the following disclaimer in the documentation +.\" * and/or other materials provided with the distribution. +.\" * - Neither the name of the MontaVista Software, Inc. nor the names of its +.\" * contributors may be used to endorse or promote products derived from this +.\" * software without specific prior written permission. +.\" * +.\" * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +.\" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +.\" * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +.\" * THE POSSIBILITY OF SUCH DAMAGE. +.\" */ +.TH COROSYNC-KEYGEN 8 2019-04-09 +.SH NAME +corosync-keygen \- Generate an authentication key for Corosync. +.SH SYNOPSIS +.B "corosync-keygen [\-k <filename>] [-m <randomfile>] [\-s size] [\-l] [\-h]" +.SH DESCRIPTION + +If you want to configure corosync to use cryptographic techniques to ensure authenticity +and privacy of the messages, you will need to generate a private key. +.PP +.B corosync-keygen +creates this key and writes it to /etc/corosync/authkey or to file specified by +-k option. +.PP +This private key must be copied to every processor in the cluster. If the +private key isn't the same for every node, those nodes with nonmatching private +keys will not be able to join the same configuration. +.PP +Copy the key to some security transportable storage or use ssh to transmit the +key from node to node. Then install the key with the command: +.PP +unix#: install -D --group=0 --owner=0 --mode=0400 /path_to_authkey/authkey /etc/corosync/authkey +.PP +If a message "Invalid digest" appears from the corosync executive, the keys +are not consistent between processors. +.PP +.SH OPTIONS +.TP +.B -k <filename> +This specifies the fully qualified path to the shared key to create. +.br +The default is /etc/corosync/authkey. +.TP +.B -r +Random number source file. Default is /dev/urandom. As an example /dev/random may be +used when really superb randomness is needed. +.TP +.B -s size +Size of the generated key in bytes. Default is 256 bytes. Allowed range is <128, 4096>. +.TP +.TP +.B -l +Option is not used and it's kept only for compatibility. +.TP +.B -h +Print basic usage. + +.SH EXAMPLES +.TP +Generate the key. +.nf +# corosync-keygen +Corosync Cluster Engine Authentication key generator. +Gathering 2048 bits for key from /dev/urandom. +Writing corosync key to /etc/corosync/authkey +.fi + +.TP +Generate longer key and store it in the /tmp/authkey file. +.nf +$ corosync-keygen -s 2048 -k /tmp/authkey +Corosync Cluster Engine Authentication key generator. +Gathering 16384 bits for key from /dev/urandom. +Writing corosync key to /tmp/authkey. +.fi + +.TP +Generate superb key using /dev/random +.nf +# corosync-keygen -r /dev/random +Gathering 2048 bits for key from /dev/random. +Press keys on your keyboard to generate entropy. +Press keys on your keyboard to generate entropy (1128 bits still needed). +Press keys on your keyboard to generate entropy (504 bits still needed). +Press keys on your keyboard to generate entropy (128 bits still needed). +Press keys on your keyboard to generate entropy (32 bits still needed). +Writing corosync key to /etc/corosync/authkey. +.fi + +.SH SEE ALSO +.BR corosync_overview (7), +.BR corosync.conf (5), +.SH AUTHOR +Angus Salkeld +.PP |