corosync_overview(8)

1COROSYNC_OVERVIEW(8C)orosync Cluster Engine Programmer's ManuCaOlROSYNC_OVERVIEW(8)
2
3
4

NAME

6       corosync_overview - Corosync overview
7

OVERVIEW

9       The corosync project's purpose is to implement and support a production
10       quality Revised BSD licensed implementation of a high  performance  low
11       overhead high availability development toolkit.
12
13       Faults occur for various reasons:
14
15       * Application Faults
16
17       * Middleware Faults
18
19       * Operating System Faults
20
21       * Hardware Faults
22
23       The major focus of high availability in the past has been to mask hard‐
24       ware faults. Faults  in  other  components  of  the  system  have  gone
25       unsolved  until  Corosync.   Corosync  is  designed for applications to
26       replicate their state to up to 16 processors.  The processors all  con‐
27       tain a replica of the application state.
28
29       The  corosync  project  provides  a  group message API called CPG.  The
30       project developers recommend CPG be used for  most  applications.   The
31       CPG  service  implements  a  closed  group  messaging  model presenting
32       extended virtual synchrony guarantees.
33
34       To manage conditions where the process executing  the  CPG  application
35       exchange  fails,  we  provide  the Simple Availability Manager (sam) to
36       provide simple application restart.
37
38

QUICKSTART

40       The corosync executive must be configured.  In the  directory  conf  in
41       the  source  distribution  are several files that must be copied to the
42       /etc/corosync directory.  If corosync is packaged by a distro, this may
43       be complete.
44
45       The  directory  contains  the  file  corosync.conf.   Please  read  the
46       corosync.conf(5) man page for details  on  the  configuration  options.
47       The corosync project will work out of the box with the default configu‐
48       ration  options,  although  the  administrator  may  desire   different
49       options.
50
51       The  corosync executive uses cryptographic techniques to ensure authen‐
52       ticity and privacy of the messages.  In order for corosync to be secure
53       and  operate, a private key must be generated and shared to all proces‐
54       sors.
55
56       First generate the key on one of the nodes:
57
58       unix# corosync-keygen
59       Corosync Cluster Engine Authentication key generator.
60       Gathering 1024 bits for key from /dev/random.
61       Press keys on your keyboard to generate entropy.
62       Writing corosync key to /etc/corosync/authkey.
63
64       After  this  operation,  a  private   key   will   be   in   the   file
65       /etc/corosync/authkey.   This  private key must be copied to every pro‐
66       cessor in the cluster.  If the private key isn't  the  same  for  every
67       node,  those  nodes  with  nonmatching private keys will not be able to
68       join the same configuration.
69
70       Copy the key to some security  transportable  storage  or  use  ssh  to
71       transmit the key from node to node.  Then install the key with the com‐
72       mand:
73
74       unix#:     install     -D     --group=0      --owner=0      --mode=0400
75       /path_to_authkey/authkey /etc/corosync/authkey
76
77       If  a message "Invalid digest" appears from the corosync executive, the
78       keys are not consistent between processors.
79
80       Finally run the corosync executive.  If corosync  is  packaged  from  a
81       distro,  it may be set to start on system start.  It may also be turned
82       off by default in which case the  init  script  for  corosync  must  be
83       enabled.
84
85

USING LIBRARIES

87       The  corosync libraries have header files which must be included in the
88       developer's application.  Once the header file is included, the  devel‐
89       oper can reference the corosync interfaces.
90
91       The  corosync  project  recommends to distros to place include files in
92       /usr/include/corosync.
93
94

IPv6

96       The corosync project supports both IPv4  and  IPv6  network  addresses.
97       The  entire cluster must use either IPv4 or IPv6 for the cluster commu‐
98       nication mechanism.  In order to use IPv6, IPv6 addresses must be spec‐
99       ified  in  the  bindnetaddr  and  mcastaddr fields in the configuration
100       file.  The nodeid field must also be set.
101
102       An example of this is: nodeid: 2 bindnetaddr:  fec0::1:a800:4ff:fe00:20
103       mcastaddr: ff05::1
104
105       To  configure  a  host for IPv6, use the ifconfig program to add inter‐
106       faces: box20:  ifconfig  eth0  add  fec0::1:a800:4ff:fe00:20/64  box30:
107       ifconfig eth0 add fec0::1:a800:4ff:fe00:30/64
108
109       If  the  /64 is not specified, a route for the IPv6 network will not be
110       configured which will cause significant problems.  Make sure a route is
111       available for IPv6 traffic.
112
113

ARCHITECTURE

115       The  corosync libraries are a thin IPC interface to the corosync execu‐
116       tive.  The corosync  executive  implements  the  functionality  of  the
117       corosync APIs for distributed coming.
118
119       The corosync executive uses the Totem extended virtual synchrony proto‐
120       col.  The advantage to the end user is excellent performance character‐
121       istics and a proven protocol with excellent reliability.  This protocol
122       connects the processors in a configuration together so they may  commu‐
123       nicate.
124
125

ENVIRONMENT VARIABLES

127       The  corosync  executive process uses four environment variables during
128       startup.  If these environment variables are not set, defaults will  be
129       used.
130
131
132       COROSYNC_MAIN_CONFIG_FILE
133              This specifies the fully qualified path to the corosync configu‐
134              ration file.
135
136              The default is /etc/corosync/corosync.conf.
137
138
139       COROSYNC_TOTEM_AUTHKEY_FILE
140              This specifies the fully qualified path to the shared  key  used
141              to authenticate and encrypt data used within the Totem protocol.
142
143              The default is /etc/corosync/authkey.
144
145

SECURITY

147       The  corosync  executive optionally encrypts all messages sent over the
148       network using the AES-128 cipher.  The corosync executive uses HMAC and
149       SHA1 to authenticate all messages.  The corosync executive library uses
150       NSS as a pseudo random number generator.
151
152       If membership messages can be captured by intruders, it is possible  to
153       execute  a  denial of service attack on the cluster.  In this scenario,
154       the cluster is likely already compromised and a DOS attack is the least
155       of the administration's worries.
156
157       The security in corosync does not offer perfect forward secrecy because
158       the keys are reused.  It may be possible for an intruder  by  capturing
159       packets  in  an automated fashion to determine the shared key.  No such
160       automated attack has been published as of yet.  In this  scenario,  the
161       cluster is likely already compromised to allow the long-term capture of
162       transmitted data.
163
164       For security reasons, the corosync executive  binary  should  NEVER  be
165       setuid or setgid in the filesystem.
166
167

BUGS

169       None that are known.
170
171