1COROSYNC-KEYGEN(8)          System Manager's Manual         COROSYNC-KEYGEN(8)
2
3
4

NAME

6       corosync-keygen - Generate an authentication key for Corosync.
7

SYNOPSIS

9       corosync-keygen [-k <filename>]  [-m <randomfile>] [-s size] [-l] [-h]
10

DESCRIPTION

12       If  you  want  to configure corosync to use cryptographic techniques to
13       ensure authenticity and privacy of the messages, you will need to  gen‐
14       erate a private key.
15
16       corosync-keygen creates this key and writes it to /etc/corosync/authkey
17       or to file specified by -k option.
18
19       This private key must be copied to every processor in the cluster.   If
20       the  private  key  isn't the same for every node, those nodes with non‐
21       matching private keys will not be able to join the same configuration.
22
23       Copy the key to some security  transportable  storage  or  use  ssh  to
24       transmit the key from node to node.  Then install the key with the com‐
25       mand:
26
27       unix#:     install     -D     --group=0      --owner=0      --mode=0400
28       /path_to_authkey/authkey /etc/corosync/authkey
29
30       If  a message "Invalid digest" appears from the corosync executive, the
31       keys are not consistent between processors.
32

OPTIONS

34       -k <filename>
35              This specifies the fully qualified path to  the  shared  key  to
36              create.
37              The default is /etc/corosync/authkey.
38
39       -r     Random  number source file. Default is /dev/urandom. As an exam‐
40              ple /dev/random may be used when  really  superb  randomness  is
41              needed.
42
43       -s size
44              Size  of  the  generated  key  in  bytes. Default is 1024 bytes.
45              Allowed range is <1024, 4096>.
46
47
48       -l     Option is not used and it's kept only for compatibility.
49
50       -h     Print basic usage.
51
52

EXAMPLES

54       Generate the key.
55              # corosync-keygen
56              Corosync Cluster Engine Authentication key generator.
57              Gathering 8192 bits for key from /dev/urandom.
58              Writing corosync key to /etc/corosync/authkey
59
60
61       Generate longer key and store it in the /tmp/authkey file.
62              $ corosync-keygen -s 2048 -k /tmp/authkey
63              Corosync Cluster Engine Authentication key generator.
64              Gathering 16384 bits for key from /dev/urandom.
65              Writing corosync key to /tmp/authkey.
66
67
68       Generate superb key using /dev/random
69              # corosync-keygen -r /dev/random
70              Corosync Cluster Engine Authentication key generator.
71              Gathering 8192 bits for key from /dev/random.
72              Press keys on your keyboard to generate entropy.
73              Press keys on your keyboard to generate entropy (7928 bits still needed).
74              Press keys on your keyboard to generate entropy (7880 bits still needed).
75               ...
76              Press keys on your keyboard to generate entropy (104 bits still needed).
77              Press keys on your keyboard to generate entropy (56 bits still needed).
78              Press keys on your keyboard to generate entropy (8 bits still needed).
79              Writing corosync key to /etc/corosync/authkey.
80
81

SEE ALSO

83       corosync_overview(7), corosync.conf(5),
84

AUTHOR

86       Angus Salkeld
87
88                                  2017-07-03                COROSYNC-KEYGEN(8)