corosync_overview(7)

1COROSYNC_OVERVIEW(7C)orosync Cluster Engine Programmer's ManuCaOlROSYNC_OVERVIEW(7)
2
3
4

NAME

6       corosync_overview - Corosync overview
7

OVERVIEW

9       The corosync project's purpose is to implement and support a production
10       quality Revised BSD licensed implementation of a high  performance  low
11       overhead high availability development toolkit.
12
13       Faults occur for various reasons:
14
15       * Application Faults
16
17       * Middleware Faults
18
19       * Operating System Faults
20
21       * Hardware Faults
22
23       The major focus of high availability in the past has been to mask hard‐
24       ware faults. Faults in other components of the  system  have  gone  un‐
25       solved until Corosync.  Corosync is designed for applications to repli‐
26       cate their state to up to 16 processors.  The processors all contain  a
27       replica of the application state.
28
29       The  corosync  project  provides  a  group message API called CPG.  The
30       project developers recommend CPG be used for  most  applications.   The
31       CPG  service  implements  a closed group messaging model presenting ex‐
32       tended virtual synchrony guarantees.
33
34       To manage conditions where the process executing  the  CPG  application
35       exchange  fails,  we  provide  the Simple Availability Manager (sam) to
36       provide simple application restart.
37
38

QUICKSTART

40       The corosync executive must be configured.  In the  directory  conf  in
41       the  source  distribution  are several files that must be copied to the
42       /etc/corosync directory.  If corosync is packaged by a distro, this may
43       be complete.
44
45       The  directory  contains  the  file  corosync.conf.   Please  read  the
46       corosync.conf(5) man page for details  on  the  configuration  options.
47       The corosync project will work out of the box with the default configu‐
48       ration options, although the administrator  may  desire  different  op‐
49       tions.
50
51       The  corosync executive uses cryptographic techniques to ensure authen‐
52       ticity and privacy of the messages.  In order for corosync to be secure
53       and  operate, a private key must be generated and shared to all proces‐
54       sors.
55
56       First generate the key on one of the nodes:
57
58       unix# corosync-keygen
59       Corosync Cluster Engine Authentication key generator.
60       Gathering 2048 bits for key from /dev/urandom.
61       Writing corosync key to /etc/corosync/authkey.
62
63       After  this  operation,  a  private   key   will   be   in   the   file
64       /etc/corosync/authkey.   This  private key must be copied to every pro‐
65       cessor in the cluster.  If the private key isn't  the  same  for  every
66       node,  those  nodes  with  nonmatching private keys will not be able to
67       join the same configuration.
68
69       Copy the key to some security  transportable  storage  or  use  ssh  to
70       transmit the key from node to node.  Then install the key with the com‐
71       mand:
72
73       unix#: install -D --group=0 --owner=0 --mode=0400  /path_to_authkey/au‐
74       thkey /etc/corosync/authkey
75
76       If  a message "Invalid digest" appears from the corosync executive, the
77       keys are not consistent between processors.
78
79       Finally run the corosync executive.  If corosync  is  packaged  from  a
80       distro,  it may be set to start on system start.  It may also be turned
81       off by default in which case the init script for corosync must  be  en‐
82       abled.
83
84

USING LIBRARIES

86       The  corosync libraries have header files which must be included in the
87       developer's application.  Once the header file is included, the  devel‐
88       oper can reference the corosync interfaces.
89
90       The  corosync  project  recommends  that distros place include files in
91       /usr/include/corosync.
92
93

IPv6

95       The corosync project supports both IPv4  and  IPv6  network  addresses.
96       When using knet as the transport each link should have the same IP fam‐
97       ily, but different links can have different families (eg link  0  could
98       be all IPv4, and link 1 all IPv6).  When using UDP/UDPU the single link
99       should use the same family on all nodes.
100
101       To configure a host for IPv6, use the ifconfig program  to  add  inter‐
102       faces:  box20: ifconfig eth0 add fec0::1:a800:4ff:fe00:20/64 box30: if‐
103       config eth0 add fec0::1:a800:4ff:fe00:30/64
104
105       If the /64 is not specified, a route for the IPv6 network will  not  be
106       configured which will cause significant problems.  Make sure a route is
107       available for IPv6 traffic.
108
109

ARCHITECTURE

111       The corosync libraries are a thin IPC interface to the corosync  execu‐
112       tive.   The  corosync  executive  implements  the  functionality of the
113       corosync APIs for distributed computing.
114
115       The corosync executive uses the Totem extended virtual synchrony proto‐
116       col.  The advantage to the end user is excellent performance character‐
117       istics and a proven protocol with excellent reliability.  This protocol
118       connects  the processors in a configuration together so they may commu‐
119       nicate.
120
121

SECURITY

123       The corosync executive optionally encrypts and signs all messages  sent
124       over  the  network.  For more details see crypto_model, crypto_hash and
125       crypto_cipher options in the corosync.conf(5).
126
127       If membership messages can be captured by intruders, it is possible  to
128       execute  a  denial of service attack on the cluster.  In this scenario,
129       the cluster is likely already compromised and a DoS attack is the least
130       of the administration's worries.
131
132       The security in corosync does not offer perfect forward secrecy because
133       the keys are reused.  It may be possible for an intruder  to  determine
134       the  shared  key by capturing packets in an automated fashion.  No such
135       automated attack has been published as of yet.  In this  scenario,  the
136       cluster is likely already compromised to allow the long-term capture of
137       transmitted data.
138
139       For security reasons, the corosync executive binary should NEVER be se‐
140       tuid or setgid in the filesystem.
141
142

BUGS

144       None that are known.
145
146