When setting up Pacemaker clusters I tend to reuse my Pacemaker Puppet module in which I distribute a cluster-specific authkey file.
My workflow has always been:
- Log on to a host that has corosync installed, but not part of a cluster
- Run corosync-keygen
- Transfer the generated /etc/corosync/authkey to my Puppet GIT repo on my local machine
You don’t want to run corosync-keygen on an existing cluster as it will overwrite /etc/corosync/authkey.
As it seemed quite a hassle to compile corosync on my Mac just to be able to run corosync-keygen and so delved a bit deeper, finding this post on the openais mailing list: http://lists.linuxfoundation.org/pipermail/openais/2010-February/013845.html
My workflow has thus simplified to:
dd if=/dev/random of=files/authkey bs=1 count=128
Sweet!