Corosync authkeys

When setting up Pacemaker clusters I tend to reuse my Pacemaker Puppet module in which I distribute a cluster-specific authkey file.

My workflow has always been:

  1. Log on to a host that has corosync installed, but not part of a cluster
  2. Run corosync-keygen
  3. Transfer the generated /etc/corosync/authkey to my Puppet GIT repo on my local machine

You don’t want to run corosync-keygen on an existing cluster as it will overwrite /etc/corosync/authkey.

As it seemed quite a hassle to compile corosync on my Mac just to be able to run corosync-keygen and so delved a bit deeper, finding this post on the openais mailing list: http://lists.linuxfoundation.org/pipermail/openais/2010-February/013845.html

My workflow has thus simplified to:

dd if=/dev/random of=files/authkey bs=1 count=128

Sweet!

One Response to “Corosync authkeys”

  1. Björn says:

    Hi,

    just found your site and wanted to note, that there is another fast way to generate that authkey:

    echo -ne “auth 1\n1 sha1 `echo “”|sha512sum|cut -c1-128`” > /etc/corosync/authkey

    works perfect.

    Regards
    Björn

Leave a Reply