corosync-keygen - Generate an authentication key for Corosync.

       Angus Salkeld

                                                   2019-04-09                                 COROSYNC-KEYGEN(8)

       If  you  want to configure corosync to use cryptographic techniques to ensure authenticity and privacy of
       the messages, you will need to generate a private key.

       corosync-keygen creates this key and writes it to  /etc/corosync/authkey  or  to  file  specified  by  -k
       option.

       This private key must be copied to every processor in the cluster.  If the private key isn't the same for
       every node, those nodes with nonmatching private keys will not be able to join the same configuration.

       Copy  the  key  to  some security transportable storage or use ssh to transmit the key from node to node.
       Then install the key with the command:

       unix#: install -D --group=0 --owner=0 --mode=0400 /path_to_authkey/authkey /etc/corosync/authkey

       If a message "Invalid digest" appears from the corosync executive, the keys are  not  consistent  between
       processors.

       Generate the key.
              # corosync-keygen
              Corosync Cluster Engine Authentication key generator.
              Gathering 2048 bits for key from /dev/urandom.
              Writing corosync key to /etc/corosync/authkey

       Generate longer key and store it in the /tmp/authkey file.
              $ corosync-keygen -s 2048 -k /tmp/authkey
              Corosync Cluster Engine Authentication key generator.
              Gathering 16384 bits for key from /dev/urandom.
              Writing corosync key to /tmp/authkey.

       Generate superb key using /dev/random
              # corosync-keygen -r /dev/random
              Gathering 2048 bits for key from /dev/random.
              Press keys on your keyboard to generate entropy.
              Press keys on your keyboard to generate entropy (1128 bits still needed).
              Press keys on your keyboard to generate entropy (504 bits still needed).
              Press keys on your keyboard to generate entropy (128 bits still needed).
              Press keys on your keyboard to generate entropy (32 bits still needed).
              Writing corosync key to /etc/corosync/authkey.

       corosync-keygen - Generate an authentication key for Corosync.

-k<filename>
              This specifies the fully qualified path to the shared key to create.
              The default is /etc/corosync/authkey.

       -r     Random  number  source  file.  Default is /dev/urandom. As an example /dev/random may be used when
              really superb randomness is needed.

       -ssize
              Size of the generated key in bytes. Default is 256 bytes. Allowed range is <128, 4096>.

       -l     Option is not used and it's kept only for compatibility.

       -h     Print basic usage.

corosync_overview(7), corosync.conf(5),

corosync-keygen[-k<filename>][-m<randomfile>][-ssize][-l][-h]