Bug 1856397
| Summary: | [RFE] Support for reload of corosync crypto configuration | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Jan Friesse <jfriesse> | ||||
| Component: | pcs | Assignee: | Miroslav Lisik <mlisik> | ||||
| Status: | CLOSED ERRATA | QA Contact: | cluster-qe <cluster-qe> | ||||
| Severity: | unspecified | Docs Contact: | Steven J. Levine <slevine> | ||||
| Priority: | high | ||||||
| Version: | 8.3 | CC: | ccaulfie, cfeist, cluster-maint, cluster-qe, idevat, mlisik, mpospisi, nhostako, omular, phagara, slevine, tojeline | ||||
| Target Milestone: | rc | Keywords: | FutureFeature, Triaged | ||||
| Target Release: | 8.4 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | pcs-0.10.8-1.el8 | Doc Type: | Enhancement | ||||
| Doc Text: |
Feature:
Provide support for reload of corosync crypto configuration.
Reason:
Users want to change corosync crypto configuration of an existing cluster.
Result:
Configuration of corosync crypto cipher and hash can be changed by using command 'pcs cluster config update' and corosync authkey can be changed by using command 'pcs cluster authkey corosync'.
|
Story Points: | --- | ||||
| Clone Of: | 1855303 | Environment: | |||||
| Last Closed: | 2021-05-18 15:12:08 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1667061, 1855293, 1855301, 1855303 | ||||||
| Bug Blocks: | 1457314 | ||||||
| Attachments: |
|
||||||
Changing crypto parameters is already covered in bz1667061. Test: [root@r8-node-01 ~]# rpm -q pcs pcs-0.10.8-1.el8.x86_64 [root@r8-node-01 ~]# for node in r8-node-0{1,2}; do ssh root@r8-node-01 "md5sum /etc/corosync/authkey"; done c66ff61b202e1b0aba39153d7fa19728 /etc/corosync/authkey c66ff61b202e1b0aba39153d7fa19728 /etc/corosync/authkey [root@r8-node-01 ~]# pcs cluster authkey corosync Sending 'corosync authkey' to 'r8-node-01', 'r8-node-02' r8-node-01: successful distribution of the file 'corosync authkey' r8-node-02: successful distribution of the file 'corosync authkey' r8-node-01: Corosync configuration reloaded [root@r8-node-01 ~]# journalctl -f -n 0 -u corosync.service -- Logs begin at Mon 2021-02-01 11:31:16 CET. -- Feb 01 12:00:51 r8-node-01 corosync[6153]: [CFG ] Config reload requested by node 1 Feb 01 12:00:51 r8-node-01 corosync[6153]: [TOTEM ] Configuring link 0 Feb 01 12:00:51 r8-node-01 corosync[6153]: [TOTEM ] Configured link number 0: local addr: 192.168.122.81, port=5405 [root@r8-node-01 ~]# for node in r8-node-0{1,2}; do ssh root@r8-node-01 "md5sum /etc/corosync/authkey"; done 6ab9cd2114a061ee03fc396049bf448f /etc/corosync/authkey 6ab9cd2114a061ee03fc396049bf448f /etc/corosync/authkey Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (pcs bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2021:1737 |
Created attachment 1751730 [details] proposed fix + tests add new command for update corosync authkey: * pcs cluster authkey corosync Test: [root@r8-node-01 pcs]# pcs cluster authkey corosync Sending 'corosync authkey' to 'r8-node-01', 'r8-node-02' r8-node-02: successful distribution of the file 'corosync authkey' r8-node-01: successful distribution of the file 'corosync authkey' r8-node-01: Corosync configuration reloaded