corosync totem secauth: off

[stephencooke]

This seems to be hardcoded and doesnt offer options to set
secauth: on
and then use /etc/corosync/authkey

can this be provided as an option?

[tomjelinek]

Yes, we plan to add support for corosync secauth and authkey. I'm not sure when we get to it, though. It's not the highest priority right now.

[tomjelinek]

Support for encrypting corosync traffic has been added by merging a branch at 11489cf. Pcs now automatically sets up all newly created clusters to encrypt corosync traffic.

[tomjelinek]

pcs-0.10.1 brings support for Corosync 3 with Knet and an overhauled pcs cluster setup command. Encryption of corosync traffic is enabled by default. It is possible to set which cipher and hash will be used or disable the encryption completely.
A command for changing encryption settings in an existing cluster is still missing. We plan to add it, though, and it is progressing towards the top of our to-do list.

[tomjelinek]

New commands, pcs cluster config update and pcs cluster authkey corosync, are available in pcs-0.10.8. The first one allows changing corosync crypto settings in existing clusters while the other one provides means for changing corosync authkey.