pve 7to8 corosync secauth

[jmckee]

pve 7to8 script is complaining because I have secure auth "off". is it really necessary?:

Cluster information
-------------------
Name: ----
Config Version: 8
Transport: knet
Secure auth: off

Quorum information
------------------
Date: Mon Apr 22 12:00:22 2024
Quorum provider: corosync_votequorum
Nodes: 3
Node ID: 0x00000003
Ring ID: 1.344
Quorate: Yes

Votequorum information
----------------------
Expected votes: 3
Highest expected: 3
Total votes: 3
Quorum: 2
Flags: Quorate

Membership information
----------------------
Nodeid Votes Name
0x00000001 1 10.1.0.1
0x00000002 1 10.1.0.2
0x00000003 1 10.1.0.3 (local)

 

[fiona]

Hi,
what was the motivation to turn it off? There isn't a whole lot of Corosync traffic, so there is not much to gain, but it is a security risk if something other than Corosync ever reaches the network.

 

[jmckee]

I can't remember but probably no motivation other than keep it simple.
Can I can change it with a simple edit of corosync.conf with no other side effects? Seems like it when I read the man page.

 

[fiona]

I can't remember but probably no motivation other than keep it simple.
Can I can change it with a simple edit of corosync.conf with no other side effects? Seems like it when I read the man page.

No, a simple edit is not enough, please see the docs for how to do it properly: https://pve.proxmox.com/pve-docs/chapter-pvecm.html#pvecm_edit_corosync_conf