Provided by: corosync_3.1.7-1ubuntu1_amd64 bug

NAME

       corosync-keygen - Generate an authentication key for Corosync.

SYNOPSIS

       corosync-keygen [-k <filename>]  [-m <randomfile>] [-s size] [-l] [-h]

DESCRIPTION

       If  you  want to configure corosync to use cryptographic techniques to ensure authenticity
       and privacy of the messages, you will need to generate a private key.

       corosync-keygen creates this key  and  writes  it  to  /etc/corosync/authkey  or  to  file
       specified by -k option.

       This  private  key  must  be copied to every processor in the cluster.  If the private key
       isn't the same for every node, those nodes with nonmatching private keys will not be  able
       to join the same configuration.

       Copy  the  key  to some security transportable storage or use ssh to transmit the key from
       node to node.  Then install the key with the command:

       unix#:   install   -D    --group=0    --owner=0    --mode=0400    /path_to_authkey/authkey
       /etc/corosync/authkey

       If  a  message  "Invalid  digest"  appears  from  the corosync executive, the keys are not
       consistent between processors.

OPTIONS

       -k <filename>
              This specifies the fully qualified path to the shared key to create.
              The default is /etc/corosync/authkey.

       -r     Random number source file. Default is /dev/urandom. As an example  /dev/random  may
              be used when really superb randomness is needed.

       -s size
              Size  of  the  generated key in bytes. Default is 256 bytes. Allowed range is <128,
              4096>.

       -l     Option is not used and it's kept only for compatibility.

       -h     Print basic usage.

EXAMPLES

       Generate the key.
              # corosync-keygen
              Corosync Cluster Engine Authentication key generator.
              Gathering 2048 bits for key from /dev/urandom.
              Writing corosync key to /etc/corosync/authkey

       Generate longer key and store it in the /tmp/authkey file.
              $ corosync-keygen -s 2048 -k /tmp/authkey
              Corosync Cluster Engine Authentication key generator.
              Gathering 16384 bits for key from /dev/urandom.
              Writing corosync key to /tmp/authkey.

       Generate superb key using /dev/random
              # corosync-keygen -r /dev/random
              Gathering 2048 bits for key from /dev/random.
              Press keys on your keyboard to generate entropy.
              Press keys on your keyboard to generate entropy (1128 bits still needed).
              Press keys on your keyboard to generate entropy (504 bits still needed).
              Press keys on your keyboard to generate entropy (128 bits still needed).
              Press keys on your keyboard to generate entropy (32 bits still needed).
              Writing corosync key to /etc/corosync/authkey.

SEE ALSO

       corosync_overview(7), corosync.conf(5),

AUTHOR

       Angus Salkeld

                                            2019-04-09                         COROSYNC-KEYGEN(8)