I am pleased to announce the first release candidate of our future
Corosync Needle 2.0.
Tarball is available immediately from our website at
http://www.corosync.org.
Because we decided to make many changes which causes backwards
incompatibility (API/ABI and on-wire), we decided to release another
beta, rather then RC-2.
Just for sure, this means that you need to update all cluster nodes.
Biggest changes are:
- Removal of evil services. These was dummy handlers of OpenAIS
services, and because OpenAIS is no longer actively maintained in
upstream, they can be removed.
- Remove sync1 synchronization engine. This was here only for backwards
compatibility. This also means, that old flag "compatibility" is also
removed.
- Drop pload service. Pload service was internally used for testing of
performance, but could cause hard crashes, incorrect behavior, ...
Service as itself is gone, but you can use ploadstart script which does
almost same thing.
- Remove EVS service. EVS service was not widely used, was incomplete
and not function. Because it's behavior can be easily emulated in CPG,
we decided to drop it and if needed in future, we will create libevs
wrapper on top of cpg.
- Change internal numbers of services. This will cause wire incompatibility.
- Crypto rework:
- We removed tomcrypt. Tomcypt is nice, small, ... library, but sadly
we didn't updated it for long time (may cause serious crypto issues).
Also NSS is FIPS certified, it's external library, has support for HW
accelerated encryption and many other nice things. So we decided to
stick only to NSS
- Previous change also means, that ripmed encryption is gone, instead
of that, we are using NSS AES256
- Code which was using NSS has many many bugs fixed (various leaks,
overflows, ...)
- It's now possible to choose from wide array of hmac methods (md5,
sha1, sha256, ...) and it should be very easy to add another cipher
methods (for now, only AES256 is supported)
Complete list of changes between RC-1 (1.99.7) and Beta-6 (1.99.7):
Angus Salkeld (3):
Add pid, hostname and process name to the logfile
Remove unused function logsys_priority_name_get()
Fix typo in stats key name.
Fabio M. Di Nitto (16):
sync: kill evil and syncv1 in one shot
utils: cleanup main daemon exit codes
drop last references to compatibility: whitetank
totem: drop crypt_accept: concept/option
pload: make it a test service and not a public one
build: drop last LCRSO references
build: drop obsoleted SOCKETDIR option
build: drop another leftover from the past
drop evs service
crypto: mask the crypto operations from totem packet size management
crypto: drop secauth and make crypto none work again
crypto: add crypto config to network data
totem: don't send garbage onwire if we fail to crypt
crypto: change network packets and add dynamic crypto header/data
crypto: add new hashing methods and fix config defaults
crypto: allocate padding in crypto_header
Jan Friesse (12):
Remove libtomcrypt
corosync-cfgtool: Remove set of cryptography
cfg: remove crypto_set
onecrypt: move encryption code to crypto.c
Rename totemcrypto
Parse and use hash and crypto from config file
Document crypto_hash and crypto_cipher options
Update crypto_set API
crypto: Remove sha224 and add md5 hash
Make common_lib version independand on totem_pg
Mark few more icmap keys as read only
Reflect config changes for crypto in examples
Testers are more than welcomed. For testing, you need to install libqb
version 0.11.1.
Thanks/congratulations to all people that contributed to achieve this
great milestone.
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
