On 07/17/2017 12:35 AM, Gilberto Nunes wrote:
Hi folks

Is Corosync-qdevice read for tests and production???
For testing for sure, production normally also,
but as we haven't any documentation in the official PVE docs
and some helpers I would like to integrate still miss,
it's a "technology preview" from our point of view.

Is there some doc to reference???

for a general overview:

# man corosync-qdevice

Simplified you need to
* setup a encrypted connection between the nodes and the qdevice host,
  use `corosync-qdevice-net-certutil` for this (run it without arguments
  to get some help overview). The easiest way is to ensure all nodes trust
the qdevice host and vice versa, i.e. they have the respective keys in the
  authorized_key file, then simply run:
# corosync-qdevice-net-certutil -Q -n <cluster-name> <qnetd-server> <node1> <node2> <...> <nodeN>
* add the qdevice to the corosync quorum section
* start the services everywhere (corosync-qdevice on the PVE nodes and the corosync-qnetd...
  on the qdevice serving host)

The "quorum" section should look somewhat like this:

quorum {
    provider: corosync_votequorum
    device {
        model: net
        votes: 1
        net {
          tls: on
          algorithm: ffsplit

Note that we highly recommend the ff-split algorithm! This means implicit that it should be only
done in clusters with an even-numbered member count.
The integration in Proxmox VE was a bit delayed with the PVE 5 release, I try to pick it up soon again.

As always, test such thing first in a (eventual virtual) test cluster,
so that you get a feeling for what must be done and eventual pitfalls.


pve-devel mailing list

Reply via email to