Atom feed of this document
  
 

 Setting up Corosync

Besides installing the corosync package, you will also have to create a configuration file, stored in /etc/corosync/corosync.conf. Most distributions ship an example configuration file (corosync.conf.example) as part of the documentation bundled with the corosync package. An example Corosync configuration file is shown below:

Corosync configuration file (corosync.conf). 

totem {
        version: 2

        # Time (in ms) to wait for a token  1
        token: 10000

        # How many token retransmits before forming a new
        # configuration
        token_retransmits_before_loss_const: 10

        # Turn off the virtual synchrony filter
        vsftype: none

        # Enable encryption  2
        secauth: on

        # How many threads to use for encryption/decryption
        threads: 0

        # This specifies the redundant ring protocol, which may be
        # none, active, or passive.  3
        rrp_mode: active

        # The following is a two-ring multicast configuration.  4
        interface {
                ringnumber: 0
                bindnetaddr: 192.168.42.0
                mcastaddr: 239.255.42.1
                mcastport: 5405
        }
        interface {
                ringnumber: 1
                bindnetaddr: 10.0.42.0
                mcastaddr: 239.255.42.2
                mcastport: 5405
        }
}

amf {
        mode: disabled
}

service {
        # Load the Pacemaker Cluster Resource Manager  5
        ver:       1
        name:      pacemaker
}

aisexec {
        user:   root
        group:  root
}

logging {
        fileline: off
        to_stderr: yes
        to_logfile: no
        to_syslog: yes
        syslog_facility: daemon
        debug: off
        timestamp: on
        logger_subsys {
                subsys: AMF
                debug: off
                tags: enter|leave|trace1|trace2|trace3|trace4|trace6
        }
}

1

The token value specifies the time, in milliseconds, during which the Corosync token is expected to be transmitted around the ring. When this timeout expires, the token is declared lost, and after token_retransmits_before_loss_const lost tokens the non-responding processor (cluster node) is declared dead. In other words, token × token_retransmits_before_loss_const is the maximum time a node is allowed to not respond to cluster messages before being considered dead. The default for token is 1000 (1 second), with 4 allowed retransmits. These defaults are intended to minimize failover times, but can cause frequent "false alarms" and unintended failovers in case of short network interruptions. The values used here are safer, albeit with slightly extended failover times.

2

With secauth enabled, Corosync nodes mutually authenticate using a 128-byte shared secret stored in /etc/corosync/authkey, which may be generated with the corosync-keygen utility. When using secauth, cluster communications are also encrypted.

3

In Corosync configurations using redundant networking (with more than one interface), you must select a Redundant Ring Protocol (RRP) mode other than none. active is the recommended RRP mode.

4

There are several things to note about the recommended interface configuration:

  • The ringnumber must differ between all configured interfaces, starting with 0.
  • The bindnetaddr is the network address of the interfaces to bind to. The example uses two network addresses of /24 IPv4 subnets.
  • Multicast groups (mcastaddr) must not be reused across cluster boundaries. In other words, no two distinct clusters should ever use the same multicast group. Be sure to select multicast addresses compliant with RFC 2365, "Administratively Scoped IP Multicast".
  • For firewall configurations, note that Corosync communicates over UDP only, and uses mcastport (for receives) and mcastport-1 (for sends).

5

The service declaration for the pacemaker service may be placed in the corosync.conf file directly, or in its own separate file, /etc/corosync/service.d/pacemaker.

Once created, the corosync.conf file (and the authkey file if the secauth option is enabled) must be synchronized across all cluster nodes.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...