Setting up Corosync

Besides installing the corosync package, you will also have to create a configuration file, stored in /etc/corosync/corosync.conf. Most distributions ship an example configuration file (corosync.conf.example) as part of the documentation bundled with the corosync package. An example Corosync configuration file is shown below:

Corosync configuration file (corosync.conf).

totem {
        version: 2

        # Time (in ms) to wait for a token  
        token: 10000

        # How many token retransmits before forming a new
        # configuration
        token_retransmits_before_loss_const: 10

        # Turn off the virtual synchrony filter
        vsftype: none

        # Enable encryption  
        secauth: on

        # How many threads to use for encryption/decryption
        threads: 0

        # This specifies the redundant ring protocol, which may be
        # none, active, or passive.  
        rrp_mode: active

        # The following is a two-ring multicast configuration.  
        interface {
                ringnumber: 0
                bindnetaddr: 192.168.42.0
                mcastaddr: 239.255.42.1
                mcastport: 5405
        }
        interface {
                ringnumber: 1
                bindnetaddr: 10.0.42.0
                mcastaddr: 239.255.42.2
                mcastport: 5405
        }
}

amf {
        mode: disabled
}

service {
        # Load the Pacemaker Cluster Resource Manager  
        ver:       1
        name:      pacemaker
}

aisexec {
        user:   root
        group:  root
}

logging {
        fileline: off
        to_stderr: yes
        to_logfile: no
        to_syslog: yes
        syslog_facility: daemon
        debug: off
        timestamp: on
        logger_subsys {
                subsys: AMF
                debug: off
                tags: enter|leave|trace1|trace2|trace3|trace4|trace6
        }
}

	The `token` value specifies the time, in milliseconds, during which the Corosync token is expected to be transmitted around the ring. When this timeout expires, the token is declared lost, and after `token_retransmits_before_loss_const` lost tokens the non-responding processor (cluster node) is declared dead. In other words, `token` × `token_retransmits_before_loss_const` is the maximum time a node is allowed to not respond to cluster messages before being considered dead. The default for `token` is 1000 (1 second), with 4 allowed retransmits. These defaults are intended to minimize failover times, but can cause frequent "false alarms" and unintended failovers in case of short network interruptions. The values used here are safer, albeit with slightly extended failover times.
	With `secauth` enabled, Corosync nodes mutually authenticate using a 128-byte shared secret stored in `/etc/corosync/authkey`, which may be generated with the `corosync-keygen` utility. When using `secauth`, cluster communications are also encrypted.
	In Corosync configurations using redundant networking (with more than one `interface`), you must select a Redundant Ring Protocol (RRP) mode other than `none`. `active` is the recommended RRP mode.
	There are several things to note about the recommended interface configuration: The `ringnumber` must differ between all configured interfaces, starting with 0. The `bindnetaddr` is the network address of the interfaces to bind to. The example uses two network addresses of `/24` IPv4 subnets. Multicast groups (`mcastaddr`) must not be reused across cluster boundaries. In other words, no two distinct clusters should ever use the same multicast group. Be sure to select multicast addresses compliant with RFC 2365, "Administratively Scoped IP Multicast". For firewall configurations, note that Corosync communicates over UDP only, and uses `mcastport` (for receives) and `mcastport`-1 (for sends).
	The `service` declaration for the `pacemaker` service may be placed in the `corosync.conf` file directly, or in its own separate file, `/etc/corosync/service.d/pacemaker`.

Once created, the corosync.conf file (and the authkey file if the secauth option is enabled) must be synchronized across all cluster nodes.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

Legal notices