This specifies whether debug output is
logged for this particular logger. Also can contain value trace, what
is highest level of debug informations.
off
on
This specifies the logfile level for this particular subsystem. Ignored
if *debug* is 'on'. Possible values are: 'alert', 'crit', 'debug'
(same as *debug =* 'on'), 'emerg', 'err', 'info', 'notice' and 'warning'.
alert
crit
debug
emerg
err
info
notice
warning
This specifies the syslog facility type
that will be used for any messages sent to syslog. Options are
'daemon', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5',
'local6' and 'local7'.
daemon
local0
local1
local2
local3
local4
local5
local6
local7
This specifies the syslog level for this
particular subsystem. Ignored if *debug* is 'on'. Possible values are:
'alert', 'crit', 'debug' (same as *debug =* 'on'), 'emerg', 'err',
'info', 'notice' and 'warning'.
alert
crit
debug
emerg
err
info
notice
warning
This specifies the destination
of logging output.
Please note, if you are using *to_logfile* and want to rotate the file,
use `logrotate(8)` with the option `copytruncate`, e.g.
----
/var/log/corosync.log {
missingok
compress
notifempty
daily
rotate 7
copytruncate
}
----
no
yes
This specifies the destination
of logging output.
no
yes
This specifies the destination
of logging output.
no
yes
This specifies that a timestamp is placed
on all log messages.
off
on
This specifies that file and line should
be printed.
off
on
This specifies that the code function name
should be printed.
off
on
This specifies the subsystem identity
(name) for which logging is specified. This is the name used by
a service in the `log_init` call. E.g., 'CPG'.
This option is required.
This configuration option is optional when
using IPv4 and required when using IPv6. This is a 32 bit value
specifying the node identifier delivered to the cluster membership
service. If this is not specified with IPv4, the node id will be
determined from the 32 bit IP address the system to which the system
is bound with ring identifier of 0. The node identifier value of zero
is reserved and should not be used.
This specifies IP address of one of the nodes for particular ring
as denoted by its number (instead 0, there can be higher numbers).
This enables Downscale feature
(see `votequorum(5)`).
0
1
This enables Auto Tie Breaker feature
(see `votequorum(5)`).
0
1
This specifies the number of expected votes, overriding the number
implied by the number of *node* items within *nodes*.
This enables Last Man Standing feature
(see `votequorum(5)`).
0
1
This specifies the tunable for Last Man
Standing feature (see `votequorum(5)`).
This specifies the quorum algorithm to use.
As of now, only 'corosync_votequorum' is supported.
corosync_votequorum
This enables two node cluster operations
(see `votequorum(5)`).
0
1
This enables Wait For All feature
(see `votequorum(5)`).
0
1
This configuration option is optional and
is only relevant when no *nodeid* is specified. Some corosync clients
require a signed 32 bit nodeid that is greater than zero however by
default corosync uses all 32 bits of the IPv4 address space when
generating a nodeid. Set this option to 'yes' to force the high bit
to be zero and therefor ensure the nodeid is a positive signed 32 bit
integer.
no
yes
This specifies the name of cluster and it's
used for automatic generating of multicast address.
This timeout specifies in milliseconds how
long to wait for consensus to be achieved before starting a new round
of membership configuration. The minimum value for *consensus* must be
1.2 * *token*.
This value will be automatically calculated at 1.2 * *token* if
the user doesn't specify a *consensus* value.
For two node clusters, a *consensus* larger then the *join* timeout but
less then *token* is safe. For three node or larger clusters,
*consensus* should be larger then token. There is an increasing risk
of odd membership changes, which still guarantee virtual synchrony,
as node count grows if *consensus* is less than *token*.
This specifies which cipher should be used
to encrypt all messages. Valid values are 'none' (no encryption),
'aes256', 'aes192', 'aes128' and '3des'.
3des
aes128
aes192
aes256
none
2.0
2.2
This specifies which HMAC authentication
should be used to authenticate all messages. Valid values are 'none'
(no authentication), 'md5', 'sha1', 'sha256', 'sha384' and 'sha512'.
none
md5
sha1
sha256
sha384
sha512
3des
aes128
aes192
aes256
nss
This timeout specifies in milliseconds how
long to wait before checking that a network interface is back up after
it has been downed.
This constant specifies how many rotations
of the token without receiving any of the messages when messages should
be received may occur before a new configuration is formed.
Configures the optional HeartBeating
mechanism for faster failure detection. Keep in mind that engaging this
mechanism in lossy networks could cause faulty loss declaration as
the mechanism relies on the network for heartbeating.
So as a rule of thumb use this mechanism if you require improved
failure in low to medium utilized networks.
This constant specifies the number of heartbeat failures the system
should tolerate before declaring heartbeat failure, e.g., 3.
Also if this value is not set or is 0 then the heartbeat mechanism is
not engaged in the system and token rotation is the method of failure
detection. Zero disables the mechanism.
This timeout specifies in milliseconds
how long the token should be held by the representative when
the protocol is under low utilization.
This timeout specifies in milliseconds how
long to wait for join messages in the membership protocol.
This constant specifies the maximum number
of messages that may be sent by one processor on receipt of the token.
The *max_messages* parameter is limited to 256000 / *netmtu* to prevent
overflow of the kernel transmit buffers.
This constant specifies in milliseconds
the approximate delay that your network takes to transport one packet
from one machine to another. This value is to be set by system engineers
and please don't change it if not sure as this effects the failure
detection mechanism using heartbeat.
This timeout specifies in milliseconds how
long to wait before checking for a partition when no multicast traffic
is being sent. If multicast traffic is being sent, the merge detection
happens automatically as a function of the protocol.
This constant defines the maximum number
of times on receipt of a token a message is checked for retransmission
before a retransmission occurs. This parameter is useful to modify for
switches that delay multicast packets compared to unicast packets.
The default setting works well for nearly all modern switches.
This specifies the network maximum transmit
unit. To set this value beyond 1500, the regular frame MTU, requires
ethernet devices that support large, or also called jumbo, frames.
If any device in the network doesn't support large frames, the protocol
will not operate properly. The hosts must also have their mtu size set
from 1500 to whatever frame size is specified here.
Please note while some NICs or switches
claim large frame support, they support 9000 MTU as the maximum frame
size including the IP header. Setting the *netmtu* and host MTUs to 9000
will cause totem to use the full 9000 bytes of the frame. Then Linux
will add a 18 byte header moving the full frame size to 9018.
As a result some hardware will not operate properly with this size
of data. A *netmtu* of 8982 seems to work for the few large frame devices
that have been tested. Some manufacturers claim large frame support
when in fact they support frame sizes of 4500 bytes.
When sending multicast traffic, if the network frequently reconfigures,
chances are that some device in the network doesn't support large frames.
Choose hardware carefully if intending to use large frame support.
This specifies the time in milliseconds
to check if the failed ring can be auto-recovered.
This specifies the mode of redundant ring,
which may be 'none', 'active', or 'passive'. Active replication offers
none`, active, or passive. Active replication offers
slightly lower latency from transmit to delivery in faulty network
environments but with less performance. Passive replication may nearly
double the speed of the totem protocol if the protocol doesn't become
CPU bound. The final option is none, in which case only one network
interface will be used to operate the totem protocol.
If only one *interface* directive is specified, 'none' is automatically
chosen. If multiple *interface* directives are specified, only 'active'
or 'passive' may be chosen.
The maximum number of *interface* directives that is allowed for either
mode ('active' or 'passive') is 2.
active
none
passive
This specifies the number of times
a problem is detected with multicast before setting the link faulty for
passive RRP mode. This variable is unused in active RRP mode.
The default is 10 times *rrp_problem_count_threshold*.
This specifies the number of times
a problem is detected with a link before setting the link faulty.
Once a link is set faulty, no more data is transmitted upon it. Also,
the problem counter is no longer decremented when the problem count
timeout expires.
A problem is detected whenever all tokens from the proceeding
processor have not been received within the *rrp_token_expired_timeout*.
The *rrp_problem_count_threshold* * *rrp_token_expired_timeout* should be
at least 50 milliseconds less then the *token* timeout, or a complete
reconfiguration may occur.
This specifies the time in milliseconds
to wait before decrementing the problem count by 1 for a particular ring
to ensure a link is not marked faulty for transient network failures.
This specifies the time in milliseconds
to increment the problem counter for the redundant ring protocol after
not having received a token from all rings for a particular processor.
This value will automatically be calculated from the *token* timeout
and *problem_count_threshold* but may be overridden.
This specifies that HMAC/SHA1 authentication should be used
to authenticate all messages. It further specifies that all data
should be encrypted with the nss library and aes256 encryption
algorithm to protect data from eavesdropping.
Enabling this option adds a encryption header to every message sent
by totem which reduces total throughput. Also encryption and
authentication consume extra CPU cycles in corosync.
off
on
This timeout specifies in milliseconds
an upper range between 0 and *send_join* to wait before sending a join
message. For eprecationtions with less then 32 nodes, this parameter
is not necessary. For larger rings, this parameter is necessary
to ensure the NIC is not overflowed with join messages on formation of
a new ring. A reasonable value for large rings (128 nodes) would be
80msec. Other timer values must also change if this value is changed.
This constant specifies how many rotations
of the token without any multicast traffic should occur before the hold
timer is started.
This timeout specifies in milliseconds
until a token loss is declared after not receiving a token. This is
the time spent detecting a failure of a processor in the current
configuration. Reforming a new configuration takes about 50
milliseconds in addition to this timeout.
This timeout specifies in milliseconds
after how long before receiving a token the token is retransmitted.
This will be automatically calculated if token is modified.
This value identifies how many token
retransmits should be attempted before forming a new configuration.
If this value is set, retransmit and hold will be automatically
calculated from *retransmits_before_loss* and token.
iba
udp
udpu
This option controls the transport
mechanism used. If the interface to which corosync is binding is
an RDMA interface such as RoCEE or Infiniband, the 'iba' parameter
may be specified. To avoid the use of multicast entirely, a unicast
transport parameter 'udpu' can be specified. This requires specifying
the list of members in *nodelist* directive, that could potentially make
up the membership before deployment.
This specifies the version of
the configuration file. Currently the only valid value for this
option is '2'.
This option controls the virtual
synchrony filter type used to identify a primary component.
The preferred choice is YKD dynamic linear voting, however, for
clusters larger then 32 nodes YKD consumes alot of memory. For large
scale clusters that are created by changing the MAX_PROCESSORS_COUNT
#define in the C code totem.h file, the virtual synchrony filter 'none'
is recommended but then AMF and DLCK services (which are currently
experimental) are not safe for use.
none
ykd
This constant specifies the maximum number
of messages that may be sent on one token rotation. If all processors
perform equally well, this value could be large (300), which would
introduce higher latency from origination to delivery for very large
rings. To reduce latency in large rings (16+), the defaults are a safe
compromise. If 1 or more slow processor(s) are present among fast
processors, *window_size* should be no larger then 256000 / *netmtu*
to avoid overflow of the kernel receive buffers. The user is notified
of this by the display of a retransmit list in the notification logs.
There is no loss of data, but performance is reduced when these errors
occur.
This specifies the network address
the corosync executive should bind to.
*bindnetaddr* should be an IP address configured on the system, or
a network address.
For example, if the local interface is `192.168.5.92` with netmask
`255.255.255.0`, you should set *bindnetaddr* to `192.168.5.92` or
`192.168.5.0`. If the local interface is `192.168.5.92` with netmask
`255.255.255.192`, set *bindnetaddr* to `192.168.5.92` or `192.168.5.64`,
and so forth.
This may also be an IPv6 address, in which case IPv6 networking will be
used. In this case, the exact address must be specified and there is no
automatic selection of the network interface within a specific subnet
as with IPv4.
If IPv6 networking is used, the *nodeid* field in *nodelist* must be
specified.
This is optional and can be set to 'yes'. If it is set to 'yes',
the broadcast address will be used for communication. If this option
is set, *mcastaddr* should not be set.
no
yes
This is the multicast address used
by corosync executive. The default should work for most networks, but
the network administrator should be queried about a multicast address
to use. Avoid `224.x.x.x` because this is a "config" multicast address.
This may also be an IPv6 multicast address, in which case IPv6 networking
will be used. If IPv6 networking is used, the *nodeid* field in
*nodelist* must be specified.
It's not needed to use this option if *cluster_name* option is used.
If both options are used, *mcastaddr* has higher priority.
This specifies the UDP port number.
It is possible to use the same multicast address on a network with
the corosync services configured for different UDP ports. Please note
corosync uses two UDP ports *mcastport* (for mcast receives) and
*mcastport* - 1 (for mcast sends). If you have multiple clusters
on the same network using the same *mcastaddr* please configure
the **mcastport**s with a gap.
This specifies the ring number for
the interface. When using the redundant ring protocol, each interface
should specify separate ring numbers to uniquely identify to
the membership protocol which interface to use for which redundant ring.
The *ringnumber* must start at 0.
This specifies the Time To Live (TTL).
If you run your cluster on a routed network then the default of '1' will
be too small. This option provides a way to increase this up to '255'.
The valid range is '0..255'. Note that this is only valid on multicast
transport types.