[mirror_corosync-qdevice.git] / man / corosync-qnetd.8

.\"/*
.\" * Copyright (C) 2016-2020 Red Hat, Inc.
.\" *
.\" * All rights reserved.
.\" *
.\" * Author: Jan Friesse <jfriesse@redhat.com>
.\" *
.\" * This software licensed under BSD license, the text of which follows:
.\" *
.\" * Redistribution and use in source and binary forms, with or without
.\" * modification, are permitted provided that the following conditions are met:
.\" *
.\" * - Redistributions of source code must retain the above copyright notice,
.\" *   this list of conditions and the following disclaimer.
.\" * - Redistributions in binary form must reproduce the above copyright notice,
.\" *   this list of conditions and the following disclaimer in the documentation
.\" *   and/or other materials provided with the distribution.
.\" * - Neither the name of Red Hat, Inc. nor the names of its
.\" *   contributors may be used to endorse or promote products derived from this
.\" *   software without specific prior written permission.
.\" *
.\" * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
.\" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
.\" * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
.\" * THE POSSIBILITY OF SUCH DAMAGE.
.\" */
.TH COROSYNC-QNETD 8 2020-11-18
.SH NAME
corosync-qnetd \- QNet daemon
.SH SYNOPSIS
.B "corosync-qnetd [-46dfhv] [-l listen_addr] [-p listen_port] [-s tls]
.B [-c client_cert_required] [-m max_clients] [-S option=value[,option2=value2,...]]"

.SH DESCRIPTION
.B corosync-qnetd
is a daemon running outside of the cluster with the purpose of providing a vote to the
.B corosync-qdevice
model net. It's designed to support multiple clusters and be almost configuration
and state free. New clusters are handled dynamically and no configuration file exists.
It's also able to run as non-root user - which is recommended. Connection between the
.B corosync-qdevice
model net client can be optionally configured with TLS client certificate checking. 
The communication protocol between server and client is designed to be very simple 
and allow backwards compatibility.
.SH OPTIONS
.TP
.B -4
and its counterpart
.B -6
are used to force IPv4 or IPv6 communication. The default is to listen on both address families.
.TP
.B -d
Turn on debug logging. By default the messages sent to syslog are purely operational, this
option sends additional debug messages. For bumping syslog messages priority to info, use the
.B -d
parameter twice.
.TP
.B -f
Do not daemonize, run in the foreground.
.TP
.B -h
Show short help text
.TP
.B -v
Show version and supported communication protocol messages/options.
.TP
.B -l
IP address to listen on. By default the daemon listens on all addresses (wildcard).
.TP
.B -p
TCP port to listen on. Default port is 5403.
.TP
.B -s
Determines if TLS should be used and can be one of
.I on/off/required
(the default is
.I on
).
.I on
means TLS is enabled but the client is not required to start TLS,
.I off
means TLS is completely disabled, and
.I required
means TLS is required.
.I on
and
.I required
require the NSS database to be properly initialized by running the
.B corosync-qnetd-certutil
command.
.TP
.B -c
can be set to
.I on/off.
This option only makes sense if TLS is enabled. When
.B -c
is
.I on
a client is required to send its client certificate (default).
.TP
.B -m
Maximum simultaneous clients. The default is 0 which means no limit.
.TP
.B -S
Set advanced settings described in its own section below. This option
shouldn't be generally used because most of the options are
not safe to change.
.SH UNPRIVILEGED USER CONFIGURATION
It's generally recommended to run
.B corosync-qnetd
as a non root user. If you get a package from a distribution its highly
possible that the packager has done all the hard work for you. If the installation 
is performed from source code, a few steps have to be taken.

First it's necessary to create an unprivileged user/group. The following commands
can be used (executed as root):

.nf
# groupadd -r coroqnetd
# useradd -r -g coroqnetd -d / -s /sbin/nologin -c "User for corosync-qnetd" coroqnetd
.fi

The next step is to set the correct owner and group on /etc/corosync/qnetd and /var/run/corosync-qnetd
directories.

.nf
# chown -R coroqnetd:coroqnetd /etc/corosync/qnetd /var/run/corosync-qnetd
.fi

Some systems have the /var/run directory on a tmpfs file system which gets discarded after
a reboot. The solution is to use an initscript or systemd unit, because both of them takes
care of the /var/run/corosync-qnetd creation and sets the correct owner and permissions.

The last step is to make sure
.B corosync-qnetd
is really executed as an unprivileged user. For initscript systems it's enough to set the
line COROSYNC_QNETD_RUNAS in /etc/(sysconfig|default)/corosync-qnetd file. If the file
is not already installed then use the one provided in the corosync source code
(init/corosync-qnetd.sysconfig.example). For systemd, overwrite/copy the
corosync-qnetd.service unit file and uncomment/change the "User=" directive.

.SH TLS CONFIGURATION
For TLS to work its necessary to create the NSS database. If pcs is used then the following
steps are not needed because pcs does them automatically.

.B corosync-qnetd-certutil
is the tool to perform required actions. Just run:

.nf
# corosync-qnetd-certutil -i
.fi

If TLS is not required then simply edit /etc/(sysconfig|default)/corosync-qnetd or
systemd unit file and add the parameter
.B -s
.I off
in the proper place.

Depending on configuration of NSS (stored in nss.config file usually in
/etc/crypto-policies/back-ends/ directory) disabled ciphers or too short keys
may be rejected. Proper solution is to regenerate NSS databases for both
.B corosync-qnetd
and
.B corosync-qdevice
daemons. As a quick workaround it's also possible to set environment variable
.I NSS_IGNORE_SYSTEM_POLICY=1
before running
.B corosync-qnetd
daemon.

When NSS is updated it may also be needed to upgrade database into new format. There is no
consensus on recommended way, but following command seems to work just fine (if qnetd
sysconfdir is set to /etc)

.nf
# certutil -N -d /etc/corosync/qnetd/nssdb -f /etc/corosync/qnetd/nssdb/pwdfile.txt
.fi

.SH ADVANCED SETTINGS
Set by the
.B -S
option. The default value is shown in parentheses.
.TP
.B listen_backlog
Parameter passed to the listen syscall on the network socket. (10)
.TP
.B max_client_send_buffers
Maximum number of send buffers for one client. (32)
.TP
.B max_client_send_size
Maximum size of one send buffer (message) to be sent to a client. (32768)
.TP
.B max_client_receive_size
Maximum size of the receive buffer for a client message (maximum
allowed message size received by client). (32768)
.TP
.B nss_db_dir
NSS database directory. (/etc/corosync/qnetd/nssdb)
.TP
.B cert_nickname
NSS nickname of qnetd server certificate. (QNetd Cert)
.TP
.B heartbeat_interval_min
Minimum heartbeat timeout accepted by server in ms. (1000)
.TP
.B heartbeat_interval_max
Maximum heartbeat timeout accepted by server in ms. (120000)
.TP
.B dpd_enabled
Dead peer detection enabled. (on)
.TP
.B dpd_interval_coefficient
Value is multiplied with heartbeat interval sent by qdevice client and used as a timeout
for dead peer detection. (1.5)
.TP
.B lock_file
Lock file location. (/var/run/corosync-qnetd/corosync-qnetd.pid)
.TP
.B local_socket_file
Internal IPC socket file location. (/var/run/corosync-qnetd/corosync-qnetd.sock)
.TP
.B local_socket_backlog
Parameter passed to listen syscall on the local socket. (10)
.TP
.B ipc_max_clients
Maximum allowed simultaneous IPC clients. (10)
.TP
.B ipc_max_receive_size
Maximum size of a message received by IPC client. (4096)
.TP
.B ipc_max_send_size
Maximum size of a message sent to an IPC client. (10485760)
.TP
.B keep_active_partition_tie_breaker
When tie happens prefer partition with members of previously active (quorate) partition.
This is hard-coded behavior of LMS algorithm so this setting affects only FFSplit algorithm. (off)
.SH SEE ALSO
.BR corosync-qnetd-tool (8)
.BR corosync-qnetd-certutil (8)
.BR corosync-qdevice (8)
.SH AUTHOR
Jan Friesse
.PP
Commit	Line	Data
9a1955a7	1	.\"/*
11a861c9	2	.\" * Copyright (C) 2016-2020 Red Hat, Inc.
9a1955a7 JF	3	.\" *
	4	.\" * All rights reserved.
	5	.\" *
	6	.\" * Author: Jan Friesse <jfriesse@redhat.com>
	7	.\" *
	8	.\" * This software licensed under BSD license, the text of which follows:
	9	.\" *
	10	.\" * Redistribution and use in source and binary forms, with or without
	11	.\" * modification, are permitted provided that the following conditions are met:
	12	.\" *
	13	.\" * - Redistributions of source code must retain the above copyright notice,
	14	.\" * this list of conditions and the following disclaimer.
	15	.\" * - Redistributions in binary form must reproduce the above copyright notice,
	16	.\" * this list of conditions and the following disclaimer in the documentation
	17	.\" * and/or other materials provided with the distribution.
	18	.\" * - Neither the name of Red Hat, Inc. nor the names of its
	19	.\" * contributors may be used to endorse or promote products derived from this
	20	.\" * software without specific prior written permission.
	21	.\" *
	22	.\" * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
	23	.\" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	24	.\" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	25	.\" * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
	26	.\" * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	.\" * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	.\" * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	.\" * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	.\" * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	.\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
	32	.\" * THE POSSIBILITY OF SUCH DAMAGE.
	33	.\" */
a8b7513d	34	.TH COROSYNC-QNETD 8 2020-11-18
9a1955a7 JF	35	.SH NAME
	36	corosync-qnetd \- QNet daemon
	37	.SH SYNOPSIS
	38	.B "corosync-qnetd [-46dfhv] [-l listen_addr] [-p listen_port] [-s tls]
	39	.B [-c client_cert_required] [-m max_clients] [-S option=value[,option2=value2,...]]"
	40
	41	.SH DESCRIPTION
	42	.B corosync-qnetd
	43	is a daemon running outside of the cluster with the purpose of providing a vote to the
	44	.B corosync-qdevice
	45	model net. It's designed to support multiple clusters and be almost configuration
	46	and state free. New clusters are handled dynamically and no configuration file exists.
	47	It's also able to run as non-root user - which is recommended. Connection between the
	48	.B corosync-qdevice
	49	model net client can be optionally configured with TLS client certificate checking.
	50	The communication protocol between server and client is designed to be very simple
	51	and allow backwards compatibility.
	52	.SH OPTIONS
	53	.TP
	54	.B -4
	55	and its counterpart
	56	.B -6
	57	are used to force IPv4 or IPv6 communication. The default is to listen on both address families.
	58	.TP
	59	.B -d
f78fd81e JF	60	Turn on debug logging. By default the messages sent to syslog are purely operational, this
f78fd81e JF	61	option sends additional debug messages. For bumping syslog messages priority to info, use the
9a1955a7 JF	62	.B -d
	63	parameter twice.
	64	.TP
	65	.B -f
	66	Do not daemonize, run in the foreground.
	67	.TP
	68	.B -h
	69	Show short help text
	70	.TP
	71	.B -v
	72	Show version and supported communication protocol messages/options.
	73	.TP
	74	.B -l
	75	IP address to listen on. By default the daemon listens on all addresses (wildcard).
	76	.TP
	77	.B -p
	78	TCP port to listen on. Default port is 5403.
	79	.TP
	80	.B -s
	81	Determines if TLS should be used and can be one of
	82	.I on/off/required
	83	(the default is
	84	.I on
	85	).
	86	.I on
	87	means TLS is enabled but the client is not required to start TLS,
	88	.I off
	89	means TLS is completely disabled, and
	90	.I required
	91	means TLS is required.
	92	.I on
	93	and
	94	.I required
	95	require the NSS database to be properly initialized by running the
	96	.B corosync-qnetd-certutil
	97	command.
	98	.TP
	99	.B -c
	100	can be set to
	101	.I on/off.
	102	This option only makes sense if TLS is enabled. When
	103	.B -c
	104	is
	105	.I on
	106	a client is required to send its client certificate (default).
	107	.TP
	108	.B -m
	109	Maximum simultaneous clients. The default is 0 which means no limit.
	110	.TP
	111	.B -S
	112	Set advanced settings described in its own section below. This option
	113	shouldn't be generally used because most of the options are
	114	not safe to change.
	115	.SH UNPRIVILEGED USER CONFIGURATION
	116	It's generally recommended to run
	117	.B corosync-qnetd
	118	as a non root user. If you get a package from a distribution its highly
	119	possible that the packager has done all the hard work for you. If the installation
	120	is performed from source code, a few steps have to be taken.
	121
	122	First it's necessary to create an unprivileged user/group. The following commands
	123	can be used (executed as root):
	124
	125	.nf
126	# groupadd -r coroqnetd
127	# useradd -r -g coroqnetd -d / -s /sbin/nologin -c "User for corosync-qnetd" coroqnetd
128	.fi
129
130	The next step is to set the correct owner and group on /etc/corosync/qnetd and /var/run/corosync-qnetd
131	directories.
132
133	.nf
134	# chown -R coroqnetd:coroqnetd /etc/corosync/qnetd /var/run/corosync-qnetd
135	.fi
136
137	Some systems have the /var/run directory on a tmpfs file system which gets discarded after
4cd74c80 JF	138	a reboot. The solution is to use an initscript or systemd unit, because both of them takes
4cd74c80 JF	139	care of the /var/run/corosync-qnetd creation and sets the correct owner and permissions.
9a1955a7 JF	140
	141	The last step is to make sure
	142	.B corosync-qnetd
	143	is really executed as an unprivileged user. For initscript systems it's enough to set the
	144	line COROSYNC_QNETD_RUNAS in /etc/(sysconfig\|default)/corosync-qnetd file. If the file
	145	is not already installed then use the one provided in the corosync source code
	146	(init/corosync-qnetd.sysconfig.example). For systemd, overwrite/copy the
	147	corosync-qnetd.service unit file and uncomment/change the "User=" directive.
	148
	149	.SH TLS CONFIGURATION
	150	For TLS to work its necessary to create the NSS database. If pcs is used then the following
	151	steps are not needed because pcs does them automatically.
	152
	153	.B corosync-qnetd-certutil
	154	is the tool to perform required actions. Just run:
	155
	156	.nf
	157	# corosync-qnetd-certutil -i
	158	.fi
	159
	160	If TLS is not required then simply edit /etc/(sysconfig\|default)/corosync-qnetd or
	161	systemd unit file and add the parameter
	162	.B -s
	163	.I off
	164	in the proper place.
	165
cb9ea58e JF	166	Depending on configuration of NSS (stored in nss.config file usually in
	167	/etc/crypto-policies/back-ends/ directory) disabled ciphers or too short keys
	168	may be rejected. Proper solution is to regenerate NSS databases for both
	169	.B corosync-qnetd
	170	and
	171	.B corosync-qdevice
	172	daemons. As a quick workaround it's also possible to set environment variable
	173	.I NSS_IGNORE_SYSTEM_POLICY=1
	174	before running
	175	.B corosync-qnetd
	176	daemon.
	177
	178	When NSS is updated it may also be needed to upgrade database into new format. There is no
	179	consensus on recommended way, but following command seems to work just fine (if qnetd
	180	sysconfdir is set to /etc)
	181
	182	.nf
	183	# certutil -N -d /etc/corosync/qnetd/nssdb -f /etc/corosync/qnetd/nssdb/pwdfile.txt
	184	.fi
	185
9a1955a7 JF	186	.SH ADVANCED SETTINGS
	187	Set by the
	188	.B -S
	189	option. The default value is shown in parentheses.
	190	.TP
	191	.B listen_backlog
	192	Parameter passed to the listen syscall on the network socket. (10)
	193	.TP
	194	.B max_client_send_buffers
	195	Maximum number of send buffers for one client. (32)
	196	.TP
	197	.B max_client_send_size
	198	Maximum size of one send buffer (message) to be sent to a client. (32768)
	199	.TP
	200	.B max_client_receive_size
	201	Maximum size of the receive buffer for a client message (maximum
	202	allowed message size received by client). (32768)
	203	.TP
	204	.B nss_db_dir
	205	NSS database directory. (/etc/corosync/qnetd/nssdb)
	206	.TP
	207	.B cert_nickname
	208	NSS nickname of qnetd server certificate. (QNetd Cert)
	209	.TP
	210	.B heartbeat_interval_min
	211	Minimum heartbeat timeout accepted by server in ms. (1000)
	212	.TP
	213	.B heartbeat_interval_max
	214	Maximum heartbeat timeout accepted by server in ms. (120000)
	215	.TP
	216	.B dpd_enabled
	217	Dead peer detection enabled. (on)
	218	.TP
a8b7513d JF	219	.B dpd_interval_coefficient
	220	Value is multiplied with heartbeat interval sent by qdevice client and used as a timeout
	221	for dead peer detection. (1.5)
9a1955a7 JF	222	.TP
	223	.B lock_file
	224	Lock file location. (/var/run/corosync-qnetd/corosync-qnetd.pid)
	225	.TP
	226	.B local_socket_file
	227	Internal IPC socket file location. (/var/run/corosync-qnetd/corosync-qnetd.sock)
	228	.TP
	229	.B local_socket_backlog
	230	Parameter passed to listen syscall on the local socket. (10)
	231	.TP
	232	.B ipc_max_clients
	233	Maximum allowed simultaneous IPC clients. (10)
	234	.TP
	235	.B ipc_max_receive_size
	236	Maximum size of a message received by IPC client. (4096)
	237	.TP
	238	.B ipc_max_send_size
	239	Maximum size of a message sent to an IPC client. (10485760)
7a0201a5 JF	240	.TP
	241	.B keep_active_partition_tie_breaker
	242	When tie happens prefer partition with members of previously active (quorate) partition.
	243	This is hard-coded behavior of LMS algorithm so this setting affects only FFSplit algorithm. (off)
9a1955a7 JF	244	.SH SEE ALSO
	245	.BR corosync-qnetd-tool (8)
	246	.BR corosync-qnetd-certutil (8)
	247	.BR corosync-qdevice (8)
	248	.SH AUTHOR
	249	Jan Friesse
	250	.PP