[pve-docs.git] / pmxcfs.adoc

ifdef::manvolnum[]
PVE({manvolnum})
================
include::attributes.txt[]

:pve-toplevel:

NAME
----

pmxcfs - Proxmox Cluster File System

SYNOPSIS
--------

include::pmxcfs.8-cli.adoc[]

DESCRIPTION
-----------
endif::manvolnum[]

ifndef::manvolnum[]
Proxmox Cluster File System (pmxcfs)
====================================
include::attributes.txt[]
endif::manvolnum[]

ifdef::wiki[]
:pve-toplevel:
endif::wiki[]

The Proxmox Cluster file system (``pmxcfs'') is a database-driven file
system for storing configuration files, replicated in real time to all
cluster nodes using `corosync`. We use this to store all PVE related
configuration files.

Although the file system stores all data inside a persistent database
on disk, a copy of the data resides in RAM. That imposes restriction
on the maximum size, which is currently 30MB. This is still enough to
store the configuration of several thousand virtual machines.

This system provides the following advantages:

* seamless replication of all configuration to all nodes in real time
* provides strong consistency checks to avoid duplicate VM IDs
* read-only when a node loses quorum
* automatic updates of the corosync cluster configuration to all nodes
* includes a distributed locking mechanism


POSIX Compatibility
-------------------

The file system is based on FUSE, so the behavior is POSIX like. But
some feature are simply not implemented, because we do not need them:

* you can just generate normal files and directories, but no symbolic
  links, ...

* you can't rename non-empty directories (because this makes it easier
  to guarantee that VMIDs are unique).

* you can't change file permissions (permissions are based on path)

* `O_EXCL` creates were not atomic (like old NFS)

* `O_TRUNC` creates are not atomic (FUSE restriction)


File Access Rights
------------------

All files and directories are owned by user `root` and have group
`www-data`. Only root has write permissions, but group `www-data` can
read most files. Files below the following paths:

 /etc/pve/priv/
 /etc/pve/nodes/${NAME}/priv/

are only accessible by root.


Technology
----------

We use the http://www.corosync.org[Corosync Cluster Engine] for
cluster communication, and http://www.sqlite.org[SQlite] for the
database file. The file system is implemented in user space using
http://fuse.sourceforge.net[FUSE].

File System Layout
------------------

The file system is mounted at:

 /etc/pve

Files
~~~~~

[width="100%",cols="m,d"]
|=======
|`corosync.conf`                        | Corosync cluster configuration file (previous to {pve} 4.x this file was called cluster.conf)
|`storage.cfg`                          | {pve} storage configuration
|`datacenter.cfg`                       | {pve} datacenter wide configuration (keyboard layout, proxy, ...)
|`user.cfg`                             | {pve} access control configuration (users/groups/...)
|`domains.cfg`                          | {pve} authentication domains
|`authkey.pub`                          | Public key used by ticket system
|`pve-root-ca.pem`                      | Public certificate of cluster CA
|`priv/shadow.cfg`                      | Shadow password file
|`priv/authkey.key`                     | Private key used by ticket system
|`priv/pve-root-ca.key`                 | Private key of cluster CA
|`nodes/<NAME>/pve-ssl.pem`             | Public SSL certificate for web server (signed by cluster CA)
|`nodes/<NAME>/pve-ssl.key`             | Private SSL key for `pve-ssl.pem`
|`nodes/<NAME>/pveproxy-ssl.pem`        | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`)
|`nodes/<NAME>/pveproxy-ssl.key`        | Private SSL key for `pveproxy-ssl.pem` (optional)
|`nodes/<NAME>/qemu-server/<VMID>.conf` | VM configuration data for KVM VMs
|`nodes/<NAME>/lxc/<VMID>.conf`         | VM configuration data for LXC containers
|`firewall/cluster.fw`                  | Firewall configuration applied to all nodes
|`firewall/<NAME>.fw`                   | Firewall configuration for individual nodes
|`firewall/<VMID>.fw`                   | Firewall configuration for VMs and Containers
|=======


Symbolic links
~~~~~~~~~~~~~~

[width="100%",cols="m,m"]
|=======
|`local`         | `nodes/<LOCAL_HOST_NAME>`
|`qemu-server`   | `nodes/<LOCAL_HOST_NAME>/qemu-server/`
|`lxc`           | `nodes/<LOCAL_HOST_NAME>/lxc/`
|=======


Special status files for debugging (JSON)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[width="100%",cols="m,d"]
|=======
|`.version`    |File versions (to detect file modifications)
|`.members`    |Info about cluster members
|`.vmlist`     |List of all VMs
|`.clusterlog` |Cluster log (last 50 entries)
|`.rrd`        |RRD data (most recent entries)
|=======


Enable/Disable debugging
~~~~~~~~~~~~~~~~~~~~~~~~

You can enable verbose syslog messages with:

 echo "1" >/etc/pve/.debug 

And disable verbose syslog messages with:

 echo "0" >/etc/pve/.debug 


Recovery
--------

If you have major problems with your Proxmox VE host, e.g. hardware
issues, it could be helpful to just copy the pmxcfs database file
`/var/lib/pve-cluster/config.db` and move it to a new Proxmox VE
host. On the new host (with nothing running), you need to stop the
`pve-cluster` service and replace the `config.db` file (needed permissions
`0600`). Second, adapt `/etc/hostname` and `/etc/hosts` according to the
lost Proxmox VE host, then reboot and check. (And don't forget your
VM/CT data)


Remove Cluster configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The recommended way is to reinstall the node after you removed it from
your cluster. This makes sure that all secret cluster/ssh keys and any
shared configuration data is destroyed.

In some cases, you might prefer to put a node back to local mode
without reinstall, which is described here:

* stop the cluster file system in `/etc/pve/`

 # systemctl stop pve-cluster

* start it again but forcing local mode

 # pmxcfs -l

* remove the cluster configuration

 # rm /etc/pve/cluster.conf
 # rm /etc/cluster/cluster.conf
 # rm /var/lib/pve-cluster/corosync.authkey

* stop the cluster file system again

 # systemctl stop pve-cluster

* restart PVE services (or reboot)

 # systemctl start pve-cluster
 # systemctl restart pvedaemon
 # systemctl restart pveproxy
 # systemctl restart pvestatd


ifdef::manvolnum[]
include::pve-copyright.adoc[]
endif::manvolnum[]
Commit	Line	Data
bd88f9d9 DM	1	ifdef::manvolnum[]
	2	PVE({manvolnum})
	3	================
	4	include::attributes.txt[]
	5
5f09af76 DM	6	:pve-toplevel:
5f09af76 DM	7
bd88f9d9 DM	8	NAME
	9	----
	10
	11	pmxcfs - Proxmox Cluster File System
	12
49a5e11c	13	SYNOPSIS
bd88f9d9 DM	14	--------
	15
	16	include::pmxcfs.8-cli.adoc[]
	17
	18	DESCRIPTION
	19	-----------
	20	endif::manvolnum[]
	21
	22	ifndef::manvolnum[]
	23	Proxmox Cluster File System (pmxcfs)
ac1e3896	24	====================================
bd88f9d9 DM	25	include::attributes.txt[]
bd88f9d9 DM	26	endif::manvolnum[]
ac1e3896	27
5f09af76 DM	28	ifdef::wiki[]
	29	:pve-toplevel:
	30	endif::wiki[]
	31
8c1189b6	32	The Proxmox Cluster file system (``pmxcfs'') is a database-driven file
ac1e3896	33	system for storing configuration files, replicated in real time to all
8c1189b6	34	cluster nodes using `corosync`. We use this to store all PVE related
ac1e3896 DM	35	configuration files.
	36
	37	Although the file system stores all data inside a persistent database
	38	on disk, a copy of the data resides in RAM. That imposes restriction
5eba0743	39	on the maximum size, which is currently 30MB. This is still enough to
ac1e3896 DM	40	store the configuration of several thousand virtual machines.
ac1e3896 DM	41
960f6344	42	This system provides the following advantages:
ac1e3896 DM	43
	44	* seamless replication of all configuration to all nodes in real time
	45	* provides strong consistency checks to avoid duplicate VM IDs
a8e99754	46	* read-only when a node loses quorum
ac1e3896 DM	47	* automatic updates of the corosync cluster configuration to all nodes
	48	* includes a distributed locking mechanism
	49
5eba0743	50
ac1e3896	51	POSIX Compatibility
960f6344	52	-------------------
ac1e3896 DM	53
	54	The file system is based on FUSE, so the behavior is POSIX like. But
	55	some feature are simply not implemented, because we do not need them:
	56
	57	* you can just generate normal files and directories, but no symbolic
	58	links, ...
	59
	60	* you can't rename non-empty directories (because this makes it easier
	61	to guarantee that VMIDs are unique).
	62
	63	* you can't change file permissions (permissions are based on path)
	64
	65	* `O_EXCL` creates were not atomic (like old NFS)
	66
	67	* `O_TRUNC` creates are not atomic (FUSE restriction)
	68
	69
5eba0743	70	File Access Rights
960f6344	71	------------------
ac1e3896	72
8c1189b6 FG	73	All files and directories are owned by user `root` and have group
8c1189b6 FG	74	`www-data`. Only root has write permissions, but group `www-data` can
ac1e3896 DM	75	read most files. Files below the following paths:
	76
	77	/etc/pve/priv/
	78	/etc/pve/nodes/${NAME}/priv/
	79
	80	are only accessible by root.
	81
960f6344	82
ac1e3896 DM	83	Technology
	84	----------
	85
	86	We use the http://www.corosync.org[Corosync Cluster Engine] for
	87	cluster communication, and http://www.sqlite.org[SQlite] for the
5eba0743	88	database file. The file system is implemented in user space using
ac1e3896 DM	89	http://fuse.sourceforge.net[FUSE].
ac1e3896 DM	90
5eba0743	91	File System Layout
ac1e3896 DM	92	------------------
	93
	94	The file system is mounted at:
	95
	96	/etc/pve
	97
	98	Files
	99	~~~~~
	100
	101	[width="100%",cols="m,d"]
	102	\|=======
8c1189b6 FG	103	\|`corosync.conf` \| Corosync cluster configuration file (previous to {pve} 4.x this file was called cluster.conf)
	104	\|`storage.cfg` \| {pve} storage configuration
	105	\|`datacenter.cfg` \| {pve} datacenter wide configuration (keyboard layout, proxy, ...)
	106	\|`user.cfg` \| {pve} access control configuration (users/groups/...)
	107	\|`domains.cfg` \| {pve} authentication domains
	108	\|`authkey.pub` \| Public key used by ticket system
	109	\|`pve-root-ca.pem` \| Public certificate of cluster CA
	110	\|`priv/shadow.cfg` \| Shadow password file
	111	\|`priv/authkey.key` \| Private key used by ticket system
	112	\|`priv/pve-root-ca.key` \| Private key of cluster CA
	113	\|`nodes/<NAME>/pve-ssl.pem` \| Public SSL certificate for web server (signed by cluster CA)
	114	\|`nodes/<NAME>/pve-ssl.key` \| Private SSL key for `pve-ssl.pem`
	115	\|`nodes/<NAME>/pveproxy-ssl.pem` \| Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`)
	116	\|`nodes/<NAME>/pveproxy-ssl.key` \| Private SSL key for `pveproxy-ssl.pem` (optional)
	117	\|`nodes/<NAME>/qemu-server/<VMID>.conf` \| VM configuration data for KVM VMs
	118	\|`nodes/<NAME>/lxc/<VMID>.conf` \| VM configuration data for LXC containers
	119	\|`firewall/cluster.fw` \| Firewall configuration applied to all nodes
	120	\|`firewall/<NAME>.fw` \| Firewall configuration for individual nodes
	121	\|`firewall/<VMID>.fw` \| Firewall configuration for VMs and Containers
ac1e3896 DM	122	\|=======
ac1e3896 DM	123
5eba0743	124
ac1e3896 DM	125	Symbolic links
	126	~~~~~~~~~~~~~~
	127
	128	[width="100%",cols="m,m"]
	129	\|=======
8c1189b6 FG	130	\|`local` \| `nodes/<LOCAL_HOST_NAME>`
	131	\|`qemu-server` \| `nodes/<LOCAL_HOST_NAME>/qemu-server/`
	132	\|`lxc` \| `nodes/<LOCAL_HOST_NAME>/lxc/`
ac1e3896 DM	133	\|=======
ac1e3896 DM	134
5eba0743	135
ac1e3896 DM	136	Special status files for debugging (JSON)
	137	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	138
	139	[width="100%",cols="m,d"]
	140	\|=======
8c1189b6 FG	141	\|`.version` \|File versions (to detect file modifications)
	142	\|`.members` \|Info about cluster members
	143	\|`.vmlist` \|List of all VMs
	144	\|`.clusterlog` \|Cluster log (last 50 entries)
	145	\|`.rrd` \|RRD data (most recent entries)
ac1e3896 DM	146	\|=======
ac1e3896 DM	147
5eba0743	148
ac1e3896 DM	149	Enable/Disable debugging
	150	~~~~~~~~~~~~~~~~~~~~~~~~
	151
	152	You can enable verbose syslog messages with:
	153
	154	echo "1" >/etc/pve/.debug
	155
	156	And disable verbose syslog messages with:
	157
	158	echo "0" >/etc/pve/.debug
	159
	160
	161	Recovery
	162	--------
	163
	164	If you have major problems with your Proxmox VE host, e.g. hardware
	165	issues, it could be helpful to just copy the pmxcfs database file
8c1189b6	166	`/var/lib/pve-cluster/config.db` and move it to a new Proxmox VE
ac1e3896	167	host. On the new host (with nothing running), you need to stop the
8c1189b6 FG	168	`pve-cluster` service and replace the `config.db` file (needed permissions
	169	`0600`). Second, adapt `/etc/hostname` and `/etc/hosts` according to the
	170	lost Proxmox VE host, then reboot and check. (And don't forget your
ac1e3896 DM	171	VM/CT data)
ac1e3896 DM	172
5eba0743	173
ac1e3896 DM	174	Remove Cluster configuration
	175	~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	176
	177	The recommended way is to reinstall the node after you removed it from
	178	your cluster. This makes sure that all secret cluster/ssh keys and any
	179	shared configuration data is destroyed.
	180
	181	In some cases, you might prefer to put a node back to local mode
	182	without reinstall, which is described here:
	183
8c1189b6	184	* stop the cluster file system in `/etc/pve/`
ac1e3896 DM	185
	186	# systemctl stop pve-cluster
	187
	188	* start it again but forcing local mode
	189
	190	# pmxcfs -l
	191
5eba0743	192	* remove the cluster configuration
ac1e3896 DM	193
	194	# rm /etc/pve/cluster.conf
	195	# rm /etc/cluster/cluster.conf
	196	# rm /var/lib/pve-cluster/corosync.authkey
	197
	198	* stop the cluster file system again
	199
960f6344	200	# systemctl stop pve-cluster
ac1e3896	201
5eba0743	202	* restart PVE services (or reboot)
ac1e3896	203
960f6344 DM	204	# systemctl start pve-cluster
	205	# systemctl restart pvedaemon
	206	# systemctl restart pveproxy
	207	# systemctl restart pvestatd
ac1e3896	208
bd88f9d9 DM	209
	210	ifdef::manvolnum[]
	211	include::pve-copyright.adoc[]
	212	endif::manvolnum[]