[pve-docs.git] / pmxcfs.adoc

ifdef::manvolnum[]
pmxcfs(8)
=========
include::attributes.txt[]
:pve-toplevel:

NAME
----

pmxcfs - Proxmox Cluster File System

SYNOPSIS
--------

include::pmxcfs.8-synopsis.adoc[]

DESCRIPTION
-----------
endif::manvolnum[]

ifndef::manvolnum[]
Proxmox Cluster File System (pmxcfs)
====================================
include::attributes.txt[]
:pve-toplevel:
endif::manvolnum[]

The Proxmox Cluster file system (``pmxcfs'') is a database-driven file
system for storing configuration files, replicated in real time to all
cluster nodes using `corosync`. We use this to store all PVE related
configuration files.

Although the file system stores all data inside a persistent database
on disk, a copy of the data resides in RAM. That imposes restriction
on the maximum size, which is currently 30MB. This is still enough to
store the configuration of several thousand virtual machines.

This system provides the following advantages:

* seamless replication of all configuration to all nodes in real time
* provides strong consistency checks to avoid duplicate VM IDs
* read-only when a node loses quorum
* automatic updates of the corosync cluster configuration to all nodes
* includes a distributed locking mechanism


POSIX Compatibility
-------------------

The file system is based on FUSE, so the behavior is POSIX like. But
some feature are simply not implemented, because we do not need them:

* you can just generate normal files and directories, but no symbolic
  links, ...

* you can't rename non-empty directories (because this makes it easier
  to guarantee that VMIDs are unique).

* you can't change file permissions (permissions are based on path)

* `O_EXCL` creates were not atomic (like old NFS)

* `O_TRUNC` creates are not atomic (FUSE restriction)


File Access Rights
------------------

All files and directories are owned by user `root` and have group
`www-data`. Only root has write permissions, but group `www-data` can
read most files. Files below the following paths:

 /etc/pve/priv/
 /etc/pve/nodes/${NAME}/priv/

are only accessible by root.


Technology
----------

We use the http://www.corosync.org[Corosync Cluster Engine] for
cluster communication, and http://www.sqlite.org[SQlite] for the
database file. The file system is implemented in user space using
http://fuse.sourceforge.net[FUSE].

File System Layout
------------------

The file system is mounted at:

 /etc/pve

Files
~~~~~

[width="100%",cols="m,d"]
|=======
|`corosync.conf`                        | Corosync cluster configuration file (previous to {pve} 4.x this file was called cluster.conf)
|`storage.cfg`                          | {pve} storage configuration
|`datacenter.cfg`                       | {pve} datacenter wide configuration (keyboard layout, proxy, ...)
|`user.cfg`                             | {pve} access control configuration (users/groups/...)
|`domains.cfg`                          | {pve} authentication domains
|`authkey.pub`                          | Public key used by ticket system
|`pve-root-ca.pem`                      | Public certificate of cluster CA
|`priv/shadow.cfg`                      | Shadow password file
|`priv/authkey.key`                     | Private key used by ticket system
|`priv/pve-root-ca.key`                 | Private key of cluster CA
|`nodes/<NAME>/pve-ssl.pem`             | Public SSL certificate for web server (signed by cluster CA)
|`nodes/<NAME>/pve-ssl.key`             | Private SSL key for `pve-ssl.pem`
|`nodes/<NAME>/pveproxy-ssl.pem`        | Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`)
|`nodes/<NAME>/pveproxy-ssl.key`        | Private SSL key for `pveproxy-ssl.pem` (optional)
|`nodes/<NAME>/qemu-server/<VMID>.conf` | VM configuration data for KVM VMs
|`nodes/<NAME>/lxc/<VMID>.conf`         | VM configuration data for LXC containers
|`firewall/cluster.fw`                  | Firewall configuration applied to all nodes
|`firewall/<NAME>.fw`                   | Firewall configuration for individual nodes
|`firewall/<VMID>.fw`                   | Firewall configuration for VMs and Containers
|=======


Symbolic links
~~~~~~~~~~~~~~

[width="100%",cols="m,m"]
|=======
|`local`         | `nodes/<LOCAL_HOST_NAME>`
|`qemu-server`   | `nodes/<LOCAL_HOST_NAME>/qemu-server/`
|`lxc`           | `nodes/<LOCAL_HOST_NAME>/lxc/`
|=======


Special status files for debugging (JSON)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[width="100%",cols="m,d"]
|=======
|`.version`    |File versions (to detect file modifications)
|`.members`    |Info about cluster members
|`.vmlist`     |List of all VMs
|`.clusterlog` |Cluster log (last 50 entries)
|`.rrd`        |RRD data (most recent entries)
|=======


Enable/Disable debugging
~~~~~~~~~~~~~~~~~~~~~~~~

You can enable verbose syslog messages with:

 echo "1" >/etc/pve/.debug 

And disable verbose syslog messages with:

 echo "0" >/etc/pve/.debug 


Recovery
--------

If you have major problems with your Proxmox VE host, e.g. hardware
issues, it could be helpful to just copy the pmxcfs database file
`/var/lib/pve-cluster/config.db` and move it to a new Proxmox VE
host. On the new host (with nothing running), you need to stop the
`pve-cluster` service and replace the `config.db` file (needed permissions
`0600`). Second, adapt `/etc/hostname` and `/etc/hosts` according to the
lost Proxmox VE host, then reboot and check. (And don't forget your
VM/CT data)


Remove Cluster configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The recommended way is to reinstall the node after you removed it from
your cluster. This makes sure that all secret cluster/ssh keys and any
shared configuration data is destroyed.

In some cases, you might prefer to put a node back to local mode without
reinstall, which is described in
<<pvecm_separate_node_without_reinstall,Separate A Node Without Reinstalling>>

ifdef::manvolnum[]
include::pve-copyright.adoc[]
endif::manvolnum[]
Commit	Line	Data
bd88f9d9	1	ifdef::manvolnum[]
b2f242ab DM	2	pmxcfs(8)
b2f242ab DM	3	=========
bd88f9d9	4	include::attributes.txt[]
5f09af76 DM	5	:pve-toplevel:
5f09af76 DM	6
bd88f9d9 DM	7	NAME
	8	----
	9
	10	pmxcfs - Proxmox Cluster File System
	11
49a5e11c	12	SYNOPSIS
bd88f9d9 DM	13	--------
bd88f9d9 DM	14
54079101	15	include::pmxcfs.8-synopsis.adoc[]
bd88f9d9 DM	16
	17	DESCRIPTION
	18	-----------
	19	endif::manvolnum[]
	20
	21	ifndef::manvolnum[]
	22	Proxmox Cluster File System (pmxcfs)
ac1e3896	23	====================================
bd88f9d9	24	include::attributes.txt[]
5f09af76	25	:pve-toplevel:
194d2f29	26	endif::manvolnum[]
5f09af76	27
8c1189b6	28	The Proxmox Cluster file system (``pmxcfs'') is a database-driven file
ac1e3896	29	system for storing configuration files, replicated in real time to all
8c1189b6	30	cluster nodes using `corosync`. We use this to store all PVE related
ac1e3896 DM	31	configuration files.
	32
	33	Although the file system stores all data inside a persistent database
	34	on disk, a copy of the data resides in RAM. That imposes restriction
5eba0743	35	on the maximum size, which is currently 30MB. This is still enough to
ac1e3896 DM	36	store the configuration of several thousand virtual machines.
ac1e3896 DM	37
960f6344	38	This system provides the following advantages:
ac1e3896 DM	39
	40	* seamless replication of all configuration to all nodes in real time
	41	* provides strong consistency checks to avoid duplicate VM IDs
a8e99754	42	* read-only when a node loses quorum
ac1e3896 DM	43	* automatic updates of the corosync cluster configuration to all nodes
	44	* includes a distributed locking mechanism
	45
5eba0743	46
ac1e3896	47	POSIX Compatibility
960f6344	48	-------------------
ac1e3896 DM	49
	50	The file system is based on FUSE, so the behavior is POSIX like. But
	51	some feature are simply not implemented, because we do not need them:
	52
	53	* you can just generate normal files and directories, but no symbolic
	54	links, ...
	55
	56	* you can't rename non-empty directories (because this makes it easier
	57	to guarantee that VMIDs are unique).
	58
	59	* you can't change file permissions (permissions are based on path)
	60
	61	* `O_EXCL` creates were not atomic (like old NFS)
	62
	63	* `O_TRUNC` creates are not atomic (FUSE restriction)
	64
	65
5eba0743	66	File Access Rights
960f6344	67	------------------
ac1e3896	68
8c1189b6 FG	69	All files and directories are owned by user `root` and have group
8c1189b6 FG	70	`www-data`. Only root has write permissions, but group `www-data` can
ac1e3896 DM	71	read most files. Files below the following paths:
	72
	73	/etc/pve/priv/
	74	/etc/pve/nodes/${NAME}/priv/
	75
	76	are only accessible by root.
	77
960f6344	78
ac1e3896 DM	79	Technology
	80	----------
	81
	82	We use the http://www.corosync.org[Corosync Cluster Engine] for
	83	cluster communication, and http://www.sqlite.org[SQlite] for the
5eba0743	84	database file. The file system is implemented in user space using
ac1e3896 DM	85	http://fuse.sourceforge.net[FUSE].
ac1e3896 DM	86
5eba0743	87	File System Layout
ac1e3896 DM	88	------------------
	89
	90	The file system is mounted at:
	91
	92	/etc/pve
	93
	94	Files
	95	~~~~~
	96
	97	[width="100%",cols="m,d"]
	98	\|=======
8c1189b6 FG	99	\|`corosync.conf` \| Corosync cluster configuration file (previous to {pve} 4.x this file was called cluster.conf)
	100	\|`storage.cfg` \| {pve} storage configuration
	101	\|`datacenter.cfg` \| {pve} datacenter wide configuration (keyboard layout, proxy, ...)
	102	\|`user.cfg` \| {pve} access control configuration (users/groups/...)
	103	\|`domains.cfg` \| {pve} authentication domains
	104	\|`authkey.pub` \| Public key used by ticket system
	105	\|`pve-root-ca.pem` \| Public certificate of cluster CA
	106	\|`priv/shadow.cfg` \| Shadow password file
	107	\|`priv/authkey.key` \| Private key used by ticket system
	108	\|`priv/pve-root-ca.key` \| Private key of cluster CA
	109	\|`nodes/<NAME>/pve-ssl.pem` \| Public SSL certificate for web server (signed by cluster CA)
	110	\|`nodes/<NAME>/pve-ssl.key` \| Private SSL key for `pve-ssl.pem`
	111	\|`nodes/<NAME>/pveproxy-ssl.pem` \| Public SSL certificate (chain) for web server (optional override for `pve-ssl.pem`)
	112	\|`nodes/<NAME>/pveproxy-ssl.key` \| Private SSL key for `pveproxy-ssl.pem` (optional)
	113	\|`nodes/<NAME>/qemu-server/<VMID>.conf` \| VM configuration data for KVM VMs
	114	\|`nodes/<NAME>/lxc/<VMID>.conf` \| VM configuration data for LXC containers
	115	\|`firewall/cluster.fw` \| Firewall configuration applied to all nodes
	116	\|`firewall/<NAME>.fw` \| Firewall configuration for individual nodes
	117	\|`firewall/<VMID>.fw` \| Firewall configuration for VMs and Containers
ac1e3896 DM	118	\|=======
ac1e3896 DM	119
5eba0743	120
ac1e3896 DM	121	Symbolic links
	122	~~~~~~~~~~~~~~
	123
	124	[width="100%",cols="m,m"]
	125	\|=======
8c1189b6 FG	126	\|`local` \| `nodes/<LOCAL_HOST_NAME>`
	127	\|`qemu-server` \| `nodes/<LOCAL_HOST_NAME>/qemu-server/`
	128	\|`lxc` \| `nodes/<LOCAL_HOST_NAME>/lxc/`
ac1e3896 DM	129	\|=======
ac1e3896 DM	130
5eba0743	131
ac1e3896 DM	132	Special status files for debugging (JSON)
	133	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	134
	135	[width="100%",cols="m,d"]
	136	\|=======
8c1189b6 FG	137	\|`.version` \|File versions (to detect file modifications)
	138	\|`.members` \|Info about cluster members
	139	\|`.vmlist` \|List of all VMs
	140	\|`.clusterlog` \|Cluster log (last 50 entries)
	141	\|`.rrd` \|RRD data (most recent entries)
ac1e3896 DM	142	\|=======
ac1e3896 DM	143
5eba0743	144
ac1e3896 DM	145	Enable/Disable debugging
	146	~~~~~~~~~~~~~~~~~~~~~~~~
	147
	148	You can enable verbose syslog messages with:
	149
	150	echo "1" >/etc/pve/.debug
	151
	152	And disable verbose syslog messages with:
	153
	154	echo "0" >/etc/pve/.debug
	155
	156
	157	Recovery
	158	--------
	159
	160	If you have major problems with your Proxmox VE host, e.g. hardware
	161	issues, it could be helpful to just copy the pmxcfs database file
8c1189b6	162	`/var/lib/pve-cluster/config.db` and move it to a new Proxmox VE
ac1e3896	163	host. On the new host (with nothing running), you need to stop the
8c1189b6 FG	164	`pve-cluster` service and replace the `config.db` file (needed permissions
	165	`0600`). Second, adapt `/etc/hostname` and `/etc/hosts` according to the
	166	lost Proxmox VE host, then reboot and check. (And don't forget your
ac1e3896 DM	167	VM/CT data)
ac1e3896 DM	168
5eba0743	169
ac1e3896 DM	170	Remove Cluster configuration
	171	~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	172
	173	The recommended way is to reinstall the node after you removed it from
	174	your cluster. This makes sure that all secret cluster/ssh keys and any
	175	shared configuration data is destroyed.
	176
38ae8db3 TL	177	In some cases, you might prefer to put a node back to local mode without
	178	reinstall, which is described in
	179	<<pvecm_separate_node_without_reinstall,Separate A Node Without Reinstalling>>
bd88f9d9 DM	180
	181	ifdef::manvolnum[]
	182	include::pve-copyright.adoc[]
	183	endif::manvolnum[]