ifdef::manvolnum[]
-PVE({manvolnum})
-================
-include::attributes.txt[]
+pvecm(1)
+========
+:pve-toplevel:
NAME
----
pvecm - Proxmox VE Cluster Manager
-SYNOPSYS
+SYNOPSIS
--------
include::pvecm.1-synopsis.adoc[]
ifndef::manvolnum[]
Cluster Manager
===============
-include::attributes.txt[]
+:pve-toplevel:
endif::manvolnum[]
The {PVE} cluster manager `pvecm` is a tool to create a group of
use the 'ringX_addr' parameters to set the nodes address on those networks:
[source,bash]
+----
pvecm add IP-ADDRESS-CLUSTER -ring0_addr IP-ADDRESS-RING0
+----
If you want to use the Redundant Ring Protocol you will also want to pass the
'ring1_addr' parameter.
Move all virtual machines from the node. Make sure you have no local
data or backups you want to keep, or save them accordingly.
+In the following example we will remove the node hp4 from the cluster.
-Log in to one remaining node via ssh. Issue a `pvecm nodes` command to
-identify the node ID:
-
-----
-hp1# pvecm status
-
-Quorum information
-~~~~~~~~~~~~~~~~~~
-Date: Mon Apr 20 12:30:13 2015
-Quorum provider: corosync_votequorum
-Nodes: 4
-Node ID: 0x00000001
-Ring ID: 1928
-Quorate: Yes
-
-Votequorum information
-~~~~~~~~~~~~~~~~~~~~~~
-Expected votes: 4
-Highest expected: 4
-Total votes: 4
-Quorum: 2
-Flags: Quorate
-
-Membership information
-~~~~~~~~~~~~~~~~~~~~~~
- Nodeid Votes Name
-0x00000001 1 192.168.15.91 (local)
-0x00000002 1 192.168.15.92
-0x00000003 1 192.168.15.93
-0x00000004 1 192.168.15.94
-----
-
-IMPORTANT: at this point you must power off the node to be removed and
-make sure that it will not power on again (in the network) as it
-is.
+Log in to a *different* cluster node (not hp4), and issue a `pvecm nodes`
+command to identify the node ID to remove:
----
hp1# pvecm nodes
4 1 hp4
----
-Log in to one remaining node via ssh. Issue the delete command (here
-deleting node `hp4`):
+
+At this point you must power off hp4 and
+make sure that it will not power on again (in the network) as it
+is.
+
+IMPORTANT: As said above, it is critical to power off the node
+*before* removal, and make sure that it will *never* power on again
+(in the existing cluster network) as it is.
+If you power on the node as it is, your cluster will be screwed up and
+it could be difficult to restore a clean cluster state.
+
+After powering off the node hp4, we can safely remove it from the cluster.
hp1# pvecm delnode hp4
0x00000003 1 192.168.15.92
----
-IMPORTANT: as said above, it is very important to power off the node
-*before* removal, and make sure that it will *never* power on again
-(in the existing cluster network) as it is.
-
-If you power on the node as it is, your cluster will be screwed up and
-it could be difficult to restore a clean cluster state.
-
If, for whatever reason, you want that this server joins the same
cluster again, you have to
* then join it, as explained in the previous section.
+[[pvecm_separate_node_without_reinstall]]
Separate A Node Without Reinstalling
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
scratch. But after removing the node from the cluster it will still have
access to the shared storages! This must be resolved before you start removing
the node from the cluster. A {pve} cluster cannot share the exact same
-storage with another cluster, as it leads to VMID conflicts.
+storage with another cluster, as storage locking doesn't work over cluster
+boundary. Further, it may also lead to VMID conflicts.
-Move the guests which you want to keep on this node now, after the removal you
-can do this only via backup and restore. Its suggested that you create a new
-storage where only the node which you want to separate has access. This can be
-an new export on your NFS or a new Ceph pool, to name a few examples. Its just
-important that the exact same storage does not gets accessed by multiple
-clusters. After setting this storage up move all data from the node and its VMs
-to it. Then you are ready to separate the node from the cluster.
+Its suggested that you create a new storage where only the node which you want
+to separate has access. This can be an new export on your NFS or a new Ceph
+pool, to name a few examples. Its just important that the exact same storage
+does not gets accessed by multiple clusters. After setting this storage up move
+all data from the node and its VMs to it. Then you are ready to separate the
+node from the cluster.
WARNING: Ensure all shared resources are cleanly separated! You will run into
conflicts and problems else.
First stop the corosync and the pve-cluster services on the node:
[source,bash]
+----
systemctl stop pve-cluster
systemctl stop corosync
+----
Start the cluster filesystem again in local mode:
[source,bash]
+----
pmxcfs -l
+----
Delete the corosync configuration files:
[source,bash]
+----
rm /etc/pve/corosync.conf
rm /etc/corosync/*
+----
You can now start the filesystem again as normal service:
[source,bash]
+----
killall pmxcfs
systemctl start pve-cluster
+----
The node is now separated from the cluster. You can deleted it from a remaining
node of the cluster with:
[source,bash]
+----
pvecm delnode oldnode
+----
If the command failed, because the remaining node in the cluster lost quorum
when the now separate node exited, you may set the expected votes to 1 as a workaround:
[source,bash]
+----
pvecm expected 1
+----
And the repeat the 'pvecm delnode' command.
cluster again without problems.
[source,bash]
+----
rm /var/lib/corosync/*
+----
As the configuration files from the other nodes are still in the cluster
filesystem you may want to clean those up too. Remove simply the whole
* Ensure that multicast works in general and a high package rates. This can be
done with the `omping` tool. The final "%loss" number should be < 1%.
++
[source,bash]
----
omping -c 10000 -i 0.001 -F -q NODE1-IP NODE2-IP ...
This covers up problems where IGMP snooping is activated on the network but
no multicast querier is active. This test has a duration of around 10
minutes.
++
[source,bash]
+----
omping -c 600 -i 1 -q NODE1-IP NODE2-IP ...
+----
Your network is not ready for clustering if any of these test fails. Recheck
your network configuration. Especially switches are notorious for having
you would execute:
[source,bash]
+----
pvecm create test --ring0_addr 10.10.10.1 --bindnet0_addr 10.10.10.0
+----
To check if everything is working properly execute:
[source,bash]
+----
systemctl status corosync
+----
[[separate-cluster-net-after-creation]]
Separate After Cluster Creation
On a single node execute:
[source,bash]
+----
systemctl restart corosync
+----
Now check if everything is fine:
[source,bash]
+----
systemctl status corosync
+----
If corosync runs again correct restart corosync also on all other nodes.
They will then join the cluster membership one by one on the new network.
10.10.20.1/24 subnet you would execute:
[source,bash]
+----
pvecm create CLUSTERNAME -bindnet0_addr 10.10.10.1 -ring0_addr 10.10.10.1 \
-bindnet1_addr 10.10.20.1 -ring1_addr 10.10.20.1
+----
-RRP On A Created Cluster
+RRP On Existing Clusters
~~~~~~~~~~~~~~~~~~~~~~~~
-When enabling an already running cluster to use RRP you will take similar steps
-as describe in <<separate-cluster-net-after-creation,separating the cluster
-network>>. You just do it on another ring.
+You will take similar steps as described in
+<<separate-cluster-net-after-creation,separating the cluster network>> to
+enable RRP on an already running cluster. The single difference is, that you
+will add `ring1` and use it instead of `ring0`.
First add a new `interface` subsection in the `totem` section, set its
`ringnumber` property to `1`. Set the interfaces `bindnetaddr` property to an
----
-Bring it in effect like described in the <<edit-corosync-conf,edit the
-corosync.conf file>> section.
+Bring it in effect like described in the
+<<edit-corosync-conf,edit the corosync.conf file>> section.
This is a change which cannot take live in effect and needs at least a restart
of corosync. Recommended is a restart of the whole cluster.
controls the cluster member ship and its network.
For reading more about it check the corosync.conf man page:
[source,bash]
+----
man corosync.conf
+----
For node membership you should always use the `pvecm` tool provided by {pve}.
You may have to edit the configuration file manually for other changes.
avoid triggering some unwanted changes by an in between safe.
[source,bash]
+----
cp /etc/pve/corosync.conf /etc/pve/corosync.conf.new
+----
Then open the Config file with your favorite editor, `nano` and `vim.tiny` are
preinstalled on {pve} for example.
apply or makes problems in other ways.
[source,bash]
+----
cp /etc/pve/corosync.conf /etc/pve/corosync.conf.bak
+----
Then move the new configuration file over the old one:
[source,bash]
+----
mv /etc/pve/corosync.conf.new /etc/pve/corosync.conf
+----
You may check with the commands
[source,bash]
+----
systemctl status corosync
journalctl -b -u corosync
+----
If the change could applied automatically. If not you may have to restart the
corosync service via:
[source,bash]
+----
systemctl restart corosync
+----
On errors check the troubleshooting section below.
If you need to change '/etc/pve/corosync.conf' on an node with no quorum, and you
know what you do, use:
[source,bash]
+----
pvecm expected 1
+----
This sets the expected vote count to 1 and makes the cluster quorate. You can
now fix your configuration, or revert it back to the last working backup.
mind that guest startup is delayed until you reach quorum.
+Guest Migration
+---------------
+
+Migrating virtual guests to other nodes is a useful feature in a
+cluster. There are settings to control the behavior of such
+migrations. This can be done via the configuration file
+`datacenter.cfg` or for a specific migration via API or command line
+parameters.
+
+It makes a difference if a Guest is online or offline, or if it has
+local resources (like a local disk).
+
+For Details about Virtual Machine Migration see the
+xref:qm_migration[QEMU/KVM Migration Chapter]
+
+For Details about Container Migration see the
+xref:pct_migration[Container Migration Chapter]
+
+Migration Type
+~~~~~~~~~~~~~~
+
+The migration type defines if the migration data should be sent over a
+encrypted (`secure`) channel or an unencrypted (`insecure`) one.
+Setting the migration type to insecure means that the RAM content of a
+virtual guest gets also transfered unencrypted, which can lead to
+information disclosure of critical data from inside the guest (for
+example passwords or encryption keys).
+
+Therefore, we strongly recommend using the secure channel if you do
+not have full control over the network and can not guarantee that no
+one is eavesdropping to it.
+
+NOTE: Storage migration does not follow this setting. Currently, it
+always sends the storage content over a secure channel.
+
+Encryption requires a lot of computing power, so this setting is often
+changed to "unsafe" to achieve better performance. The impact on
+modern systems is lower because they implement AES encryption in
+hardware. The performance impact is particularly evident in fast
+networks where you can transfer 10 Gbps or more.
+
+
+Migration Network
+~~~~~~~~~~~~~~~~~
+
+By default, {pve} uses the network in which cluster communication
+takes place to send the migration traffic. This is not optimal because
+sensitive cluster traffic can be disrupted and this network may not
+have the best bandwidth available on the node.
+
+Setting the migration network parameter allows the use of a dedicated
+network for the entire migration traffic. In addition to the memory,
+this also affects the storage traffic for offline migrations.
+
+The migration network is set as a network in the CIDR notation. This
+has the advantage that you do not have to set individual IP addresses
+for each node. {pve} can determine the real address on the
+destination node from the network specified in the CIDR form. To
+enable this, the network must be specified so that each node has one,
+but only one IP in the respective network.
+
+
+Example
+^^^^^^^
+
+We assume that we have a three-node setup with three separate
+networks. One for public communication with the Internet, one for
+cluster communication and a very fast one, which we want to use as a
+dedicated network for migration.
+
+A network configuration for such a setup might look as follows:
+
+----
+iface eth0 inet manual
+
+# public network
+auto vmbr0
+iface vmbr0 inet static
+ address 192.X.Y.57
+ netmask 255.255.250.0
+ gateway 192.X.Y.1
+ bridge_ports eth0
+ bridge_stp off
+ bridge_fd 0
+
+# cluster network
+auto eth1
+iface eth1 inet static
+ address 10.1.1.1
+ netmask 255.255.255.0
+
+# fast network
+auto eth2
+iface eth2 inet static
+ address 10.1.2.1
+ netmask 255.255.255.0
+----
+
+Here, we will use the network 10.1.2.0/24 as a migration network. For
+a single migration, you can do this using the `migration_network`
+parameter of the command line tool:
+
+----
+# qm migrate 106 tre --online --migration_network 10.1.2.0/24
+----
+
+To configure this as the default network for all migrations in the
+cluster, set the `migration` property of the `/etc/pve/datacenter.cfg`
+file:
+
+----
+# use dedicated migration network
+migration: secure,network=10.1.2.0/24
+----
+
+NOTE: The migration type must always be set when the migration network
+gets set in `/etc/pve/datacenter.cfg`.
+
+
ifdef::manvolnum[]
include::pve-copyright.adoc[]
endif::manvolnum[]