cman - cluster.conf cman configuration section
Cman configuration values are placed in the <cman> </cman>
section of cluster.conf. Per-node configuration related to cman
is placed in the standard <clusternode> </clusternode> sections.
All cman configuration settings are optional; usually none are
used. The <cman> section is placed under the <cluster> section
By default, cman will use UDP port 5405/5404 for internode
communication. This can be changed by setting a port number as
This will cause cman to use ports 6809 and 6808 for cluster
The expected votes value is used by cman to determine quorum.
The cluster is quorate if the sum of votes of existing members
is over half of the expected votes value. By default, cman sets
the expected votes value to be the sum of votes of all nodes
listed in cluster.conf. This can be overridden by setting an
explicit expected_votes value as follows:
If the cluster becomes partitioned, improper use of this option
can result in more than one partition gaining quorum. In that
event, nodes in each partition will enable cluster services.
Two node clusters
Ordinarily, the loss of quorum after one out of two nodes fails
will prevent the remaining node from continuing (if both nodes
have one vote.) Special configuration options can be set to
allow the one remaining node to continue operating if the other
fails. To do this only two nodes, each with one vote, can be
defined in cluster.conf. The two_node and expected_votes values
must then be set to 1 in the cman section as follows.
<cman two_node="1" expected_votes="1">
By default, a node is given one vote toward the calculation of
quorum. This can be changed by giving a node a specific number
of votes as follows:
<clusternode name="nd1" votes="2">
All nodes must have a unique node ID. This is a single integer
that identifies it to the cluster. A node’s application to join
the cluster may be rejected if you try to set the nodeid to one
that is already used.
<clusternode name="nd1" nodeid="1">
It is quite common to use multiple ethernet adapters for cluster
nodes, so they will tolerate the failure of one link. A common
way to do this is to use ethernet bonding. Alternatively you can
get corosync to run in redundant ring mode by specifying an
’altname’ for the node. This is an alternative name by which the
node is known, that resolves to another IP address used on the
other ethernet adapter(s). You can optionally specify a
different port and/or multicast address for each altname in use.
Up to 9 altnames (10 interfaces in total) can be used.
Note that if you are using the DLM with cman/corosync then you
MUST tell it to use SCTP as it’s communications protocol as TCP
does not support multihoming.
<clusternode name="nd1" nodeid="1">
<altname name="nd1a" port="6809" mcast="184.108.40.206"/>
Multicast network configuration
cman uses multicast UDP packets to communicate with other nodes
in the cluster. By default it will generate a multicast address
using 239.192.x.x where x.x is the 16bit cluster ID number split
into bytes. This, in turn is generated from a hash of the
cluster name though it can be specified explicitly. The purpose
of this is to allow multiple clusters to share the same subnet -
they will each use a different multicast address. You might
also/instead want to isolate clusters using the port number as
It is possible to override the multicast address by specifying
it in cluster.conf as shown:
The cluster ID number is used to isolate clusters in the same
subnet. Usually it is generated from a hash of the cluster name,
but it can be overridden here if you feel the need. Sometimes
cluster names can hash to the same ID.
corosync security key
All traffic sent out by cman/corosync is encrypted. By default
the security key used is simply the cluster name. If you need
more security you can specify a key file that contains the key
used to encrypt cluster communications. Of course, the contents
of the key file must be the same on all nodes in the cluster. It
is up to you to securely copy the file to the nodes.
Note that this only applies to cluster communication. The DLM
does not encrypt traffic.
Other corosync parameters
When corosync is started by cman (cman_tool runs corosync), the
corosync.conf file is not used. Many of the configuration
parameters listed in corosync.conf can be set in cluster.conf
instead. Cman will read corosync parameters from the following
sections in cluster.conf and load them into corosync:
See the corosync.conf(5) man page for more information on keys
that are valid for these sections. Note that settings in the
<clusternodes> section will override settings in the sections
above, and options on the cman_tool command line will override
both. In particular, settings like bindnetaddr, mcastaddr,
mcastport and nodeid will always be replaced by values in
Cman uses different defaults for some of the corosync parameters
listed in corosync.conf(5). If you wish to use a non-default
setting, they can be configured in cluster.conf as shown above.
Cman uses the following default values:
<!-- or rrp_mode="active" if altnames are present >
<aisexec user="root" group="root" />
Here’s how to set the token timeout to five seconds:
cluster.conf(5), corosync.conf(5), cman_tool(8)