Product SiteDocumentation Site

D.2. Enabling Pacemaker

D.2.1. For Corosync

The Corosync configuration is normally located in /etc/corosync/corosync.conf and an example for a machine with an address of in a cluster communicating on port 1234 (without peer authentication and message encryption) is shown below.
Example D.1. An example Corosync configuration file
  totem {
      version: 2
      secauth: off
      threads: 0
      interface {
          ringnumber: 0
          mcastport: 1234
  logging {
      fileline: off
      to_syslog: yes
      syslog_facility: daemon
  amf {
      mode: disabled

The logging should be mostly obvious and the amf section refers to the Availability Management Framework and is not covered in this document.
The interesting part of the configuration is the totem section. This is where we define the how the node can communicate with the rest of the cluster and what protocol version and options (including encryption[13]) it should use. Beginners are encouraged to use the values shown and modify the interface section based on their network.
It is also possible to configure Corosync for an IPv6 based environment. Simply configure bindnetaddr and mcastaddr with their IPv6 equivalents. Eg
Example D.2. Example options for an IPv6 environment
  bindnetaddr: fec0::1:a800:4ff:fe00:20 
  mcastaddr: ff05::1

To tell Corosync to use the Pacemaker cluster manager, add the following fragment to a functional Corosync configuration and restart the cluster.
Example D.3. Configuration fragment for enabling Pacemaker under Corosync
  aisexec {
    user:  root
    group: root
  service {
    name: pacemaker
    ver: 0

The cluster needs to be run as root so that its child processes (the lrmd in particular) have sufficient privileges to perform the actions requested of it. After-all, a cluster manager that can't add an IP address or start apache is of little use.
The second directive is the one that actually instructs the cluster to run Pacemaker.

[13] Please consult the Corosync website and documentation for details on enabling encryption and peer authentication for the cluster.