2. Host-Local Configuration
Note
Directory and file paths below may differ on your system depending on your Pacemaker build settings. Check your Pacemaker configuration file to find the correct paths.
2.1. Configuration Value Types
Throughout this document, configuration values will be designated as having one of the following types:
Type |
Description |
---|---|
boolean |
Case-insensitive text value where |
date/time |
Textual timestamp like |
duration |
A nonnegative time duration, specified either like a timeout or an ISO 8601 duration [https://en.wikipedia.org/wiki/ISO_8601#Durations]. A duration may be up to approximately 49 days but is intended for much smaller time periods. |
enumeration |
Text that must be one of a set of defined values (which will be listed in the description) |
epoch_time |
Time as the integer number of seconds since the Unix epoch,
|
id |
A text string starting with a letter or underbar, followed by any
combination of letters, numbers, dashes, dots, and/or underbars; when
used for a property named |
integer |
32-bit signed integer value (-2,147,483,648 to 2,147,483,647) |
ISO 8601 |
An ISO 8601 [https://en.wikipedia.org/wiki/ISO_8601] date/time. |
nonnegative integer |
32-bit nonnegative integer value (0 to 2,147,483,647) |
percentage |
Floating-point number followed by an optional percent sign (‘%’) |
port |
Integer TCP port number (0 to 65535) |
range |
A range may be a single nonnegative integer or a dash-separated range of
nonnegative integers. Either the first or last value may be omitted to
leave the range open-ended. Examples: |
score |
A Pacemaker score can be an integer between -1,000,000 and 1,000,000, or
a string alias: |
text |
A text string |
timeout |
A time duration, specified as a bare number (in which case it is
considered to be in seconds) or a number with a unit ( |
version |
Version number (any combination of alphanumeric characters, dots, and dashes, starting with a number). |
2.1.1. Scores
Scores are integral to how Pacemaker works. Practically everything from moving a resource to deciding which resource to stop in a degraded cluster is achieved by manipulating scores in some way.
Scores are calculated per resource and node. Any node with a negative score for a resource can’t run that resource. The cluster places a resource on the node with the highest score for it.
Score addition and subtraction follow these rules:
Any value (including
INFINITY
) -INFINITY
=-INFINITY
INFINITY
+ any value other than-INFINITY
=INFINITY
Note
What if you want to use a score higher than 1,000,000? Typically this possibility arises when someone wants to base the score on some external metric that might go above 1,000,000.
The short answer is you can’t.
The long answer is it is sometimes possible work around this limitation creatively. You may be able to set the score to some computed value based on the external metric rather than use the metric directly. For nodes, you can store the metric as a node attribute, and query the attribute when computing the score (possibly as part of a custom resource agent).
2.2. Local Options
Most Pacemaker configuration is in the cluster-wide CIB, but some host-local configuration options either are needed at startup (before the CIB is read) or provide per-host overrides of cluster-wide options.
These options are configured as environment variables set when Pacemaker is
started, in the format <NAME>="<VALUE>"
. These are typically set in a file
whose location varies by OS (most commonly /etc/sysconfig/pacemaker
or
/etc/default/pacemaker
; this documentation was generated on a system using
/etc/sysconfig/pacemaker
).
Name |
Type |
Default |
Description |
---|---|---|---|
CIB_pam_service |
login |
PAM service to use for remote CIB client authentication (passed to
|
|
PCMK_logfacility |
daemon |
Enable logging via the system log or journal, using the specified log
facility. Messages sent here are of value to all Pacemaker
administrators. This can be disabled using
|
|
PCMK_logpriority |
notice |
Unless system logging is disabled using
|
|
PCMK_logfile |
/var/log/pacemaker/pacemaker.log |
Unless set to |
|
PCMK_logfile_mode |
0660 |
Pacemaker will set the permissions on the detail log to this value (see
|
|
PCMK_debug |
no |
Whether to send debug severity messages to the detail log. This may be
set for all subsystems (
Example: |
|
PCMK_stderr |
no |
Advanced Use Only: Whether to send daemon log messages to stderr. This would be useful only during troubleshooting, when starting Pacemaker manually on the command line. Setting this option in the configuration file is pointless, since the file is not read when starting Pacemaker manually. However, it can be set directly as an environment variable on the command line. |
|
PCMK_trace_functions |
Advanced Use Only: Send debug and trace severity messages from these (comma-separated) source code functions to the detail log. Example:
|
||
PCMK_trace_files |
Advanced Use Only: Send debug and trace severity messages from all functions in these (comma-separated) source file names to the detail log. Example: |
||
PCMK_trace_formats |
Advanced Use Only: Send trace severity messages that are generated by these (comma-separated) format strings in the source code to the detail log. Example: |
||
PCMK_trace_tags |
Advanced Use Only: Send debug and trace severity messages related to these (comma-separated) resource IDs to the detail log. Example: |
||
PCMK_blackbox |
no |
Advanced Use Only: Enable blackbox logging globally ( The blackbox recorder can be enabled at start using this variable, or at
runtime by sending a Pacemaker subsystem daemon process a See PCMK_debug for allowed subsystems. Example:
|
|
PCMK_trace_blackbox |
Advanced Use Only: Write a blackbox whenever the message at the specified function and line is logged. Multiple entries may be comma- separated. Example: |
||
PCMK_node_start_state |
default |
By default, the local host will join the cluster in an online or standby
state when Pacemaker first starts depending on whether it was previously
put into standby mode. If this variable is set to |
|
PCMK_node_action_limit |
If set, this overrides the node-action-limit cluster option on this node to specify the maximum number of jobs that can be scheduled on this node (or 0 to use twice the number of CPU cores). |
||
PCMK_fail_fast |
no |
By default, if a Pacemaker subsystem crashes, the main |
|
PCMK_panic_action |
reboot |
Pacemaker will panic the local host under certain conditions. By default,
this means rebooting the host. This variable can change that behavior: if
|
|
PCMK_remote_address |
By default, if the Pacemaker Remote service is run on the local node, it will listen for connections on all IP addresses. This may be set to one address to listen on instead, as a resolvable hostname or as a numeric IPv4 or IPv6 address. When resolving names or listening on all addresses, IPv6 will be preferred if available. When listening on an IPv6 address, IPv4 clients will be supported via IPv4-mapped IPv6 addresses. Example: |
||
PCMK_remote_port |
3121 |
Use this TCP port number for Pacemaker Remote node connections. This value must be the same on all nodes. |
|
PCMK_ca_file |
The location of a file containing trusted Certificate Authorities, used to
verify client or server certificates. This file must be in PEM format and
must be readable by Pacemaker daemons (that is, it must allow read permissions
to either the Example: |
||
PCMK_cert_file |
The location of a file containing the signed certificate for the server
side of the connection. This file must be in PEM format and must be
readable by Pacemaker daemons (that is, it must allow read permissions
to either the Example: |
||
PCMK_crl_file |
The location of a Certificate Revocation List file, in PEM format. This setting is optional for X509 authentication. Example: |
||
PCMK_key_file |
The location of a file containing the private key for the matching
PCMK_cert_file, in PEM format. This file must
be readble by Pacemaker daemons (that is, it must allow read permissions
to either the Example: |
||
PCMK_authkey_location |
/etc/pacemaker/authkey |
As an alternative to using X509 authentication for Pacemaker Remote connections, use the contents of this file as the
authorization key. This file must be readable by Pacemaker daemons (that
is, it must allow read permissions to either the This is an alternative to using X509 certificates. |
|
PCMK_remote_pid1 |
default |
Advanced Use Only: When a bundle resource’s This option controls whether those actions are performed when Pacemaker
Remote is not running as PID 1. It is intended primarily for developer
testing but can be useful when
If Pacemaker Remote is running as PID 1, this option is ignored, and the
behavior is the same as for |
|
PCMK_tls_priorities |
NORMAL |
Advanced Use Only: These GnuTLS cipher priorities [https://gnutls.org/manual/html_node/Priority-Strings.html] will be used for TLS connections (whether for Pacemaker Remote connections or remote CIB access, when enabled). Pacemaker will append Example:
|
|
PCMK_dh_max_bits |
0 (no maximum) |
Advanced Use Only: Set an upper bound on the bit length of the prime number generated for Diffie-Hellman parameters needed by TLS connections. The default is no maximum. The server (Pacemaker Remote daemon, or CIB manager configured to accept remote clients) will use this value to provide a ceiling for the value recommended by the GnuTLS library. The library will only accept a limited number of specific values, which vary by library version, so setting these is recommended only when required for compatibility with specific client versions. Clients do not use |
|
PCMK_ipc_type |
shared-mem |
Advanced Use Only: Force use of a particular IPC method. Allowed values:
|
|
PCMK_ipc_buffer |
131072 |
Advanced Use Only: Specify an IPC buffer size in bytes. This can be useful when connecting to large clusters that result in messages exceeding the default size (which will also result in log messages referencing this variable). |
|
PCMK_cluster_type |
corosync |
Advanced Use Only: Specify the cluster layer to be used. If unset,
Pacemaker will detect and use a supported cluster layer, if available.
Currently, |
|
PCMK_schema_directory |
/usr/share/pacemaker |
Advanced Use Only: Specify an alternate location for RNG schemas and XSL transforms. |
|
PCMK_remote_schema_directory |
/var/lib/pacemaker/schemas |
Advanced Use Only: Specify an alternate location on Pacemaker Remote nodes for storing newer RNG schemas and XSL transforms fetched from the cluster. |
|
PCMK_valgrind_enabled |
no |
Advanced Use Only: Whether subsystem daemons should be run under
|
|
PCMK_callgrind_enabled |
no |
Advanced Use Only: Whether subsystem daemons should be run under
|
|
SBD_SYNC_RESOURCE_STARTUP |
If true, |
||
SBD_WATCHDOG_TIMEOUT |
If the |
||
VALGRIND_OPTS |
Advanced Use Only: Pass these options to valgrind, when enabled (see
|