cluster

addr

required:    false
scopable:    true
default:     The ipaddr resolved for the nodename.

Example:

addr = 1.2.3.4

The addr to use to connect a peer. Use scoping to define each non-default address.

ca

required:    false
scopable:    false
default:     `system/sec/ca`

convert:     list

A whitespace-separated list of sec paths.

The listener accepts a x509 client certificate if it is trusted by any CA certificate found in these sec objects.

cert

required:    false
scopable:    false
default:     `system/sec/cert`

The path of the secret hosting the certificate that the listener use for its TLS socket.

dns

required:    false
scopable:    true
convert:     list

The list of nodes to set as nameserver in the resolv.conf of the containers the CRM starts.

If set, the search will also be set to:

1/ <name>.<namespace>.svc.<clustername> 2/ <namespace>.svc.<clustername> 3/ <clustername>.

drpnodes

required:    false
scopable:    false
convert:     list

This list is fetched from the join command payload received from the joined node.

The service configuration {clusterdrpnodes} is resolved to this keyword value.

id

required:    false
scopable:    true
default:     An autogenerated random UUID.

This unique identifier is auto-generated on install and should never be change by the cluster administrators.

It is changed when the node joins a cluster, so the remote cluster id replaces the joiners' cluster id.

name

required:    false
scopable:    false
default:     A random generated clustername.

The cluster name is used,

as the zone name in the cluster dns records
in the {fqdn} configuration reference
in the AES secret encryption metadata

The cluster name should be unique site-wide. Missing cluster name will be automatically created with random value during daemon startup.

It is always lowercased, so better to set it to a lowercase value to avoid confusion.

The cluster name is provided to joining nodes, so they can replace their own.

nodes

required:    false
scopable:    false
convert:     list

This list of node names contains only the local node name on install.

When the node joins a cluster, the joined node provides the new list, with the new node added. The joiner then replace its nodes list with the one received.

When a node receives a join request, it adds the new node to its cluster nodes list, then provide the new list to the joiner.

quorum

required:    false
scopable:    false
default:     false
convert:     bool

If true, when the cluster is split a vote happens on each cluster node.

Each reachable node and each reachable arbitrator give their vote. If the votes is less than half the total number of nodes plus arbitrators, the node trigger a node fencing method defined by node.split_action (crash, reboot or disabled).

secret

required:    false
scopable:    true
default:     A random string autogenerated on first use

The cluster shared secret used to encrypt and decrypt heartbeat payloads and sec values, with AES256

This secret is auto-generated on install, then merged from the joined nodes when joining a cluster.

The cluster name should be unique site-wide and be set right before starting to add sec keys.

vip

required:    false
scopable:    true

Example:

vip = 192.168.99.12/24@eth0

The cluster virtual ip.

If configured, the daemon creates a system/svc/vip HA failover service to manage this ip.

OpenSVC