bionic (8) corosync-qnetd.8.gz

Provided by: corosync-qnetd_2.4.3-0ubuntu1.3_amd64 bug

NAME

       corosync-qnetd - QNet daemon

SYNOPSIS

       corosync-qnetd  [-46dfhv]  [-l  listen_addr]  [-p  listen_port]  [-s  tls]  [-c client_cert_required] [-m
       max_clients] [-S option=value[,option2=value2,...]]"

DESCRIPTION

       corosync-qnetd is a daemon running outside of the cluster with the purpose of providing  a  vote  to  the
       corosync-qdevice  model  net.  It's designed to support multiple clusters and be almost configuration and
       state free. New clusters are handled dynamically and no configuration file exists.  It's also able to run
       as  non-root user - which is recommended. Connection between the corosync-qdevice model net client can be
       optionally configured with TLS client certificate checking.  The communication  protocol  between  server
       and client is designed to be very simple and allow backwards compatibility.

OPTIONS

       -4     and  its  counterpart -6 are used to force IPv4 or IPv6 communication. The default is to listen on
              both address families.

       -d     Turn on debug logging. By default the messages sent to syslog are purely operational, this  option
              sends additional debug messages. For even more detail use the -d parameter twice.

       -f     Do not daemonize, run in the foreground.

       -h     Show short help text

       -v     Show version and supported communication protocol messages/options.

       -l     IP address to listen on. By default the daemon listens on all addresses (wildcard).

       -p     TCP port to listen on. Default port is 5403.

       -s     Determines if TLS should be used and can be one of on/off/required (the default is on ).  on means
              TLS is enabled but the client is not required to start TLS, off means TLS is completely  disabled,
              and  required  means  TLS  is  required.   on and required require the NSS database to be properly
              initialized by running the corosync-qnetd-certutil command.

       -c     can be set to on/off.  This option only makes sense if TLS is enabled. When -c is on a  client  is
              required to send its client certificate (default).

       -m     Maximum simultaneous clients. The default is 0 which means no limit.

       -S     Set  advanced settings described in its own section below. This option shouldn't be generally used
              because most of the options are not safe to change.

UNPRIVILEGED USER CONFIGURATION

       It's generally recommended to run corosync-qnetd as a non  root  user.  If  you  get  a  package  from  a
       distribution  its  highly  possible  that  the  packager  has  done  all  the  hard  work for you. If the
       installation is performed from source code, a few steps have to be taken.

       First it's necessary to create an unprivileged user/group. The following commands can be  used  (executed
       as root):

       # groupadd -r coroqnetd
       # useradd -r -g coroqnetd -d / -s /sbin/nologin -c "User for corosync-qnetd" coroqnetd

       The  next  step  is to set the correct owner and group on /etc/corosync/qnetd and /var/run/corosync-qnetd
       directories.

       # chown -R coroqnetd:coroqnetd /etc/corosync/qnetd /var/run/corosync-qnetd

       Some systems have the /var/run directory on a tmpfs file system which gets discarded after a reboot.  The
       solution  is  to  use an initscript which takes care of the /var/run/corosync-qnetd creation and sets the
       correct owner and permissions. For systems with systemd it's possible to use  a  tmpfile.d  configuration
       file (installed by default if systemd is enabled during corosync compilation).

       The  last  step is to make sure corosync-qnetd is really executed as an unprivileged user. For initscript
       systems it's enough to set the line COROSYNC_QNETD_RUNAS in /etc/(sysconfig|default)/corosync-qnetd file.
       If  the  file  is  not  already  installed  then  use  the  one  provided  in  the  corosync  source code
       (init/corosync-qnetd.sysconfig.example). For systemd, overwrite/copy the corosync-qnetd.service unit file
       and uncomment/change the "User=" directive.

TLS CONFIGURATION

       For TLS to work its necessary to create the NSS database. If pcs is used then the following steps are not
       needed because pcs does them automatically.

       corosync-qnetd-certutil is the tool to perform required actions. Just run:

       # corosync-qnetd-certutil -i

       If TLS is not required then simply edit /etc/(sysconfig|default)/corosync-qnetd or systemd unit file  and
       add the parameter -s off in the proper place.

ADVANCED SETTINGS

       Set by the -S option. The default value is shown in parantheses.

       listen_backlog
              Parameter passed to the listen syscall on the network socket. (10)

       max_client_send_buffers
              Maximum number of send buffers for one client. (32)

       max_client_send_size
              Maximum size of one send buffer (message) to be sent to a client. (32768)

       max_client_receive_size
              Maximum  size of the receive buffer for a client message (maximum allowed message size received by
              client). (32768)

       nss_db_dir
              NSS database directory. (/etc/corosync/qnetd/nssdb)

       cert_nickname
              NSS nickname of qnetd server certificate. (QNetd Cert)

       heartbeat_interval_min
              Minimum heartbeat timeout accepted by server in ms. (1000)

       heartbeat_interval_max
              Maximum heartbeat timeout accepted by server in ms. (120000)

       dpd_enabled
              Dead peer detection enabled. (on)

       dpd_interval
              How often the DPD algorithm detects dead peers in ms. (10000)

       lock_file
              Lock file location. (/var/run/corosync-qnetd/corosync-qnetd.pid)

       local_socket_file
              Internal IPC socket file location. (/var/run/corosync-qnetd/corosync-qnetd.sock)

       local_socket_backlog
              Parameter passed to listen syscall on the local socket. (10)

       ipc_max_clients
              Maximum allowed simultaneous IPC clients. (10)

       ipc_max_receive_size
              Maximum size of a message received by IPC client. (4096)

       ipc_max_send_size
              Maximum size of a message sent to an IPC client. (10485760)

SEE ALSO

       corosync-qnetd-tool(8) corosync-qnetd-certutil(8) corosync-qdevice(8)

AUTHOR

       Jan Friesse

                                                   2016-06-29                                  COROSYNC-QNETD(8)