3 node Cluster, I want one VM to always attempt to start.

E

egidijus

Renowned Member
Sep 20, 2015
10
1
68
London
github.com
Hello,
I love proxmox.
I have 3 nodes.
I virtualised my firewall, it is very good and fast.
This morning, when my power went out, and some nodes did not start, the VM on the node with the firewall did not autoboot.

Is there any way to configure proxmox to always try and start this VM, I do not care if the world is flooded or on fire, I will only have 1 instance of this VM.
The HA/FT strategy for this vm is different from "here is a VM, move it between nodes" (because pcie nics bindings, and so on).

I am aware of `pvecm expected` but I do not think that is what I need.
 
egidijus said:
I am aware of `pvecm expected` but I do not think that is what I need.
Click to expand...
That is the work-around for the exceptional situation when
egidijus said:
I have 3 nodes. This morning, when my power went out, and some nodes did not start
Click to expand...
you lost half (or more) of the nodes.

Since Proxmox clustering is based on quorum ( https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_quorum ), it does not work (or goes read-only) without a majority of the votes on purpose to protect the (majority of the) cluster. Your single node cannot be sure that the other nodes are not running (and have formed the majority of the cluster) from just not being able to reach them.
 
leesteken said:
That is the work-around for the exceptional situation when

you lost half (or more) of the nodes.

Since Proxmox clustering is based on quorum ( https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_quorum ), it does not work (or goes read-only) without a majority of the votes on purpose to protect the (majority of the) cluster. Your single node cannot be sure that the other nodes are not running (and have formed the majority of the cluster) from just not being able to reach them.
Click to expand...
I think I might be asking for a feature here.
I am trying to have an explicit way to say "do not rely on corosync, no quorum" this one VM has explicit setting to ignore cluster quorum safety requirements.

could I use cli `qm` to directly force start the VM ?
 
in this situation you should use pve nodes in standalone mode (no cluster)
downside is no migration between nodes (or use data center manager), no HA and no SDN synchronization
 
  • Like
Reactions: LnxBil
MarkusKo said:
in this situation you should use pve nodes in standalone mode (no cluster)
downside is no migration between nodes (or use data center manager), no HA and no SDN synchronization
Click to expand...
or use a dedicated box for a firewall like soekris, pcengines, odroid, etc.

or virtualize the firewall properly by given the other nodes also more NICs and do not do PCIe passthrough. It breaks live migration/HA, so you need to virtualize the other NICs as well. Can be easily done by adding other bridges for each port you need and/or go with VLAN tagging.

what I don't see coming is breaking the quorum and your cluster.
 
  • Like
Reactions: MarkusKo
egidijus said:
could I use cli `qm` to directly force start the VM ?
Click to expand...
I hope and expect not, but you can easily try this.
egidijus said:
I think I might be asking for a feature here.
Click to expand...
A computer algorithm to decide that a minority of the nodes is the cluster is impossible without running the risk of a split-brain: https://en.wikipedia.org/wiki/Split-brain_(computing)
egidijus said:
I am trying to have an explicit way to say "do not rely on corosync, no quorum" this one VM has explicit setting to ignore cluster quorum safety requirements.
Click to expand...
Because this cannot be safely done automatically you'll need to do it manually. You could set expected to 1 (and that way declare that this one node is the whole cluster) and manually prevent a split-brain. Or write some script to do this automatically, but you'll need to prevent or deal with the split-brain manually.
 
You must log in or register to reply here.
Top Bottom