3-Nodes incl Quorum-Device - HA-Reachablilty.

P

PTR

New Member
Feb 20, 2022
10
0
1
41
Hi All,

2 nodes & a Quorum-Device are running in HA-Cluster.
Problem: when node1 (Cluster creator) fails, the Proxmox-GUI is not accessable anymore. If I type in the IP-Address of node2, Login fails on node2 - as if the user would be unknown.
Problem only appears when node1 goes down.
Looks like 3 nodes are not enough for HA? Only 1 Master there the problem? More possible?

Aim: Proxmox-GUI accessible after one node goes down. No matter which node it is.
 
PTR said:
Problem: when node1 (Cluster creator) fails, the Proxmox-GUI is not accessable anymore. If I type in the IP-Address of node2, Login fails on node2 - as if the user would be unknown.
Click to expand...
Do you use pve or pam realm for this user? pam is system local, pve works clusterwide (/etc/pve/priv/shadow.cfg is stored on a cluster fs).
 
Last edited:
ness1602 said:
can you get us output of pvecm status from node1?
Click to expand...
Cluster information
-------------------
Name: Cluster
Config Version: 3
Transport: knet
Secure auth: on

Quorum information
------------------
Date: Tue Apr 26 10:03:48 2022
Quorum provider: corosync_votequorum
Nodes: 2
Node ID: 0x00000001
Ring ID: 1.2f0
Quorate: Yes

Votequorum information
----------------------
Expected votes: 3
Highest expected: 3
Total votes: 3
Quorum: 2
Flags: Quorate Qdevice

Membership information
----------------------
Nodeid Votes Qdevice Name
0x00000001 1 A,V,NMW 10.10.10.20 (local)
0x00000002 1 A,V,NMW 10.10.10.21
0x00000000 1 Qdevice
 
mvs said:
Do you use pve or pam realm for this user? pam is system local, pve works clusterwide (/etc/pve/priv/shadow.cfg is stored on a cluster fs).
Click to expand...
pam. But on every node the same credentials. Maybe that is the problem. I will try a pve-user...
 
please check the system logs on node2 when attempting the login and (again) the output of pvecm status, both with node1 down.
 
ok, did the pve-user thing.
created it with "Administrator" rights.
-> Login with node1 down works now on node2.
AND interesting: root@pam on node2 now works also with node1 down. -> Is that expected?? Why?
-> node-shell is not accessible without root@pam right?

Conclusion at the moment: Creating a pve-user seems to solve the problem - even for the root@pam user...

root@node2:~# pvecm status
Cluster information
-------------------
Name: Cluster
Config Version: 3
Transport: knet
Secure auth: on

Quorum information
------------------
Date: Tue Apr 26 11:32:24 2022
Quorum provider: corosync_votequorum
Nodes: 1
Node ID: 0x00000002
Ring ID: 2.30f
Quorate: Yes

Votequorum information
----------------------
Expected votes: 3
Highest expected: 3
Total votes: 2
Quorum: 2
Flags: Quorate Qdevice

Membership information
----------------------
Nodeid Votes Qdevice Name
0x00000002 1 A,V,NMW 10.10.10.21 (local)
0x00000000 1 Qdevice
 
creating a user in the 'pve' realm does not change anything about users in the 'pam' realm being able to login. login can be blocked if you lose quorum (e.g., because writing TFA state not being possible), but again, that is not affected by whether '@pve' users exist or not. so I'd say this was just random chance, and something else caused the issue originally (like loss of quorum for whatever reason).
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom