[SOLVED] Failed setup of external quorum

BonesWyverns

New Member
May 14, 2024
5
1
1
Hello everyone, I am currently setting up a cluster consisting of 2 nodes on Proxmox 8. To implement high availability (HA), I would like to set up an external server that would serve as an external vote. This server is also a Proxmox 8 instance that is independent.

On the external server, I did: apt install corosync-qnetd
And on the 2 nodes of my cluster, I did: apt install corosync-qdevice
On one of yhe 2 nodes, I did: pvecm qdevice setup 5.XX.XX.64

And obtain this:

root@serveur1:~# pvecm qdevice setup 5.XX.XX.64
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '5.XX.XX.64 (5.XX.XX.64)' can't be established.
ED25519 key fingerprint is SHA256:s7Q6F4pnPR2jyiMXBef......FoRp1mYFhw9g.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@5.XX.XX.64's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@5.XX.XX.64'"
and check to make sure that only the key(s) you wanted were added.


INFO: initializing qnetd server
Certificate database (/etc/corosync/qnetd/nssdb) already exists. Delete it to initialize new db

INFO: copying CA cert and initializing on all nodes

node 'serveur1': Creating /etc/corosync/qdevice/net/nssdb
password file contains no data
node 'serveur1': Creating new key and cert db
node 'serveur1': Creating new noise file /etc/corosync/qdevice/net/nssdb/noise.txt
node 'serveur1': Importing CAHost key verification failed.

INFO: generating cert request
Creating new certificate request


Generating key. This may take a few moments...

Certificate request stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.crq

INFO: copying exported cert request to qnetd server

INFO: sign and export cluster cert
Signing cluster certificate
Certificate stored in /etc/corosync/qnetd/nssdb/cluster-cluster.crt

INFO: copy exported CRT

INFO: import certificate
Importing signed cluster certificate
Notice: Trust flag u is set automatically if the private key is present.
pk12util: PKCS12 EXPORT SUCCESSFUL
Certificate stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.p12

INFO: copy and import pk12 cert to all nodes

node 'serveur1': Importing cluster certificate and key
node 'serveur1': pk12util: PKCS12 IMPORT SUCCESSFULHost key verification failed.
command 'ssh -o 'BatchMode=yes' -lroot 37.XX.XX.109 corosync-qdevice-net-certutil -m -c /etc/pve/qdevice-net-node.p12' failed: exit code 255

serveur1 is the 1st node of my cluster with IP 5.XX.XX.204
serveur2 is the second node of my cluster with IP 37.XX.XX.109
vote is the external server with IP 5.XX.XX.64

They all have the same SSL certificates and differents SSH key.
They can all ping each other without problems.

If you have a clue, it would greatly help me.
Have a nice day
 
Hello everyone, I found what was wrong. My server "serveur1" was unable to verify the authenticity of the server "serveur2" because it didn't have its SSH key.

Simply go to serveur1, open the shell, and execute the command:

ssh-keyscan 37.XX.XX.109 >> ~/.ssh/known_hosts


I wish you a good day.
 
  • Like
Reactions: carles89

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!