Hello everyone, I am currently setting up a cluster consisting of 2 nodes on Proxmox 8. To implement high availability (HA), I would like to set up an external server that would serve as an external vote. This server is also a Proxmox 8 instance that is independent.
On the external server, I did: apt install corosync-qnetd
And on the 2 nodes of my cluster, I did: apt install corosync-qdevice
On one of yhe 2 nodes, I did: pvecm qdevice setup 5.XX.XX.64
And obtain this:
root@serveur1:~# pvecm qdevice setup 5.XX.XX.64
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '5.XX.XX.64 (5.XX.XX.64)' can't be established.
ED25519 key fingerprint is SHA256:s7Q6F4pnPR2jyiMXBef......FoRp1mYFhw9g.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@5.XX.XX.64's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@5.XX.XX.64'"
and check to make sure that only the key(s) you wanted were added.
INFO: initializing qnetd server
Certificate database (/etc/corosync/qnetd/nssdb) already exists. Delete it to initialize new db
INFO: copying CA cert and initializing on all nodes
node 'serveur1': Creating /etc/corosync/qdevice/net/nssdb
password file contains no data
node 'serveur1': Creating new key and cert db
node 'serveur1': Creating new noise file /etc/corosync/qdevice/net/nssdb/noise.txt
node 'serveur1': Importing CAHost key verification failed.
INFO: generating cert request
Creating new certificate request
Generating key. This may take a few moments...
Certificate request stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.crq
INFO: copying exported cert request to qnetd server
INFO: sign and export cluster cert
Signing cluster certificate
Certificate stored in /etc/corosync/qnetd/nssdb/cluster-cluster.crt
INFO: copy exported CRT
INFO: import certificate
Importing signed cluster certificate
Notice: Trust flag u is set automatically if the private key is present.
pk12util: PKCS12 EXPORT SUCCESSFUL
Certificate stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.p12
INFO: copy and import pk12 cert to all nodes
node 'serveur1': Importing cluster certificate and key
node 'serveur1': pk12util: PKCS12 IMPORT SUCCESSFULHost key verification failed.
command 'ssh -o 'BatchMode=yes' -lroot 37.XX.XX.109 corosync-qdevice-net-certutil -m -c /etc/pve/qdevice-net-node.p12' failed: exit code 255
serveur1 is the 1st node of my cluster with IP 5.XX.XX.204
serveur2 is the second node of my cluster with IP 37.XX.XX.109
vote is the external server with IP 5.XX.XX.64
They all have the same SSL certificates and differents SSH key.
They can all ping each other without problems.
If you have a clue, it would greatly help me.
Have a nice day
On the external server, I did: apt install corosync-qnetd
And on the 2 nodes of my cluster, I did: apt install corosync-qdevice
On one of yhe 2 nodes, I did: pvecm qdevice setup 5.XX.XX.64
And obtain this:
root@serveur1:~# pvecm qdevice setup 5.XX.XX.64
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '5.XX.XX.64 (5.XX.XX.64)' can't be established.
ED25519 key fingerprint is SHA256:s7Q6F4pnPR2jyiMXBef......FoRp1mYFhw9g.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@5.XX.XX.64's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@5.XX.XX.64'"
and check to make sure that only the key(s) you wanted were added.
INFO: initializing qnetd server
Certificate database (/etc/corosync/qnetd/nssdb) already exists. Delete it to initialize new db
INFO: copying CA cert and initializing on all nodes
node 'serveur1': Creating /etc/corosync/qdevice/net/nssdb
password file contains no data
node 'serveur1': Creating new key and cert db
node 'serveur1': Creating new noise file /etc/corosync/qdevice/net/nssdb/noise.txt
node 'serveur1': Importing CAHost key verification failed.
INFO: generating cert request
Creating new certificate request
Generating key. This may take a few moments...
Certificate request stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.crq
INFO: copying exported cert request to qnetd server
INFO: sign and export cluster cert
Signing cluster certificate
Certificate stored in /etc/corosync/qnetd/nssdb/cluster-cluster.crt
INFO: copy exported CRT
INFO: import certificate
Importing signed cluster certificate
Notice: Trust flag u is set automatically if the private key is present.
pk12util: PKCS12 EXPORT SUCCESSFUL
Certificate stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.p12
INFO: copy and import pk12 cert to all nodes
node 'serveur1': Importing cluster certificate and key
node 'serveur1': pk12util: PKCS12 IMPORT SUCCESSFULHost key verification failed.
command 'ssh -o 'BatchMode=yes' -lroot 37.XX.XX.109 corosync-qdevice-net-certutil -m -c /etc/pve/qdevice-net-node.p12' failed: exit code 255
serveur1 is the 1st node of my cluster with IP 5.XX.XX.204
serveur2 is the second node of my cluster with IP 37.XX.XX.109
vote is the external server with IP 5.XX.XX.64
They all have the same SSL certificates and differents SSH key.
They can all ping each other without problems.
If you have a clue, it would greatly help me.
Have a nice day
