re-enabling cluster node

[pmuenstermann]

I run a PVE cluster with three nodes (VM00, VM02 and VM03).

Actually, the nodes reflect the hardware history in our company: if the old 'main server' is replaced, an additional node is added on the new hardware.
Typically, all clients are migrated to the new node; the old hardware is kept as a sort of backup-system to run the essential clients if the 'main server' is in trouble.
Proxmox is great to run this strategy.

At present time, VM03 is the main host, VM00 only contains firewall and web-proxy. Both are running Debian Bullseye and PVE 7.2-7.
VM02 was offline for quite a long time, because the power supply was broken.

Now, the power supply is fixed and I want to reinject VM02 into the cluster.
I updated the operating system to Debian Bullseye and PVE to 7.2-7, but I get no node connection between VM00 and VM03 on one side, and VM02 on the other.
If I enter the corresponding IP-Adressses, I see both groups in the GUI. But they don't see each other.

Entering 'pveupdate' on VM02, I get the error

OU = PVE Cluster Node, O = Proxmox Virtual Environment, CN = deikevm02.deike.lan
error 10 at 0 depth lookup: certificate has expired
error /etc/pve/nodes/deikevm02/pve-ssl.pem: verification failed

Looks like a simple certificate probem, but I don't know what to copy to what destination.

I found the hint on G****e to update the certificates with 'pvecm updatecerts -f'.
This gives the error "no quorum - unable to update files".

Any ideas?

 

[shrdlicka]

Hi,
what does

pvecm status

say on vm00/vm03 and vm02?

 

[pmuenstermann]

VM03:

Cluster information
-------------------
Name:             VHD
Config Version:   5
Transport:        knet
Secure auth:      on

Quorum information
------------------
Date:             Fri Jul 15 09:56:51 2022
Quorum provider:  corosync_votequorum
Nodes:            2
Node ID:          0x00000004
Ring ID:          1.2f2e
Quorate:          Yes

Votequorum information
----------------------
Expected votes:   3
Highest expected: 3
Total votes:      2
Quorum:           2
Flags:            Quorate

Membership information
----------------------
    Nodeid      Votes Name
0x00000001          1 192.168.31.10
0x00000004          1 192.168.31.13 (local)

VM02:

Cluster information
-------------------
Name:             VHD
Config Version:   4
Transport:        knet
Secure auth:      on

Cannot initialize CMAP service

With this error message, I did new internet searches and can supply additional information (and the solution):

Files /etc/hosts, /etc/pve/authkey.pub and /etc/pve/corosync.conf differed on both systems.
I copied the file /etc/corosync/corosync.conf from VM03 to VM02 and added VM03 to the hosts-file.

After a restart of corosync.service and pve-cluster.service, the VM02 node was visible in the GUI

Thanks for your quick support