Hi,
We use proxmox since proxmox 4.0 as a cluster for our VMs.
We have a small infrastructure with 4 nodes configured with one NIC each.
We upgrade from 4 to 5 (in-place) without issue.
We would like to do the same for 5 to 6.
However, I have some question about the docs and pv5to6 result.
First things first, you will find all files related to my question. Some of the files have been modified to hide original names or ips.
In the docs, I can see the following :
With Corosync 3 the on-the-wire format has changed. It is now incompatible with Corosync 2.x because it switched out the underlying multicast UDP stack with kronosnet. Configuration files generated by a Proxmox VE with version 5.2 or newer, are already compatible with the new Corosync 3.x (at least enough to process the upgrade without any issues).
Question 1 : Since I am using proxmox 5.4 but upgrade from 4.0, are my configuration files compatible with the new Corosync 3.x ?
So I decided to quickly check the output of pve5to6.
Question 2 : About "FAIL: Unsupported SSH Cipher configured for root in /root/.ssh/config: 3des", should I just remove "3des-cbc" from "/root/.ssh/config" from all nodes ?
Question 3 : About "FAIL: nodeX: unable to resolve ring0_addr 'nodeX' to an IP address according to Corosync's resolve strategy - cluster will potentially fail with Corosync 3.x/kronosnet!", should I just need to specify in "/etc/hosts" all nodes on all nodes ?
Question 4 : About "WARN: nodeX: ring0_addr 'nodeX' resolves to '192.168.0.1'. Consider replacing it with the currently resolved IP address.", (I precise we use one NIC for each nodes and we don't have a Separate Cluster Network (I don't think it was possible when we created the cluster) ), What should I do since it is already specify in /etc/hosts?
We use proxmox since proxmox 4.0 as a cluster for our VMs.
We have a small infrastructure with 4 nodes configured with one NIC each.
We upgrade from 4 to 5 (in-place) without issue.
We would like to do the same for 5 to 6.
However, I have some question about the docs and pv5to6 result.
First things first, you will find all files related to my question. Some of the files have been modified to hide original names or ips.
In the docs, I can see the following :
With Corosync 3 the on-the-wire format has changed. It is now incompatible with Corosync 2.x because it switched out the underlying multicast UDP stack with kronosnet. Configuration files generated by a Proxmox VE with version 5.2 or newer, are already compatible with the new Corosync 3.x (at least enough to process the upgrade without any issues).
Question 1 : Since I am using proxmox 5.4 but upgrade from 4.0, are my configuration files compatible with the new Corosync 3.x ?
So I decided to quickly check the output of pve5to6.
= CHECKING VERSION INFORMATION FOR PVE PACKAGES =
Checking for package updates..
WARN: updates for the following packages are available:
linux-libc-dev, pve-cluster, lxc-pve, pve-kernel-4.15, pve-kernel-4.15.18-20-pve
Checking proxmox-ve package version..
PASS: proxmox-ve package has version >= 5.4-2
Checking running kernel version..
PASS: expected running kernel '4.15.18-19-pve'.
= CHECKING CLUSTER HEALTH/SETTINGS =
PASS: systemd unit 'pve-cluster.service' is in state 'active'
PASS: systemd unit 'corosync.service' is in state 'active'
PASS: Cluster Filesystem is quorate.
Analzying quorum settings and state..
INFO: configured votes - nodes: 4
INFO: configured votes - qdevice: 0
INFO: current expected votes: 4
INFO: current total votes: 4
Checking nodelist entries..
FAIL: node4: unable to resolve ring0_addr 'node4' to an IP address according to Corosync's resolve strategy - cluster will potentially fail with Corosync 3.x/kronosnet!
WARN: node1: ring0_addr 'node1' resolves to '192.168.0.1'.
Consider replacing it with the currently resolved IP address.
FAIL: node2: unable to resolve ring0_addr 'node2' to an IP address according to Corosync's resolve strategy - cluster will potentially fail with Corosync 3.x/kronosnet!
FAIL: node3: unable to resolve ring0_addr 'node3' to an IP address according to Corosync's resolve strategy - cluster will potentially fail with Corosync 3.x/kronosnet!
Checking totem settings..
PASS: Corosync transport set to implicit default.
PASS: Corosync encryption and authentication enabled.
INFO: run 'pvecm status' to get detailed cluster status..
= CHECKING INSTALLED COROSYNC VERSION =
FAIL: corosync 2.x installed, cluster-wide upgrade to 3.x needed!
= CHECKING HYPER-CONVERGED CEPH STATUS =
SKIP: no hyper-converged ceph setup detected!
= CHECKING CONFIGURED STORAGES =
PASS: storage 'Storage1' enabled and active.
SKIP: storage 'Storage2' disabled.
PASS: storage 'Storage3' enabled and active.
PASS: storage 'Storage4' enabled and active.
PASS: storage 'Storage5' enabled and active.
SKIP: storage 'Storage6' disabled.
PASS: storage 'Storage7' enabled and active.
= MISCELLANEOUS CHECKS =
FAIL: Unsupported SSH Cipher configured for root in /root/.ssh/config: 3des
INFO: Checking common daemon services..
PASS: systemd unit 'pveproxy.service' is in state 'active'
PASS: systemd unit 'pvedaemon.service' is in state 'active'
PASS: systemd unit 'pvestatd.service' is in state 'active'
INFO: Checking for running guests..
WARN: 3 running guest(s) detected - consider migrating or stopping them.
INFO: Checking if the local node's hostname 'node1' is resolvable..
INFO: Checking if resolved IP is configured on local node..
PASS: Resolved node IP '192.168.0.1' configured and active on single interface.
INFO: Check node certificate's RSA key size
PASS: Certificate 'pve-root-ca.pem' passed Debian Busters security level for TLS connections (2048 >= 2048)
PASS: Certificate 'pve-ssl.pem' passed Debian Busters security level for TLS connections (2048 >= 2048)
INFO: Checking KVM nesting support, which breaks live migration for VMs using it..
PASS: KVM nested parameter not set.
= SUMMARY =
TOTAL: 30
PASSED: 19
SKIPPED: 3
WARNINGS: 3
FAILURES: 5
ATTENTION: Please check the output for detailed information!
Try to solve the problems one at a time and then run this checklist tool again.
Checking for package updates..
WARN: updates for the following packages are available:
linux-libc-dev, pve-cluster, lxc-pve, pve-kernel-4.15, pve-kernel-4.15.18-20-pve
Checking proxmox-ve package version..
PASS: proxmox-ve package has version >= 5.4-2
Checking running kernel version..
PASS: expected running kernel '4.15.18-19-pve'.
= CHECKING CLUSTER HEALTH/SETTINGS =
PASS: systemd unit 'pve-cluster.service' is in state 'active'
PASS: systemd unit 'corosync.service' is in state 'active'
PASS: Cluster Filesystem is quorate.
Analzying quorum settings and state..
INFO: configured votes - nodes: 4
INFO: configured votes - qdevice: 0
INFO: current expected votes: 4
INFO: current total votes: 4
Checking nodelist entries..
FAIL: node4: unable to resolve ring0_addr 'node4' to an IP address according to Corosync's resolve strategy - cluster will potentially fail with Corosync 3.x/kronosnet!
WARN: node1: ring0_addr 'node1' resolves to '192.168.0.1'.
Consider replacing it with the currently resolved IP address.
FAIL: node2: unable to resolve ring0_addr 'node2' to an IP address according to Corosync's resolve strategy - cluster will potentially fail with Corosync 3.x/kronosnet!
FAIL: node3: unable to resolve ring0_addr 'node3' to an IP address according to Corosync's resolve strategy - cluster will potentially fail with Corosync 3.x/kronosnet!
Checking totem settings..
PASS: Corosync transport set to implicit default.
PASS: Corosync encryption and authentication enabled.
INFO: run 'pvecm status' to get detailed cluster status..
= CHECKING INSTALLED COROSYNC VERSION =
FAIL: corosync 2.x installed, cluster-wide upgrade to 3.x needed!
= CHECKING HYPER-CONVERGED CEPH STATUS =
SKIP: no hyper-converged ceph setup detected!
= CHECKING CONFIGURED STORAGES =
PASS: storage 'Storage1' enabled and active.
SKIP: storage 'Storage2' disabled.
PASS: storage 'Storage3' enabled and active.
PASS: storage 'Storage4' enabled and active.
PASS: storage 'Storage5' enabled and active.
SKIP: storage 'Storage6' disabled.
PASS: storage 'Storage7' enabled and active.
= MISCELLANEOUS CHECKS =
FAIL: Unsupported SSH Cipher configured for root in /root/.ssh/config: 3des
INFO: Checking common daemon services..
PASS: systemd unit 'pveproxy.service' is in state 'active'
PASS: systemd unit 'pvedaemon.service' is in state 'active'
PASS: systemd unit 'pvestatd.service' is in state 'active'
INFO: Checking for running guests..
WARN: 3 running guest(s) detected - consider migrating or stopping them.
INFO: Checking if the local node's hostname 'node1' is resolvable..
INFO: Checking if resolved IP is configured on local node..
PASS: Resolved node IP '192.168.0.1' configured and active on single interface.
INFO: Check node certificate's RSA key size
PASS: Certificate 'pve-root-ca.pem' passed Debian Busters security level for TLS connections (2048 >= 2048)
PASS: Certificate 'pve-ssl.pem' passed Debian Busters security level for TLS connections (2048 >= 2048)
INFO: Checking KVM nesting support, which breaks live migration for VMs using it..
PASS: KVM nested parameter not set.
= SUMMARY =
TOTAL: 30
PASSED: 19
SKIPPED: 3
WARNINGS: 3
FAILURES: 5
ATTENTION: Please check the output for detailed information!
Try to solve the problems one at a time and then run this checklist tool again.
127.0.0.1 localhost.localdomain localhost
192.168.0.1 node1.company.com node1 pvelocalhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
192.168.0.1 node1.company.com node1 pvelocalhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Ciphers blowfish-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
logging {
debug: off
to_syslog: yes
}
nodelist {
node {
name: node2
nodeid: 2
quorum_votes: 1
ring0_addr: node2
}
node {
name: node1
nodeid: 1
quorum_votes: 1
ring0_addr: node1
}
node {
name: node4
nodeid: 4
quorum_votes: 1
ring0_addr: node4
}
node {
name: node3
nodeid: 3
quorum_votes: 1
ring0_addr: node3
}
}
quorum {
provider: corosync_votequorum
}
totem {
cluster_name: PROXMOX-CLS
config_version: 10
ip_version: ipv4
secauth: on
version: 2
interface {
bindnetaddr: 192.168.0.1
ringnumber: 0
}
}
debug: off
to_syslog: yes
}
nodelist {
node {
name: node2
nodeid: 2
quorum_votes: 1
ring0_addr: node2
}
node {
name: node1
nodeid: 1
quorum_votes: 1
ring0_addr: node1
}
node {
name: node4
nodeid: 4
quorum_votes: 1
ring0_addr: node4
}
node {
name: node3
nodeid: 3
quorum_votes: 1
ring0_addr: node3
}
}
quorum {
provider: corosync_votequorum
}
totem {
cluster_name: PROXMOX-CLS
config_version: 10
ip_version: ipv4
secauth: on
version: 2
interface {
bindnetaddr: 192.168.0.1
ringnumber: 0
}
}
Question 2 : About "FAIL: Unsupported SSH Cipher configured for root in /root/.ssh/config: 3des", should I just remove "3des-cbc" from "/root/.ssh/config" from all nodes ?
Question 3 : About "FAIL: nodeX: unable to resolve ring0_addr 'nodeX' to an IP address according to Corosync's resolve strategy - cluster will potentially fail with Corosync 3.x/kronosnet!", should I just need to specify in "/etc/hosts" all nodes on all nodes ?
Question 4 : About "WARN: nodeX: ring0_addr 'nodeX' resolves to '192.168.0.1'. Consider replacing it with the currently resolved IP address.", (I precise we use one NIC for each nodes and we don't have a Separate Cluster Network (I don't think it was possible when we created the cluster) ), What should I do since it is already specify in /etc/hosts?