Skip to Content

Corosync Configuration

Create Keys

All commands have to be executed with the super user role. Initialize the secret key used to encrypt all cluster communication on node-1:


Copy Key to second Node

The key store is located in the the file /etc/corosync/authkey. Copy this file to the same location on node-2.

Configuration of the corosync.conf File

The configuration will have an IP address for node-1 which is supposed to be ip-node-1. node-2 has an ip address to which we refer as ip-node-2.

node-1 will require to have a configuration file /etc/corosync/corosync.conf which will be structured as follows.

The relevant information is being located in the two sections describing interface and nodelist. The other entries can be configured as needed for a specific implementation.

# Please read the corosync.conf.5 manual page
totem { version: 2 token: 3000
token_retransmits_before_loss_const: 6 crypto_cipher: none crypto_hash: none clear_node_high_bit: yes interface { ringnumber: 0 bindnetaddr: ip-node-1 mcastport: 5405 ttl: 1 } transport: udpu

logging {
fileline: off
to_logfile: yes
to_syslog: no
logfile: /var/log/cluster/corosync.log
debug: off
timestamp: on
logger_subsys {
subsys: QUORUM
debug: off

nodelist {
node {
ring0_addr: ip-node-1
nodeid: 1
node {
ring0_addr: ip-node-2
nodeid: 2


quorum {
# Enable and configure quorum subsystem (default: off)
# see also corosync.conf.5 and votequorum.5
provider: corosync_votequorum
expected_votes: 2
two_nodes: 1

node-2 will require a file which is very similar. The IP address in the interface section will have to be changed to be the one of ip-node-2.

Port 5405 is being used in the example for the corosync communication. This port needs to be outbound open for UDP traffic. This port id has been used in the AWS prerequisites section to configure the AWS security groups at instance creation time. Make sure that the port id matches the one in the security group of the cluster instances.

Starting the Cluster

The next step is to start the cluster with the command:

systemctl start pacemaker

Execute this command with super user privileges on both nodes (instances)

Checking the Configuration

The configuration can be checked with the command:

corosync-cfgtool -s

It'll create a result like the following one for a cluster node with the IP address

Printing ring status.
Local node ID 2
        id =
        status = ring 0 active with no faults

The cluster in question has been using ring 0, the node had the ID 2.

Check whether the communication over the port 5405 which is used for the corosync communication (or the custom port) is to type:

crm status

This command should report a line which states that all nodes are online. It should look as follows for a given node1 and node2:

Online: [node1 node2]

 Add this port as a UDP port to the security group of your instances if they don't show the status Online.


what version corosync are you

what version corosync are you running ?

Corosync version

It's the corosync version with comes with SLES 12 for SAP SP1 plus latest patches through the SUSE subscription.
I'll have to check the package version.

- Stefan

book | by Dr. Radut