[pve-devel] [PATCH cluster 1/2] ensure quorum is set false when corosync fails

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Jun 30 16:35:36 CEST 2016

If corosync directly fails (i.e. `killall corosync`) the local node
acted like it had still quorum, which is not ideal.

Ensure that we set quorate to false before we finalize the quorum.

Do this in:

* service_quorum_dispatch, if it fails it is important that we set
it to false, as there is a good possibility that the
quorum_notification_fn won't get called anymore, reproducible with
$ killall corosync && sleep 0.1 && ls -l /etc/pve/ \
  && systemctl start corosync
Expected behavior: corosync is dead, the ls should show that
everything in /etc/pve is read only
Shown: behavior: /etc/pve still has read/write access and
PVE::Cluster::check_cfs_quorum() still returns true

* service_quorum_initialize: just to be sure as we successfully
  registered the quorum notification function already

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
 data/src/quorum.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/src/quorum.c b/data/src/quorum.c
index 1c258db..d9afc1d 100644
--- a/data/src/quorum.c
+++ b/data/src/quorum.c
@@ -146,6 +146,7 @@ static int service_quorum_initialize(
 	return quorum_fd;
+	cfs_set_quorate(0, FALSE);
 	private->handle = 0;
@@ -181,6 +182,7 @@ loop:
 	cfs_critical("quorum_dispatch failed: %d", result);
+	cfs_set_quorate(0, FALSE);
 	private->handle = 0;
 	return FALSE;

More information about the pve-devel mailing list