---
canonical: https://safekit.evidian.com/wp-content/uploads/downloads_safekit/version-82/safekituserguidehtml/documentation/safekituserguideen.htm
---

# 12.          Cluster.xml for the SafeKit cluster configuration

![*](safekituserguideen_fichiers/image001.png)      
Section 12.1 “Cluster.xml file”

![*](safekituserguideen_fichiers/image001.png)      
Section 12.2 “SafeKit cluster Configuration”

 

SafeKit uses the configuration file cluster.xml. This file defines all the servers that make up the SafeKit cluster
as well as the IP address (or name) of these servers on the networks used to
communicate with the cluster nodes. These are global cluster and module
internal communications; these communications are encrypted.  This network is
also used for executing the global safekit command (with argument -H).

You must define at least one network that
includes all nodes in the cluster. It is recommended to define several networks
to tolerate at least one network failure.

The cluster can be configured:

·        
Either via the cluster configuration wizard in
the SafeKit web console

·        
Or by directly editing the cluster configuration
file and applying the configuration via command line

Both methods are described in section 12.2.

 

|  |  |
| --- | --- |
| Sous-titres contour | For full examples of cluster configurations refer to section 15.1.1 and section 15.2.1. It presents the configuration via the web console along with the corresponding cluster.xml. |

## 12.1          Cluster.xml file

Each network (lan) has a logical
name that will be used in the configuration of the modules to name the
monitoring networks:

·        
into the heartbeat section for a mirror module (for
details, see section 13.4)

·        
into the lan section for a farm module (for
details, see section 13.5)

The node name is the one that is used by
the SafeKit administration service (safeadmin) for uniquely identifying a
SafeKit node. You must always use the same name for designing a given server on
different networks. This name is also used by the SafeKit web console when
displaying the node’s name.

### 12.1.1      Cluster.xml example

·        
In the example below, two networks are defined. One
of them can be dedicated to file replication in a mirror
module.

<cluster>

<lans>

      <lan
name="default">

        
<node name="node1" addr="192.168.1.67"/>

        
<node name="node2" addr="192.168.1.68"/>

     
</lan>

      <lan
name="repli">

        
<node name="node1" addr="10.0.0.1"/>

        
<node name="node2" addr="10.0.0.2"/>

     
</lan>

  
</lans>

</cluster>

·        
In the example below, a unique network is used,
but in a Network address translation (NAT) configuration. For each node two
addresses must be defined: the local one laddr (defined on
local interface) and the external one addr (as seen by other servers).

All
nodes must be able to communicate to the others via the NATted addresses.

<cluster>

   <lans>

      <lan
name="default">

        
<node name="node1" addr="server1.dns.name"
laddr="10.0.0.1"/>

        
<node name="node2" addr="server2.dns.name"
laddr="10.0.0.2"/>

     
</lan>

  
</lans>

</cluster>

### 12.1.2      Cluster.xml syntax

<cluster>

  <lans
[port="4800"]>

    <lan
name="*lan\_name*" [command="on|off"] >               

      <node
name="node1 name" addr="node1 IP address or name"

           [ laddr="*local\_IP1\_address*" ]/>

      <node
name="node2 name" addr="node2 IP address or name"

           [
laddr="*local\_IP2\_address*" ] />

      …

   
</lan>

    …

  </lans>

</cluster>

### 12.1.3      <lans>, <lan>, <node> attributes

|  |  |
| --- | --- |
| <lans | Begin the definition of the cluster nodes and network topology. |
| [port="xxxx"] | Defines the UDP port with which the membership protocol is exchanged.  Default: 4800 |
| [pulse="100"] | Delay, in milliseconds, between two heartbeat packets emitted by the membership protocol.  Longer pulse makes the membership protocol use less bandwidth but react more slowly.  Default value: 100 (100 millseconds) |
| [mlost\_count="20"] | Number of heartbeats not received before electing a new leader node.  Default value: 20 ~ 20 x pulse (2000 milliseconds) |
| [slost\_count="10"] | Number of heartbeats not received before declaring a follower node offline.  Default value: 10 ~ 10 x pulse (1000 milliseconds) |
| <lan | Definition of a LAN (i.e., IPv4 broadcast domain, IPv6 link) on which the membership protocol will be transmitted. At least one LAN must be defined. Define one such tag per used LAN. |
| name="*lan name*" | Single logical name for the lan.  This name is used into module configuration to name networks used by the module. |
| command="on"|"off" | Set command="on" to use this network for running distributed commands on the cluster.  In this case, this <lan> section must include all nodes in the cluster. You can set only one <lan> section with command="on".  When this attribute is not set, it is the first <lan> section that is used for running distributed commands on the cluster.  Default: off |
| <node | Definition of one node in the SafeKit cluster. Define as many <node> tags as there are nodes in the cluster (at least 2). |
| name="*node name*" | Single logical name to the SafeKit server.  You must always use the same name for designing a given server on different lans. |
| addr=  "*IP address or name*" | IPv4 or IPv6 address, or name of the node as it is known by other nodes on this LAN (IP address recommended to be independent from a DNS server). On NAT configuration, it must be the external address.  When defining an IPv6 address, use literal format: the address is enclosed in square brackets (e.g. [2001::7334]) |
| laddr=  "*local IP address*" | Local IP address on this LAN. To be used only on NAT configurations, where local address is different from external one.  IPv4 address or literal IPv6 address. |

 

|  |  |
| --- | --- |
| Commentaire, ajouter contour | In SafeKit < 8.2, the cluster configuration had attributes console and framework on <lan> tag. These attributes were necessary for the legacy web console and are obsolete with the new one. If presents, these attributes are ignored in SafeKit 8.2. |

## 12.2          SafeKit cluster Configuration

### 12.2.1      Configuration with the SafeKit web console

The SafeKit web console provides a configuration
wizard for editing the cluster.xml file and applying the configuration on all the cluster nodes.

|  |  |
| --- | --- |
| Commentaire, ajouter contour | ·         The cluster configuration requires to log in the web console with a user having Admin role  ·         If the cluster is not configured, the web console automatically opens the Cluster configuration wizard  ·         When the cluster is configured, the current cluster configuration is loaded from the connection node specified in the browser URL |

 

Open the cluster configuration wizard:

·        
Directly via the URL http://host:9010/console/en/configuration/cluster/config

Or

·        
Navigate in the console

 

In this example, the console is loaded from
10.0.0.107, which corresponds to node1 in the existing cluster. This is
the connection node.

![](safekituserguideen_fichiers/image345.png)

·        
Click on ![](safekituserguideen_fichiers/image346.png)“Configuration” in the
navigation sidebar

·        
Click on “Cluster
configuration” tab

·        
Click on ![](safekituserguideen_fichiers/image347.png)“Configure the cluster” button

|  |  |
| --- | --- |
| Commentaire, ajouter contour | For details on the cluster configuration wizard, see section 3.2.1. |

### 12.2.2      Configuration with command line

·        
(1) Log in as administrator/root

·        
(2) Edit the file SAFEVAR/cluster/cluster.xml

In
Windows, SAFEVAR= C:\safekit\var if %SYSTEMDRIVE%=C:

In Linux,
SAFEVAR=/var/safekit

·        
(3) Apply the cluster configuration with a new
encryption key by executing:

1.    safekit cluster config

Configure
locally, from the cluster.xml file, and generate a new encryption key for communication between
the nodes.

2.    safekit -H "\*" -G

It
applies the local configuration, defined into cluster.xml, on all
cluster nodes.

To re-configure the cluster without
cryptographic key, execute:

1.    safekit cluster delkey

2.    safekit -H "\*" -G

To regenerate encryption keys and propagate
them on cluster nodes:

1.    safekit cluster genkey

2.    safekit -H "\*" -G

|  |  |
| --- | --- |
| Commentaire, ajouter contour | For the full description of commands, refer to section 9.2. |

### 12.2.3      Configuration changes

```
When changing the cluster configuration, the new configuration must be applied on all cluster nodes. When the configuration is applied only on a subset of the nodes present into the cluster configuration, only this subset will be able to communicate with each other. This is also the case when the cryptographic key is not identical on all nodes. This can have the effect of disrupting the operation of the modules installed on servers.
```

For a correct behavior, you must re-apply
the configuration on all the nodes that belong to the cluster as described
above.

|  |  |
| --- | --- |
| Commentaire, ajouter contour | You can check the configuration by running the command safekit cluster confinfo on each node (see section 9.2). When the configuration is operational, this command must return on all nodes, the same list of nodes and the same value for the configuration signature. |

Changing the cluster configuration could
have important impact on module configurations since the lan names set into the
cluster configuration are used into the module’s configuration.  Any change in
the cluster configuration, will trigger modules updates: each module will
reload its configuration to adapt the changes. Such changes could lead to
module stop in case of incompatibility (for example if a lan used by an
application module is removed from the cluster configuration). So, great care
must be taken when modifying cluster configuration when modules are running.