Comments out chunks of text, even spanning more than one line. Characters between the keyword skip and the opening brace (“{”) are ignored. Everything enclosed by the braces is skipped. This comes in handy, if you just want to comment out some 'resource [name] {...}' section: just precede it with 'skip'.

Configures some global parameters. Currently only minor-count, dialog-refresh, disable-ip-verification and usage-count are allowed here. You may only have one global section, preferably as the first section.

All resources inherit the options set in this section. The common section might have a startup, a syncer, a handlers, a net and a disk section.

Configures a DRBD resource. Each resource section needs to have two on host sections and may have a startup, a syncer, a handlers, a net and a disk section. Required parameter in this section: protocol.

Carries the necessary configuration parameters for a DRBD device of the enclosing resource. host-name is mandatory and must match the Linux host name (uname -n) of one of the nodes. Required parameters in this section: device, disk, address, meta-disk, flexible-meta-disk.

This section is used to fine tune DRBD's properties in respect to the low level storage. Please refer to drbdsetup(8) for detailed description of the parameters. Optional parameter: on-io-error, size, fencing, use-bmbv, no-disk-barrier, no-disk-flushes, no-disk-drain, no-md-flushes, max-bio-bvecs.

This section is used to fine tune DRBD's properties. Please refer to drbdsetup(8) for a detailed description of this section's parameters. Optional parameters: sndbuf-size, timeout, connect-int, ping-int, ping-timeout, max-buffers, max-epoch-size, ko-count, allow-two-primaries, cram-hmac-alg, shared-secret, after-sb-0pri, after-sb-1pri, after-sb-2pri, data-integrity-alg, no-tcp-cork

This section is used to fine tune DRBD's properties. Please refer to drbdsetup(8) for a detailed description of this section's parameters. Optional parameters: wfc-timeout, degr-wfc-timeout, wait-after-sb and become-primary-on.

This section is used to fine tune the synchronization daemon for the device. Please refer to drbdsetup(8) for a detailed description of this section's parameters. Optional parameters: rate, after, al-extents, cpu-mask and verify-alg.

In this section you can define handlers (executables) that are executed by the DRBD system in response to certain events. Optional parameters: pri-on-incon-degr, pri-lost-after-sb, pri-lost, outdate-peer, local-io-error, split-brain, before-resync-target, after-resync-target.

count may be a number from 1 to 255.

Use minor-count if you want to define massively more resources later without reloading the DRBD kernel module. Per default the module loads with 11 more resources than you have currently in your config but at least 32.

time may be 0 or a positive number.

The user dialog redraws the second count every time seconds (or does no redraws if time is 0). The default value is 1.

Use disable-ip-verification if, for some obscure reasons, drbdadm can/might not use ip or ifconfig to do a sanity check for the IP address. You can disable the IP verification with this option.

Please participate in DRBD's online usage counter. The most convenient way to do so is to set this option to yes. Valid options are: yes, no and ask.

On the TCP/IP link the specified protocol is used. Valid protocol specifiers are A, B, and C.

Protocol A: write IO is reported as completed, if it has reached local disk and local TCP send buffer.

Protocol B: write IO is reported as completed, if it has reached local disk and remote buffer cache.

Protocol C: write IO is reported as completed, if it has reached both local and remote disk.

In case a node starts up in degraded mode (degr-wfc-timeout is set) and its local replica of the data is inconsistent, it executes the command. If the command exits without error, drbddisk expects the DRBD device to be in primary state.

The name of the block device node of the resource being described. You must use this device with your application (file system) and you must not use the low level block device which is specified with the disk parameter.

The device nodes must have the same major number as the DRBD driver. With the current implementation major 147 is used and the corresponding device nodes are usually named /dev/drbd0, /dev/drbd1, etc. ( All releases before drbd-0.7.1 used major 43 and the device files /dev/nb*. )

Installation scripts of the DRBD package require that /dev/drbd0 to /dev/drbd8 are predefined in your system. To be sure, issue something like ls /dev/drbd*.

DRBD uses this block device to actually store and retrieve the data. Never access such a device while DRBD is running on top of it. This holds also true for dumpe2fs(8) and similar commands.

A resource needs one IP address per device, which is used to wait for incoming connections from the partner device respectively to reach the partner device. AF must be one of ipv4, ipv6 or sci. It may be ommited for IPv4 addresses. The actual IPv6 address that follows the ipv6 keyword must be placed inside brackets.

Each DRBD resource needs a TCP port which is used to connect to the node's partner device. Two different DRBD resources may not use the same IP:port combination on the same node.

Internal means that the last part of the backing device is used to store the meta-data. You must not use [index] with internal. Note: Regardless of whether you use the meta-disk or the flexible-meta-disk keyword, it will always be of the size needed for the remaining storage size.

You can use a single block device to store meta-data of multiple DRBD devices. E.g. use meta-disk /dev/sde6[0]; and meta-disk /dev/sde6[1]; for two different resources. In this case the meta-disk would need to be at least 256 MB in size.

With the flexible-meta-disk keyword you specify a block device as meta-data storage. You usually use this with LVM, which allows you to have many variable sized block devices. The required size of the meta-disk block device is 36kB + Backing-Storage-size / 32k. Round this number to the next 4kb boundary up and you have the exact size. Rule of the thumb: 32kByte per 1GByte of storage, round up to the next MB.

handler is taken, if the lower level device reports io-error to the upper layers.

handler may be pass_on, call-local-io-error or detach.

pass_on: Report the io-error to the upper layers. On Primary report it to the mounted file system. On Secondary ignore it.

call-local-io-error: Call the handler script local-io-error.

detach: The node drops its low level device, and continues in diskless mode.

Under fencing we understand preventive measures to avoid situations where both nodes are primary and disconnected (AKA split brain).

Valid fencing policies are:

In case the backing storage's driver has a merge_bvec_fn() function, DRBD has to pretend that it can only process IO requests in units not lager than 4kByte. (At time of writing the only known drivers which have such a function are: md (software raid driver), dm (device mapper - LVM) and DRBD itself)

To get best performance out of DRBD on top of software RAID (or any other driver with a merge_bvec_fn() function) you might enable this function, if you know for sure that the merge_bvec_fn() function will deliver the same results on all nodes of your cluster. I.e. the physical disks of the software RAID are of exactly the same type. Use this option only if you know what you are doing.

DRBD has four implementations to express write-after-write dependencies to its backing storage device. DRBD will use the first method that is supported by the backing storage device and that is not disabled by the user.

When selecting the method you should not only base your decision on the measurable performance. In case your backing storage device has a volatile write cache (plain disks, RAID of plain disks) you should use one of the first two. In case your backing storage device has battery-backed write cache you may go with option 3 or 4. Option 4 will deliver the best performance such devices.

Unfortunately device mapper (LVM) does not support barriers.

The letter after "wo:" in /proc/drbd indicates with method is currently in use for a device: b, f, d, n. The implementations:

Disables the use of disk flushes and barrier BIOs when accessing the meta data device. See the notes on no-disk-flushes.

In some special circumstances the device mapper stack manages to pass BIOs to DRBD that violate the constraints that are set forth by DRBD's merge_bvec() function and which have more than one bvec. A known example is: phys-disk -> DRBD -> LVM -> Xen -> missaligned partition (63) -> DomU FS. Then you might see "bio would need to, but cannot, be split:" in the Dom0's kernel log.

The best workaround is to proper align the partition within the VM (E.g. start it at sector 1024). Costs 480 KiByte of storage. Unfortunately the default of most Linux partitioning tools is to start the first partition at an odd number (63). Therefore most distribution's install helpers for virtual linux machines will end up with missaligned partitions. The second best workaround is to limit DRBD's max bvecs per BIO (= max-bio-bvecs) to 1. Might cost performance.

The default value of max-bio-bvecs is 0, which means that there is no user imposed limitation.

size is the size of the TCP socket send buffer. The default value is 128K. You can specify smaller or larger values. Larger values are appropriate for reasonable write throughput with protocol A over high latency networks. Very large values like 1M may cause problems. Also values below 32K do not make much sense. Since 8.0.13 resp. 8.2.7, setting the size value to 0 means that the kernel should autotune this.

If the partner node fails to send an expected response packet within time 10^ths of a second, the partner node is considered dead and therefore the TCP/IP connection is abandoned. This must be lower than connect-int and ping-int. The default value is 60 = 6 seconds, the unit 0.1 seconds.

In case it is not possible to connect to the remote DRBD device immediately, DRBD keeps on trying to connect. With this option you can set the time between two tries. The default value is 10 seconds, the unit is 1 second.

If the TCP/IP connection linking a DRBD device pair is idle for more than time seconds, DRBD will generate a keep-alive packet to check if its partner is still alive. The default is 10 seconds, the unit is 1 second.

The time the peer has time to answer to a keep-alive packet. In case the peer's reply is not received within this time period, it is considered as dead. The default value is 500ms, the default unit is 100ms.

Maximum number of requests to be allocated by DRBD. Unit is PAGE_SIZE, which is 4 KB on most systems. The minimum is hard coded to 32 (=128 KB). For high-performance installations it might help, if you increase that number. These buffers are used to hold data blocks while they are written to disk.

In case the secondary node fails to complete a single write request for count times the timeout, it is expelled from the cluster. (I.e. the primary node goes into StandAlone mode.) The default value is 0, which disables this feature.

The highest number of data blocks between two write barriers. If you set this smaller than 10, you might decrease your performance.

With this option set you may assign primary role to both nodes. You only should use this option if you use a shared storage file system on top of DRBD. At the time of writing the only ones are: OCFS2 and GFS. If you use this option with any other file system, you are going to crash your nodes and to corrupt your data!

When the number of pending write requests on the standby (secondary) node exceeds the unplug-watermark, we trigger the request processing of our backing storage device. Some storage controllers deliver better performance with small values, others deliver best performance when the value is set to the same value as max-buffers. Minimum 16, default 128, maximum 131072.

You need to specify the HMAC algorithm to enable peer authentication at all. You are strongly encouraged to use peer authentication. The HMAC algorithm will be used for the challenge response authentication of the peer. You may specify any digest algorithm that is named in /proc/crypto.

The shared secret used in peer authentication. May be up to 64 characters. Note that peer authentication is disabled as long as no cram-hmac-alg (see above) is specified.

possible policies are:

possible policies are:

possible policies are:

Normally the automatic after-split-brain policies are only used if current states of the UUIDs do not indicate the presence of a third node.

With this option you request that the automatic after-split-brain policies are used as long as the data sets of the nodes are somehow related. This might cause a full sync, if the UUIDs indicate the presence of a third node. (Or double faults led to strange UUID sets.)

To solve the cases when the outcome of the resync decision is incompatible with the current role assignment in the cluster.

DRBD can ensure the data integrity of the user's data on the network by comparing hash values. Normally this is ensured by the 16 bit checksums in the headers of TCP/IP packets.

This option can be set to any of the kernel's data digest algorithms. In a typical kernel configuration you should have at least one of md5, sha1, and crc32c available. By default this is not enabled.

See also the notes on data integrity.

DRBD usually uses the TCP socket option TCP_CORK to hint to the network stack when it can expect more data, and when it should flush out what it has in its send queue. It turned out that there is at lease one network stack that performs worse when one uses this hinting method. Therefore we introducted this option, which disable the setting and clearing of the TCP_CORK socket option by DRBD.

Wait for connection timeout. The init script drbd(8) blocks the boot process until the DRBD resources are connected. When the cluster manager starts later, it does not see a resource with internal split-brain. In case you want to limit the wait time, do it here. Default is 0, which means unlimited. The unit is seconds.

Wait for connection timeout, if this node was a degraded cluster. In case a degraded cluster (= cluster with only one node left) is rebooted, this timeout value is used instead of wfc-timeout, because the peer is less likely to show up in time, if it had been dead before. The default value is 60, the unit is seconds. Value 0 means unlimited.

By setting this option you can make the init script to continue to wait even if the device pair had a split brain situation and therefore refuses to connect.

Sets on which node the device should be promoted to primary role by the init script. The node-name might either be a host name or the key word both. When this option is not set the devices stay in secondary role on both nodes. Usually one delegates the role assignment to a cluster manager (e.g. heartbeat).

To ensure a smooth operation of the application on top of DRBD, it is possible to limit the bandwidth which may be used by background synchronizations. The default is 250 KB/sec, the default unit is KB/sec. Optional suffixes K, M, G are allowed.

By default, resynchronization of all devices would run in parallel. By defining a sync-after dependency, the resynchronization of this resource will start only if the resource res-name is already in connected state (= finished its resynchronization).

DRBD automatically performs hot area detection. With this parameter you control how big the hot area (= active set) can get. Each extent marks 4M of the backing storage (= low-level device). In case a primary node leaves the cluster unexpectedly, the areas covered by the active set must be resynced upon rejoining of the failed node. The data structure is stored in the meta-data area, therefore each change of the active set is a write operation to the meta-data device. A higher number of extents gives longer resync times but less updates to the meta-data. The default number of extents is 127. (Minimum: 7, Maximum: 3843)

During online verification (as initiated by the verify sub-command), rather than doing a bit-wise comparison, DRBD applies a hash function to the contents of every block being verified, and compares that hash with the peer. This option defines the hash algorithm being used for that purpose. It can be set to any of the kernel's data digest algorithms. In a typical kernel configuration you should have at least one of md5, sha1, and crc32c available. By default this is not enabled; you must set this option explicitly in order to be able to use on-line device verification.

See also the notes on data integrity.

Sets the cpu-affinity-mask for DRBD's kernel threads of this device. The default value of cpu-mask is 0, which means that DRBD's kernel threads should be spread over all CPUs of the machine. This value must be given in hexadecimal notation. If it is too big it will be truncated.

This handler is called if the node is primary, degraded and if the local copy of the data is inconsistent.

The node is currently primary, but lost the after split brain auto recovery procedure. As as consequence, it should be abandoned.

The node is currently primary, but DRBD's algorithm thinks that it should become sync target. As a consequence it should give up its primary role.

The handler is part of the fencing mechanism. This handler is called in case the node needs to outdate the peer's disk. It should use other communication paths than DRBD's network link.

DRBD got an IO error from the local IO subsystem.

DRBD detected a split brain situation. Manual recovery is necessary. This handler should alert someone on duty.

DRBD calls this handler just before a resync beginns on the node that becomes resync target. It might be used to take a snapshot of the backing block device.

DRBD calls this handler just after a resync operation finished on the node which's disk just became consistent after beeing inconsistent for the duration of the resync. It might be used to remove a snapshot of the backing device that was created by the before-resync-target handler.