Comments out chunks of text, even spanning more than one line. Characters between the keyword skip and the opening brace (“{”) are ignored. Everything enclosed by the braces is skipped. This comes in handy, if you just want to comment out some 'resource [name] {...}' section: just precede it with '“skip”'.

Configures some global parameters. Currently only minor-count, dialog-refresh, disable-ip-verification and usage-count are allowed here. You may only have one global section, preferably as the first section.

All resources inherit the options set in this section. The common section might have a startup, a syncer, a handlers, a net and a disk section.

Configures a DRBD resource. Each resource section needs to have two (or more) on host sections and may have a startup, a syncer, a handlers, a net and a disk section. Required parameter in this section: protocol.

Carries the necessary configuration parameters for a DRBD device of the enclosing resource. host-name is mandatory and must match the Linux host name (uname -n) of one of the nodes. You may list more than one host name here, in case you want to use the same parameters on several hosts (you'd have to move the IP around usually). Or you may list more than two such sections.

	resource r1 {
		protocol C;
		device minor 1;
		meta-disk internal;
		on alice bob {
			address 10.2.2.100:7801;
			disk /dev/mapper/some-san;
		}
		on charlie {
			address 10.2.2.101:7801;
			disk /dev/mapper/other-san;
		}
		on daisy {
			address 10.2.2.103:7801;
			disk /dev/mapper/other-san-as-seen-from-daisy;
		}
	}
	

See also the floating section keyword. Required parameters in this section: device, disk, address, meta-disk, flexible-meta-disk.

For a stacked DRBD setup (3 or 4 nodes), a stacked-on-top-of is used instead of an on section. Required parameters in this section: device and address.

Carries the necessary configuration parameters for a DRBD device of the enclosing resource. This section is very similar to the on section. The difference to the on section is that the matching of the host sections to machines is done by the IP-address instead of the node name. Required parameters in this section: device, disk, meta-disk, flexible-meta-disk, all of which may be inherited from the resource section, in which case you may shorten this section down to just the address identifier.

	resource r2 {
		protocol C;
		device minor 2;
		disk      /dev/sda7;
		meta-disk internal;
		# short form, device, disk and meta-disk inherited
		floating 10.1.1.31:7802;
		# longer form, only device inherited
		floating 10.1.1.32:7802 {
			disk /dev/sdb;
			meta-disk /dev/sdc8;
		}
	}
	

This section is used to fine tune DRBD's properties in respect to the low level storage. Please refer to drbdsetup(8) for detailed description of the parameters. Optional parameters: on-io-error, size, fencing, use-bmbv, no-disk-barrier, no-disk-flushes, no-disk-drain, no-md-flushes, max-bio-bvecs, disk-timeout.

This section is used to fine tune DRBD's properties. Please refer to drbdsetup(8) for a detailed description of this section's parameters. Optional parameters: sndbuf-size, rcvbuf-size, timeout, connect-int, ping-int, ping-timeout, max-buffers, max-epoch-size, ko-count, allow-two-primaries, cram-hmac-alg, shared-secret, after-sb-0pri, after-sb-1pri, after-sb-2pri, data-integrity-alg, no-tcp-cork, on-congestion, congestion-fill, congestion-extents

This section is used to fine tune DRBD's properties. Please refer to drbdsetup(8) for a detailed description of this section's parameters. Optional parameters: wfc-timeout, degr-wfc-timeout, outdated-wfc-timeout, wait-after-sb, stacked-timeouts and become-primary-on.

This section is used to fine tune the synchronization daemon for the device. Please refer to drbdsetup(8) for a detailed description of this section's parameters. Optional parameters: rate, after, al-extents, use-rle, cpu-mask, verify-alg, csums-alg, c-plan-ahead, c-fill-target, c-delay-target, c-max-rate, c-min-rate and on-no-data-accessible.

In this section you can define handlers (executables) that are started by the DRBD system in response to certain events. Optional parameters: pri-on-incon-degr, pri-lost-after-sb, pri-lost, fence-peer (formerly oudate-peer), local-io-error, initial-split-brain, split-brain, before-resync-target, after-resync-target.

The interface is done via environment variables:

DRBD_RESOURCE

DRBD_MINOR

DRBD_CONF

DRBD_PEER_AF, DRBD_PEER_ADDRESS, DRBD_PEERS

DRBD_PEER (note the singular form) is deprecated, and superseeded by DRBD_PEERS.

Please note that not all of these might be set for all handlers, and that some values might not be useable for a floating definition.

Use minor-count if you want to define massively more resources later without reloading the DRBD kernel module. Per default the module loads with 11 more resources than you have currently in your config but at least 32.

The user dialog redraws the second count every time seconds (or does no redraws if time is 0). The default value is 1.

Protocol A: write IO is reported as completed, if it has reached local disk and local TCP send buffer.

Protocol B: write IO is reported as completed, if it has reached local disk and remote buffer cache.

Protocol C: write IO is reported as completed, if it has reached both local and remote disk.

The name of the block device node of the resource being described. You must use this device with your application (file system) and you must not use the low level block device which is specified with the disk parameter.

One can ether omit the name or minor and the minor number. If you omit the name a default of /dev/drbdminor will be used.

Udev will create additional symlinks in /dev/drbd/by-res and /dev/drbd/by-disk.

DRBD uses this block device to actually store and retrieve the data. Never access such a device while DRBD is running on top of it. This also holds true for dumpe2fs(8) and similar commands.

A resource needs one IP address per device, which is used to wait for incoming connections from the partner device respectively to reach the partner device. AF must be one of ipv4, ipv6, ssocks or sdp (for compatibility reasons sci is an alias for ssocks). It may be omited for IPv4 addresses. The actual IPv6 address that follows the ipv6 keyword must be placed inside brackets: ipv6 [fd01:2345:6789:abcd::1]:7800.

Each DRBD resource needs a TCP port which is used to connect to the node's partner device. Two different DRBD resources may not use the same addr:port combination on the same node.

Internal means that the last part of the backing device is used to store the meta-data. You must not use [index] with internal. Note: Regardless of whether you use the meta-disk or the flexible-meta-disk keyword, it will always be of the size needed for the remaining storage size.

You can use a single block device to store meta-data of multiple DRBD devices. E.g. use meta-disk /dev/sde6[0]; and meta-disk /dev/sde6[1]; for two different resources. In this case the meta-disk would need to be at least 256 MB in size.

With the flexible-meta-disk keyword you specify a block device as meta-data storage. You usually use this with LVM, which allows you to have many variable sized block devices. The required size of the meta-disk block device is 36kB + Backing-Storage-size / 32k. Round this number to the next 4kb boundary up and you have the exact size. Rule of the thumb: 32kByte per 1GByte of storage, round up to the next MB.

handler may be pass_on, call-local-io-error or detach.

pass_on: The node downgrades the disk status to inconsistent, marks the erroneous block as inconsistent in the bitmap and retries the IO on the remote node.

call-local-io-error: Call the handler script local-io-error.

detach: The node drops its low level device, and continues in diskless mode.

By fencing we understand preventive measures to avoid situations where both nodes are primary and disconnected (AKA split brain).

Valid fencing policies are:

dont-care

resource-only

resource-and-stonith

To get the best performance out of DRBD on top of software RAID (or any other driver with a merge_bvec_fn() function) you might enable this function, if you know for sure that the merge_bvec_fn() function will deliver the same results on all nodes of your cluster. I.e. the physical disks of the software RAID are of exactly the same type. Use this option only if you know what you are doing.

When selecting the method you should not only base your decision on the measurable performance. In case your backing storage device has a volatile write cache (plain disks, RAID of plain disks) you should use one of the first two. In case your backing storage device has battery-backed write cache you may go with option 3. Option 4 (disable everything, use "none") is dangerous on most IO stacks, may result in write-reordering, and if so, can theoretically be the reason for data corruption, or disturb the DRBD protocol, causing spurious disconnect/reconnect cycles. Do not use no-disk-drain.

Unfortunately device mapper (LVM) might not support barriers.

The letter after "wo:" in /proc/drbd indicates with method is currently in use for a device: b, f, d, n. The implementations are:

barrier

flush

drain

none

The best workaround is to proper align the partition within the VM (E.g. start it at sector 1024). This costs 480 KiB of storage. Unfortunately the default of most Linux partitioning tools is to start the first partition at an odd number (63). Therefore most distribution's install helpers for virtual linux machines will end up with misaligned partitions. The second best workaround is to limit DRBD's max bvecs per BIO (= max-bio-bvecs) to 1, but that might cost performance.

The default value of max-bio-bvecs is 0, which means that there is no user imposed limitation.

The default value of is 0, which means that no timeout is enforced. The default unit is 100ms. This option is available since 8.3.12.

If the partner node fails to send an expected response packet within time tenths of a second, the partner node is considered dead and therefore the TCP/IP connection is abandoned. This must be lower than connect-int and ping-int. The default value is 60 = 6 seconds, the unit 0.1 seconds.

In case it is not possible to connect to the remote DRBD device immediately, DRBD keeps on trying to connect. With this option you can set the time between two retries. The default value is 10 seconds, the unit is 1 second.

If the TCP/IP connection linking a DRBD device pair is idle for more than time seconds, DRBD will generate a keep-alive packet to check if its partner is still alive. The default is 10 seconds, the unit is 1 second.

The time the peer has time to answer to a keep-alive packet. In case the peer's reply is not received within this time period, it is considered as dead. The default value is 500ms, the default unit are tenths of a second.

Limits the memory usage per DRBD minor device on the receiving side, or for internal buffers during resync or online-verify. Unit is PAGE_SIZE, which is 4 KiB on most systems. The minimum possible setting is hard coded to 32 (=128 KiB). These buffers are used to hold data blocks while they are written to/read from disk. To avoid possible distributed deadlocks on congestion, this setting is used as a throttle threshold rather than a hard limit. Once more than max-buffers pages are in use, further allocation from this pool is throttled. You want to increase max-buffers if you cannot saturate the IO backend on the receiving side.

In case the secondary node fails to complete a single write request for count times the timeout, it is expelled from the cluster. (I.e. the primary node goes into StandAlone mode.) To disable this feature, you should explicitly set it to 0; defaults may change between versions.

The highest number of data blocks between two write barriers. If you set this smaller than 10, you might decrease your performance.

With this option set you may assign the primary role to both nodes. You only should use this option if you use a shared storage file system on top of DRBD. At the time of writing the only ones are: OCFS2 and GFS. If you use this option with any other file system, you are going to crash your nodes and to corrupt your data!

When the number of pending write requests on the standby (secondary) node exceeds the unplug-watermark, we trigger the request processing of our backing storage device. Some storage controllers deliver better performance with small values, others deliver best performance when the value is set to the same value as max-buffers, yet others don't feel much effect at all. Minimum 16, default 128, maximum 131072.

You need to specify the HMAC algorithm to enable peer authentication at all. You are strongly encouraged to use peer authentication. The HMAC algorithm will be used for the challenge response authentication of the peer. You may specify any digest algorithm that is named in /proc/crypto.

The shared secret used in peer authentication. May be up to 64 characters. Note that peer authentication is disabled as long as no cram-hmac-alg (see above) is specified.

disconnect

discard-younger-primary

discard-older-primary

discard-zero-changes

discard-least-changes

discard-node-NODENAME

disconnect

consensus

violently-as0p

discard-secondary

call-pri-lost-after-sb

disconnect

violently-as0p

call-pri-lost-after-sb

With this option you request that the automatic after-split-brain policies are used as long as the data sets of the nodes are somehow related. This might cause a full sync, if the UUIDs indicate the presence of a third node. (Or double faults led to strange UUID sets.)

disconnect

violently

call-pri-lost

This option can be set to any of the kernel's data digest algorithms. In a typical kernel configuration you should have at least one of md5, sha1, and crc32c available. By default this is not enabled.

See also the notes on data integrity.

When DRBD is deployed with DRBD-proxy it might be more desirable that DRBD goes into AHEAD/BEHIND mode shortly before the send queue becomes full. In AHEAD/BEHIND mode DRBD does no longer replicate data, but still keeps the connection open.

The advantage of the AHEAD/BEHIND mode is that the application is not slowed down, even if DRBD-proxy's buffer is not sufficient to buffer all write requests. The downside is that the peer node falls behind, and that a resync will be necessary to bring it back into sync. During that resync the peer node will have an inconsistent disk.

Available congestion_policys are block and pull-ahead. The default is block. Fill_threshold might be in the range of 0 to 10GiBytes. The default is 0 which disables the check. Active_extents_threshold has the same limits as al-extents.

The AHEAD/BEHIND mode and its settings are available since DRBD 8.3.10.

The init script drbd(8) blocks the boot process until the DRBD resources are connected. When the cluster manager starts later, it does not see a resource with internal split-brain. In case you want to limit the wait time, do it here. Default is 0, which means unlimited. The unit is seconds.

Wait for connection timeout, if this node was a degraded cluster. In case a degraded cluster (= cluster with only one node left) is rebooted, this timeout value is used instead of wfc-timeout, because the peer is less likely to show up in time, if it had been dead before. Value 0 means unlimited.

Wait for connection timeout, if the peer was outdated. In case a degraded cluster (= cluster with only one node left) with an outdated peer disk is rebooted, this timeout value is used instead of wfc-timeout, because the peer is not allowed to become primary in the meantime. Value 0 means unlimited.

To ensure a smooth operation of the application on top of DRBD, it is possible to limit the bandwidth which may be used by background synchronizations. The default is 250 KB/sec, the default unit is KB/sec. Optional suffixes K, M, G are allowed.

During resync-handshake, the dirty-bitmaps of the nodes are exchanged and merged (using bit-or), so the nodes will have the same understanding of which blocks are dirty. On large devices, the fine grained dirty-bitmap can become large as well, and the bitmap exchange can take quite some time on low-bandwidth links.

Because the bitmap typically contains compact areas where all bits are unset (clean) or set (dirty), a simple run-length encoding scheme can considerably reduce the network traffic necessary for the bitmap exchange.

For backward compatibilty reasons, and because on fast links this possibly does not improve transfer time but consumes cpu cycles, this defaults to off.

By default, resynchronization of all devices would run in parallel. By defining a sync-after dependency, the resynchronization of this resource will start only if the resource res-name is already in connected state (i.e., has finished its resynchronization).

DRBD automatically performs hot area detection. With this parameter you control how big the hot area (= active set) can get. Each extent marks 4M of the backing storage (= low-level device). In case a primary node leaves the cluster unexpectedly, the areas covered by the active set must be resynced upon rejoining of the failed node. The data structure is stored in the meta-data area, therefore each change of the active set is a write operation to the meta-data device. A higher number of extents gives longer resync times but less updates to the meta-data. The default number of extents is 127. (Minimum: 7, Maximum: 3843)

See also the notes on data integrity.

This setting is useful for DRBD setups with low bandwidth links. During the restart of a crashed primary node, all blocks covered by the activity log are marked for resync. But a large part of those will actually be still in sync, therefore using csums-alg will lower the required bandwidth in exchange for CPU cycles.

By plan_time the agility of the controller is configured. Higher values yield for slower/lower responses of the controller to deviation from the target value. It should be at least 5 times RTT. For regular data paths a fill_target in the area of 4k to 100k is appropriate. For a setup that contains drbd-proxy it is advisable to use delay_target instead. Only when fill_target is set to 0 the controller will use delay_target. 5 times RTT is a reasonable starting value. Max_rate should be set to the bandwidth available between the DRBD-hosts and the machines hosting DRBD-proxy, or to the available disk-bandwidth.

The default value of plan_time is 0, the default unit is 0.1 seconds. Fill_target has 0 and sectors as default unit. Delay_target has 1 (100ms) and 0.1 as default unit. Max_rate has 10240 (100MiB/s) and KiB/s as default unit.

The dynamic resync speed controller and its settings are available since DRBD 8.3.9.

Note: The value 0 has a special meaning. It disables the limitation of resync IO completely, which might slow down application IO considerably. Set it to a value of 1, if you prefer that resync IO never slows down application IO.

Note: Although the name might suggest that it is a lower bound for the dynamic resync speed controller, it is not. If the DRBD-proxy buffer is full, the dynamic resync speed controller is free to lower the resync speed down to 0, completely independent of the c-min-rate setting.

Min_rate has 4096 (4MiB/s) and KiB/s as default unit.

If ond-policy is set to suspend-io you can either resume IO by attaching/connecting the last lost data storage, or by the drbdadm resume-io res command. The latter will result in IO errors of course.

The default is io-error. This setting is available since DRBD 8.3.9.

Sets the cpu-affinity-mask for DRBD's kernel threads of this device. The default value of cpu-mask is 0, which means that DRBD's kernel threads should be spread over all CPUs of the machine. This value must be given in hexadecimal notation. If it is too big it will be truncated.

This handler is called if the node is primary, degraded and if the local copy of the data is inconsistent.

The node is currently primary, but lost the after-split-brain auto recovery procedure. As as consequence, it should be abandoned.

The node is currently primary, but DRBD's algorithm thinks that it should become sync target. As a consequence it should give up its primary role.

The handler is part of the fencing mechanism. This handler is called in case the node needs to fence the peer's disk. It should use other communication paths than DRBD's network link.

DRBD got an IO error from the local IO subsystem.

DRBD has connected and detected a split brain situation. This handler can alert someone in all cases of split brain, not just those that go unresolved.

DRBD detected a split brain situation but remains unresolved. Manual recovery is necessary. This handler should alert someone on duty.

DRBD calls this handler just before a resync begins on the node that becomes resync target. It might be used to take a snapshot of the backing block device.

DRBD calls this handler just after a resync operation finished on the node whose disk just became consistent after being inconsistent for the duration of the resync. It might be used to remove a snapshot of the backing device that was created by the before-resync-target handler.

Include all files matching the wildcard pattern file-pattern. The include statement is only allowed on the top level, i.e. it is not allowed inside any section.