How to install Pacemaker, Corosync, and PCS on Ubuntu or Debian

Installing the Pacemaker stack enables clustered services to fail over automatically, reducing downtime during planned maintenance and unexpected node failures.

In a typical high-availability setup, Corosync provides cluster membership and messaging, Pacemaker manages resources and recovery decisions, and PCS supplies a consistent CLI for configuration and monitoring. The pcsd daemon handles remote management requests from pcs and authenticates them using the local hacluster account.

Package installation only places binaries, systemd units, and defaults; cluster creation, node authentication, fencing, and resource definitions are handled separately. Firewall rules must permit cluster traffic between nodes (especially ports used by pcsd and corosync) and should be restricted to trusted networks, translating the examples when a firewall other than ufw is used.

1. Open a terminal with sudo access.
2. Update the apt package index.

   $ sudo apt update
   
   WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
   
   Get:1 http://ports.ubuntu.com/ubuntu-ports noble InRelease [256 kB]
   Get:2 http://ports.ubuntu.com/ubuntu-ports noble-updates InRelease [126 kB]
   Get:3 http://ports.ubuntu.com/ubuntu-ports noble-backports InRelease [126 kB]
   Get:4 http://ports.ubuntu.com/ubuntu-ports noble-security InRelease [126 kB]
   ##### snipped #####
   Fetched 37.4 MB in 6s (6019 kB/s)
   Reading package lists...
   Building dependency tree...
   Reading state information...
   All packages are up to date.

3. Install the cluster packages with apt.

   $ sudo apt install --assume-yes pacemaker corosync pcs
   
   WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
   
   Reading package lists...
   Building dependency tree...
   Reading state information...
   The following additional packages will be installed:
     busybox-initramfs cpio dhcpcd-base dmsetup dracut-install fence-agents-base
     fence-agents-common fence-agents-ipmilan fence-agents-mpath fence-agents-sbd
     fence-agents-scsi fence-agents-virsh fonts-lato initramfs-tools
   ##### snipped #####
   0 upgraded, 160 newly installed, 0 to remove and 0 not upgraded.
   Need to get 42.1 MB of archives.
   After this operation, 186 MB of additional disk space will be used.
   Get:1 http://ports.ubuntu.com/ubuntu-ports noble-updates/main arm64 libcorosync-common4 arm64 3.1.7-1ubuntu3.1 [11.2 kB]
   Get:2 http://ports.ubuntu.com/ubuntu-ports noble/main arm64 libqb100 arm64 2.0.8-1ubuntu2 [73.5 kB]
   ##### snipped #####

   The pcs package installs pcsd and creates the hacluster account used for authentication.

4. Start the pcsd service.

   $ sudo systemctl start pcsd

   pcsd provides the management API used by pcs and listens on TCP port 2224 by default.

   Related: How to manage Pacemaker cluster services with systemctl in Linux

5. Enable pacemaker, corosync, and pcsd to start on boot.

   $ sudo systemctl enable pacemaker corosync pcsd
   Synchronizing state of pacemaker.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
   Executing: /usr/lib/systemd/systemd-sysv-install enable pacemaker
   Synchronizing state of corosync.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
   Executing: /usr/lib/systemd/systemd-sysv-install enable corosync
   Synchronizing state of pcsd.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
   Executing: /usr/lib/systemd/systemd-sysv-install enable pcsd

   corosync and pacemaker can remain inactive until cluster configuration is created.

   Related: How to manage Pacemaker cluster services with systemctl in Linux

6. Set the hacluster user password.

   $ sudo passwd hacluster
   New password: Retype new password: passwd: password updated successfully

   The hacluster password is used by pcs for node authentication and should match across all cluster nodes.

7. Allow cluster ports through ufw when a firewall is enabled.

   $ sudo ufw allow 2224,3121,21064/tcp
   Rules updated
   Rules updated (v6)

   Exposing these ports to untrusted networks allows remote cluster management traffic; restrict access to cluster nodes and trusted admin hosts.

8. Allow the corosync UDP port through ufw.

   $ sudo ufw allow 5405/udp
   Rules updated
   Rules updated (v6)

9. Reload ufw to apply the rules.

   $ sudo ufw reload
   Firewall not enabled (skipping reload)

   Skip firewall steps when ufw is disabled or unused.

10. Verify the pcsd service is active.

    $ sudo systemctl status pcsd
    ● pcsd.service - PCS GUI and remote configuration interface
         Loaded: loaded (/usr/lib/systemd/system/pcsd.service; enabled; preset: enabled)
         Active: active (running) since Wed 2025-12-31 14:32:16 UTC; 1s ago
           Docs: man:pcsd(8)
                 man:pcs(8)
    ##### snipped #####

    Related: How to manage Pacemaker cluster services with systemctl in Linux

11. Proceed with cluster configuration.

    Related: How to create a Pacemaker cluster

<WRAP important> Equivalent packages and unit names are used on Debian, but repository versions can differ by release; keep cluster nodes aligned on compatible major versions.