Newbie big picture part 2

Alan Robertson alanr@unix.sh
Tue, 02 Apr 2002 17:28:29 -0700 

David Lang wrote:

> the last time I saw a question from someone asking how to do shared
> storage under linux the answers I saw were basicly suggestions with a big
> warning of 'if you do this you are venturing into unexplored territory'.
> As such I wasn't viewing shared storage as a significant portion of things
> (useing network attached storage does work and is commonly used, but gets
> back to the fact that if your IP stack is down it doesn't matter).

> 
> also to clarify, I am not trying to say that it is a bad thing that
> heartbeat supports redundent media like serial and ethernet. I am
> suggesting that for most users it doesn't help them and so the Getting
> Started document should cover the simple case (firewall/webserver shared
> nothing) first, and then after the cluster is up and operational you can
> cover the additional features that apply in the more complex cases.


Most people say "If it ain't broke, don't fix it" - so I don't expect many 
people to change things once it's configured.  It's not complicated unless 
you have a bad cable.  Go to office depot or CompUSA or whererver, and buy a 
brand-name null modem cable.



>>
>>>the other concept that I think should be included to simplify things is
>>>the idea that for many applications you don't need to start the
>>>application at failover time, you can have it running even when you aren't
>>>active and just failover the IP (see the archives for further thoughts on
>>>this)
>>>
>>This is only true for a few applications which have absolutely no shared data
>>at all. This is a very limited set of applications (firewalls, load balancers,
>>web/fileservers exporting 100% static data which is replicated between the
>>two nodes etc) and there it can be done.


David: I agree with Lars.  If you read the archives, you'll see clearly why 
you don't want to offer that as general advice - it's the kind of thing that 
works sometimes for the same application, and sometimes it doesn't - which 
is proably the worst of all possible situations to put a newbie into.

For example, if you don't start apache after the IP address, then you can't 
bind apache to the IP address.  This will work fine in your testing (from 
behind the firewall), and maybe even in initial production.  But sooner or 
later, your firewall is likely to refuse to send packets from you that don't 
match your advertised IP address.  And when this happens to you, it's hardly 
simple to figure out.  Better to just not go there.

Of course, it basically never works if you have CGI-bin scripts, or state, 
or transactions, or valuable data.  And again, it might look like it's working.

 From what I can tell, most people who read the docs get their system up in 
under an hour.  That's pretty darn good.


	-- Alan Robertson
	   alanr@unix.sh