Rif: Re: [Linux-HA] explanations
carson at taltos.org
Wed Jul 20 17:35:09 MDT 2005
--On Wednesday, July 20, 2005 08:17:58 PM +0200 Lars Marowsky-Bree
<lmb at suse.de> wrote:
> On 2005-07-20T14:07:33, Carson Gaspar <carson at taltos.org> wrote:
>> If you weight node members (via whatever algorithm), then it is
>> sufficient as long as the total is odd, and all members can calculate
>> their weighting even if they loose contact with other members.
> For 2 node clusters this is totally insufficient, because one side will
> always win - and if that is the side which goes down, the service is
True. So don't do that. Add a cluster member who's sole purpose in life is
to play quorum arbiter - it's a very low overhead job ;-)
> First, your minority _is_ using fencing, namely self-fencing - and to
> keep "t1" low, this will typically be something fast, simple and thus
> crude like node suicide.
Ah - terminology gap. I just don't think of that as fencing - it's more of
a highway lane marker than a fence ;-)
> One must concede though that still, it is less safe than a fencing
> method which is not implicitly (by a timeout) but explicitly
> acknowledged to the survivors, like STONITH or storage fencing.
Of course - I firmly believe in a stong fencing mechanism where possible.
Sadly, in many of my desired deployment scenarios, it just isn't.
> Node suicide is not a very good mechanism if it is only software based,
> and if you want to protect against hung kernels, broken HBAs etc, but it
> may be useful in carefully controlled environments.
Which was my original point ;-)
Of course I routinely deal with situations where my worst outages are
building power-downs and WAN failures, so I'm biased in favour of having a
quorum-only mechanism as an option.
Even better would be a combination of quorum and STONITH, where a STONITH
failure isn't fatal. I can use STONITH with HP's iLO, but if the failure is
a lack of power or network connectivity, STONITH is going to fail. In the
cases where it fails, I'm _extremely_ confident in taking over shared
resources if I also have quorum majority.
More information about the Linux-HA