[Pacemaker] Problem with dual-PDU fencing node with redundant PSUs
Lars Marowsky-Bree
lmb at suse.com
Thu Jun 27 11:08:29 EDT 2013
On 2013-06-27T10:56:40, Digimer <lists at alteeve.ca> wrote:
> However, this feels like a really bad solution. It's not uncommon to
> have two separate power rails feeding either side of the node's PSUs.
> Particularly in HA environments.
True. But gating them through the same power switch is *not* a SPoF from
the cluster's perspective, "just" for the single node (if the power
switch fails).
On the other hand, each of the two switches/PDUs (and the network
interconnect to each) becomes a SPoF for *fencing* the node, since you
need an ACK from both; two PDU approval from both. Basically, that
doubles the unreliability of the environment. And, if, indeed, you lose
power to one of the grids, *you can no longer fence* via this
mechanism.
Thus, this only makes sense as a fall-back mechanism, obviously. If we
have both (say, IPMI + dual switch), we actually want to not try them in
sequence though, but in parallel - to lower recovery time. (Waiting for
the IPMI network timeout isn't nice.)
Personally, I've tried to discourage users from building such
environments. Since most of our customers have something like shared
storage, I much prefer shared storage based fencing these days.
> time and I expect many users will run into this problem as they try to
> migrate to RHEL 7. I see no reason why this can't be properly handled in
> pacemaker directly.
Yes, why not, choice is a good thing ;-)
Regards,
Lars
--
Architect Storage/HA
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde
More information about the Pacemaker
mailing list