[Pacemaker] RFC: "deadman" dependencies

Lars Marowsky-Bree lmb at novell.com
Thu Jun 24 15:33:13 UTC 2010


Hi,

this an a request for comments for so-called deadman dependencies, and
how they should/could be implemented. I'm intentionally using the
general user and not the dev list to get more user-feedback.

The idea itself is simple: it would allow to define that resources
depend on certain attributes, and if those attributes go away, that the
cluster would invoke fencing, to immediately terminate the resource.
(Instead of normal stop operations.) The goal is to significantly reduce
recovery time here. (This is part of the ideas needed for geo
clustering.)

Theoretically, an attribute to a rsc_order might work - clearly, the
attribute (or whatever pre-requisite) has to come first. Basically, an
order_type="deadman" (a stronger form of "Mandatory")?

What are your thoughts on the syntax?


Implementation-wise, unsatisfied deadman-dependencies would translate to
the node where affected resources are active (started, promoted, failed
stops, unmanaged non-withstanding) being scheduled for fencing
immediately. In fact, due to the recovery time goals, I'd suggest to
special case this - if the transition contains unsatisfied deadman
dependencies, skip everything both the STONITH resources and fencing
requests, and postpone all other start/stop actions to further
transitions; we don't want anything to interfere with this phase.


Regards,
    Lars

-- 
Architect Storage/HA, OPS Engineering, Novell, Inc.
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde





More information about the Pacemaker mailing list