[Pacemaker] How to ensure that a resource is only running at one place?
Kevin Stevenard
kstevenard at gmail.com
Wed May 25 07:27:02 UTC 2011
Hi Mark,
I totally agree with that, I was looking for a quick and simple
solution to this problem. But indeed it makes no sense to check
somewhere if a resource that should not run is running. I also imagine
that it would induce more work and a higher load due to those unneeded
checks.
I also understand now why it can be interesting to switch from basic
lsb scripts to generic OCF resource agent, just to get rid of the old
fashioned init.d script to avoid that scatter-brained users start
resources manually as when there was no pacemaker cluster.
Thank you,
Kevin,
> > Because by default on my asymmetric cluster I saw that the op monitor
> > action is only executed on the node where the resource is currently running,
> > and when a user start manually (not through the crm) the same resource on
> > another node pacemaker won't see it because it is not executing the op
> > monitor on all nodes that are potentially able to run the resource.
> >
>
> This makes complete sense. If pacemaker didn't start a resource, how is it
> expected to know to manage that resource?
>
>
> >
> > Am I obliged to write my own RA with a master/slave or primary/secondary
> > knowledge to be sure that the resource is active only at one place at a
> > time?
> >
> >
> Really, it seems the only obligation is to not allow a user to have shell
> access on your cluster nodes if they can't understand the concept of what a
> cluster is and won't listen to you when you explain to them that they must
> not start resources on their own just because they feel like it. It takes
> very little time to teach a user how to run 'crm status' or to show them a
> simple web page that will show them the status of all cluster resouces, so
> they can tell for themselves that the service they're about to start is
> already running (see the -h switch for crm_mon and imagine how you can have
> an apache resource that runs to show the web page it outputs).
>
> If a user doesn't understand what is really a pretty simple concept ("we run
> a cluster suite and it starts/stops these particular resources itself, so
> don't ever, ever touch them unless told to do so"), then it's pretty
> dangerous to let them onto the cluster nodes in the first place, no? Do you
> have the option of changing permissions so that the users can't start the
> resource, can't execute the scripts/binaries required, and instead only the
> cluster suite, the root user, and perhaps a trusted admin or two can?
>
> Regards,
> Mark
More information about the Pacemaker
mailing list