[Pacemaker] STONIH device and two-active DRBDs with GFS2
Digimer
lists at alteeve.ca
Sat Oct 6 16:41:44 UTC 2012
On 10/06/2012 06:28 AM, Tero Mäntyvaara wrote:
> Hi,
>
> I have read the tutorial you provide on your web site but I am
> struggling with the node level STONITH device which I currently do not
> have.
>
> I was wondering if I set two-active DRBD and because - by your
> tutorial in chapter 8.2.3 - CMAN is being used as fencing device too,
> is STONITH device necessary any more.
>
> But if STONITH device is necessary any way, what would be a) the
> cheapest solution for node level fencing and b) the best solution for
> resource level fencing? Is resource level fencing possible without
> external or separate HW? How do I set resource fencing for STONITH? Is
> node level fencing possible with the cross-over serial connection
> between nodes? How about IP over USB with USB hub or Linux compatible
> USB link cable between nodes?
>
> Sincerely
> Tero Mäntyvaara
If you want to run dual-primary, then yes, stonith (aka "fencing") is
required. Once you have stonith working in pacemaker, you can "hook"
DRBD into it using the 'crm-fence-peer.sh' script.
As for CMAN, it provides DLM, the Distributed Lock Manager, which is
used for GFS2 and Clustered LVM, two popular tools used on top of DRBD.
If you don't want to use these, then CMAN is not needed. If you do, you
need to setup a minimal cluster.conf, and in it, define the nodes and
tell them to use 'fence_pcmk'.
Fencing comes in two main flavours; Power and Fabric fencing. The former
is by far the most common, and actually resets or powers off the target
machine. The later disconnects the target machine from the network but
leaves the victim powered on.
For power fencing, the most common method is to use the server's out of
band management (IPMI, iLO, DRAC, RSA, etc). If you have this on your
servers, then implementing fencing will be effectively free of cost. If
you don't, then the most common alternate is to use a switched PDU
(network connected power bar with individual control of each outlet).
Not all models are supported though; APC's AP 7900 (or your country's
version) is my personal favourite. In fact, I use IPMI and also Switched
PDUs as a backup form of fencing.
Any fence method that requires the target to respond, like ssh-based or
whatnot, is fatally flawed. You can test this by sending 'echo c >
/proc/sysrq-trigger', which totally hangs the node. You can also see the
flaw in this by unplugging the network connection between the nodes,
causing a "split brain" between the nodes, which is the most dangerous
scenario that fencing saves your from.
hth
--
Digimer
Papers and Projects: https://alteeve.ca/w/
"Hydrogen is just a colourless, odorless gas which, if left alone in
sufficient quantities for long periods of time, begins to think about
itself."
More information about the Pacemaker
mailing list