[Pacemaker] STONIH device and two-active DRBDs with GFS2

Digimer lists at alteeve.ca
Sat Oct 6 16:41:44 UTC 2012 

On 10/06/2012 06:28 AM, Tero Mäntyvaara wrote:
> Hi,
>
> I have read the tutorial you provide on your web site but I am
> struggling with the node level STONITH device which I currently do not
> have.
>
> I was wondering if I set two-active DRBD and because - by your
> tutorial in chapter 8.2.3 - CMAN is being used as fencing device too,
> is STONITH device necessary any more.
>
> But if STONITH device is necessary any way, what would be  a) the
> cheapest solution for node level fencing and b) the best solution for
> resource level fencing? Is resource level fencing possible without
> external or separate HW? How do I set resource fencing for STONITH? Is
> node level fencing possible with the cross-over serial connection
> between nodes? How about IP over USB with USB hub or Linux compatible
> USB link cable between nodes?
>
> Sincerely
> Tero Mäntyvaara

If you want to run dual-primary, then yes, stonith (aka "fencing") is 
required. Once you have stonith working in pacemaker, you can "hook" 
DRBD into it using the 'crm-fence-peer.sh' script.

As for CMAN, it provides DLM, the Distributed Lock Manager, which is 
used for GFS2 and Clustered LVM, two popular tools used on top of DRBD. 
If you don't want to use these, then CMAN is not needed. If you do, you 
need to setup a minimal cluster.conf, and in it, define the nodes and 
tell them to use 'fence_pcmk'.

Fencing comes in two main flavours; Power and Fabric fencing. The former 
is by far the most common, and actually resets or powers off the target 
machine. The later disconnects the target machine from the network but 
leaves the victim powered on.

For power fencing, the most common method is to use the server's out of 
band management (IPMI, iLO, DRAC, RSA, etc). If you have this on your 
servers, then implementing fencing will be effectively free of cost. If 
you don't, then the most common alternate is to use a switched PDU 
(network connected power bar with individual control of each outlet). 
Not all models are supported though; APC's AP 7900 (or your country's 
version) is my personal favourite. In fact, I use IPMI and also Switched 
PDUs as a backup form of fencing.

Any fence method that requires the target to respond, like ssh-based or 
whatnot, is fatally flawed. You can test this by sending 'echo c > 
/proc/sysrq-trigger', which totally hangs the node. You can also see the 
flaw in this by unplugging the network connection between the nodes, 
causing a "split brain" between the nodes, which is the most dangerous 
scenario that fencing saves your from.

hth

-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
"Hydrogen is just a colourless, odorless gas which, if left alone in 
sufficient quantities for long periods of time, begins to think about 
itself."

More information about the Pacemaker mailing list