[Pacemaker] some questions about STONITH
Lars Marowsky-Bree
lmb at suse.com
Tue Nov 19 14:10:04 EST 2013
On 2013-11-19T23:06:04, Andrey Groshev <greenx at yandex.ru> wrote:
> > First, like digimer wrote, clearly stonith-by-ssh is useless for
> > production since you can't fence nodes that are having problems. But for
> > testing, it's worth a try.
> Maybe I do not quite understand correctly the term "fence"
A "fence" request is executed when a node is deemed to be in an
untrustworthy state - when a stop has failed, or when a network error
occurs. Note that in the last case, login via ssh is obviously no longer
possible at all.
With the new fence-topology, you could try ssh first before escalating
to a real fencing mechanism, but why bother?
> > Note that cluster-glue actually does include an external/ssh script.
> > You're reinventing the wheel ;-)
> I've seen your script, thanks for the example
> But my wheels are hard! :)
> I need authorization by key, but but I do not want to mix them with /root/.ssh/...
Why not extend the existing agent rather than writing your own?
> I am indifferent what server reboot if the key matches.
> I exactly know that the server was rebooted.
I'm not sure about the first sentence; clearly you care which server is
rebooted, namely the one the cluster wants to have rebooted (or powered
off), right? That must be a misunderstanding.
Regards,
Lars
--
Architect Storage/HA
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde
More information about the Pacemaker
mailing list