[DRBD-user] Xen allows user to start guest host, even when drbd-device is secondary?

Bas van Schaik bas at tuxes.nl
Wed Aug 15 20:23:16 CEST 2007


Hi all,

First of all: I was very surprised by the degree of sophistication of
drbd, a big thanks to the developers!

Back to my problem: I successfully managed to set up two (Debian Etch)
Xen servers running several Xen guests. Every guest depends on an
drbd-device (lets say: /dev/drbd0) for its root filesystem and uses a
simple local logical volume for it's swap. The two Xen servers share
their drbd-devices, effectively creating a redundant set up of virtual
machines. So far, so good.

Of course, every drbd-device can only have one primary Xen server (I'm
still using drbd 0.7) and the secondary Xen server refuses writing to
/dev/drbd0. The primary Xen server runs the actual guest host and allows
r/w access to /dev/drbd0. As documented, it's impossible to mount the
/dev/drbd0 image on the secondary host, but I found out that it actually
is possible to start the Xen guest host using /dev/drbd0. Check out the
output of 'xm dry-run mymachine.cfg':
> Using config file "mymachine.cfg".
> Checking domain:
>    mymachine: PERMITTED
> Checking resources:
>    phy:/dev/drbd0: PERMITTED
>    phy:/dev/vg_xen/mymachine-swap: PERMITTED
> Dry Run: PASSED

Clearly xm doesn't check if it can open /dev/drbd0 for writing and thus
allows the user to start the guest host. Of course, this host will hang
when trying to write to it's root filesystem, since writing to
/dev/drbd0 is not allowed.

This seems to be more a Xen bug than a bug in drbd. However, maybe one
of you knows a solution for this behavior? I would be perfectly happy if
drbd also refused reading from /dev/drbd0 if in secondary mode, but I
didn't found out how to configure drbd to act like this.

Your suggestions are highly appreciated!

Regards,

  -- Bas van Schaik



More information about the drbd-user mailing list