[Drbd-dev] DRBD8: Split-brain false positive on Primary/primary
potential patch
Sudhakar Mekathotti
mekats at gmail.com
Sat Nov 18 13:20:56 CET 2006
On 11/16/06, Graham, Simon <Simon.Graham at stratus.com> wrote:
>
> Not sure I agree that the current behavior is protecting users from
> themselves -- it only causes the split-brain if you lose the n/w and during
> 'normal' operation and there is nothing that protects against mounting a
> 1-node fs on both nodes of a primary-primary DRBD cluster.
>
> Running primary-secondary doesn't work if you are in a situation where it
> is not possible to switch primaryness when failing over; a good example of
> that is if you want to run a Xen virtual machine on top of a DRBD partition
> and support live migration of the VM (the problem is that Xen doesn't
> provide the means to execute a script to change primaryness at the required
> point in the migration). Of course you could argue that this is a Xen bug
> _but_ pragmatically, the proposed patch to delay updating the UUID until an
> actual write occurs preserves (I believe) correctness in DRBD and works
> without introducing new features into Xen.
>
> Recovering from split-brain automatically is of course something that is
> incredibly valuable but I think it can be treated orthogonally to the
> proposed fix.
I think from a technical perspective, automatically recovering from
split-brain is nice to have. But from a user perspective, I would in almost
all cases refrain from using that feature as I would like to make double
sure my data is consistent and makes 'business sense' before electing which
disk to be primary.
-----Original Message-----
> From: Philipp Reisner [mailto: philipp.reisner at linbit.com]
> Sent: Thursday, November 16, 2006 4:10 AM
> To: drbd-dev at linbit.com
> Cc: Montrose, Ernest; Graham, Simon
> Subject: Re: [Drbd-dev] DRBD8: Split-brain false positive on
> Primary/primary potential patch
>
> Am Dienstag, 7. November 2006 00:47 schrieb Montrose, Ernest:
> > When running Primary/Primary if the Heartbeat connection goes down when
> > we recover we always split brain. Simon had an idea which I have
> > implemented. He is on vacation so this may not reflect his exact idea.
> >
> > Essentially with this change, we do not create a new current UUID on the
> > node unless I/O is seen. This prevent Split-Brain mitigation when both
> > nodes are primary but only one node is originating I/O and never the
> > other. He is only stand-by in that case.
> >
> > Take a look and let me know.
>
>
[snip]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linbit.com/pipermail/drbd-dev/attachments/20061118/6ca36ab2/attachment.html
More information about the drbd-dev
mailing list