Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
On Thu, 18 Dec 2003 07:45:57 +0100 Lars wrote: [this was a thread originally on drbd-dev, but is probably more appropriate for drbd-user] > Levent Sasmazel: [discussion of what happens if node A fails to node B, then after a while node B dies, then node A comes back up] > > Question: What will happen when both drbd s are up after this point? > have a look at the inittimeout, skip-wait and load-only keyword in > the sample config file, understand what they do, and if you care > for your data integrity: don't use them. I wanted to follow up this point, because I'm looking at the various options here, and I want to make sure I fully understand the consequences. Lars, you say "if you care for your data integrity: don't use them". This is a "scary" comment, so I want to be ultra sure about what I'm doing. After reading the docs, and the example config file, my understanding is as follows, from the point of view of data integrity (ignoring the availability): (I'm only considering inittimeout and load-only here) - initttimeout = 0 : SAFE (will wait for operator) - inittimeout = positive : UNSAFE (will force primary after timeout) - inittimeout = negative : SAFE (will start, but in secondary mode) - load-only : SAFE (will start, but in secondary mode) However, this seems at odds with your statement "don't use them". My understanding was that only setting inittimeout to a positive value could compromise the data. In particular, I was thinking of using load-only and letting heartbeat decide (via datadisk) what to do. Is this safe? As I understand it, executing "datadisk start" will never cause a node to become primary if the state of the other node is "Unknown", therefore this should be safe - is that correct, or am I missing something? Thanks, Tim