[DRBD-user] Performing crm failover using crm node standby

Felix Frank ff at mpexnet.de
Wed Jun 22 12:49:36 CEST 2011

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.


On 06/22/2011 12:10 PM, Florian Haas wrote:
> Don't Do That Then.™ ;)

I'd love (not) to!

Apart from implementing my own "crm node standby" wrapper script, can I
somehow configure pacemaker to give me a hint to the effect of "you're
trying to put node X on standby, but trust me, it's not a good idea"?

In the end, this may probably turn out to be a question of policy, as in
"the documentation to my sys-ops staff should include a mandatory check
of the DRBD status before initiating any failovers", but I like
additional safety nets.

Plus, if pacemaker decides on its own that a failover is necessary (ping
went away etc.) and for one reason or another a quick sync had been
triggered (activity log resync after maintenance-cron task or similar -
granted, this shouldn't really happen), it may shoot itself in the food
unnecessarily. I'm fetching from quite afar here, but as you put it -
the train of thought raises interesting questions.

> That would be attempting to put out a fire with gasoline. A failed stop
> leads to fencing, and then you've got an inconsistent node and a dead node.

Does this hold true when stonith-enabled=false?

Your explanations on why my initial approach is a Bad Idea are much
appreciated.

Cheers,
Felix



More information about the drbd-user mailing list