Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
On 06/22/2011 12:10 PM, Florian Haas wrote: > Don't Do That Then.™ ;) I'd love (not) to! Apart from implementing my own "crm node standby" wrapper script, can I somehow configure pacemaker to give me a hint to the effect of "you're trying to put node X on standby, but trust me, it's not a good idea"? In the end, this may probably turn out to be a question of policy, as in "the documentation to my sys-ops staff should include a mandatory check of the DRBD status before initiating any failovers", but I like additional safety nets. Plus, if pacemaker decides on its own that a failover is necessary (ping went away etc.) and for one reason or another a quick sync had been triggered (activity log resync after maintenance-cron task or similar - granted, this shouldn't really happen), it may shoot itself in the food unnecessarily. I'm fetching from quite afar here, but as you put it - the train of thought raises interesting questions. > That would be attempting to put out a fire with gasoline. A failed stop > leads to fencing, and then you've got an inconsistent node and a dead node. Does this hold true when stonith-enabled=false? Your explanations on why my initial approach is a Bad Idea are much appreciated. Cheers, Felix