On Tue, May 14, 2013 at 04:06:09PM +0200, Lars Marowsky-Bree wrote:
> On 2013-05-14T09:54:55, David Vossel <dvos...@redhat.com> wrote:
>
> > Here's what it comes down to. You aren't guaranteed exclusive
> > activation just because pacemaker is in control. There are scenarios
> > with SAN disks where the node starts up and can potentially attempt to
> > activate a volume before pacemaker has initialized.
>
> Yeah, from what I've read in the code, the tagged activation would also
> prevent a manual (or on-boot) vg/lv activation (because it seems lvm
> itself will refuse). That seems like a good idea to me. Unless I'm
> wrong, that concept seems sound, barring bugs that need fixing.
Sure.
And I'm not at all oposed to using tags.
I want to get rid of the layer violation,
which is the one Bad Thing I'm complaining about.
Also, note that on stop, this strips all tags, leaving it untagged.
On the next cluster boot, if that was really the concern,
all nodes would grab and activate the VG, as it is untagged...
So no, in the current form,
it just *pretends* to protect against a number of things,
but actually does not.
And that is the other, even worse, Bad Thing.
> That's similar to what cLVM2 does and protects against, but without
> needing the cLVM2/DLM bits; that has, uhm, advantages too.
>
> In short, I'm in favor of this feature. (Clearly, lge has pointed out
> one or two issues that need fixing, that doesn't detract from the
> idea.)
But that would be implemented simply by using tags, and on
start:
re-tag with my nodename
activate
That way, it is always tagged, so no stupid initrd, udev or boot script,
not even a tired admin, will "accidentally" activate it.
No need for anything else,
no callout to membership necessary.
All that smoke and mirrors adds complexity, and does not buy us anything,
but a false sense of what that could possibly protect us against.
If it was tagged with an other node name that is in the membership,
then pacemaker would know about it, too, and had made sure it is not
activated there.
If that other node was not in the membership,
we would re-tag and activate anyways.
So why not just do that,
document that it is done this way,
and not pretend it would do more than that.
It does not.
Lars
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
_______________________________________________
Linux-HA mailing list
Linux-HA@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
