Hi all, I just found a whitepaper from XenServer - seem they implement some kind of self-fencing:
-----text from XenServer High Availability Whitepaper------- The worst-case scenario for HA is the situation where a host is thought to be off-line but is actually still writing to the shared storage, because this can result in corruption of persistent data. To prevent this situation without requiring active power strip controls, XenServer employs hypervisor-level fencing. This is a Xen modification which hard-powers off the host at a very low-level if it does not hear regularly from a watchdog process running in the control domain. Because it is implemented at a very low-level, this also protects the storage in the case where the control domain becomes unresponsive for some reason. -------------- Does that really make sense? That seem to be a very unreliable solution, because there is no guarantee that a failed node 'self-fence' itself? Or do I miss something? - Dietmar _______________________________________________ Openais mailing list Openais@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/openais