Andrew Beekhof wrote: > > On Nov 7, 2007, at 3:12 PM, Yan Fitterer wrote: > >> My 2c... Although my experience is rather limited, I have encountered >> one real-life situation where ssh would not have worked. (split brain >> created by putting firewall in "closed" mode, i.e. all inbound IP >> packets rejected by iptables, but outbound packets allowed). So the >> cases where ssh is unsuitable are not that unusual. >> >> I must say I concur with Alan, in real life, SSH is far too fragile to >> be a reliable STONITH method. > > the point is not whether the ssh plugin will work in all cases - but > that the crm wont do anything until it _does_ work.
I understand (and so far as that particular logic goes, I agree), but my concern is with the proposal of having some "official" recommendation to use the SSH plugin in production systems. It's simply (at present) just not production quality, so IMHO we devalue HB's quality standing by recommending people use it in production systems, whatever the scenario. In addition, the whole _point_ of STONITH is to provide a means of recovering (read - release resource from) a node that's _independent_ from the target node. SSH fails that basic requirement. All of this of course doesn't help solve Alan's original proposal :( - sorry no help there! (I know this is lame, but I'm trying to highlight that proposing SSH STONITH may be a good technical way to solve the "failed core processes" issue, but would bring along bigger issues on a different level). Yan _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
