On Nov 8, 2007, at 12:58 AM, Yan Fitterer wrote:
Andrew Beekhof wrote:
On Nov 7, 2007, at 3:12 PM, Yan Fitterer wrote:
My 2c... Although my experience is rather limited, I have
encountered
one real-life situation where ssh would not have worked. (split
brain
created by putting firewall in "closed" mode, i.e. all inbound IP
packets rejected by iptables, but outbound packets allowed). So the
cases where ssh is unsuitable are not that unusual.
I must say I concur with Alan, in real life, SSH is far too
fragile to
be a reliable STONITH method.
the point is not whether the ssh plugin will work in all cases - but
that the crm wont do anything until it _does_ work.
I understand (and so far as that particular logic goes, I agree),
but my
concern is with the proposal of having some "official"
recommendation to
use the SSH plugin in production systems. It's simply (at present)
just
not production quality,
We could always try and remedy that :-)
so IMHO we devalue HB's quality standing by
recommending people use it in production systems, whatever the
scenario.
Its not that I like suggesting SSH... but even with the proposal there
are _far_ more likely ways for your data to be corrupted if you don't
enable stonith.
From that perspective, I can't help but see SSH as the lesser of the
two evils.
In addition, the whole _point_ of STONITH is to provide a means of
recovering (read - release resource from) a node that's _independent_
from the target node. SSH fails that basic requirement.
Except that people are also suggesting a suicide plugin for heartbeat
which would also fail this criteria :-)
All of this of course doesn't help solve Alan's original proposal :( -
sorry no help there! (I know this is lame, but I'm trying to highlight
that proposing SSH STONITH may be a good technical way to solve the
"failed core processes" issue, but would bring along bigger issues
on a
different level).
Yan
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
