On Wed, May 6, 2009 at 10:13 AM, Peter Kruse <[email protected]> wrote: > Hello, > > thanks for your replies, > > Andreas Mock wrote: >>> If the PDUs becomes unavailable and shortly after the host is unavailable as >>> well, then assume the host is down and fenced successfully. >> >> 'assume' is the bad word here. Stonith is there so that the cluster does NOT >> have >> to assume anything, but be SURE that there is a predictible state of the >> cluster. > > You are saying that it is okay that a single failure can bring the cluster > in a unsolvable situation? I thought "SPoF" would be the bad word. > Because that's what it is.
Its a very bad word, but the SPoF is very clearly the hardware here. I understand that there are many reasons to want these integrated power switches to work in a clustered environment, but they don't. We all know they don't, but we come up with complex algorithms so that we can pretend that they do. >> IMHO you answered your question for yourself. ;-) > > I don't think so, the powerfail algorithm is of course a bit more complicated. But it can only ever be an approximation and one day it will be wrong. Which is not to say that its not a useful approximation or that I believe people should never ever use it... but people must be required to explicitly enable it and need to take responsibility for the potential consequences of that decision. _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
