On Mon, May 11, 2009 at 11:52 AM, Peter Kruse <[email protected]> wrote: > Hi Andrew, > > Andrew Beekhof wrote: >> Any switch that shares power with the host(s) it controls clearly has a SPoF. >> You don't need me to tell you that. > > But that does not have to be a SPoF for the entire system!
By default, yes it does. Because the cluster cannot guarantee, with 0.0000000% doubt, that the node is totally dead. STONITH is supposed to provide that guarantee, but this type of SPoF makes this impossible. If the admin can tolerate an X% chance of data corruption, then they're free to enable the (future) option. And if they really don't care about their data they can use ssh instead :-) > The problem here > is that a single failure (power loss) causes not only one node to > go down (and the pdu itself, yes), but the whole system stops working > properly. Now you now have to say that one has to equip the pdus with > redundant power supplies. Unfortunately I know of no such device. Which > brings me to the conclusion that nobody has yet developed a device that works > as a fully supported and recommended stonith device. Which is kind of a > dilemma. > >> The scenario they don't work in might be acceptably unlikely for most >> people, but the risk is there. >> However, as I keep saying, I've no objection an option that implements >> the failsafe algorithm (and documents the reason it exists) > > I would certainly vote for this. Got a patch handy? I'll apply it :-) _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
