This would be possible with a "null" comm plugin (instead of talking to
heartbeat or openAIS).
Does such a plugin exist already ?
Is it possible to enable Pacemaker to fully Manually control it - aka no
automatic actions, every transition confirmed by the administrator ?
That's an interesting request. No, this is not currently possible. Can
you elaborate the use case a bit further?
Well the idea is to automate system administration while letting the
administrator be the commander in chief :)
Setting up disaster recovery sites is difficult and errorprone. You have
to think about a lot of possible failures and in case of a real
disaster, double failures are very likly to happen. So setting up a
automatic failover for disaster protection is not a good idea. The
disaster recovery setup of Heartbeat is not well suited yet for this
purpose, but may be in the future (quorumd etc.). On the other hand in
disaster situations everyboy is very "stessed" - things need to be done
fast and controlled without reading 100 pages ++ documentation. So for
that a controlled service start is important (dependencies, also cross
machine dependencies and order constraints). Starting services manually
and bringing up IP's and doing DNS records is not a good idea.
To combine both approaches a technique were the administrator can
configure pacemaker to manually confirm every action would be great (not
on the quorum level at heartbeat, quorum is still a requirement).
Pacemaker elaborates a "action plan" - or you can also call it a
"dynamic fully automatic disaster recovery plan" based on the cules and
constraints you have defined - the administrator looks over it (he
actually sees what willl be fonde in which order in a clear and readable
way, but maybe thats a TODO :) ) - and agrees or disagrees with this
actions. this can either be a simple command "Yes make it so" or a
chance to modify the behaviour "Ok, let me edit the disaster plan first
and then make it so".
Thus the administrator is in control of the situation, complex site 2
site failovers with two nodes are doable (may machines) and the setup
can be easily adopted to fully automatic failover on a per cluster bases
and when quorum daemon is reliable, or you have a 3rd datacenter handy.
All of this wihtout reconfiguration and doing all the testing again,
becuase you actually just automatically say "Yes make it so" in case of
a automatic failover.
I hope this makes the idea clear.
Regards,
Robert
_______________________________________________
Pacemaker mailing list
[email protected]
http://list.clusterlabs.org/mailman/listinfo/pacemaker
