* Paolo Bonzini (pbonz...@redhat.com) wrote: > > > On 23/04/2015 13:36, Kevin Wolf wrote: > > Crap. Then we need to figure out dynamic reconfiguration for filters > > (CCed Markus and Jeff). > > > > And this is really part of the fundamental operation mode and not just a > > way to give users a way to change their mind at runtime? Because if it > > were, we could go forward without that for the start and add dynamic > > reconfiguration in a second step. > > I honestly don't know. Wen, David?
As presented at the moment, I don't see there's any dynamic reconfiguration on the primary side at the moment - it starts up in the configuration with the quorum(disk, NBD), and that's the way it stays throughout the fault-tolerant setup; the primary doesn't start running until the secondary is connected. Similarly the secondary startups in the configuration and stays that way; the interesting question to me is what happens after a failure. If the secondary fails, then your primary is still quorum(disk, NBD) but the NBD side is dead - so I don't think you need to do anything there immediately. If the primary fails, and the secondary takes over, then a lot of the stuff on the secondary now becomes redundent; does that stay the same and just operate in some form of passthrough - or does it need to change configuration? The hard part to me is how to bring it back into fault-tolerance now; after a primary failure, the secondary now needs to morph into something like a primary, and somehow you need to bring up a new secondary and get that new secondary an image of the primaries current disk. Dave > Paolo > > > Anyway, even if we move it to a second step, it looks like we need to > > design something rather soon now. -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
