[email protected] (Mindaugas Rasiukevicius) writes: >> In my use case, a broken filesystem is usually a sign of an unnoticed >> hardware or software error and the best reaction to recover is to >> panic (and throw the data away, the machines have only temporary >> data). Continuing with a read-only filesystem doesn't do any good, >> because you have no means to find out wether the data you can read >> is complete or correct.
>Why not? It seems to be a question of how do you communicate the errors >back to the applications or administrator. There are applications which >gracefully handle EIOs exactly for this purpose. The fact that they are >very rare does not mean they do not exist. :) See, that's what "in my use case" means. >> Most clustered systems also handle complete outages better than >> a degraded mode. That's why you have things like STONITH. >It really depends on the application or service; you often have to take >design considerations for both though. That was the point, there is no definitive solution. You, as an administrator, need to choose.
