[ClusterLabs] Using cluster without fencing
Andrei Borzenkov
arvidjaar at gmail.com
Mon Oct 16 02:42:13 EDT 2023
On Mon, Oct 16, 2023 at 9:28 AM Sergey Cherukhin
<sergey.cherukhin at gmail.com> wrote:
>
> Hello!
>
> I use Postgresql+Pacemaker+Corosync 3 nodes cluster with 2 Postgresql instances in synchronous replication mode on two high performance nodes and Pacemaker+Corosync on the third low performance node for quorum only. At the same time a SCADA HMI software is running on the high performance nodes. This SCADA software uses its own redundancy technology.
>
> In this case I can't use fencing as usual to power off or reboot a failed node, because the operator will be very surprised when his workstation will be shutted down due to database failure.
>
You can use the third node as a quorum device instead of the full
member, it will never be fenced.
> What type of fencing should I use in this case?
>
Whatever is technically feasible. Your nodes may have BMC with IPMI.
Another possibility is iSCSI target on the third node and SBD. If you
are using HPC, you may have shared storage already.
> On the other hand, Postgresql instances don't use any shared resources. Is it possible to use cluster without fencing in this case?
>
This is a common misconception. Your replicated database *is* the
shared resource. Ask yourself - what happens if both instances decide
they are masters and start serving different clients? If you really do
not care, you do not need any failover cluster in the first place.
More information about the Users
mailing list