[ClusterLabs] Using cluster without fencing

Sergey Cherukhin sergey.cherukhin at gmail.com
Mon Oct 16 03:20:52 EDT 2023 

пн, 16 окт. 2023 г. в 13:42, Andrei Borzenkov <arvidjaar at gmail.com>:

> On Mon, Oct 16, 2023 at 9:28 AM Sergey Cherukhin
> <sergey.cherukhin at gmail.com> wrote:
> >
> > Hello!
> >
> > I use Postgresql+Pacemaker+Corosync 3 nodes cluster with 2 Postgresql
> instances in synchronous replication mode on two high performance nodes and
> Pacemaker+Corosync on the third low performance node for quorum only. At
> the same time a SCADA HMI software is running on the high performance
> nodes. This SCADA  software uses its own redundancy technology.
> >
> > In this case I can't use fencing as usual to power off or reboot a
> failed node, because the operator will be very surprised when his
> workstation will be shutted down due to database failure.
> >
>
> You can use the third node as a quorum device instead of the full
> member, it will never be fenced.
>

I already use the third node as a quorum device only.


> > What type of fencing should I use in this case?
> >
>
> Whatever is technically feasible. Your nodes may have BMC with IPMI.
> Another possibility is iSCSI target on the third node and SBD. If you
> are using HPC, you may have shared storage already.
>
> There are generic high-performance rack-mount industrial PCs will be used
for Postgresql and SCADA nodes, supporting of any realisation of IPMI is
not guaranteed (not documented). For witness node low-performance mini-PC
will be used.  Hardware set can not be expanded.
No iSCSI devices can be used.  Node powering off by UPS or PDU is not
allowed because of SCADA software.
Can I use resource level fencing instead of node level fencing in this case?



> > On the other hand,  Postgresql instances don't use any shared resources.
> Is it possible to use cluster without fencing in this case?
> >
>
> This is a common misconception. Your replicated database *is* the
> shared resource. Ask yourself - what happens if both instances decide
> they are masters and start serving different clients? If you really do
> not care, you do not need any failover cluster in the first place.
>

I use the third node as a quorum device only to prevent split-brain. What
else can go wrong in two instance replication?



> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20231016/535f3345/attachment.htm>

More information about the Users mailing list