[Pacemaker] Using pacemaker for service startup / single node cluster ?

Robert reg at elconas.de
Fri Aug 15 08:54:41 EDT 2008

> This would be possible with a "null" comm plugin (instead of talking to
> heartbeat or openAIS).
Does such a plugin exist already ?
>> Is it possible to enable Pacemaker to fully Manually control it - aka no 
>> automatic actions, every transition confirmed by the administrator ?
> That's an interesting request. No, this is not currently possible. Can
> you elaborate the use case a bit further?
Well the idea is to automate system administration while letting the 
administrator be the commander in chief :)

Setting up disaster recovery sites is difficult and errorprone. You have 
to think about a lot of possible failures and in case of a real 
disaster, double failures are very likly to happen. So setting up a 
automatic failover for disaster protection is not a good idea. The 
disaster recovery setup of Heartbeat is not well suited yet for this 
purpose, but may be in the future (quorumd etc.). On the other hand in 
disaster situations everyboy is very "stessed" - things need to be done 
fast and controlled without reading 100 pages ++ documentation. So for 
that a controlled service start is important (dependencies, also cross 
machine dependencies and order constraints). Starting services manually 
and bringing up IP's and doing DNS records is not a good idea.

To combine both approaches a technique were the administrator can 
configure pacemaker to manually confirm every action would be great (not 
on the quorum level at heartbeat, quorum is still a requirement). 
Pacemaker elaborates a "action plan" - or you can also call it a 
"dynamic fully automatic disaster recovery plan" based on the cules and 
constraints you have defined - the administrator looks over it (he 
actually sees what willl be fonde in which order in a clear and readable 
way, but maybe thats a TODO :) ) - and agrees or disagrees with this 
actions. this can either be a simple command "Yes make it so" or a 
chance to modify the behaviour "Ok, let me edit the disaster plan first 
and then make it so".

Thus the administrator is in control of the situation, complex site 2 
site failovers with two nodes are doable (may machines) and the setup 
can be easily adopted to fully automatic failover on a per cluster bases 
and when quorum daemon is reliable, or you have a 3rd datacenter handy. 
All of this wihtout reconfiguration and doing all the testing again, 
becuase you actually just automatically say "Yes make it so" in case of 
a automatic failover.

I hope this makes the idea clear.


More information about the Pacemaker mailing list