[Pacemaker] How to ensure that a resource is only running at one place?
Andrew Beekhof
andrew at beekhof.net
Mon Jun 20 22:32:54 EDT 2011
On Wed, May 25, 2011 at 5:27 PM, Kevin Stevenard <kstevenard at gmail.com> wrote:
> Hi Mark,
>
> I totally agree with that, I was looking for a quick and simple
> solution to this problem. But indeed it makes no sense to check
> somewhere if a resource that should not run is running.
lmb has been campaigning for such a feature too.
so i'd not be surprised to see it as an option in the future
> I also imagine
> that it would induce more work and a higher load due to those unneeded
> checks.
>
> I also understand now why it can be interesting to switch from basic
> lsb scripts to generic OCF resource agent, just to get rid of the old
> fashioned init.d script to avoid that scatter-brained users start
> resources manually as when there was no pacemaker cluster.
>
> Thank you,
>
> Kevin,
>
>> > Because by default on my asymmetric cluster I saw that the op monitor
>> > action is only executed on the node where the resource is currently running,
>> > and when a user start manually (not through the crm) the same resource on
>> > another node pacemaker won't see it because it is not executing the op
>> > monitor on all nodes that are potentially able to run the resource.
>> >
>>
>> This makes complete sense. If pacemaker didn't start a resource, how is it
>> expected to know to manage that resource?
>>
>>
>> >
>> > Am I obliged to write my own RA with a master/slave or primary/secondary
>> > knowledge to be sure that the resource is active only at one place at a
>> > time?
>> >
>> >
>> Really, it seems the only obligation is to not allow a user to have shell
>> access on your cluster nodes if they can't understand the concept of what a
>> cluster is and won't listen to you when you explain to them that they must
>> not start resources on their own just because they feel like it. It takes
>> very little time to teach a user how to run 'crm status' or to show them a
>> simple web page that will show them the status of all cluster resouces, so
>> they can tell for themselves that the service they're about to start is
>> already running (see the -h switch for crm_mon and imagine how you can have
>> an apache resource that runs to show the web page it outputs).
>>
>> If a user doesn't understand what is really a pretty simple concept ("we run
>> a cluster suite and it starts/stops these particular resources itself, so
>> don't ever, ever touch them unless told to do so"), then it's pretty
>> dangerous to let them onto the cluster nodes in the first place, no? Do you
>> have the option of changing permissions so that the users can't start the
>> resource, can't execute the scripts/binaries required, and instead only the
>> cluster suite, the root user, and perhaps a trusted admin or two can?
>>
>> Regards,
>> Mark
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
>
More information about the Pacemaker
mailing list