[Pacemaker] some questions about STONITH

Lars Marowsky-Bree lmb at suse.com
Tue Nov 19 19:10:04 UTC 2013


On 2013-11-19T23:06:04, Andrey Groshev <greenx at yandex.ru> wrote:

> > First, like digimer wrote, clearly stonith-by-ssh is useless for
> > production since you can't fence nodes that are having problems. But for
> > testing, it's worth a try.
> Maybe I do not quite understand correctly the term "fence"

A "fence" request is executed when a node is deemed to be in an
untrustworthy state - when a stop has failed, or when a network error
occurs. Note that in the last case, login via ssh is obviously no longer
possible at all.

With the new fence-topology, you could try ssh first before escalating
to a real fencing mechanism, but why bother?

> > Note that cluster-glue actually does include an external/ssh script.
> > You're reinventing the wheel ;-)
> I've seen your script, thanks for the example
> But my wheels are hard! :)
> I need authorization by key, but but I do not want to mix them with /root/.ssh/...

Why not extend the existing agent rather than writing your own?

> I am indifferent what server reboot if the key matches.
> I exactly know that the server was rebooted.

I'm not sure about the first sentence; clearly you care which server is
rebooted, namely the one the cluster wants to have rebooted (or powered
off), right? That must be a misunderstanding.

Regards,
    Lars

-- 
Architect Storage/HA
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde





More information about the Pacemaker mailing list