<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi Dejan,<br><div>
</div>
<br><div><div>On 20.03.2012, at 15:25, Dejan Muhamedagic wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>Hi,<br><br>On Tue, Mar 20, 2012 at 08:52:39AM +0100, Mathias Nestler wrote:<br><blockquote type="cite">On 19.03.2012, at 20:26, Florian Haas wrote:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><blockquote type="cite">On Mon, Mar 19, 2012 at 8:14 PM, Mathias Nestler<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><<a href="mailto:mathias.nestler@barzahlen.de">mathias.nestler@barzahlen.de</a>> wrote:<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Hi everyone,<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">I am trying to setup an active/passive (2 nodes) Linux-HA cluster with corosync and pacemaker to hold a PostgreSQL-Database up and running. It works via DRBD and a service-ip. If node1 fails, node2 should take over. The same if PG runs on node2 and it fails. Everything works fine except the STONITH thing.<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Between the nodes is an dedicated HA-connection (10.10.10.X), so I have the following interface configuration:<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">eth0                        eth1                   host<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">10.10.10.251    172.10.10.1     node1<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">10.10.10.252    172.10.10.2     node2<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Stonith is enabled and I am testing with a ssh-agent to kill nodes.<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">crm configure property stonith-enabled=true<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">crm configure property stonith-action=poweroff<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">crm configure rsc_defaults resource-stickiness=100<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">crm configure property no-quorum-policy=ignore<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">crm configure primitive stonith_postgres stonith:external/ssh \<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">              params hostlist="node1 node2"<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">crm configure clone fencing_postgres stonith_postgres<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">You're missing location constraints, and doing this with 2 primitives<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">rather than 1 clone is usually cleaner. The example below is for<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">external/libvirt rather than external/ssh, but you ought to be able to<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">apply the concept anyhow:<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="http://www.hastexo.com/resources/hints-and-kinks/fencing-virtual-cluster-nodes">http://www.hastexo.com/resources/hints-and-kinks/fencing-virtual-cluster-nodes</a><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">As is understood the cluster decides which node has to be stonith'ed. Besides this, I already tried the following configuration:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">crm configure primitive stonith1_postgres stonith:ssh \<br></blockquote><blockquote type="cite"><span class="Apple-tab-span" style="white-space:pre">       </span>params hostlist="node1"<br></blockquote><blockquote type="cite"><span class="Apple-tab-span" style="white-space:pre">      </span>op monitor interval="25" timeout="10"<br></blockquote><blockquote type="cite">crm configure primitive stonith2_postgres stonith:ssh \<br></blockquote><blockquote type="cite"><span class="Apple-tab-span" style="white-space:pre">  </span>params hostlist="node2"<br></blockquote><blockquote type="cite"><span class="Apple-tab-span" style="white-space:pre">      </span>op monitor interval="25" timeout="10"<br></blockquote><blockquote type="cite">crm configure location stonith1_not_on_node1 stonith1_postgres \<br></blockquote><blockquote type="cite"><span class="Apple-tab-span" style="white-space:pre"> </span>-inf: node1<br></blockquote><blockquote type="cite">crm configure location stonith2_not_on_node2 stonith2_postgres \<br></blockquote><blockquote type="cite"><span class="Apple-tab-span" style="white-space:pre">       </span>-inf: node2<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">The result is the same :/<br></blockquote><br>Neither ssh nor external/ssh are supported fencing options. Both<br>include a sleep before reboot which makes the window in which<br>it's possible for both nodes to fence each other larger than it<br>is usually the case with production quality stonith plugins.<br></div></blockquote><div><br></div><div>I use this ssh-stonith only for testing. At the moment I am creating the cluster in a virtual environment. Besides this, what is the difference between ssh and external/ssh?</div><div>My problem is, that each node tries to kill the other. But I only want to kill the node with the postgres resource on it if connection between nodes breaks.</div><br><blockquote type="cite"><div><br>As for the configuration, I'd rather use the first one, just not<br>cloned. That also helps prevent mutual fencing.<br><br></div></blockquote><div><br></div><div>I cloned it because I also want the STONITH-feature if postgres lives on the other node. How can I achieve it?</div><br><blockquote type="cite"><div>See also:<br><br><a href="http://www.clusterlabs.org/doc/crm_fencing.html">http://www.clusterlabs.org/doc/crm_fencing.html</a><br><a href="http://ourobengr.com/ha">http://ourobengr.com/ha</a><br><br></div></blockquote><div><br></div><div>Thank you very much</div><div><br></div><div>Best</div><div>Mathias</div><br><blockquote type="cite"><div>Thanks,<br><br>Dejan<br><br><blockquote type="cite"><blockquote type="cite">Hope this helps.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Cheers,<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Florian<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Best<br></blockquote><blockquote type="cite">Mathias<br></blockquote><blockquote type="cite"><br></blockquote><br><blockquote type="cite">_______________________________________________<br></blockquote><blockquote type="cite">Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org">Pacemaker@oss.clusterlabs.org</a><br></blockquote><blockquote type="cite"><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Project Home: <a href="http://www.clusterlabs.org">http://www.clusterlabs.org</a><br></blockquote><blockquote type="cite">Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a><br></blockquote><blockquote type="cite">Bugs: <a href="http://bugs.clusterlabs.org">http://bugs.clusterlabs.org</a><br></blockquote><br><br>_______________________________________________<br>Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org">Pacemaker@oss.clusterlabs.org</a><br><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a><br><br>Project Home: http://www.clusterlabs.org<br>Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf<br>Bugs: http://bugs.clusterlabs.org<br></div></blockquote></div><br></body></html>