[ClusterLabs] Antw: Re: Antw: Re: Informing RAs about recovery: failed resource recovery, or any start-stop cycle?

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Fri May 20 11:12:28 CEST 2016


>>> Jehan-Guillaume de Rorthais <jgdr at dalibo.com> schrieb am 20.05.2016 um
09:59 in
Nachricht <20160520095934.029c1822 at firost>:
> Le Fri, 20 May 2016 08:39:42 +0200,
> "Ulrich Windl" <Ulrich.Windl at rz.uni-regensburg.de> a écrit :
> 
>> >>> Jehan-Guillaume de Rorthais <jgdr at dalibo.com> schrieb am 19.05.2016 um
>> >>> 21:29 in
>> Nachricht <20160519212947.6cc0fd7b at firost>:
>> [...]
>> > I was thinking of a use case where a graceful demote or stop action
failed
>> > multiple times and to give a chance to the RA to choose another method to

>> > stop
>> > the resource before it requires a migration. As instance, PostgreSQL has
3
>> > different kind of stop, the last one being not graceful, but still better

>> > than
>> > a kill -9.
>> 
>> For example the Xen RA tries a clean shutdown with a timeout of about 2/3
of
>> the timeout; it it fails it shuts the VM down the hard way.
> 
> Reading the Xen RA, I see they added a shutdown timeout escalation 
> parameter.

Not quite:
    if [ -n "$OCF_RESKEY_shutdown_timeout" ]; then
      timeout=$OCF_RESKEY_shutdown_timeout
    elif [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
      # Allow 2/3 of the action timeout for the orderly shutdown
      # (The origin unit is ms, hence the conversion)
      timeout=$((OCF_RESKEY_CRM_meta_timeout/1500))
    else
      timeout=60
    fi

> This is a reasonable solution, but isn't it possible to get the action 
> timeout
> directly? I looked for such information in the past with no success.

See above.

> 
>> 
>> I don't know Postgres in detail, but I could imagine a three step
approach:
>> 1) Shutdown after current operations have finished
>> 2) Shutdown regardless of pending operations (doing rollbacks)
>> 3) Shutdown the hard way, requiring recovery on the next start (I think in
>> Oracle this is called a "shutdown abort")
> 
> Exactly.
> 
>> Depending on the scenario one may start at step 2)
> 
> Indeed.
>  
>> [...]
>> I think RAs should not rely on "stop" being called multiple times for a
>> resource to be stopped.
> 
> Ok, so the RA should take care of their own escalation during a single 
> action.
> 
> Thanks, 

Regards,
Ulrich





More information about the Users mailing list