[ClusterLabs] Is fencing really a must for Postgres failover?

Wed Feb 13 12:10:54 UTC 2019

On Wed, 13 Feb 2019 13:02:30 +0100
Maciej S <internet at swierki.com> wrote:

> Thank you all for the answers. I can see your point, but anyway it seems
> that fencing is like for additional precaution.

It's not.

> If my requirements allow some manual intervention in some cases (eg.
> unknown resource state after failover), then I might go ahead without
> fencing. At least until STONITH is not mandatory :)

Well, then soon or later, we'll talk again about how to quickly restore your
service and/or data. And the answer will be difficult to swallow.

Good luck :)

> pon., 11 lut 2019 o 17:54 Digimer <lists at alteeve.ca> napisał(a):
> 
> > On 2019-02-11 6:34 a.m., Maciej S wrote:  
> > > I was wondering if anyone can give a plain answer if fencing is really
> > > needed in case there are no shared resources being used (as far as I
> > > define shared resource).
> > >
> > > We want to use PAF or other Postgres (with replicated data files on the
> > > local drives) failover agent together with Corosync, Pacemaker and
> > > virtual IP resource and I am wondering if there is a need for fencing
> > > (which is very close bind to an infrastructure) if a Pacemaker is
> > > already controlling resources state. I know that in failover case there
> > > might be a need to add functionality to recover master that entered
> > > dirty shutdown state (eg. in case of power outage), but I can't see any
> > > case where fencing is really necessary. Am I wrong?
> > >
> > > I was looking for a strict answer but I couldn't find one...
> > >
> > > Regards,
> > > Maciej  
> >
> > Fencing is as required as a wearing a seat belt in a car. You can
> > physically make things work, but the first time you're "in an accident",
> > you're screwed.
> >
> > Think of it this way;
> >
> > If services can run in two or more places at the same time without
> > coordination, you don't need a cluster, just run things everywhere. If
> > you need coordination though, you need fencing.
> >
> > The role of fencing is to force a node that has entered into an unknown
> > state and force it into a known state. In a system that requires
> > coordination, often times fencing is the only way to ensure sane operation.
> >
> > Also, with pacemaker v2, fencing (stonith) became mandatory at a
> > programmatic level.
> >
> > --
> > Digimer
> > Papers and Projects: https://alteeve.com/w/
> > "I am, somehow, less interested in the weight and convolutions of
> > Einstein’s brain than in the near certainty that people of equal talent
> > have lived and died in cotton fields and sweatshops." - Stephen Jay Gould
> >  

-- 
Jehan-Guillaume de Rorthais
Dalibo