[ClusterLabs] Is fencing really a must for Postgres failover?
Digimer
lists at alteeve.ca
Mon Feb 11 11:54:03 EST 2019
On 2019-02-11 6:34 a.m., Maciej S wrote:
> I was wondering if anyone can give a plain answer if fencing is really
> needed in case there are no shared resources being used (as far as I
> define shared resource).
>
> We want to use PAF or other Postgres (with replicated data files on the
> local drives) failover agent together with Corosync, Pacemaker and
> virtual IP resource and I am wondering if there is a need for fencing
> (which is very close bind to an infrastructure) if a Pacemaker is
> already controlling resources state. I know that in failover case there
> might be a need to add functionality to recover master that entered
> dirty shutdown state (eg. in case of power outage), but I can't see any
> case where fencing is really necessary. Am I wrong?
>
> I was looking for a strict answer but I couldn't find one...
>
> Regards,
> Maciej
Fencing is as required as a wearing a seat belt in a car. You can
physically make things work, but the first time you're "in an accident",
you're screwed.
Think of it this way;
If services can run in two or more places at the same time without
coordination, you don't need a cluster, just run things everywhere. If
you need coordination though, you need fencing.
The role of fencing is to force a node that has entered into an unknown
state and force it into a known state. In a system that requires
coordination, often times fencing is the only way to ensure sane operation.
Also, with pacemaker v2, fencing (stonith) became mandatory at a
programmatic level.
--
Digimer
Papers and Projects: https://alteeve.com/w/
"I am, somehow, less interested in the weight and convolutions of
Einstein’s brain than in the near certainty that people of equal talent
have lived and died in cotton fields and sweatshops." - Stephen Jay Gould
More information about the Users
mailing list