[ClusterLabs] Fence node when network interface goes down
S Rogers
sa.rogers1342 at gmail.com
Mon Nov 15 07:32:41 EST 2021
On 15/11/2021 12:03, Klaus Wenninger wrote:
>
>
> On Mon, Nov 15, 2021 at 12:19 PM Andrei Borzenkov
> <arvidjaar at gmail.com> wrote:
>
> On Mon, Nov 15, 2021 at 1:18 PM Klaus Wenninger
> <kwenning at redhat.com> wrote:
> >
> >
> >
> > On Mon, Nov 15, 2021 at 10:37 AM S Rogers
> <sa.rogers1342 at gmail.com> wrote:
> >>
> >> I had thought about doing that, but the cluster is then
> dependent on the
> >> external system, and if that external system was to go down or
> become
> >> unreachable for any reason then it would falsely cause the
> cluster to
> >> failover or worse it could even take the cluster down
> completely, if the
> >> external system goes down and both nodes cannot ping it.
> >
> > You wouldn't necessarily have to ban resources from nodes that can't
> > reach the external network. It would be enough to make them prefer
> > the location that has connection. So if both lose connection
> one side
> > would still stay up.
> > Not to depend on something really external you might use the
> > router to your external network as ping target.
> > In case of fencing - triggered by whatever - and a potential
> fence-race
>
> The problem here is that nothing really triggers fencing. What
> happens, is
>
>
> Got that! Which is why I gave the hint how to prevent shutting down
> services with ping first.
> Taking care of what happens when nodes are fenced still makes sense.
> Imagine a fence-race where the node running services loses just
> to afterwards get the services moved back when it comes up again.
>
> Klaus
Thanks, I wasn't aware of priority-fencing-delay. While it doesn't solve
this problem, I can still use it to improve the fencing behaviour of the
cluster in general.
Unfortunately, in some situations this cluster will be deployed in a
completely isolated network so there may not even be a router that we
can use as a ping target, and we can't guarantee the presence of any
other system on the network that we could reliably use as a ping target.
>
> - two postgres lose connection over external network, but cluster
> nodes retain connectivity over another network
> - postgres RA compares "latest timestamp" when selecting the best node
> to fail over to
> - primary postgres has better timestamp, so RA simply does not
> consider secondary as suitable for (atomatic) failover
>
> The only solution here - as long as fencing node on external
> connectivity loss is acceptable - is modifying ethmonitor RA to fail
> monitor operation in this case.
>
I was hoping to find a way to achieve the desired outcome without
resorting to a custom RA, but it does appear to be the only solution.
This may not be the right audience, but does anyone know if it is a
viable change to add an additional parameter to the ethmonitor RA that
allows users to override the desired behaviour when the monitor
operation fails? (ie, a 'monitor_force_fail' parameter that when set to
true will cause the monitor operation to fail if it determines the
interface is down)
Being relatively new to pacemaker, I don't know whether this goes
against RA conventions/practices.
>
> > you might use the rather new feature priority-fencing-delay
> (give the node
> > that is running valuable resources a benefit in the race) or go for
> > fence_heuristics_ping (pseudo fence-resource that together with a
> > fencing-topology prevents the node without access to a certain IP
> > from fencing the other node).
> >
> https://clusterlabs.org/pacemaker/doc/deprecated/en-US/Pacemaker/2.0/html/Pacemaker_Explained/s-cluster-options.html
> >
> https://github.com/ClusterLabs/fence-agents/blob/master/agents/heuristics_ping/fence_heuristics_ping.py
> >
> > Klaus
> > _______________________________________________
> >>
> >> Manage your subscription:
> >> https://lists.clusterlabs.org/mailman/listinfo/users
> >>
> >> ClusterLabs home: https://www.clusterlabs.org/
> >>
> > _______________________________________________
> > Manage your subscription:
> > https://lists.clusterlabs.org/mailman/listinfo/users
> >
> > ClusterLabs home: https://www.clusterlabs.org/
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home:https://www.clusterlabs.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20211115/e4c42715/attachment-0001.htm>
More information about the Users
mailing list