----- Original Message ----- > From: "Lars Ellenberg" <lars.ellenb...@linbit.com> > To: "Lars Marowsky-Bree" <l...@suse.com> > Cc: "Fabio M. Di Nitto" <fdini...@redhat.com>, "General Linux-HA mailing > list" <linux-ha@lists.linux-ha.org>, > "Jonathan Brassow" <jbras...@redhat.com> > Sent: Tuesday, May 14, 2013 9:50:43 AM > Subject: Re: [Linux-HA] LVM Resource agent, "exclusive" activation > > On Tue, May 14, 2013 at 04:06:09PM +0200, Lars Marowsky-Bree wrote: > > On 2013-05-14T09:54:55, David Vossel <dvos...@redhat.com> wrote: > > > > > Here's what it comes down to. You aren't guaranteed exclusive > > > activation just because pacemaker is in control. There are scenarios > > > with SAN disks where the node starts up and can potentially attempt to > > > activate a volume before pacemaker has initialized. > > > > Yeah, from what I've read in the code, the tagged activation would also > > prevent a manual (or on-boot) vg/lv activation (because it seems lvm > > itself will refuse). That seems like a good idea to me. Unless I'm > > wrong, that concept seems sound, barring bugs that need fixing. > > Sure. > > And I'm not at all oposed to using tags. > I want to get rid of the layer violation, > which is the one Bad Thing I'm complaining about. > > Also, note that on stop, this strips all tags, leaving it untagged. > On the next cluster boot, if that was really the concern, > all nodes would grab and activate the VG, as it is untagged...
That's not how it works. You have to take ownership of the volume before you can activate it. Untagged does not mean a node can activate it without first explicitly setting the tag. > > So no, in the current form, > it just *pretends* to protect against a number of things, > but actually does not. > > And that is the other, even worse, Bad Thing. > > > That's similar to what cLVM2 does and protects against, but without > > needing the cLVM2/DLM bits; that has, uhm, advantages too. > > > > In short, I'm in favor of this feature. (Clearly, lge has pointed out > > one or two issues that need fixing, that doesn't detract from the > > idea.) > > But that would be implemented simply by using tags, and on > start: > re-tag with my nodename > activate > > That way, it is always tagged, so no stupid initrd, udev or boot script, > not even a tired admin, will "accidentally" activate it. > > No need for anything else, > no callout to membership necessary. > All that smoke and mirrors adds complexity, and does not buy us anything, > but a false sense of what that could possibly protect us against. > > If it was tagged with an other node name that is in the membership, > then pacemaker would know about it, too, and had made sure it is not > activated there. > > If that other node was not in the membership, > we would re-tag and activate anyways. > > So why not just do that, > document that it is done this way, > and not pretend it would do more than that. > It does not. I've tested this specific scenario and was unable to activate the volume group manually without grabbing the tag first. Have you tested this and found something contrary to my results? This is how the feature is supposed to work. -- Vossel > Lars > > -- > : Lars Ellenberg > : LINBIT | Your Way to High Availability > : DRBD/HA support and consulting http://www.linbit.com > _______________________________________________ > Linux-HA mailing list > Linux-HA@lists.linux-ha.org > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems > _______________________________________________ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
