пн, 16 окт. 2023 г. в 13:42, Andrei Borzenkov <arvidj...@gmail.com>:
> On Mon, Oct 16, 2023 at 9:28 AM Sergey Cherukhin > <sergey.cheruk...@gmail.com> wrote: > > > > Hello! > > > > I use Postgresql+Pacemaker+Corosync 3 nodes cluster with 2 Postgresql > instances in synchronous replication mode on two high performance nodes and > Pacemaker+Corosync on the third low performance node for quorum only. At > the same time a SCADA HMI software is running on the high performance > nodes. This SCADA software uses its own redundancy technology. > > > > In this case I can't use fencing as usual to power off or reboot a > failed node, because the operator will be very surprised when his > workstation will be shutted down due to database failure. > > > > You can use the third node as a quorum device instead of the full > member, it will never be fenced. > I already use the third node as a quorum device only. > > What type of fencing should I use in this case? > > > > Whatever is technically feasible. Your nodes may have BMC with IPMI. > Another possibility is iSCSI target on the third node and SBD. If you > are using HPC, you may have shared storage already. > > There are generic high-performance rack-mount industrial PCs will be used for Postgresql and SCADA nodes, supporting of any realisation of IPMI is not guaranteed (not documented). For witness node low-performance mini-PC will be used. Hardware set can not be expanded. No iSCSI devices can be used. Node powering off by UPS or PDU is not allowed because of SCADA software. Can I use resource level fencing instead of node level fencing in this case? > > On the other hand, Postgresql instances don't use any shared resources. > Is it possible to use cluster without fencing in this case? > > > > This is a common misconception. Your replicated database *is* the > shared resource. Ask yourself - what happens if both instances decide > they are masters and start serving different clients? If you really do > not care, you do not need any failover cluster in the first place. > I use the third node as a quorum device only to prevent split-brain. What else can go wrong in two instance replication? > _______________________________________________ > Manage your subscription: > https://lists.clusterlabs.org/mailman/listinfo/users > > ClusterLabs home: https://www.clusterlabs.org/ >
_______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/