Hi there sorry for crossposting, While implementing a fix for Bug #980[1] i came to conclusion, that Sequoia misses one central concept of high-availability. The split-brain scenario[2][3]. If the connection between two or more nodes are lost, the nodes have to stay online working for themselfs. In a split-brain scenario the databases on each node are different, each node behaves like a 1-node cluster serving select and insert statements without loadbalancing or distribution to the other node.
The split-brain scenario even carries on, when both controllers see each other again. And thats exactly the sequoia problem, the underlying hedera stuff adds new members to the group automatically without asking the upper sequoia logic. I tried to fix this by changing GroupMembershipListener.joinMember() signature to return a boolean if join is allowed and changed order of calls (first call upper listeners to get this boolean and add member to group in hedera after this successful call) But i think thats not the right way to act. I would prefer to enhance hedera.... any ideas... any discussion about split-brain... I hope nobody will argue with "split-brain" scenario is not a scenario for sequoia. Network has to be stable ALL THE TIME. That would be an illusion. thanx in advance and happy discussion Stefan [1] https://forge.continuent.org/jira/browse/SEQUOIA-980 [2] http://de.wikipedia.org/wiki/Split_Brain#Computercluster [3] http://www.linux-ha.org/SplitBrain
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Hedera mailing list [email protected] https://forge.continuent.org/mailman/listinfo/hedera
