Lars Marowsky-Bree wrote:
> On 2007-02-20T16:19:55, Alan Robertson <[EMAIL PROTECTED]> wrote:
>
>> Probably not. using cl_make_realtime() requires that the programs be
>> EXTREMELY well-behaved. I'm not criticizing that software, but you
>> REALLY want to minimize the number of processes that use it - just
>> because bugs in the code become system lockups. Really bad news...
>
> I know, but if we do not have the full stack required to fail-over
> locked, we might as well disable stonithd as well, for example.
>
> I think ccmd and crmd both are timing critical as well; they need to
> respond to voting decisions.
But, they are MUCH less timing critical.
One should be able to trust that they in turn are being monitored, and
will be restarted if they misbehave. [If that isn't an true, then it
should be ;-)].
As a result, although failovers might be _slow_ in a serious memory
overload condition, they should still occur. One could also lock a
process into memory without setting realtime priority - which would fix
the problem in a much less dangerous way (cl_make_realtime can do that).
Unfortunately, it ALSO means these process would have to be started as
root :-(
The timeouts at these higher levels should be MUCH larger than deadtime
- at least double or triple, maybe even an order of magnitude higher --
for exactly this reason.
[[I know about (for example) the bug in the CCM - where it isn't
treating timeouts correctly - but that's a bug, not a broken policy -
and one shouldn't change policy to fix a bug. You're talking policy
here, if I understood correctly.]]
--
Alan Robertson <[EMAIL PROTECTED]>
"Openness is the foundation and preservative of friendship... Let me
claim from you at all times your undisguised opinions." - William
Wilberforce
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
