On Mon, 2010-08-09 at 12:45 -0500, David Noriega wrote: > My understanding of setting up fail-over is you need some control over > the power so with a script it can turn off a machine by cutting its > power? Is this correct? Is there a way to do fail-over without having > access to the pdu(power strips)?
Lustre failover in and of itself does not require power control. We do however, recommend having power control to prevent double mounts. If we assume that node1 and node2 both serve ost1 and at a given moment node1 is active and has it mounted. If node2 thinks that node1 is dead and wants to take over ost1, and it's procedure for doing so dictates that it MUST power off node1 before it can mount ost1, then you are guaranteed (to the limit of the reliability of the power control) that both node1 and node2 won't mount ost1 at the same time, yes? This is even true if node1 was perfectly functional (and has the ost mounted still) but it was node2's determination that node1 was down that was faulty. Without power control, there is a risk that node2 mounts ost1 while node1 still has it mounted -- MMP aside. MMP is a good belt to have with your power control suspenders. :-) Since a double-mount has such serious consequences, you cannot do too much to prevent it. b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Lustre-discuss mailing list [email protected] http://lists.lustre.org/mailman/listinfo/lustre-discuss
