Il 04/05/2017 09:26, Fabian Grünbichler ha scritto: > because without HA/fencing you have no guarantee that the other node > is actually off, and not just not reachable. the same applies for any > guests potentially running there. "stealing" the guest (configuration) > is therefor potentially dangerous, and needs to be done manually. but > yes, it is just as simple as verifying that the guest is actually not > running on the other node (e.g., because the node is known to be > physically off) and that it has no local dependencies (storage or > otherwise) and then moving the file in /etc/pve. > > if there were a button for this on the GUI, people would use it without > understanding the consequences, and then blame the tool instead of the > user when something goes wrong ;) > > with HA, the HA stack takes care of this using > - proper locking > - fencing of non-quorate nodes > > this ensures that when the HA stack steals a config after the > appropriate timeouts/.. have happened, there cannot be a > conflict/inconsistency.
I understand, even if the host has no quorum it might be still running the VM. Maybe I'd prefer having a big fat warning before doing it than have the customer call me 'cause the server is down and cannot be migrated from the GUI. Thanks, Alessandro _______________________________________________ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
