On 23/04/2015 14:05, Dr. David Alan Gilbert wrote: > As presented at the moment, I don't see there's any dynamic reconfiguration > on the primary side at the moment
So that means the bdrv_start_replication and bdrv_stop_replication callbacks are more or less redundant, at least on the primary? In fact, who calls them? Certainly nothing in this patch set... :) Paolo - it starts up in the configuration with > the quorum(disk, NBD), and that's the way it stays throughout the > fault-tolerant > setup; the primary doesn't start running until the secondary is connected. > > Similarly the secondary startups in the configuration and stays that way; > the interesting question to me is what happens after a failure. > > If the secondary fails, then your primary is still quorum(disk, NBD) but > the NBD side is dead - so I don't think you need to do anything there > immediately. > > If the primary fails, and the secondary takes over, then a lot of the > stuff on the secondary now becomes redundent; does that stay the same > and just operate in some form of passthrough - or does it need to > change configuration? > > The hard part to me is how to bring it back into fault-tolerance now; > after a primary failure, the secondary now needs to morph into something > like a primary, and somehow you need to bring up a new secondary > and get that new secondary an image of the primaries current disk.