Re: [Pacemaker] How to ensure that a resource is only running at one place?
On Wed, May 25, 2011 at 5:27 PM, Kevin Stevenard ksteven...@gmail.com wrote: Hi Mark, I totally agree with that, I was looking for a quick and simple solution to this problem. But indeed it makes no sense to check somewhere if a resource that should not run is running. lmb has been campaigning for such a feature too. so i'd not be surprised to see it as an option in the future I also imagine that it would induce more work and a higher load due to those unneeded checks. I also understand now why it can be interesting to switch from basic lsb scripts to generic OCF resource agent, just to get rid of the old fashioned init.d script to avoid that scatter-brained users start resources manually as when there was no pacemaker cluster. Thank you, Kevin, Because by default on my asymmetric cluster I saw that the op monitor action is only executed on the node where the resource is currently running, and when a user start manually (not through the crm) the same resource on another node pacemaker won't see it because it is not executing the op monitor on all nodes that are potentially able to run the resource. This makes complete sense. If pacemaker didn't start a resource, how is it expected to know to manage that resource? Am I obliged to write my own RA with a master/slave or primary/secondary knowledge to be sure that the resource is active only at one place at a time? Really, it seems the only obligation is to not allow a user to have shell access on your cluster nodes if they can't understand the concept of what a cluster is and won't listen to you when you explain to them that they must not start resources on their own just because they feel like it. It takes very little time to teach a user how to run 'crm status' or to show them a simple web page that will show them the status of all cluster resouces, so they can tell for themselves that the service they're about to start is already running (see the -h switch for crm_mon and imagine how you can have an apache resource that runs to show the web page it outputs). If a user doesn't understand what is really a pretty simple concept (we run a cluster suite and it starts/stops these particular resources itself, so don't ever, ever touch them unless told to do so), then it's pretty dangerous to let them onto the cluster nodes in the first place, no? Do you have the option of changing permissions so that the users can't start the resource, can't execute the scripts/binaries required, and instead only the cluster suite, the root user, and perhaps a trusted admin or two can? Regards, Mark ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
Re: [Pacemaker] How to ensure that a resource is only running at one place?
Hi Mark, I totally agree with that, I was looking for a quick and simple solution to this problem. But indeed it makes no sense to check somewhere if a resource that should not run is running. I also imagine that it would induce more work and a higher load due to those unneeded checks. I also understand now why it can be interesting to switch from basic lsb scripts to generic OCF resource agent, just to get rid of the old fashioned init.d script to avoid that scatter-brained users start resources manually as when there was no pacemaker cluster. Thank you, Kevin, Because by default on my asymmetric cluster I saw that the op monitor action is only executed on the node where the resource is currently running, and when a user start manually (not through the crm) the same resource on another node pacemaker won't see it because it is not executing the op monitor on all nodes that are potentially able to run the resource. This makes complete sense. If pacemaker didn't start a resource, how is it expected to know to manage that resource? Am I obliged to write my own RA with a master/slave or primary/secondary knowledge to be sure that the resource is active only at one place at a time? Really, it seems the only obligation is to not allow a user to have shell access on your cluster nodes if they can't understand the concept of what a cluster is and won't listen to you when you explain to them that they must not start resources on their own just because they feel like it. It takes very little time to teach a user how to run 'crm status' or to show them a simple web page that will show them the status of all cluster resouces, so they can tell for themselves that the service they're about to start is already running (see the -h switch for crm_mon and imagine how you can have an apache resource that runs to show the web page it outputs). If a user doesn't understand what is really a pretty simple concept (we run a cluster suite and it starts/stops these particular resources itself, so don't ever, ever touch them unless told to do so), then it's pretty dangerous to let them onto the cluster nodes in the first place, no? Do you have the option of changing permissions so that the users can't start the resource, can't execute the scripts/binaries required, and instead only the cluster suite, the root user, and perhaps a trusted admin or two can? Regards, Mark ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
[Pacemaker] How to ensure that a resource is only running at one place?
Hello All, I would like to know what is the easiest way to ensure that a resource (especially an lsb resource) is running only at one place? Because by default on my asymmetric cluster I saw that the op monitor action is only executed on the node where the resource is currently running, and when a user start manually (not through the crm) the same resource on another node pacemaker won't see it because it is not executing the op monitor on all nodes that are potentially able to run the resource. Here is the relevant part of my configuration with 4 nodes, an asymmetric configuration, 1 resource named ExtractProcess with 2 possible host on which it can run (hostA and hostB through location rule loc-ExtractProcess) node hostA node hostB node hostC node hostD primitive ExtractProcess lsb:ExtractProcess \ op monitor on-fail=restart interval=20 \ meta migration-threshold=10 failure-timeout=30s multiple-active=stop_start target-role=Started location loc-ExtractProcess ExtractProcess \ rule $id=loc-ExtractProcess-rule 100: #uname eq hostA or #uname eq hostB property $id=cib-bootstrap-options \ expected-quorum-votes=4 \ stonith-enabled=false \ dc-version=1.0.11-1554a83db0d3c3e546cfd3aaff6af1184f79ee87 \ no-quorum-policy=ignore \ cluster-recheck-interval=20s \ cluster-infrastructure=openais \ start-failure-is-fatal=false \ symmetric-cluster=false \ is-managed-default=true rsc_defaults $id=rsc-options \ target-role=started \ resource-stickiness=100 Am I obliged to write my own RA with a master/slave or primary/secondary knowledge to be sure that the resource is active only at one place at a time? Thank you in advance for your feedback :) ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
Re: [Pacemaker] How to ensure that a resource is only running at one place?
Hi Kevin, On Tue, May 24, 2011 at 9:12 AM, Kevin Stevenard ksteven...@gmail.comwrote: Because by default on my asymmetric cluster I saw that the op monitor action is only executed on the node where the resource is currently running, and when a user start manually (not through the crm) the same resource on another node pacemaker won't see it because it is not executing the op monitor on all nodes that are potentially able to run the resource. This makes complete sense. If pacemaker didn't start a resource, how is it expected to know to manage that resource? Am I obliged to write my own RA with a master/slave or primary/secondary knowledge to be sure that the resource is active only at one place at a time? Really, it seems the only obligation is to not allow a user to have shell access on your cluster nodes if they can't understand the concept of what a cluster is and won't listen to you when you explain to them that they must not start resources on their own just because they feel like it. It takes very little time to teach a user how to run 'crm status' or to show them a simple web page that will show them the status of all cluster resouces, so they can tell for themselves that the service they're about to start is already running (see the -h switch for crm_mon and imagine how you can have an apache resource that runs to show the web page it outputs). If a user doesn't understand what is really a pretty simple concept (we run a cluster suite and it starts/stops these particular resources itself, so don't ever, ever touch them unless told to do so), then it's pretty dangerous to let them onto the cluster nodes in the first place, no? Do you have the option of changing permissions so that the users can't start the resource, can't execute the scripts/binaries required, and instead only the cluster suite, the root user, and perhaps a trusted admin or two can? Regards, Mark ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
