Build failover ZFS, like HA-Storage from Solaris
Josh Paetzel
josh at tcbug.org
Sun Feb 20 14:06:24 UTC 2011
On Feb 20, 2011, at 4:59 AM, Denny Schierz <linuxmail at 4lin.net> wrote:
> hi,
>
> Am 19.02.2011 um 02:39 schrieb Freddie Cash:
>
>> And devd provides
>> the hooks into your custom scripts so that when CARP switches from
>> node 1 to node 2, you export the pool on node 1, and import the pool
>> on node 2.
>
> but how will I take care, that I don't get a split brain? Or do I think the right way, if I say "Only where the carp IP is active, that node has the force to import ZFS?" But what happens, if through a power cut both nodes are power on the same time? I miss something like a quorum device or
At boot carp devices have a delay that you manually set. If both machines are powered on at the same time that mechanism prevents both heads asserting carp MASTER. Of course it's imperfect and a staggered power on can defeat the delay. In practice, it's pretty rare. Now what can make carp lose it's mind is that it uses the interface config for a checksum. If the interface config differs both sides go MASTER. At that point you start getting 50% of your IP traffic to each host, as the MAC address in the switch flaps, and so forth. Your scripts probably need to down the CARP device if the ZFS import fails.
The reality of two node HA is that split brain is an unavoidable issue. Ancient sailors knew this when they needed precise timekeeping for navigation. Take one clock to sea or three. If you have two clocks and they disagree...
In practice most of the things that cause split brain to happen would cause issues even if the rig didn't split brain.
Failover while there are active writes is far more of an issue than split brain...
Thanks,
Josh (been there, done that) Paetzel
More information about the freebsd-cluster
mailing list