Date: Sun, 20 Feb 2011 07:49:34 -0600 From: Josh Paetzel <josh@tcbug.org> To: Denny Schierz <linuxmail@4lin.net> Cc: "freebsd-cluster@freebsd.org" <freebsd-cluster@freebsd.org> Subject: Re: Build failover ZFS, like HA-Storage from Solaris Message-ID: <22218C35-7CDE-4E6C-9C4B-F0F10A8B15AC@tcbug.org> In-Reply-To: <AC77D3BF-7F15-4DA6-83D9-9AE47AB65BFE@4lin.net> References: <1298020090.18890.1684.camel@pcdenny> <AANLkTi=LNUWCpQ4XsLxYPomRsb3GC0oUrZuvKTyGxqTQ@mail.gmail.com> <BEB41E6D-D44E-4E9B-A176-EE2EBF63B099@4lin.net> <AANLkTimi=mJby_g3_xFn-C1XeUdzq31Mt5-oT6ic%2BvgL@mail.gmail.com> <AC77D3BF-7F15-4DA6-83D9-9AE47AB65BFE@4lin.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 20, 2011, at 4:59 AM, Denny Schierz <linuxmail@4lin.net> wrote: > hi, >=20 > Am 19.02.2011 um 02:39 schrieb Freddie Cash: >=20 >> And devd provides >> the hooks into your custom scripts so that when CARP switches from >> node 1 to node 2, you export the pool on node 1, and import the pool >> on node 2. >=20 > but how will I take care, that I don't get a split brain? Or do I think th= e right way, if I say "Only where the carp IP is active, that node has the f= orce to import ZFS?" But what happens, if through a power cut both nodes are= power on the same time? I miss something like a quorum device or=20 At boot carp devices have a delay that you manually set. If both machines ar= e powered on at the same time that mechanism prevents both heads asserting c= arp MASTER. Of course it's imperfect and a staggered power on can defeat the= delay. In practice, it's pretty rare. Now what can make carp lose it's mind= is that it uses the interface config for a checksum. If the interface confi= g differs both sides go MASTER. At that point you start getting 50% of your I= P traffic to each host, as the MAC address in the switch flaps, and so forth= . Your scripts probably need to down the CARP device if the ZFS import fail= s. =20 The reality of two node HA is that split brain is an unavoidable issue. Anci= ent sailors knew this when they needed precise timekeeping for navigation. T= ake one clock to sea or three. If you have two clocks and they disagree... In practice most of the things that cause split brain to happen would cause i= ssues even if the rig didn't split brain.=20 Failover while there are active writes is far more of an issue than split br= ain... Thanks, Josh (been there, done that) Paetzel=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?22218C35-7CDE-4E6C-9C4B-F0F10A8B15AC>