19.11.2013, 23:17, "Lars Marowsky-Bree" <l...@suse.com>: > On 2013-11-19T23:06:04, Andrey Groshev <gre...@yandex.ru> wrote: > >>> First, like digimer wrote, clearly stonith-by-ssh is useless for >>> production since you can't fence nodes that are having problems. But for >>> testing, it's worth a try. >> Maybe I do not quite understand correctly the term "fence" > > A "fence" request is executed when a node is deemed to be in an > untrustworthy state - when a stop has failed, or when a network error > occurs. Note that in the last case, login via ssh is obviously no longer > possible at all.
In last case the node conditional fenced. ) As I understand it, under the "fence" all you mean "power off" node or disconnect it from a network. Yes? > With the new fence-topology, you could try ssh first before escalating > to a real fencing mechanism, but why bother? > >>> Note that cluster-glue actually does include an external/ssh script. >>> You're reinventing the wheel ;-) >> I've seen your script, thanks for the example >> But my wheels are hard! :) >> I need authorization by key, but but I do not want to mix them with >> /root/.ssh/... > > Why not extend the existing agent rather than writing your own? In Your code is very much tied to the host list. I was not sure what quickly realizing my idea based on your code. I certainly share my code if it will turn out something worthwhile and I'm not ashamed to show it. :) > >> I am indifferent what server reboot if the key matches. >> I exactly know that the server was rebooted. > > I'm not sure about the first sentence; clearly you care which server is > rebooted, namely the one the cluster wants to have rebooted (or powered > off), right? That must be a misunderstanding. That's right! In my case - each cluster has a unique private key. This key only for nodes in this cluster. Hence, I do not check: exist node, a member node. IMHO, the main task STONITH - shoot. He shoots fine. If he could not do this - it will return an error. But he will try "reboot" the target even if it's a server of NSA. ;-) > Regards, > Lars > > -- > Architect Storage/HA > SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, > HRB 21284 (AG Nürnberg) > "Experience is the name everyone gives to their mistakes." -- Oscar Wilde > > _______________________________________________ > Pacemaker mailing list: Pacemaker@oss.clusterlabs.org > http://oss.clusterlabs.org/mailman/listinfo/pacemaker > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org _______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
