Am 01.04.25 um 13:13 schrieb Fabian Grünbichler: > the only way to technically improve what is possible IMHO would be to > implement > some kind of reliable STONITH mechanism in addition to fencing, and base an > integrated "guest stealing" mechanism on that (with some additional component > that ensures that if the "shot" comes back up right away it won't do anything > with the "stolen" guest before the theft is over). > > e.g., if you have a (set of) remote-manageable power strip(s) configured that > allows: > - removing all power from node > - query power state of a node > > you could use that to reduce HA failover times (you can shoot the other node > if you want to make it fenced, irrespective of watchdog timeouts/..), and to > implement a guest stealing mechanism: > - put a file/entry in /etc/pve marking a guest as "currently being stolen" > - shoot the other node and verify it is down > - steal config > - remove marker file/entry > > no matter at which point after the shooting the other node comes back up, it > must first sync up /etc/pve, which means it can check for markers on VM > locking. if a marker is found, it's not allowed to lock, else it can proceed > (checking doesn't require locking cluster wide, just setting the mark would). > if no marker is found, the config is not there anymore either or it hasn't > been stolen and can be locked and used normally. > > if no stonith mechanism is configured, stealing is not available.
That's basically exactly what the HW fencing series I worked on years ago does, including lower timeouts and so on. It was only integrated in HA, exposing the HW fencing (which is STONITH) separately would be possible though. That said adding STONITH and external fence devices to the mix is not a trivial thing and hardly simplifies setups IMO, so while a possibility I'd not see it as something to promote to inexperienced users. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
