[PVE-User] HA Fencing

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Dec 5 09:52:41 CET 2017


Hi,

On 12/04/2017 07:51 PM, Mark Adams wrote:
> On 17 November 2017 at 10:55, Thomas Lamprecht <t.lamprecht at proxmox.com> wrote:
>> On 11/16/2017 07:20 PM, Mark Adams wrote:
>>> Hi all,
>>>
>>> It looks like in newer versions of proxmox, the only fencing type advised
>>> is watchdog. Is that the case?
>>>
>>
>> Yes, since PVE 4.0 watchdog fencing is the norm.
>> There is a patch set of mine which implements the use of external fence
>> device,
>> but it has seen no review. I should probably dust it up, look over it and
>> re send
>> it again, it's about time we finally get this feature.
>>
> 
> I think you should definitely get this feature in - I would even say it is
> necessary for an enterprise HA setup?
> 

Not really a necessary. Watchdog based fencing is no less secure than traditional
fence devices. In fact, as there's much less to configure, and much less protocols
between them I'd say its the opposite. I.e., you do not must fire up a command
over TCP/IP to fence a node to a device. Here are multiple problem points,
Link problems, high load problems delaying fencing, fence devices whit a setup not
well tested, at least not under failure conditions, ...
A watchdog, which triggers as soon as the node did not pulled it up, independent
of link failures, cluster load is here the safer bet. They are often the norm in
highly-secure critical embedded systems to, not without reason.
It's the difference between a emergency shutdown button and a dead-man-switch.

Maybe you didn't even meant the reliability stand point but that a better
best-case SLA could be possible with fence devices?

But nonetheless agreeing that we should really get it in. I'll try to pickup the
series before this month ends, after the Cluster over API stuff got in.

cheers,
Thomas



More information about the pve-user mailing list