Mailing List Archive: Linux-HA: Users

HA Storage

Index | Next | Previous | View Threaded

listlinuxha at comtek

Feb 20, 2003, 11:57 AM

Post #1 of 7 (481 views)
Permalink

HA Storage

This is a multi-part message in MIME format.

------=_NextPart_000_0082_01C2D97E.E141AE80
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi People,

At the moment I have a linux server which provides internet access, =
smtp, pop3 & http to my clients.

That server has 2 network cards, one connected to our frame relay =
connection for internet, the other connected to the switch that all the =
clients are connected to.

Now I want to build a second server for some redundancy, so that if one =
server dies the other one takes over.

I assume that I can use Heartbeat and fake to actually monitor and then =
swap between the two servers, but what I aren't sure of is how to make =
sure that the data (i.e. websites and email) is consistant between the =
two servers. DRBD? Any other suggestions?

------=_NextPart_000_0082_01C2D97E.E141AE80
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3513.900" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi People,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>At the moment I have a linux server =
which provides=20
internet access, smtp, pop3 & http to my clients.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>That server has 2 network cards, one =
connected to=20
our frame relay connection for internet, the other connected to the =
switch that=20
all the clients are connected to.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Now I want to build a second server for =
some=20
redundancy, so that if one server dies the other one takes =
over.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>I assume that I can use Heartbeat and =
fake to=20
actually monitor and then swap between the two servers, but what I =
aren't sure=20
of is how to make sure that the data (i.e. websites and email) is =
consistant=20
between the two servers.  DRBD?  Any other=20
suggestions?</FONT></DIV></BODY></HTML>

------=_NextPart_000_0082_01C2D97E.E141AE80--

freemyer at NorcrossGroup

Feb 20, 2003, 12:18 PM

Post #2 of 7 (443 views)
Permalink

HA Storage [In reply to]

>> Hi People, At the moment I have a linux server which provides internet
>> access, smtp, pop3 & http to my clients. That=20
>> server has 2 network cards, one connected to our frame relay connection
>> for internet, the other connected to the switch that all the clients are
>> connected to. Now I want to build a second server for some redundancy,
>> so that if one server dies the=20
>> other one takes over. I assume that I can use Heartbeat and fake to=20
>> actually monitor and then swap between the two servers, but what I aren't
>> sure of is how to make sure that the data (i.e. websites and email) is
>> consistant between the two servers. =20
>> DRBD? Any other suggestions?

I've done it in the past with shared storage.

i.e. You have a SCSI controller in each computer and a shared set of disks in a =
separate expansion chassis.

Per Alan, the IBM ServeRAID SCSI controller is designed for exactly this =
scenario and includes logic to enforce only one user at a time.

http://www.pc.ibm.com/qtechinfo/MIGR-4JGUDU.html?doctype=3D

If you go with this solution, I don't know if still need STONITH or not. I =
hope the ServeRAID includes its own fencing capabilities.

Greg Freemyer

btlists at emageon

Feb 20, 2003, 12:27 PM

Post #3 of 7 (443 views)
Permalink

HA Storage [In reply to]

Greg Freemyer wrote:

> >> Hi People, At the moment I have a linux server which provides internet
> >> access, smtp, pop3 & http to my clients. That
> >> server has 2 network cards, one connected to our frame relay connection
> >> for internet, the other connected to the switch that all the clients are
> >> connected to. Now I want to build a second server for some redundancy,
> >> so that if one server dies the
> >> other one takes over. I assume that I can use Heartbeat and fake to
> >> actually monitor and then swap between the two servers, but what I aren't
> >> sure of is how to make sure that the data (i.e. websites and email) is
> >> consistant between the two servers.
> >> DRBD? Any other suggestions?
>
>I've done it in the past with shared storage.
>
>i.e. You have a SCSI controller in each computer and a shared set of disks in a separate expansion chassis.
>
>Per Alan, the IBM ServeRAID SCSI controller is designed for exactly this scenario and includes logic to enforce only one user at a time.
>
>http://www.pc.ibm.com/qtechinfo/MIGR-4JGUDU.html?doctype=
>
>If you go with this solution, I don't know if still need STONITH or not. I hope the ServeRAID includes its own fencing capabilities.
>
>Greg Freemyer
>
>
I've got equipment on order to test the ServeRAID clustering support.
It's new for Linux. You will not need STONITH in this configuration, the
ServeRAID adapters handle the fencing themselves.

lmb at suse

Feb 20, 2003, 12:36 PM

Post #4 of 7 (447 views)
Permalink

HA Storage [In reply to]

On 2003-02-20T13:27:57,
Brian Tinsley <btlists [at] emageon> said:

> I've got equipment on order to test the ServeRAID clustering support.
> It's new for Linux. You will not need STONITH in this configuration, the
> ServeRAID adapters handle the fencing themselves.

You still need STONITH support in some scenarios:

- If both nodes want to bring online the IP, they'll compete for the ARP cache
entry. The ARP cache entry is a shared resource, just like storage. Funny
things will occur if the IP is configured more than once on the same subnet.

Certainly the data is protected better, but the service might as well be
down.

- If running, for example, NFS on top of that, sure you pulled out the storage
_underneath_, but now two nodes are exposing the NFS mount, which can lead
to clients believing they are talking to a corrupted NFS server et al.

- And you also do not want two nodes ping-ponging the ServeRAID reservation
between them ;)

- And maybe I have forgotten something here, and maybe you should be more
paranoid than I am and fear malfunctioning controllers ;-)

So certainly, it is a valuable additional safeguard. The assumption that
fencing / shooting a failed node is no longer necessary however is not quite
true; it is still a very good idea to have.

Sincerely,
Lars Marowsky-Br�e <lmb [at] suse>

--
Principal Squirrel
SuSE Labs - Research & Development, SuSE Linux AG

"If anything can go wrong, it will." "Chance favors the prepared (mind)."
-- Capt. Edward A. Murphy -- Louis Pasteur

btlists at emageon

Feb 20, 2003, 1:23 PM

Post #5 of 7 (443 views)
Permalink

HA Storage [In reply to]

Lars Marowsky-Bree wrote:

>On 2003-02-20T13:27:57,
> Brian Tinsley <btlists [at] emageon> said:
>
>
>
>>I've got equipment on order to test the ServeRAID clustering support.
>>It's new for Linux. You will not need STONITH in this configuration, the
>>ServeRAID adapters handle the fencing themselves.
>>
>>
>
>You still need STONITH support in some scenarios:
>
>- If both nodes want to bring online the IP, they'll compete for the ARP cache
> entry. The ARP cache entry is a shared resource, just like storage. Funny
> things will occur if the IP is configured more than once on the same subnet.
>
> Certainly the data is protected better, but the service might as well be
> down.
>
>- If running, for example, NFS on top of that, sure you pulled out the storage
> _underneath_, but now two nodes are exposing the NFS mount, which can lead
> to clients believing they are talking to a corrupted NFS server et al.
>
>- And you also do not want two nodes ping-ponging the ServeRAID reservation
> between them ;)
>
>- And maybe I have forgotten something here, and maybe you should be more
> paranoid than I am and fear malfunctioning controllers ;-)
>
>
>So certainly, it is a valuable additional safeguard. The assumption that
>fencing / shooting a failed node is no longer necessary however is not quite
>true; it is still a very good idea to have.
>
>
>Sincerely,
> Lars Marowsky-Br�e <lmb [at] suse>
>
>
>
Yes, all very good points. You can see just how much thought I've
allocated to this - hehe ;)

alanr at unix

Feb 20, 2003, 2:21 PM

Post #6 of 7 (450 views)
Permalink

HA Storage [In reply to]

Greg Freemyer wrote:
>>> Hi People, At the moment I have a linux server which provides
>>> internet access, smtp, pop3 & http to my clients. That server has 2
>>> network cards, one connected to our frame relay connection for
>>> internet, the other connected to the switch that all the clients are
>>> connected to. Now I want to build a second server for some
>>> redundancy, so that if one server dies the other one takes over. I
>>> assume that I can use Heartbeat and fake to actually monitor and then
>>> swap between the two servers, but what I aren't sure of is how to
>>> make sure that the data (i.e. websites and email) is consistant
>>> between the two servers. DRBD? Any other suggestions?
>
> I've done it in the past with shared storage.
>
> i.e. You have a SCSI controller in each computer and a shared set of
> disks in a separate expansion chassis.
>
> Per Alan, the IBM ServeRAID SCSI controller is designed for exactly this
> scenario and includes logic to enforce only one user at a time.
>
> http://www.pc.ibm.com/qtechinfo/MIGR-4JGUDU.html?doctype=
>
> If you go with this solution, I don't know if still need STONITH or not.
> I hope the ServeRAID includes its own fencing capabilities.

Yes - ServeRAID is "self-fencing". That is, taking over the resource
automatically fences the other side out from access to the resource. As far
as I know, this means that you don't needs STONITH. This requires the
latest version of the Linux support code that came out in the last few days.
[.I've had it working for a long time, but they didn't release the support
code necessary to make it work in the field until this month].

--
Alan Robertson <alanr [at] unix>

"Openness is the foundation and preservative of friendship.... Let me claim
from you at all times your undisguised opinions." - William Wilberforce

alanr at unix

Feb 20, 2003, 2:30 PM

Post #7 of 7 (441 views)
Permalink

HA Storage [In reply to]

Lars Marowsky-Bree wrote:
> On 2003-02-20T13:27:57,
> Brian Tinsley <btlists [at] emageon> said:
>
>
>>I've got equipment on order to test the ServeRAID clustering support.
>>It's new for Linux. You will not need STONITH in this configuration, the
>>ServeRAID adapters handle the fencing themselves.
>
>
> You still need STONITH support in some scenarios:
>
> - If both nodes want to bring online the IP, they'll compete for the ARP cache
> entry. The ARP cache entry is a shared resource, just like storage. Funny
> things will occur if the IP is configured more than once on the same subnet.
>
> Certainly the data is protected better, but the service might as well be
> down.

But, as soon as connectivity recovers, they will negotiate so that the ARP
gets straightened out. If you've pulled the ethernet cable from one
machine, then you won't have this issue at all (only one will be able to
ARP). If you're running IPfail, then it will all work quite nicely, and the
service will migrate to the machine with working connectivity.

In all probability, if both machines can be seen from the outside,then they
can see each other. If there was a connectivity failure, then it will
likely be short-lived. If you configure yourself with redundant
communication paths, and are running something like IPfail, you should be in
very good shape by most standards.

> - If running, for example, NFS on top of that, sure you pulled out the storage
> _underneath_, but now two nodes are exposing the NFS mount, which can lead
> to clients believing they are talking to a corrupted NFS server et al.
>
> - And you also do not want two nodes ping-ponging the ServeRAID reservation
> between them ;)

Actually, they won't do that. One side will just moan and complain that it
can't talk to the disk. When connectivity is restored, everything will go
into a sane state.

> - And maybe I have forgotten something here, and maybe you should be more
> paranoid than I am and fear malfunctioning controllers ;-)

Nothing protects you against that except for good backups ;-) Fencing is of
no help whatsoever. Ditto for misbehaving applications, filesystems, and OSes.

> So certainly, it is a valuable additional safeguard. The assumption that
> fencing / shooting a failed node is no longer necessary however is not quite
> true; it is still a very good idea to have.

It is probably not *necessary* in most cases. This is NOT a disagreement
that it would be a good idea to have.

--
Alan Robertson <alanr [at] unix>

"Openness is the foundation and preservative of friendship.... Let me claim
from you at all times your undisguised opinions." - William Wilberforce

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads