cluster layering

[Peter J. Braam]

Hi, 

Stephen wrote:
> 
> I really do believe that the key to making the layering clean is to have
> a mechanism in which all of the error conditions have a common failure
> mode --- the cluster transition --- and that we just accept that error
> handling should be seen as a recovery phase where we know all the
> uncommitted operations we had in progress when the error occurs, and we
> guarantee that they are in a known consistent state (not necessarily
> committed) before we leave recovery and re-enable that service.
> 
> --Stephen
> 

and .. as Stephen said in his previous message, core services (like file
systems, devices) can trigger an event in the connection manager, which
has the immediate effect of suspending that service.

I take it this event is at kernel level to be visible rightaway, and it
will make its way up, to the smarts of the connection manager. Is that
right?

I think I'm happily clarified.

- Peter -