LinuxFailSafe news

Hergott, Jean-Philippe Jean-Philippe.Hergott at compaq.com
Thu Jul 6 06:49:55 MDT 2000 

Hi Jeff

Thank for your answer and sorry for the mistake, but Oracle OPS is the
product who shared scsi bus, I think, that a reason for the mistake. 

I understand well NFS principe and service failback/failover. But what do
you mean by 'Users are not meant to 
mount shared filesystems and start writing to them' ? You made an HA
solution and said 'get lost' if you did something you're not allowed to. All
seems to be in the word allowed, it is not allowed to mount an ext2 fs on a
device on the shared scsi bus but it is possible to do it. right ?

Time to hire a new sysadm it could be to late for critical data. But that's
right there is no protection against idiot root user, but HA solution try to
prevent from clumsy root user and other accidents :).

At boot time system scan its device using 'test unit ready' then 'inquiry'
scsi commands. If you boot both system they could had concurrent access to
the shared device provocating a panic or a crash ( anyway that what I get
once or twice with alpha running Redhat 6.1 and suse 6.3 but not
Kimberlite). Does Kimberlite prevent system from crash or hang state by
another recommendation 'never boot your system at the same time' ? Digital
did it for TruCluster at its time, then.

Sorry I didn't understand well the meaning of 'I/O barriers'. Reserve on a
disk lock a full disk, and only instigator of the reserve can make I/O on
it, no way of FS or raw device to reach. So yes it is an I/O barriers but it
is a safe place for critical data, but a distributed lock manager with a
journalized file system on it sound better to me. Anyway I didn't say that
reserve/release is the best solution I try to understant how Kimberlite
works, what it does, and are the data in really secure place that only a DT
solution can do better.

'The host name lookup failed' is the response off my browser when I went to
visit: http://oss.mclx.com/cgi-bin/cvsweb/kimberlite/doc/

Jean-Philippe.

-----Original Message-----
From: Jeff Moyer [mailto:moyer at mclinux.com]
Sent: Thursday, July 06, 2000 2:36 PM
To: Hergott, Jean-Philippe
Cc: 'David Winchell'; ha-linux List
Subject: RE: LinuxFailSafe news


==> Regarding RE: LinuxFailSafe news; "Hergott, Jean-Philippe"
<Jean-Philippe.Hergott at compaq.com> adds:

Jean-Philippe.Hergott> If I understand well, kimberlite solution for shared
Jean-Philippe.Hergott> bus is based on ORACLE OPS who made all the stuff,
Jean-Philippe.Hergott> managing it's own lock, under TCP/IP no ? Oracle OPS
Jean-Philippe.Hergott> is a commercial product isn't it ?

    You misunderstood what Dave said.  Kimberlite is by no means dependant
    on Oracle.  OPS was just one example of an application that can access
the
    same device safely from multiple nodes.

Jean-Philippe.Hergott> And what's happend if running Oracle OPS on both
Jean-Philippe.Hergott> member, someone mount a device located on a shared
Jean-Philippe.Hergott> bus as a ext2 file system and acceed to it in write
Jean-Philippe.Hergott> mode ?

    Part of the Kimberlite package is a service manager.  A user defines
    services (which can be in the form of exported NFS filesystems) that
    are to run on each node.  The service manager makes sure that at most
one
    node is running a given service at a time.  Users are not meant to
    mount shared filesystems and start writing to them.

Jean-Philippe.Hergott> Or what's happend if instead of making 'dd
Jean-Philippe.Hergott> if=/dev/sda of=/dev/(whatever device outside the
Jean-Philippe.Hergott> shared bus)' a user make 'dd if=/dev/(whatever...)
Jean-Philippe.Hergott> of=/dev/sda' data are corrupted and system should
Jean-Philippe.Hergott> crash or hang isn't it ?  It sound to me no really
Jean-Philippe.Hergott> secure, at least with reserve/release scsi command
Jean-Philippe.Hergott> your data are protected against foolish of someone
Jean-Philippe.Hergott> am I wrong ?
 
    Only root may dd to the block device.  If you don't trust root, then I
    would say you need a new sysadmin.  As far as SCSI reserve is
    concerned, in commercial clustering solutions it is used to implement
    I/O barriers.  If it is only used for this purpose, then root _can_
    just dd over the block device.  There is no protection against idiot
    root users.

    If you would like a better understanding of the Kimberlite design,
    please visit the website and read the specification.  
    (http://oss.mclx.com/cgi-bin/cvsweb/kimberlite/doc/).

Warmest Regards,

Jeff Moyer

More information about the Linux-HA mailing list