On 05/04/2016 11:25 AM, Jes Sorensen wrote:
> Doug Ledford <dledford@xxxxxxxxxx> writes:
>> On 05/04/2016 11:12 AM, Jes Sorensen wrote:
>>> Guoqing Jiang <gqjiang@xxxxxxxx> writes:
>>>> For cluster raid, we do need at least two nodes for it,
>>>> the two patches add the checks before create and change
>>>> bitmap.
>>>>
>>>> Thanks,
>>>> Guoqing
>>>>
>>>> Guoqing Jiang (2):
>>>> Create: check the node nums when create clustered raid
>>>> super1: don't update node nums if it is not more than 1
>>>>
>>>> Create.c | 7 ++++++-
>>>> super1.c | 5 +++++
>>>> 2 files changed, 11 insertions(+), 1 deletion(-)
>>>
>>> Hi Guoqing,
>>>
>>> I am a little confused on this one - albeit I haven't looked at it in
>>> detail. Why should it not be possible to start a cluster with one node?
>>> In theory you should be able to do that, and then add nodes later?
>>
>> Not typically. A single node of a cluster is likely the odd man out, so
>> starting it and allowing changes to the underlying device has a high
>> potential of creating split brain issues. For that reason, most cluster
>> setups require some minimum (usually 2) for a quorum before they will
>> start. Otherwise, given a three node cluster, you could end up with
>> three separate live filesystems and the need to merge changes between
>> them to bring the cluster back into sync.
>
> Valid point, but it still looks like a duplicate of the classic raid1
> situation. We still allow the creation of a raid1 with just one drive,
> would it not make more sense to spit out a warning here, rather than
> deny it?
Local raid1 is a little different in that if both members of a raid1 are
supposed to be present on the same machine, and that machine only sees
one of the disks, we take it on faith that the other one isn't running
around live in another machine. If it is, we can end up corrupting our
array (we rely on the events counter on one disk superseding the other
disk to know which disk is the master copy and which one needs to be
refreshed, if both disks are brought up the same number of times without
each other, then their event counters will be the same and we won't know
which one should be master). With a clustered MD filesystem, that
assumption isn't true, and so starting a device without a quorum carries
a much higher risk.
--
Doug Ledford <dledford@xxxxxxxxxx>
GPG KeyID: 0E572FDD
Attachment:
signature.asc
Description: OpenPGP digital signature
