Hi all,
Firstly, a little background so you know where I am:
I used to run two physical CentOS servers at home as active/standby for a few personal projects. The active server ran mail, ownCloud, databases etc etc, and each night the active server sent a WoL to the standby and rsync'd everything across then shut it back down afterwards. The theory was that if the active server had a hardware failure, I could turn on the standby server, change a few firewall rules at the gateway, and be up and running again.
The problem was that putting everything on one physical was getting hard to manage and if I ever wanted to play with a new config or software I was basically using prod as dev, so not ideal. Enter Proxmox.
I turned the standby server into a Proxmox node (node01), bought a third server and chucked a couple of ZFS mirrored disks in it and shared the mounts over NFS. Gradually I moved all services into their own little VMs/Containers. It works wonderfully (thanks Proxmox devs) so I then turned the previously active server into a spare Proxmox node (node02) and turned them both into a two node cluster so that if either failed I had a spare, just like it used to be when they were bare metal.
Each server has enough steam to run all VMs, so I was planning on having one node as a cold standby so that it is isn't contributing to my already ugly power bill. Plus saving polar bears, or something.
With one server offline, if I try to make a change to anything it fails because there's no quorum. This isn't a big deal - I'll be making changes so infrequently that I don't mind having both nodes online when that happens. But here's the rub: backups seem to act like a change because of the locking mechanism. I backup the VM images each night to the node's local storage in case the NFS server has some catastrophic power supply failure and takes all the disks with it.
Ive done a lot of searching around the forum for a solution that doesn't basically involve removing the spare node from the pool but I haven't found anything. I would like to keep it part of the pool, if possible, because it would contain all the VM config, firewall rules for the containers, mounts etc etc that would just be a nuisance to reconfigure if I ever need to do a failover due to hardware failure or whatever.
I'm running 4.1, fully patched. What options do I have?
Thanks for reading,
Ben
Firstly, a little background so you know where I am:
I used to run two physical CentOS servers at home as active/standby for a few personal projects. The active server ran mail, ownCloud, databases etc etc, and each night the active server sent a WoL to the standby and rsync'd everything across then shut it back down afterwards. The theory was that if the active server had a hardware failure, I could turn on the standby server, change a few firewall rules at the gateway, and be up and running again.
The problem was that putting everything on one physical was getting hard to manage and if I ever wanted to play with a new config or software I was basically using prod as dev, so not ideal. Enter Proxmox.
I turned the standby server into a Proxmox node (node01), bought a third server and chucked a couple of ZFS mirrored disks in it and shared the mounts over NFS. Gradually I moved all services into their own little VMs/Containers. It works wonderfully (thanks Proxmox devs) so I then turned the previously active server into a spare Proxmox node (node02) and turned them both into a two node cluster so that if either failed I had a spare, just like it used to be when they were bare metal.
Each server has enough steam to run all VMs, so I was planning on having one node as a cold standby so that it is isn't contributing to my already ugly power bill. Plus saving polar bears, or something.
With one server offline, if I try to make a change to anything it fails because there's no quorum. This isn't a big deal - I'll be making changes so infrequently that I don't mind having both nodes online when that happens. But here's the rub: backups seem to act like a change because of the locking mechanism. I backup the VM images each night to the node's local storage in case the NFS server has some catastrophic power supply failure and takes all the disks with it.
Ive done a lot of searching around the forum for a solution that doesn't basically involve removing the spare node from the pool but I haven't found anything. I would like to keep it part of the pool, if possible, because it would contain all the VM config, firewall rules for the containers, mounts etc etc that would just be a nuisance to reconfigure if I ever need to do a failover due to hardware failure or whatever.
I'm running 4.1, fully patched. What options do I have?
Thanks for reading,
Ben