is reboot a safe fencing action? yey for pmxcfs!

[pixel]

pmxcfs is brilliant. if i ever meet whoever came up with that, im getting you beer (or booch if you dont drink)

anyway, seems like it prevents a rebooted node from trying restart a migrated instance. between that, and the fact that we only have 3 nodes, so if one goes down, it should come up asap, i set the fence action to reboot (action="off" followed by action="on", its an apc pdu). is there a possible failure case where this would be a bad idea? is it common enough to offset the vulnerable time of temporarily only having 2 nodes up?

 

[dietmar]

anyway, seems like it prevents a rebooted node from trying restart a migrated instance.

I am not aware of such behavior. You can do anything as long as you have quorum.

 

[pixel]

as i understand it, the point of pmxcfs is that it will tell the previously downed node that those instances are already on other nodes. if it cant see the rest of the cluster, then it would not have quorum. but if this is not the case, maybe we should take that action="on" out of the fence action.