[ovirt-users] why replica 3

Richard Neuboeck hawk at tbi.univie.ac.at
Wed Sep 9 07:17:40 EDT 2015


On 09/09/2015 10:54 AM, Simone Tiraboschi wrote:
> 
> 
> On Wed, Sep 9, 2015 at 10:14 AM, Richard Neuboeck
> <hawk at tbi.univie.ac.at <mailto:hawk at tbi.univie.ac.at>> wrote:
> 
>     On 04.09.15 10:02, Simone Tiraboschi wrote:
>     >     Is there a reason why it has to be exactly replica 3?
>     >
>     >
>     > To have a valid quorum having the system being able to decide witch is
>     > the right and safe copy avoiding an issue called split brain.
>     > Under certain circumstances/issues (network issue, hosts down or
>     > whatever could happen) the data on different replica could diverge: if
>     > you have two and just two different hosts that claim each other
>     that its
>     > copy is the right one there is no way to automatically take the right
>     > decision. Having three hosts and setting the quorum according to that
>     > solves/mitigates the issue.
> 
> 
>     Thanks for the explanation. I do understand the problem but since
>     I'm somewhat limited in my hardware options is there a way to
>     override this requirement? Meaning if I change the checks for
>     replica 3 in the installation scripts does something else fail on
>     the way?
> 
> 
> I'm advising that it's not a safe configuration so it's not
> recommended for a production environment.
> Having said that, as far as I know it's enforced only in the setup
> script so tweaking it should be enough.
> Otherwise, if you have enough disk space, you can also have a
> different trick: you could create a replica 3 volume with 2 bricks
> from a single host.

I've thought about that but since that would obviously only help to
fool the installation script there is nothing else in this setup
that would improve the situation. Worse the read/write overhead on
the second machine would be a performance downgrade.

> It's not a safe procedure at all cause you still have only 2 hosts,
> so it's basically just replica 2, and in case of split brain the
> host with two copies will win by configuration which is not always
> the right decision.

Right. I'm thinking of trying to add a dummy node as mentioned in
the RHEL documentation. This would (in theory) prevent the read only
state in the split brain scenario and make it possible to access the
storage. But still the installation requirement of replica 3 would
not be satisfied.

> 
>     In my case coherence checks would come from outside the storage and
>     vm host setup and fencing would be applied appropriately.
> 
> 
> Can I ask how?

Multiple machines separated from the storage and virtualization
machines that will check communication (in general and of several
services) and try to intervene if there is something going awry
first by accessing the machines directly (if possible) and then by
deactivating those machines by remote management.

Cheers
Richard

> 
>     I would very much appreciate it if the particulars of the storage
>     setup could be either selected from a list of possibilities or be
>     ignored and just a warning be issued that this setup is not
>     recommended.
> 
>     Thanks!
>     Richard
> 
> 
>     --
>     /dev/null
> 
> 


-- 
/dev/null

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150909/26a98627/attachment.sig>


More information about the Users mailing list