From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>,
"Proxmox VE development discussion" <pve-devel@lists.proxmox.com>,
"Dominik Csapak" <d.csapak@proxmox.com>
Subject: Re: [pve-devel] [PATCH qemu-server 1/1] qemu: add offline migration from dead node
Date: Tue, 1 Apr 2025 14:38:07 +0200 [thread overview]
Message-ID: <49674ab9-8a7e-4749-9cd4-e2eb3ff0bd57@proxmox.com> (raw)
In-Reply-To: <135708611.3668.1743506005916@webmail.proxmox.com>
Am 01.04.25 um 13:13 schrieb Fabian Grünbichler:
> the only way to technically improve what is possible IMHO would be to implement
> some kind of reliable STONITH mechanism in addition to fencing, and base an
> integrated "guest stealing" mechanism on that (with some additional component
> that ensures that if the "shot" comes back up right away it won't do anything
> with the "stolen" guest before the theft is over).
>
> e.g., if you have a (set of) remote-manageable power strip(s) configured that
> allows:
> - removing all power from node
> - query power state of a node
>
> you could use that to reduce HA failover times (you can shoot the other node
> if you want to make it fenced, irrespective of watchdog timeouts/..), and to
> implement a guest stealing mechanism:
> - put a file/entry in /etc/pve marking a guest as "currently being stolen"
> - shoot the other node and verify it is down
> - steal config
> - remove marker file/entry
>
> no matter at which point after the shooting the other node comes back up, it
> must first sync up /etc/pve, which means it can check for markers on VM
> locking. if a marker is found, it's not allowed to lock, else it can proceed
> (checking doesn't require locking cluster wide, just setting the mark would).
> if no marker is found, the config is not there anymore either or it hasn't
> been stolen and can be locked and used normally.
>
> if no stonith mechanism is configured, stealing is not available.
That's basically exactly what the HW fencing series I worked on years ago does,
including lower timeouts and so on. It was only integrated in HA, exposing the
HW fencing (which is STONITH) separately would be possible though.
That said adding STONITH and external fence devices to the mix is not a trivial
thing and hardly simplifies setups IMO, so while a possibility I'd not see it
as something to promote to inexperienced users.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-04-01 12:38 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250324111529.338025-1-alexandre.derumier@groupe-cyllene.com>
2025-03-24 11:15 ` [pve-devel] [PATCH pve-manager 1/1] migrate: allow " Alexandre Derumier via pve-devel
2025-03-24 11:15 ` [pve-devel] [PATCH qemu-server 1/1] qemu: add offline " Alexandre Derumier via pve-devel
2025-04-01 9:52 ` Fabian Grünbichler
2025-04-01 9:57 ` Thomas Lamprecht
2025-04-01 10:19 ` Dominik Csapak
2025-04-01 10:46 ` Thomas Lamprecht
2025-04-01 11:13 ` Fabian Grünbichler
2025-04-01 12:38 ` Thomas Lamprecht [this message]
2025-04-01 11:37 ` Dominik Csapak
2025-04-01 12:54 ` Thomas Lamprecht
2025-04-01 13:20 ` Dominik Csapak
2025-04-01 15:08 ` Thomas Lamprecht
2025-04-01 16:13 ` DERUMIER, Alexandre via pve-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49674ab9-8a7e-4749-9cd4-e2eb3ff0bd57@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal