Observing recently as of now unpreventable configuration error:
ClusterLabs/pcs#197
made me think how can we fix these undesirable shortcomings in our
cluster stack.
Borrowing from conclusion
ClusterLabs/pcs#197 (comment):
It's more a wider systemic flaw of never genuinely considering
consequences of:
-
running semantically-matching instances of the agent in parallel
-
not preventing some patterns of agents' usage, or conversely,
not enforcing some constraints to be used unconditionally for
the configuration to be allowed
To untwist it, we probably need a top-down approach, hence stating
the expectations clearly in the OCF standard, as proposed for 1.
Complicated semantics of mount is exactly one such example where both
aspects shall be covered in the standard expressly:
-
possible intertwisting of different parameter sets agent instances
on stop operation (and perhaps elsewhere)
-
for bind mount points, there could be a way to arrange for
"last to leave the resource will trigger full-fledged stop", i.e.,
a concept built over an enforced uniform (stop order the exact
inverse of start order) ordering of the bind instance to be
fully inside the life-time of the other managed mount point it
happens to delegate further (bind mount point would always
had to be stacked under true mount, borrowing its target path
as its own source path, never umounting on stop)
For 1., the standard shall be clear on the precautions agents are
meant to take to assure the general sanity:
see the proposal
ClusterLabs/resource-agents#1304 (comment)
and also the requirement on the resource manager to explicitly
avoid parallel executions of the same-parameter-sets (subject to
definition) instances
For 2., the metadata-level way of expressing "combinability" (stackability)
of the agents shall be devised. Prior art in rgmanager can be a useful
source of inspiration.
Observing recently as of now unpreventable configuration error:
ClusterLabs/pcs#197
made me think how can we fix these undesirable shortcomings in our
cluster stack.
Borrowing from conclusion
ClusterLabs/pcs#197 (comment):
Complicated semantics of
mountis exactly one such example where bothaspects shall be covered in the standard expressly:
possible intertwisting of different parameter sets agent instances
on
stopoperation (and perhaps elsewhere)for
bindmount points, there could be a way to arrange for"last to leave the resource will trigger full-fledged stop", i.e.,
a concept built over an enforced uniform (stop order the exact
inverse of start order) ordering of the
bindinstance to befully inside the life-time of the other managed mount point it
happens to delegate further (
bindmount point would alwayshad to be stacked under true
mount, borrowing its target pathas its own source path, never umounting on
stop)For 1., the standard shall be clear on the precautions agents are
meant to take to assure the general sanity:
see the proposal
ClusterLabs/resource-agents#1304 (comment)
and also the requirement on the resource manager to explicitly
avoid parallel executions of the same-parameter-sets (subject to
definition) instances
For 2., the metadata-level way of expressing "combinability" (stackability)
of the agents shall be devised. Prior art in rgmanager can be a useful
source of inspiration.