<div dir="ltr"><div dir="ltr">пн, 16 окт. 2023 г. в 13:42, Andrei Borzenkov <<a href="mailto:arvidjaar@gmail.com">arvidjaar@gmail.com</a>>:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, Oct 16, 2023 at 9:28 AM Sergey Cherukhin<br>
<<a href="mailto:sergey.cherukhin@gmail.com" target="_blank">sergey.cherukhin@gmail.com</a>> wrote:<br>
><br>
> Hello!<br>
><br>
> I use Postgresql+Pacemaker+Corosync 3 nodes cluster with 2 Postgresql instances in synchronous replication mode on two high performance nodes and Pacemaker+Corosync on the third low performance node for quorum only. At the same time a SCADA HMI software is running on the high performance nodes. This SCADA software uses its own redundancy technology.<br>
><br>
> In this case I can't use fencing as usual to power off or reboot a failed node, because the operator will be very surprised when his workstation will be shutted down due to database failure.<br>
><br>
<br>
You can use the third node as a quorum device instead of the full<br>
member, it will never be fenced. <br></blockquote><div><br></div><div>I already use the third node as a quorum device only.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
> What type of fencing should I use in this case?<br>
><br>
<br>
Whatever is technically feasible. Your nodes may have BMC with IPMI.<br>
Another possibility is iSCSI target on the third node and SBD. If you<br>
are using HPC, you may have shared storage already.<br>
<br></blockquote><div>There are generic high-performance rack-mount industrial PCs will be used for Postgresql and SCADA nodes, supporting of any realisation of IPMI is not guaranteed (not documented). For witness node low-performance mini-PC will be used. Hardware set can not be expanded.</div><div>No iSCSI devices can be used. Node powering off by UPS or PDU is not allowed because of SCADA software. </div><div>Can I use resource level fencing instead of node level fencing in this case?<br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
> On the other hand, Postgresql instances don't use any shared resources. Is it possible to use cluster without fencing in this case?<br>
><br>
<br>
This is a common misconception. Your replicated database *is* the<br>
shared resource. Ask yourself - what happens if both instances decide<br>
they are masters and start serving different clients? If you really do<br>
not care, you do not need any failover cluster in the first place.<br></blockquote><div><br></div><div>I use the third node as a quorum device only to prevent split-brain. What else can go wrong in two instance replication?</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
_______________________________________________<br>
Manage your subscription:<br>
<a href="https://lists.clusterlabs.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.clusterlabs.org/mailman/listinfo/users</a><br>
<br>
ClusterLabs home: <a href="https://www.clusterlabs.org/" rel="noreferrer" target="_blank">https://www.clusterlabs.org/</a><br>
</blockquote></div></div>