1 <?xml version='1.0' encoding='UTF-8'?><chapter xmlns="http://docbook.org/ns/docbook" xmlns:xl="http://www.w3.org/1999/xlink" version="5.0" xml:lang="en-US" xml:id="configuringfailover">
2 <title xml:id="configuringfailover.title">Configuring Failover in a Lustre File System</title>
3 <para>This chapter describes how to configure failover in a Lustre file system. It
8 <xref xmlns:xlink="http://www.w3.org/1999/xlink" linkend="dbdoclet.50438188_82389"/></para>
11 <para><xref xmlns:xlink="http://www.w3.org/1999/xlink" linkend="dbdoclet.50438188_92688"
15 <para><xref xmlns:xlink="http://www.w3.org/1999/xlink" linkend="section_tnq_kbr_xl"/></para>
18 <para>For an overview of failover functionality in a Lustre file system, see <xref
19 xmlns:xlink="http://www.w3.org/1999/xlink" linkend="understandingfailover"/>.</para>
20 <section xml:id="dbdoclet.50438188_82389">
22 <primary>High availability</primary>
24 </indexterm><indexterm>
25 <primary>failover</primary>
26 </indexterm>Setting Up a Failover Environment</title>
27 <para>The Lustre software provides failover mechanisms only at the layer of the Lustre file
28 system. No failover functionality is provided for system-level components such as failing
29 hardware or applications, or even for the entire failure of a node, as would typically be
30 provided in a complete failover solution. Failover functionality such as node monitoring,
31 failure detection, and resource fencing must be provided by external HA software, such as
32 PowerMan or the open source Corosync and Pacemaker packages provided by Linux operating system
33 vendors. Corosync provides support for detecting failures, and Pacemaker provides the actions
34 to take once a failure has been detected.</para>
37 <primary>failover</primary>
38 <secondary>power control device</secondary>
39 </indexterm>Selecting Power Equipment</title>
40 <para>Failover in a Lustre file system requires the use of a remote power control (RPC)
41 mechanism, which comes in different configurations. For example, Lustre server nodes may be
42 equipped with IPMI/BMC devices that allow remote power control. In the past, software or
43 even “sneakerware” has been used, but these are not recommended. For recommended devices,
44 refer to the list of supported RPC devices on the website for the PowerMan cluster power
45 management utility:</para>
46 <para><link xmlns:xlink="http://www.w3.org/1999/xlink"
47 xlink:href="http://code.google.com/p/powerman/wiki/SupportedDevs"
48 >http://code.google.com/p/powerman/wiki/SupportedDevs</link></para>
52 <primary>failover</primary>
53 <secondary>power management software</secondary>
54 </indexterm>Selecting Power Management Software</title>
55 <para>Lustre failover requires RPC and management capability to verify that a failed node is
56 shut down before I/O is directed to the failover node. This avoids double-mounting the two
57 nodes and the risk of unrecoverable data corruption. A variety of power management tools
58 will work. Two packages that have been commonly used with the Lustre software are PowerMan
59 and Linux-HA (aka. STONITH ).</para>
60 <para>The PowerMan cluster power management utility is used to control RPC devices from a
61 central location. PowerMan provides native support for several RPC varieties and Expect-like
62 configuration simplifies the addition of new devices. The latest versions of PowerMan are
64 <para><link xmlns:xlink="http://www.w3.org/1999/xlink"
65 xlink:href="http://code.google.com/p/powerman/"
66 >http://code.google.com/p/powerman/</link></para>
67 <para>STONITH, or “Shoot The Other Node In The Head”, is a set of power management tools
68 provided with the Linux-HA package prior to Red Hat Enterprise Linux 6. Linux-HA has native
69 support for many power control devices, is extensible (uses Expect scripts to automate
70 control), and provides the software to detect and respond to failures. With Red Hat
71 Enterprise Linux 6, Linux-HA is being replaced in the open source community by the
72 combination of Corosync and Pacemaker. For Red Hat Enterprise Linux subscribers, cluster
73 management using CMAN is available from Red Hat.</para>
77 <primary>failover</primary>
78 <secondary>high-availability (HA) software</secondary>
79 </indexterm>Selecting High-Availability (HA) Software</title>
80 <para>The Lustre file system must be set up with high-availability (HA) software to enable a
81 complete Lustre failover solution. Except for PowerMan, the HA software packages mentioned
82 above provide both power management and cluster management. For information about setting
83 up failover with Pacemaker, see:</para>
86 <para>Pacemaker Project website: <link xmlns:xlink="http://www.w3.org/1999/xlink"
87 xlink:href="http://clusterlabs.org/"><link xlink:href="http://clusterlabs.org/"
88 >http://clusterlabs.org/</link></link></para>
91 <para>Article <emphasis role="italic">Using Pacemaker with a Lustre File
92 System</emphasis>: <link xmlns:xlink="http://www.w3.org/1999/xlink"
93 xlink:href="https://wiki.whamcloud.com/display/PUB/Using+Pacemaker+with+a+Lustre+File+System"
95 xlink:href="https://wiki.whamcloud.com/display/PUB/Using+Pacemaker+with+a+Lustre+File+System"
96 >https://wiki.whamcloud.com/display/PUB/Using+Pacemaker+with+a+Lustre+File+System</link></link></para>
101 <section xml:id="dbdoclet.50438188_92688">
103 <primary>failover</primary>
104 <secondary>setup</secondary>
105 </indexterm>Preparing a Lustre File System for Failover</title>
106 <para>To prepare a Lustre file system to be configured and managed as an HA system by a
107 third-party HA application, each storage target (MGT, MGS, OST) must be associated with a
108 second node to create a failover pair. This configuration information is then communicated by
109 the MGS to a client when the client mounts the file system.</para>
110 <para>The per-target configuration is relayed to the MGS at mount time. Some rules related to
111 this are:<itemizedlist>
113 <para> When a target is <emphasis role="underline"><emphasis role="italic"
114 >initially</emphasis></emphasis> mounted, the MGS reads the configuration
115 information from the target (such as mgt vs. ost, failnode, fsname) to configure the
116 target into a Lustre file system. If the MGS is reading the initial mount configuration,
117 the mounting node becomes that target's “primary” node.</para>
120 <para>When a target is <emphasis role="underline"><emphasis role="italic"
121 >subsequently</emphasis></emphasis> mounted, the MGS reads the current configuration
122 from the target and, as needed, will reconfigure the MGS database target
125 </itemizedlist></para>
126 <para>When the target is formatted using the <literal>mkfs.lustre</literal> command, the failover
127 service node(s) for the target are designated using the <literal>--servicenode</literal>
128 option. In the example below, an OST with index <literal>0</literal> in the file system
129 <literal>testfs</literal> is formatted with two service nodes designated to serve as a
131 pair:<screen>mkfs.lustre --reformat --ost --fsname testfs --mgsnode=192.168.10.1@o3ib \
132 --index=0 --servicenode=192.168.10.7@o2ib \
133 --servicenode=192.168.10.8@o2ib \
134 /dev/sdb</screen></para>
135 <para>More than two potential service nodes can be designated for a target. The target can then
136 be mounted on any of the designated service nodes.</para>
137 <para>When HA is configured on a storage target, the Lustre software enables multi-mount
138 protection (MMP) on that storage target. MMP prevents multiple nodes from simultaneously
139 mounting and thus corrupting the data on the target. For more about MMP, see <xref
140 xmlns:xlink="http://www.w3.org/1999/xlink" linkend="managingfailover"/>.</para>
141 <para>If the MGT has been formatted with multiple service nodes designated, this information
142 must be conveyed to the Lustre client in the mount command used to mount the file system. In
143 the example below, NIDs for two MGSs that have been designated as service nodes for the MGT
144 are specified in the mount command executed on the
145 client:<screen>mount -t lustre 10.10.120.1@tcp1:10.10.120.2@tcp1:/testfs /lustre/testfs</screen></para>
146 <para>When a client mounts the file system, the MGS provides configuration information to the
147 client for the MDT(s) and OST(s) in the file system along with the NIDs for all service nodes
148 associated with each target and the service node on which the target is mounted. Later, when
149 the client attempts to access data on a target, it will try the NID for each specified service
150 node until it connects to the target.</para>
151 <para>Previous to Lustre software release 2.0, the <literal>--failnode</literal> option to
152 <literal>mkfs.lustre</literal> was used to designate a failover service node for a primary
153 server for a target. When the <literal>--failnode</literal> option is used, certain
154 restrictions apply:<itemizedlist>
156 <para>The target must be initially mounted on the primary service node, not the failover
157 node designated by the <literal>--failnode</literal> option.</para>
160 <para>If the <literal>tunefs.lustre –-writeconf</literal> option is used to erase and
161 regenerate the configuration log for the file system, a target cannot be initially
162 mounted on a designated failnode.</para>
165 <para>If a <literal>--failnode</literal> option is added to a target to designate a
166 failover server for the target, the target must be re-mounted on the primary node before
167 the <literal>--failnode</literal> option takes effect</para>
169 </itemizedlist></para>
171 <section xml:id="section_tnq_kbr_xl">
172 <title>Administering Failover in a Lustre File System</title>
173 <para>For additional information about administering failover features in a Lustre file system, see:<itemizedlist>
175 <para><xref xmlns:xlink="http://www.w3.org/1999/xlink" linkend="dbdoclet.50438194_57420"
179 <para><xref xmlns:xlink="http://www.w3.org/1999/xlink" linkend="dbdoclet.50438194_41817"
183 <para><xref xmlns:xlink="http://www.w3.org/1999/xlink" linkend="dbdoclet.50438199_62333"
187 <para><xref xmlns:xlink="http://www.w3.org/1999/xlink" linkend="dbdoclet.50438219_75432"
190 </itemizedlist></para>