Manualshelf

Managing Serviceguard 14th Edition, June 2007

ManualsBrandsHP ManualsSoftwareHP Serviceguard Software
61626364656667686970
Understanding Serviceguard Software Components
How the Cluster Manager Works
Chapter 368
either node, and a lock disk must be an external disk. For three or four
node clusters, the disk should not share a power circuit with 50% or more
of the nodes.
Dual Lock Disk
If you are using disks that are internally mounted in the same cabinet as
the cluster nodes, then a single lock disk would be a single point of
failure, since the loss of power to the node that has the lock disk in its
cabinet would also render the cluster lock unavailable. Similarly, in a
campus cluster, where the cluster contains nodes running in two
separate data centers, a single lock disk would be a single point of failure
should the data center it resides in suffer a catastrophic failure.
In these two cases only, a dual cluster lock, with two separately powered
cluster disks, should be used to eliminate the lock disk as a single point
of failure.
NOTE You must use Fibre Channel connections for a dual cluster lock; you can
no longer implement it in a parallel SCSI configuration.
For a dual cluster lock, the disks must not share either a power circuit or
a node chassis with one another. In this case, if there is a power failure
affecting one node and disk, the other node and disk remain available, so
cluster re-formation can take place on the remaining node. For a campus
cluster, there should be one lock disk in each of the data centers, and all
nodes must have access to both lock disks. In the event of a failure of one
of the data centers, the nodes in the remaining data center will be able to
acquire their local lock disk, allowing them to successfully reform a new
cluster.
NOTE A dual lock disk does not provide a redundant cluster lock. In fact, the
dual lock is a compound lock. This means that two disks must be
available at cluster formation time rather than the one that is needed for
a single lock disk. Thus, the only recommended usage of the dual cluster
lock is when the single cluster lock cannot be isolated at the time of a
failure from exactly one half of the cluster nodes.