OCF's tunnel vision regarding fully isolated runs of the agents (not the case in practice) #22
Description
Observing recently as of now unpreventable configuration error:
made me think how can we fix these undesirable shortcomings in our
cluster stack.
Borrowing from conclusion
ClusterLabs/pcs#197 (comment):
It's more a wider systemic flaw of never genuinely considering
consequences of:
running semantically-matching instances of the agent in parallel
not preventing some patterns of agents' usage, or conversely,
not enforcing some constraints to be used unconditionally for
the configuration to be allowedTo untwist it, we probably need a top-down approach, hence stating
the expectations clearly in the OCF standard, as proposed for 1.
Complicated semantics of mount is exactly one such example where both
aspects shall be covered in the standard expressly:
-
possible intertwisting of different parameter sets agent instances
onstopoperation (and perhaps elsewhere) -
for
bindmount points, there could be a way to arrange for
"last to leave the resource will trigger full-fledged stop", i.e.,
a concept built over an enforced uniform (stop order the exact
inverse of start order) ordering of thebindinstance to be
fully inside the life-time of the other managed mount point it
happens to delegate further (bindmount point would always
had to be stacked under truemount, borrowing its target path
as its own source path, never umounting onstop)
For 1., the standard shall be clear on the precautions agents are
meant to take to assure the general sanity:
see the proposal
ClusterLabs/resource-agents#1304 (comment)
and also the requirement on the resource manager to explicitly
avoid parallel executions of the same-parameter-sets (subject to
definition) instances
For 2., the metadata-level way of expressing "combinability" (stackability)
of the agents shall be devised. Prior art in rgmanager can be a useful
source of inspiration.