 | ||
| About the Steward process: Split-brain in two-cluster global clusters | ||
|---|---|---|
| Prev | VCS global clusters: The building blocks | Next |
| ||
| About the Steward process: Split-brain in two-cluster global clusters | ||
|---|---|---|
| Prev | VCS global clusters: The building blocks | Next |
Failure of all heartbeats between any two clusters in a global cluster indicates one of the following:
The remote cluster is faulted.
All communication links between the two clusters are broken.
In global clusters with three or more clusters, VCS queries the connected clusters to confirm that the remote cluster is truly down. This mechanism is called inquiry.
In a two-cluster setup, VCS uses the Steward process to minimize chances of a wide-area split-brain. The process runs as a standalone binary on a system outside of the global cluster configuration.
Figure: Steward process: Split-brain in two-cluster global clusters depicts the Steward process to minimize chances of a split brain within a two-cluster setup.
When all communication links between any two clusters are lost, each cluster contacts the Steward with an inquiry message. The Steward sends an ICMP ping to the cluster in question and responds with a negative inquiry if the cluster is running or with positive inquiry if the cluster is down. The Steward can also be used in configurations with more than two clusters. VCS provides the option of securing communication between the Steward process and the wide-area connectors.
In non-secure configurations, you can configure the steward process on a platform that is different to that of the global cluster nodes. Secure configurations have not been tested for running the steward process on a different platform.
For example, you can run the steward process on a Windows system for a global cluster running on Linux systems. However, the VCS release for Linux contains the steward binary for Linux only. You must copy the steward binary for Windows from the VCS installation directory on a Windows cluster, typically C:\Program Files\VERITAS\Cluster Server.
A Steward is effective only if there are independent paths from each cluster to the host that runs the Steward. If there is only one path between the two clusters, you must prevent split-brain by confirming manually via telephone or some messaging system with administrators at the remote site if a failure has occurred. By default, VCS global clusters fail over an application across cluster boundaries with administrator confirmation. You can configure automatic failover by setting the ClusterFailOverPolicy attribute to Auto.
The default port for the steward is 14156.
More Information
