NAME
drbd.conf - Configuration file for DRBD's devices .
INTRODUCTION
The file /etc/drbd.conf is read by drbdadm.
The file format was designed as to allow to have a verbatim copy of the
file on both nodes of the cluster. It is highly recommended to do so in
order to keep your configuration manageable. The file /etc/drbd.conf
should be the same on both nodes of the cluster. Changes to
/etc/drbd.conf do not apply immediately.
In this example, there is a single DRBD resource (called r0) which uses
protocol C for the connection between its devices. The device which
runs on host alice uses /dev/drbd1 as devices for its application, and
/dev/sda7 as low-level storage for the data. The IP addresses are used
to specify the networking interfaces to be used. An eventually running
resync process should use about 10MByte/second of IO bandwidth.
There may be multiple resource sections in a single drbd.conf file. For
more examples, please have a look at the DRBD User's Guide[1].
FILE FORMAT
The file consists of sections and parameters. A section begins with a
keyword, sometimes an additional name, and an opening brace ("{"). A
section ends with a closing brace ("}". The braces enclose the
parameters.
section [name] { parameter value; [...] }
A parameter starts with the identifier of the parameter followed by
whitespace. Every subsequent character is considered as part of the
parameter's value. A special case are Boolean parameters which consist
only of the identifier. Parameters are terminated by a semicolon (";").
Some parameter values have default units which might be overruled by K,
M or G. These units are defined in the usual way (K = 2^10 = 1024, M =
1024 K, G = 1024 M).
Comments may be placed into the configuration file and must begin with
a hash sign ("#"). Subsequent characters are ignored until the end of
the line.
Sections
skip
Comments out chunks of text, even spanning more than one line.
Characters between the keyword skip and the opening brace ("{") are
ignored. Everything enclosed by the braces is skipped. This comes
in handy, if you just want to comment out some 'resource [name]
{...}' section: just precede it with '"skip"'.
global
Configures some global parameters. Currently only minor-count,
dialog-refresh, disable-ip-verification and usage-count are allowed
here. You may only have one global section, preferably as the first
section.
common
All resources inherit the options set in this section. The common
section might have a startup, a syncer, a handlers, a net and a
disk section.
resource name
Configures a DRBD resource. Each resource section needs to have two
(or more) on host sections and may have a startup, a syncer, a
handlers, a net and a disk section. Required parameter in this
section: protocol.
on host-name
Carries the necessary configuration parameters for a DRBD device of
the enclosing resource. host-name is mandatory and must match the
Linux host name (uname -n) of one of the nodes. You may list more
than one host name here, in case you want to use the same
parameters on several hosts (you'd have to move the IP around
usually). Or you may list more than two such sections.
resource r1 {
protocol C;
device minor 1;
meta-disk internal;
on alice bob {
address 10.2.2.100:7801;
disk /dev/mapper/some-san;
}
on charlie {
address 10.2.2.101:7801;
disk /dev/mapper/other-san;
}
on daisy {
address 10.2.2.103:7801;
disk /dev/mapper/other-san-as-seen-from-daisy;
}
}
See also the floating section keyword. Required parameters in this
section: device, disk, address, meta-disk, flexible-meta-disk.
stacked-on-top-of resource
For a stacked DRBD setup (3 or 4 nodes), a stacked-on-top-of is
used instead of an on section. Required parameters in this section:
device and address.
floating AF addr:port
Carries the necessary configuration parameters for a DRBD device of
the enclosing resource. This section is very similar to the on
section. The difference to the on section is that the matching of
the host sections to machines is done by the IP-address instead of
the node name. Required parameters in this section: device, disk,
meta-disk, flexible-meta-disk, all of which may be inherited from
the resource section, in which case you may shorten this section
down to just the address identifier.
resource r2 {
protocol C;
device minor 2;
disk /dev/sda7;
meta-disk internal;
# short form, device, disk and meta-disk inherited
floating 10.1.1.31:7802;
# longer form, only device inherited
floating 10.1.1.32:7802 {
disk /dev/sdb;
meta-disk /dev/sdc8;
}
}
disk
This section is used to fine tune DRBD's properties in respect to
the low level storage. Please refer to drbdsetup(8) for detailed
description of the parameters. Optional parameters: on-io-error,
size, fencing, use-bmbv, no-disk-barrier, no-disk-flushes,
no-disk-drain, no-md-flushes, max-bio-bvecs.
net
This section is used to fine tune DRBD's properties. Please refer
to drbdsetup(8) for a detailed description of this section's
parameters. Optional parameters: sndbuf-size, rcvbuf-size, timeout,
connect-int, ping-int, ping-timeout, max-buffers, max-epoch-size,
ko-count, allow-two-primaries, cram-hmac-alg, shared-secret,
after-sb-0pri, after-sb-1pri, after-sb-2pri, data-integrity-alg,
no-tcp-cork
startup
This section is used to fine tune DRBD's properties. Please refer
to drbdsetup(8) for a detailed description of this section's
parameters. Optional parameters: wfc-timeout, degr-wfc-timeout,
outdated-wfc-timeout, wait-after-sb, stacked-timeouts and
become-primary-on.
syncer
This section is used to fine tune the synchronization daemon for
the device. Please refer to drbdsetup(8) for a detailed description
of this section's parameters. Optional parameters: rate, after,
al-extents, use-rle, cpu-mask, verify-alg, csums-alg,
delay-probe-volume, delay-probe-interval, throttle-threshold and
hold-off-threshold.
handlers
In this section you can define handlers (executables) that are
started by the DRBD system in response to certain events. Optional
parameters: pri-on-incon-degr, pri-lost-after-sb, pri-lost,
fence-peer (formerly oudate-peer), local-io-error,
initial-split-brain, split-brain, before-resync-target,
after-resync-target.
The interface is done via environment variables:
DRBD_PEER is deprecated.
Please note that not all of these might be set for all handlers,
and that some values might not be useable for a floating
definition.
Parameters
minor-count count
may be a number from 1 to 255.
Use minor-count if you want to define massively more resources
later without reloading the DRBD kernel module. Per default the
module loads with 11 more resources than you have currently in your
config but at least 32.
dialog-refresh time
may be 0 or a positive number.
The user dialog redraws the second count every time seconds (or
does no redraws if time is 0). The default value is 1.
disable-ip-verification
Use disable-ip-verification if, for some obscure reasons, drbdadm
can/might not use ip or ifconfig to do a sanity check for the IP
address. You can disable the IP verification with this option.
usage-count val
Please participate in DRBD's online usage counter[2]. The most
convenient way to do so is to set this option to yes. Valid options
are: yes, no and ask.
protocol prot-id
On the TCP/IP link the specified protocol is used. Valid protocol
specifiers are A, B, and C.
Protocol A: write IO is reported as completed, if it has reached
local disk and local TCP send buffer.
Protocol B: write IO is reported as completed, if it has reached
local disk and remote buffer cache.
Protocol C: write IO is reported as completed, if it has reached
both local and remote disk.
device name minor nr
The name of the block device node of the resource being described.
You must use this device with your application (file system) and
you must not use the low level block device which is specified with
the disk parameter.
One can ether omit the name or minor and the minor number. If you
omit the name a default of /dev/drbdminor will be used.
Udev will create additional symlinks in /dev/drbd/by-res and
/dev/drbd/by-disk.
disk name
DRBD uses this block device to actually store and retrieve the
data. Never access such a device while DRBD is running on top of
it. This also holds true for dumpe2fs(8) and similar commands.
address AF addr:port
A resource needs one IP address per device, which is used to wait
for incoming connections from the partner device respectively to
reach the partner device. AF must be one of ipv4, ipv6, ssocks or
sdp (for compatibility reasons sci is an alias for ssocks). It may
be omited for IPv4 addresses. The actual IPv6 address that follows
the ipv6 keyword must be placed inside brackets: ipv6
[fd01:2345:6789:abcd::1]:7800.
Each DRBD resource needs a TCP port which is used to connect to the
node's partner device. Two different DRBD resources may not use the
same addr:port combination on the same node.
meta-disk internal, flexible-meta-disk internal, meta-disk device
[index], flexible-meta-disk device
Internal means that the last part of the backing device is used to
store the meta-data. You must not use [index] with internal. Note:
Regardless of whether you use the meta-disk or the
flexible-meta-disk keyword, it will always be of the size needed
for the remaining storage size.
You can use a single block device to store meta-data of multiple
DRBD devices. E.g. use meta-disk /dev/sde6[0]; and meta-disk
/dev/sde6[1]; for two different resources. In this case the
meta-disk would need to be at least 256 MB in size.
With the flexible-meta-disk keyword you specify a block device as
meta-data storage. You usually use this with LVM, which allows you
to have many variable sized block devices. The required size of the
meta-disk block device is 36kB + Backing-Storage-size / 32k. Round
this number to the next 4kb boundary up and you have the exact
size. Rule of the thumb: 32kByte per 1GByte of storage, round up to
the next MB.
on-io-error handler
is taken, if the lower level device reports io-errors to the upper
layers.
handler may be pass_on, call-local-io-error or detach.
pass_on: Report the io-error to the upper layers. On Primary report
it to the mounted file system. On Secondary ignore it.
call-local-io-error: Call the handler script local-io-error.
detach: The node drops its low level device, and continues in
diskless mode.
fencing fencing_policy
By fencing we understand preventive measures to avoid situations
where both nodes are primary and disconnected (AKA split brain).
Valid fencing policies are:
dont-care
This is the default policy. No fencing actions are taken.
resource-only
If a node becomes a disconnected primary, it tries to fence the
peer's disk. This is done by calling the fence-peer handler.
The handler is supposed to reach the other node over
alternative communication paths and call 'drbdadm outdate res'
there.
resource-and-stonith
If a node becomes a disconnected primary, it freezes all its IO
operations and calls its fence-peer handler. The fence-peer
handler is supposed to reach the peer over alternative
communication paths and call 'drbdadm outdate res' there. In
case it cannot reach the peer it should stonith the peer. IO is
resumed as soon as the situation is resolved. In case your
handler fails, you can resume IO with the resume-io command.
use-bmbv
In case the backing storage's driver has a merge_bvec_fn()
function, DRBD has to pretend that it can only process IO requests
in units not larger than 4KiB. (At the time of writing the only
known drivers which have such a function are: md (software raid
driver), dm (device mapper - LVM) and DRBD itself).
To get the best performance out of DRBD on top of software RAID (or
any other driver with a merge_bvec_fn() function) you might enable
this function, if you know for sure that the merge_bvec_fn()
function will deliver the same results on all nodes of your
cluster. I.e. the physical disks of the software RAID are of
exactly the same type. Use this option only if you know what you
are doing.
no-disk-barrier, no-disk-flushes, no-disk-drain
DRBD has four implementations to express write-after-write
dependencies to its backing storage device. DRBD will use the first
method that is supported by the backing storage device and that is
not disabled by the user.
When selecting the method you should not only base your decision on
the measurable performance. In case your backing storage device has
a volatile write cache (plain disks, RAID of plain disks) you
should use one of the first two. In case your backing storage
device has battery-backed write cache you may go with option 3 or
4. Option 4 will deliver the best performance on such devices.
Unfortunately device mapper (LVM) might not support barriers.
The letter after "wo:" in /proc/drbd indicates with method is
currently in use for a device: b, f, d, n. The implementations are:
barrier
The first requires that the driver of the backing storage
device support barriers (called 'tagged command queuing' in
SCSI and 'native command queuing' in SATA speak). The use of
this method can be disabled by the no-disk-barrier option.
flush
The second requires that the backing device support disk
flushes (called 'force unit access' in the drive vendors
speak). The use of this method can be disabled using the
no-disk-flushes option.
drain
The third method is simply to let write requests drain before
write requests of a new reordering domain are issued. This was
the only implementation before 8.0.9. You can disable this
method by using the no-disk-drain option.
none
The fourth method is to not express write-after-write
dependencies to the backing store at all.
no-md-flushes
Disables the use of disk flushes and barrier BIOs when accessing
the meta data device. See the notes on no-disk-flushes.
max-bio-bvecs
In some special circumstances the device mapper stack manages to
pass BIOs to DRBD that violate the constraints that are set forth
by DRBD's merge_bvec() function and which have more than one bvec.
A known example is: phys-disk -> DRBD -> LVM -> Xen -> misaligned
partition (63) -> DomU FS. Then you might see "bio would need to,
but cannot, be split:" in the Dom0's kernel log.
The best workaround is to proper align the partition within the VM
(E.g. start it at sector 1024). This costs 480 KiB of storage.
Unfortunately the default of most Linux partitioning tools is to
start the first partition at an odd number (63). Therefore most
distribution's install helpers for virtual linux machines will end
up with misaligned partitions. The second best workaround is to
limit DRBD's max bvecs per BIO (= max-bio-bvecs) to 1, but that
might cost performance.
The default value of max-bio-bvecs is 0, which means that there is
no user imposed limitation.
sndbuf-size size
is the size of the TCP socket send buffer. The default value is 0,
i.e. autotune. You can specify smaller or larger values. Larger
values are appropriate for reasonable write throughput with
protocol A over high latency networks. Values below 32K do not make
sense. Since 8.0.13 resp. 8.2.7, setting the size value to 0 means
that the kernel should autotune this.
rcvbuf-size size
is the size of the TCP socket receive buffer. The default value is
0, i.e. autotune. You can specify smaller or larger values. Usually
this should be left at its default. Setting the size value to 0
means that the kernel should autotune this.
timeout time
If the partner node fails to send an expected response packet
within time tenths of a second, the partner node is considered dead
and therefore the TCP/IP connection is abandoned. This must be
lower than connect-int and ping-int. The default value is 60 = 6
seconds, the unit 0.1 seconds.
connect-int time
In case it is not possible to connect to the remote DRBD device
immediately, DRBD keeps on trying to connect. With this option you
can set the time between two retries. The default value is 10
seconds, the unit is 1 second.
ping-int time
If the TCP/IP connection linking a DRBD device pair is idle for
more than time seconds, DRBD will generate a keep-alive packet to
check if its partner is still alive. The default is 10 seconds, the
unit is 1 second.
ping-timeout time
The time the peer has time to answer to a keep-alive packet. In
case the peer's reply is not received within this time period, it
is considered as dead. The default value is 500ms, the default unit
are tenths of a second.
max-buffers number
Maximum number of requests to be allocated by DRBD. Unit is
PAGE_SIZE, which is 4 KiB on most systems. The minimum is hard
coded to 32 (=128 KiB). For high-performance installations it might
help if you increase that number. These buffers are used to hold
data blocks while they are written to disk.
ko-count number
In case the secondary node fails to complete a single write request
for count times the timeout, it is expelled from the cluster. (I.e.
the primary node goes into StandAlone mode.) The default value is
0, which disables this feature.
max-epoch-size number
The highest number of data blocks between two write barriers. If
you set this smaller than 10, you might decrease your performance.
allow-two-primaries
With this option set you may assign the primary role to both nodes.
You only should use this option if you use a shared storage file
system on top of DRBD. At the time of writing the only ones are:
OCFS2 and GFS. If you use this option with any other file system,
you are going to crash your nodes and to corrupt your data!
unplug-watermark number
When the number of pending write requests on the standby
(secondary) node exceeds the unplug-watermark, we trigger the
request processing of our backing storage device. Some storage
controllers deliver better performance with small values, others
deliver best performance when the value is set to the same value as
max-buffers. Minimum 16, default 128, maximum 131072.
cram-hmac-alg
You need to specify the HMAC algorithm to enable peer
authentication at all. You are strongly encouraged to use peer
authentication. The HMAC algorithm will be used for the challenge
response authentication of the peer. You may specify any digest
algorithm that is named in /proc/crypto.
shared-secret
The shared secret used in peer authentication. May be up to 64
characters. Note that peer authentication is disabled as long as no
cram-hmac-alg (see above) is specified.
after-sb-0pri policy
possible policies are:
disconnect
No automatic resynchronization, simply disconnect.
discard-younger-primary
Auto sync from the node that was primary before the split-brain
situation happened.
discard-older-primary
Auto sync from the node that became primary as second during
the split-brain situation.
discard-zero-changes
In case one node did not write anything since the split brain
became evident, sync from the node that wrote something to the
node that did not write anything. In case none wrote anything
this policy uses a random decision to perform a "resync" of 0
blocks. In case both have written something this policy
disconnects the nodes.
discard-least-changes
Auto sync from the node that touched more blocks during the
split brain situation.
discard-node-NODENAME
Auto sync to the named node.
after-sb-1pri policy
possible policies are:
disconnect
No automatic resynchronization, simply disconnect.
consensus
Discard the version of the secondary if the outcome of the
after-sb-0pri algorithm would also destroy the current
secondary's data. Otherwise disconnect.
violently-as0p
Always take the decision of the after-sb-0pri algorithm, even
if that causes an erratic change of the primary's view of the
data. This is only useful if you use a one-node FS (i.e. not
OCFS2 or GFS) with the allow-two-primaries flag, AND if you
really know what you are doing. This is DANGEROUS and MAY CRASH
YOUR MACHINE if you have an FS mounted on the primary node.
discard-secondary
Discard the secondary's version.
call-pri-lost-after-sb
Always honor the outcome of the after-sb-0pri algorithm. In
case it decides the current secondary has the right data, it
calls the "pri-lost-after-sb" handler on the current primary.
after-sb-2pri policy
possible policies are:
disconnect
No automatic resynchronization, simply disconnect.
violently-as0p
Always take the decision of the after-sb-0pri algorithm, even
if that causes an erratic change of the primary's view of the
data. This is only useful if you use a one-node FS (i.e. not
OCFS2 or GFS) with the allow-two-primaries flag, AND if you
really know what you are doing. This is DANGEROUS and MAY CRASH
YOUR MACHINE if you have an FS mounted on the primary node.
call-pri-lost-after-sb
Call the "pri-lost-after-sb" helper program on one of the
machines. This program is expected to reboot the machine, i.e.
make it secondary.
always-asbp
Normally the automatic after-split-brain policies are only used if
current states of the UUIDs do not indicate the presence of a third
node.
With this option you request that the automatic after-split-brain
policies are used as long as the data sets of the nodes are somehow
related. This might cause a full sync, if the UUIDs indicate the
presence of a third node. (Or double faults led to strange UUID
sets.)
rr-conflict policy
This option helps to solve the cases when the outcome of the resync
decision is incompatible with the current role assignment in the
cluster.
disconnect
No automatic resynchronization, simply disconnect.
violently
Sync to the primary node is allowed, violating the assumption
that data on a block device are stable for one of the nodes.
Dangerous, do not use.
call-pri-lost
Call the "pri-lost" helper program on one of the machines. This
program is expected to reboot the machine, i.e. make it
secondary.
data-integrity-alg alg
DRBD can ensure the data integrity of the user's data on the
network by comparing hash values. Normally this is ensured by the
16 bit checksums in the headers of TCP/IP packets.
This option can be set to any of the kernel's data digest
algorithms. In a typical kernel configuration you should have at
least one of md5, sha1, and crc32c available. By default this is
not enabled.
See also the notes on data integrity.
no-tcp-cork
DRBD usually uses the TCP socket option TCP_CORK to hint to the
network stack when it can expect more data, and when it should
flush out what it has in its send queue. It turned out that there
is at least one network stack that performs worse when one uses
this hinting method. Therefore we introducted this option, which
disables the setting and clearing of the TCP_CORK socket option by
DRBD.
wfc-timeout time
Wait for connection timeout. The init script drbd(8) blocks the
boot process until the DRBD resources are connected. When the
cluster manager starts later, it does not see a resource with
internal split-brain. In case you want to limit the wait time, do
it here. Default is 0, which means unlimited. The unit is seconds.
degr-wfc-timeout time
Wait for connection timeout, if this node was a degraded cluster.
In case a degraded cluster (= cluster with only one node left) is
rebooted, this timeout value is used instead of wfc-timeout,
because the peer is less likely to show up in time, if it had been
dead before. Value 0 means unlimited.
outdated-wfc-timeout time
Wait for connection timeout, if the peer was outdated. In case a
degraded cluster (= cluster with only one node left) with an
outdated peer disk is rebooted, this timeout value is used instead
of wfc-timeout, because the peer is not allowed to become primary
in the meantime. Value 0 means unlimited.
wait-after-sb
By setting this option you can make the init script to continue to
wait even if the device pair had a split brain situation and
therefore refuses to connect.
become-primary-on node-name
Sets on which node the device should be promoted to primary role by
the init script. The node-name might either be a host name or the
keyword both. When this option is not set the devices stay in
secondary role on both nodes. Usually one delegates the role
assignment to a cluster manager (e.g. heartbeat).
stacked-timeouts
Usually wfc-timeout and degr-wfc-timeout are ignored for stacked
devices, instead twice the amount of connect-int is used for the
connection timeouts. With the stacked-timeouts keyword you disable
this, and force DRBD to mind the wfc-timeout and degr-wfc-timeout
statements. Only do that if the peer of the stacked resource is
usually not available or will usually not become primary. By using
this option incorrectly, you run the risk of causing unexpected
split brain.
rate rate
To ensure a smooth operation of the application on top of DRBD, it
is possible to limit the bandwidth which may be used by background
synchronizations. The default is 250 KB/sec, the default unit is
KB/sec. Optional suffixes K, M, G are allowed.
use-rle
During resync-handshake, the dirty-bitmaps of the nodes are
exchanged and merged (using bit-or), so the nodes will have the
same understanding of which blocks are dirty. On large devices, the
fine grained dirty-bitmap can become large as well, and the bitmap
exchange can take quite some time on low-bandwidth links.
Because the bitmap typically contains compact areas where all bits
are unset (clean) or set (dirty), a simple run-length encoding
scheme can considerably reduce the network traffic necessary for
the bitmap exchange.
For backward compatibilty reasons, and because on fast links this
possibly does not improve transfer time but consumes cpu cycles,
this defaults to off.
after res-name
By default, resynchronization of all devices would run in parallel.
By defining a sync-after dependency, the resynchronization of this
resource will start only if the resource res-name is already in
connected state (i.e., has finished its resynchronization).
al-extents extents
DRBD automatically performs hot area detection. With this parameter
you control how big the hot area (= active set) can get. Each
extent marks 4M of the backing storage (= low-level device). In
case a primary node leaves the cluster unexpectedly, the areas
covered by the active set must be resynced upon rejoining of the
failed node. The data structure is stored in the meta-data area,
therefore each change of the active set is a write operation to the
meta-data device. A higher number of extents gives longer resync
times but less updates to the meta-data. The default number of
extents is 127. (Minimum: 7, Maximum: 3843)
verify-alg hash-alg
During online verification (as initiated by the verify
sub-command), rather than doing a bit-wise comparison, DRBD applies
a hash function to the contents of every block being verified, and
compares that hash with the peer. This option defines the hash
algorithm being used for that purpose. It can be set to any of the
kernel's data digest algorithms. In a typical kernel configuration
you should have at least one of md5, sha1, and crc32c available. By
default this is not enabled; you must set this option explicitly in
order to be able to use on-line device verification.
See also the notes on data integrity.
csums-alg hash-alg
A resync process sends all marked data blocks from the source to
the destination node, as long as no csums-alg is given. When one is
specified the resync process exchanges hash values of all marked
blocks first, and sends only those data blocks that have different
hash values.
This setting is useful for DRBD setups with low bandwidth links.
During the restart of a crashed primary node, all blocks covered by
the activity log are marked for resync. But a large part of those
will actually be still in sync, therefore using csums-alg will
lower the required bandwidth in exchange for CPU cycles.
delay-probe-volume bytes, delay-probe-interval interval,
throttle-threshold throttle_delay, hold-off-threshold hold_off_delay
During resync at least every bytes of data and at least every
interval * 100ms a pair of delay probes get inserted in DRBD's
packet stream. Those packets are used to measure the delay of
packts on the data socket caused by queuing in various network
components along the path.
If the delay on the data socket becomes greater than throttle_delay
DRBD will slow down the resync in order to keep the delay small.
The resync speed gets linearly slowed down it reaches 0 at a delay
of hold_off_delay.
cpu-mask cpu-mask
Sets the cpu-affinity-mask for DRBD's kernel threads of this
device. The default value of cpu-mask is 0, which means that DRBD's
kernel threads should be spread over all CPUs of the machine. This
value must be given in hexadecimal notation. If it is too big it
will be truncated.
pri-on-incon-degr cmd
This handler is called if the node is primary, degraded and if the
local copy of the data is inconsistent.
pri-lost-after-sb cmd
The node is currently primary, but lost the after-split-brain auto
recovery procedure. As as consequence, it should be abandoned.
pri-lost cmd
The node is currently primary, but DRBD's algorithm thinks that it
should become sync target. As a consequence it should give up its
primary role.
fence-peer cmd
The handler is part of the fencing mechanism. This handler is
called in case the node needs to fence the peer's disk. It should
use other communication paths than DRBD's network link.
local-io-error cmd
DRBD got an IO error from the local IO subsystem.
initial-split-brain cmd
DRBD has connected and detected a split brain situation. This
handler can alert someone in all cases of split brain, not just
those that go unresolved.
split-brain cmd
DRBD detected a split brain situation but remains unresolved.
Manual recovery is necessary. This handler should alert someone on
duty.
before-resync-target cmd
DRBD calls this handler just before a resync begins on the node
that becomes resync target. It might be used to take a snapshot of
the backing block device.
after-resync-target cmd
DRBD calls this handler just after a resync operation finished on
the node whose disk just became consistent after being inconsistent
for the duration of the resync. It might be used to remove a
snapshot of the backing device that was created by the
before-resync-target handler.
Other Keywords
include file-pattern
Include all files matching the wildcard pattern file-pattern. The
include statement is only allowed on the top level, i.e. it is not
allowed inside any section.
NOTES ON DATA INTEGRITY
There are two independent methods in DRBD to ensure the integrity of
the mirrored data. The online-verify mechanism and the
data-integrity-alg of the network section.
Both mechanisms might deliver false positives if the user of DRBD
modifies the data which gets written to disk while the transfer goes
on. Currently the swap code and ReiserFS are known to do so. In both
cases this is not a problem, because when the initiator of the data
transfer does this it already knows that that data block will not be
part of an on disk data structure.
The most recent (2007) example of systematically corruption was an
issue with the TCP offloading engine and the driver of a certain type
of GBit NIC. The actual corruption happened on the DMA transfer from
core memory to the card. Since the TCP checksum gets calculated on the
card this type of corruption stays undetected as long as you do not use
either the online verify or the data-integrity-alg.
We suggest to use the data-integrity-alg only during a pre-production
phase due to its CPU costs. Further we suggest to do online verify runs
regularly e.g. once a month during a low load period.
VERSION
This document was revised for version 8.3.2 of the DRBD distribution.
AUTHOR
Written by Philipp Reisner philipp.reisner@linbit.com and Lars
Ellenberg lars.ellenberg@linbit.com.
REPORTING BUGS
Report bugs to drbd-user@lists.linbit.com.
COPYRIGHT
Copyright 2001-2008 LINBIT Information Technologies, Philipp Reisner,
Lars Ellenberg. This is free software; see the source for copying
conditions. There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
SEE ALSO
drbd(8), drbddisk(8), drbdsetup(8), drbdadm(8), DRBD User's Guide[1],
DRBD web site[3]
NOTES
1. DRBD User's Guide
http://www.drbd.org/users-guide/
2. DRBD's online usage counter
http://usage.drbd.org
3. DRBD web site
http://www.drbd.org/