[Debian-ha-maintainers] Bug#576511: drbd8-utils: Ships with violent default actions

[Philipp Hug]

Hi everyone,

I agree that the default config is not perfect. It should probably be
changed into something like this:
"/usr/lib/drbd/notify-emergency-reboot.sh;  reboot -f &; sync &; sleep 30; echo
b > /proc/sysrq-trigger";
So, we'd have at least time to sync other file systems and try to shutdown
as many services as possible.

In normal use cases drbd is the most important service on the machine and
if it fails you want to have it up and running as fast as possible again.
(e.g. by rebooting)
If you don't reboot your machine, it will be in a semi-working state where
a lot of processes are blocked by accesses to the drbd mountpoint and you
might:
a) not even detect this kind of failure in your monitoring system
b) not be able to remotely reboot the machine due to blocked processes
(e.g. reboot hangs after killing ssh)

So, I think it would make more sense to discuss this on the upstream
mailing list as these are the default upstream defaults.

Best Regards,
Philipp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-ha-maintainers/attachments/20121024/3767ed78/attachment.html>