There's nothing intrinsically unsafe. Red Hat's products use shared storage for this purpose.

There's nothing in ganesha per se that does any of this though. In one of Red Hat's products pacemaker manages the VIPs and putting ganesha into NFS_GRACE. In another product ganesha is just restarted on the same node with no failover.

On Wed, Apr 8, 2020 at 4:14 AM Grant Chesy <gchesy@cuesta.edu> wrote:
Hello,

I want to setup an active-passive two node nfsv4 only cluster.

Is it safe to have /var/lib/nfs/ganesha on shared storage with both
instances of ganesha running but only one owning the sole VIP, so only
one node is answering client requests / updating the recovery files?
I.e., by safe, I mean the recovery files will not get corrupted /
deleted by the other node?

I see paths "node0" that suggest that a shared storage use case was
considered.
/var/lib/nfs/ganesha/v4old/node0
/var/lib/nfs/ganesha/v4recov/node0

But, I don't see anywhere in the man pages to indicate that an instance
is e.g., node1.

And, if there was, I would need a way to tell node1 to use node0's
recovery files when node1 becomes master.

If safe, my thought was to have a keepalived notify script run something
like this when a node enters MASTER state.  But, if there were separate
node0 and node1 recovery file paths, I don't see how to tell nodeX to
use nodeY's recovery files on failover initiated recovery:

dbus-send --system --dest=org.ganesha.nfsd
/org/ganesha/nfsd/admin org.ganesha.nfsd.admin.grace
       string:5:${VIP}

If the shared storage recovery bit is OK, is there anything I need to
add to the nfs-ganesha config to make this work?  And, does that dbus
command look OK?

I'm running nfs-ganesha version 2.7.1 packaged in Debian Buster.  I have
2X working nfs-ganesha single node setups using gluster FSAL that I hope
to turn into an nfs cluster.

Regards
_______________________________________________
Support mailing list -- support@lists.nfs-ganesha.org
To unsubscribe send an email to support-leave@lists.nfs-ganesha.org