How to prevent pacemaker from auto-starting on boot or after a fence

This document (000020524) is provided subject to the disclaimer at the end of this document.

Environment

SLE HA 12
SLE HA 15
SLES for SAP 12
SLES for SAP 15

Situation

A cluster node that has been fenced or otherwise experiences an unplanned reboot should not rejoin a cluster until it has been evaluated and determined to be ready to rejoin the cluster.

Resolution

In some situations it is desired to prevent the cluster from starting at boot time or after it was fenced. This can be accomplished by two different methods.
A) Disable systemd pacemaker.service. When the node boots, or is fenced it will not automatically start cluster services and rejoin the cluster.
    On each node run `systemctl disable pacemaker.service`
Pros:
  • No risk of a split brain in two node cluster where the nodes are able to fence one another in a loop
  • Gives more control to the admins to perform operations before rejoining a node to the cluster
  • Applies every time the node is rebooted, not just when fenced
Cons:
  • Requires human intervention to manually start cluster services after an fencing event or regular system boot.
  • Potentially lowers the availability of services if a failure happens on the live node before the other is manually started

B) (IF USING SBD) Configure SBD "SBD_STARTMODE=clean". Only when a node has been fenced pacemaker.service will fail to start until the "reset" in the node's SBD slot has been cleared.
    On each node modify /etc/sysconfig/sbd, set "SBD_STARTMODE=clean"
Pros:
  • No risk of split brain in a two node cluster using SBD where the nodes are able to fence one another in a loop
  • Gives more control to the admins to perform operations before rejoining a node to the cluster
  • Only applies when a node has been fenced. If it was cleanly shutdown for a reboot, pacemaker.service will be able to start at boot without the need to clear the SBD slots(s)
Cons:
  • Requires human intervention to manually clear the nodes slot on each SBD device used
  • Potentially lowers the availability of services if a failure happens on the live node before the other is manually cleared and started
  • Causes pacemaker.service to fail because it's dependency on sbd.service failed which can be confusing

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020524
  • Creation Date: 10-Dec-2021
  • Modified Date:13-Dec-2021
    • SUSE Linux Enterprise High Availability Extension
    • SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center