From: Tarkan Erimer <tarkan.erimer@turknet.net.tr>
To: Willy Tarreau <w@1wt.eu>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Failover Kernel
Date: Fri, 27 Feb 2009 17:25:08 +0200 [thread overview]
Message-ID: <49A805D4.1090304@turknet.net.tr> (raw)
In-Reply-To: <20090226160311.GT5038@1wt.eu>
Willy Tarreau wrote:
> You forgot the most important thing : these two kernels will run on
> the same machine. I'm not even considering how you intend to schedule
> them. However, when a kernel crashes, it's often because of a hard
>
A similar way as "kdump" did. Just putting a backup kernel into the
memory and receiving keepalives by primary kernel. In normal conditions,
backup kernel just will sit in its place, will monitor the status of
primary kernel (alive or crashed) and will do nothing else more. So, no
scheduling is required.
> error : bug in a driver, memory corruption, etc... You cannot sanely
> recover from that. If the driver which crashed started to initiate a
> multi-word command to the device, in a lot of situations you'll need
> a reset to restore it in a known state. Memory corruption is even
> worse, as you cannot even trust the backup kernel.
>
>
Hardware related issues are exceptions. If there could be a journal;
maybe, it could be possible to recover sanely where the primary left. Of
course, it's clear that this system will not work for all the scenarios
(like bad hardware etc.).
> I'm currently using a backup kernel in our products, and do it with
> the boot loader. Some BIOSes allow you to start a watchdog timer on
> boot. Grub tries to load the first image, otherwise the second one.
> If either image crashes during boot, the hardware watchdog triggers
> and the machine reboots to the other image. That's extremely reliable,
> and relatively simple.
>
> And using this method, you don't have any compatibility problems between
> your primary and secondary kernels.
>
Yep, it's very simple way. But the problem is that, as you mentioned,
watchdog is not supported on all the hardwares. If possible to
implement, it will be platform/hardware independent system.
next prev parent reply other threads:[~2009-02-27 15:25 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-26 8:58 Failover Kernel Tarkan Erimer
2009-02-26 16:03 ` Willy Tarreau
2009-02-27 15:25 ` Tarkan Erimer [this message]
2009-02-26 17:02 ` Diego Calleja
2009-02-27 15:32 ` Tarkan Erimer
2009-02-27 15:50 ` Lubomir Rintel
2009-03-02 16:21 ` Tarkan Erimer
2009-03-03 3:29 ` David Newall
2009-03-04 8:29 ` Tarkan Erimer
2009-03-06 1:10 ` david
2009-03-09 12:35 ` Tarkan Erimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49A805D4.1090304@turknet.net.tr \
--to=tarkan.erimer@turknet.net.tr \
--cc=linux-kernel@vger.kernel.org \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox