> > 1. There are two node A and B (redundancy level is 2), and each node > > has one object. > > 2. Node C joins Sheepdog, and new placement of the object becomes > > node B and C. > > 3. A VM writes data to the object, and node B completes the request > > but node C rejects it since recovery is not started. > > 4. Node B crashes before node C gets the updated data from node B, > > and then the written data will be lost even though only one node > > fails. In addtion, the VM can reads the old object after the > > failure, which breaks the block device semantics. But that is also a problem with the current code. for example when node B is the gateway node? - Dietmar |