The documentation says that in a split brain situation (assuming two storage nodes), it will lock files that had been updated but are different until manual deletion of all unwanted copies. Given this behaviour, is fencing necessary if some downtime waiting for manual intervention is acceptable? E.g. monitoring software only alerts admin but does not attempt to restart the failed data node. Or is it absolutely necessary because some kinds of split brain situation can occur and recover without requiring manual intervention? E.g. temporary network failure, sudden load spike one storage server leading to false "dead" detection.
The documentation says that in a split brain situation (assuming two storage nodes), it will lock files that had been updated but are different until manual deletion of all unwanted copies. Given this behaviour, is fencing necessary if some downtime waiting for manual intervention is acceptable? E.g. monitoring software only alerts admin but does not attempt to restart the failed data node. Or is it absolutely necessary because some kinds of split brain situation can occur and recover without requiring manual intervention? E.g. temporary network failure, sudden load spike one storage server leading to false "dead" detection.