On Fri, 8 Jan 2016 at 15:06 'Klaus Aehlig' via ganeti-devel < [email protected]> wrote:
> The normal procedure for a master failover is that, after telling > each node the new master, the daemons on the new master node are > started the standard way, i.e., with voting. This, however, requires > that a majority of nodes is still healthy; otherwise, the failover > will result in the daemons not starting and thus a broken cluster. > Therefore, reject master failovers with voting, unless we can verify > that a majority of nodes is still responding. > > Signed-off-by: Klaus Aehlig <[email protected]> > --- > lib/client/gnt_cluster.py | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/lib/client/gnt_cluster.py b/lib/client/gnt_cluster.py > index 0efe1d5..f1cabef 100644 > --- a/lib/client/gnt_cluster.py > +++ b/lib/client/gnt_cluster.py > @@ -851,6 +851,14 @@ def MasterFailover(opts, args): > @return: the desired exit code > > """ > + if not opts.no_voting: > + # Verify that a majority of nodes is still healthy > + if not bootstrap.MajorityHealthy(): > + ToStderr("Master-failover with voting is only possible if the > majority" > + " of nodes is still healthy; use the --no-voting option > after" > + " ensuring by other means that you won't end up in a > dual-master" > + " scenario.") > + return 1 > if opts.no_voting and not opts.yes_do_it: > usertext = ("This will perform the failover even if most other nodes" > " are down, or if this node is outdated. This is > dangerous" -- > 2.6.0.rc2.230.g3dd15c0 > > LGTM, thanks -- Helga Velroyen Software Engineer [email protected] Google Germany GmbH Erika-Mann-Strasse 33 80636 München Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Diese E-Mail ist vertraulich. Wenn Sie nicht der richtige Adressat sind, leiten Sie diese bitte nicht weiter, informieren Sie den Absender und löschen Sie die E-Mail und alle Anhänge. Vielen Dank. This e-mail is confidential. If you are not the right addressee please do not forward it, please inform the sender, and please erase this e-mail including any attachments. Thanks.
