-
Notifications
You must be signed in to change notification settings - Fork 677
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve "SENTINEL FAILOVER" by using the "FAILOVER" command #1292
base: unstable
Are you sure you want to change the base?
Commits on Nov 23, 2024
-
sentinel-tests: Clean up config after config set tests
Signed-off-by: Simon Baatz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 672fb7d - Browse repository at this point
Copy the full SHA 672fb7dView commit details -
Wait for all Sentinels to be connected before starting tests
Up to now the sentinel test initialization verified that all sentinels detect each other. However, detection does not imply connection, which led to intermittent failures in the coordinated failover tests (no leader elected since disconnected sentinels do not take part in a vote). Fix this by waiting until no sentinel reports being "disconnected". Signed-off-by: Simon Baatz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8455e10 - Browse repository at this point
Copy the full SHA 8455e10View commit details -
Add option for coordinated failover to Sentinel
Valkey supports the "FAILOVER" command to switch primary and replica roles in a coordinated fashion. Add a "COORDINATED" option to "SENTINEL FAILOVER". When given, use "FAILOVER" in the Sentinel forced failover procedure. Since we force the failover, i.e. we don't elect a leader, the failover must succeed quickly before other Sentinels will regard the primary as down. Signed-off-by: Simon Baatz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bddceb5 - Browse repository at this point
Copy the full SHA bddceb5View commit details -
Allow Sentinel to recover from a stuck FAILOVER
The FAILOVER command may ["encounter some scenarios it can not automatically remediate from and may get stuck."](https://valkey.io/commands/failover/#failover-abort). The supervision of the Sentinels is used to handle these situations: 1. "REPLICAOF" is not accepted during a failover. Thus, send a "FAILOVER ABORT" before sending a "REPLICAOF" to a node in `sentinelSendReplicaOf()`. (If there is no ongoing failover, the resulting error will just be ignored) 2. Sentinel monitors nodes for deviations from the expected state (wrong role or replication). Add a check for replicas that are in a failover state for too long and reconfigure them. In addition, monitoring the failover state is used to find out whether the FAILOVER command is supported by the Valkey instance. If not, don't use "FAILOVER" or "FAILOVER ABORT". Signed-off-by: Simon Baatz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 439f367 - Browse repository at this point
Copy the full SHA 439f367View commit details
Commits on Dec 1, 2024
-
SENTINEL FAILOVER COORDINATED actually does a leader election
Doing a proper leader election allows to increase the time available for the actual FAILOVER command, as other Sentinels will not attempt to initiate another failover during the failover timeout. Interestingly, Sentinel does not take the reported primary up/down status into account when counting replies to leader election. Thus, Sentinel will simply proceed with the failover once we reach the quorum even if we don't are in O_DOWN state. Signed-off-by: Simon Baatz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 55473d8 - Browse repository at this point
Copy the full SHA 55473d8View commit details