| commit | ef4b8c13c0762fc5072627ee0211b3bf506f2d73 | |
| author | Martin Schwenke <martin@meltin.net> | |
| Fri, 17 Dec 2021 03:42:47 +0000 (17 14:42 +1100) | ||
| committer | Martin Schwenke <martins@samba.org> | |
| Mon, 17 Jan 2022 10:21:32 +0000 (17 10:21 +0000) | ||
| tree | fc342f1dc3ff3b4d0bae1799d13265ad2d56298d | treesnapshot (tar.gz zip) |
| parent | 5c7f6da0f0e6c92ae4cd338b92f475bb4a8e2cc9 | commitdiff |
ctdb-recoverd: Handle leader broadcast timeout
If no leader broadcasts have been received from the leader for more
than 5s then trigger an election.
Apart from being sane behaviour, this avoids elected-before-connected
bugs at startup, where a node elects itself leader before it is
connected to other nodes.
When a node processes a leader broadcast timeout it sends an unknown
leader broadcast to all nodes. That causes cancellation of the leader
broadcast timeout across the cluster. This is particular important at
startup, since nodes may be started in a staggered fashion. Without
this cluster-wide cancellation, a node might notice the lack of
leader, win an election and complete a recovery before other nodes
notice the lack of leader. When the leader broadcast timeout finally
occurs on the other nodes then they'll put the cluster back into an
unnecessary recovery.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
If no leader broadcasts have been received from the leader for more
than 5s then trigger an election.
Apart from being sane behaviour, this avoids elected-before-connected
bugs at startup, where a node elects itself leader before it is
connected to other nodes.
When a node processes a leader broadcast timeout it sends an unknown
leader broadcast to all nodes. That causes cancellation of the leader
broadcast timeout across the cluster. This is particular important at
startup, since nodes may be started in a staggered fashion. Without
this cluster-wide cancellation, a node might notice the lack of
leader, win an election and complete a recovery before other nodes
notice the lack of leader. When the leader broadcast timeout finally
occurs on the other nodes then they'll put the cluster back into an
unnecessary recovery.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
| ctdb/server/ctdb_recoverd.c | diffblobblamehistory |