From a38491a09be1099c90ae489ec2d4470056f6b445 Mon Sep 17 00:00:00 2001 From: Alvar Penning Date: Fri, 11 Oct 2024 17:00:07 +0200 Subject: [PATCH] HA State: ensure not this and another instance can be responsible In theory, this should not happen. This assumption is based on the trust in the database transaction performing the HA realization logic. However, one debugged log let one assume that this happened anyway. This change mostly signals an error while also explicitly giving up the HA state. Doing so should at least alarm a person reading the logs. --- pkg/icingadb/ha.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/icingadb/ha.go b/pkg/icingadb/ha.go index 1bb04b17c..a07849237 100644 --- a/pkg/icingadb/ha.go +++ b/pkg/icingadb/ha.go @@ -431,6 +431,11 @@ func (h *HA) realize( h.signalTakeover(takeover) } else if otherResponsible { + if state := h.state.Load(); state.responsible { + h.logger.Error("Other instance is responsible while this node itself is responsible, dropping responsibility") + h.signalHandover("other instance is responsible as well") + // h.signalHandover will update h.state + } if state := h.state.Load(); !state.otherResponsible { // Dereference pointer to create a copy of the value it points to. // Ensures that any modifications do not directly affect the original data unless explicitly stored back.