Better upgrading for a CARP cluster
Not sure if this is a bug or something we do incorrectly, so I've added this issue as "Feature".
While upgrading a 2 nodes CARP cluster, we usually upgrade the slave first, and then if all goes well after reboot and packages reinstallation we upgrade the master. The problem is that once the master reboots, all its network interfaces automatically go to CARP MASTER state even before packages begin to be reinstalled, causing some functionnalities which were handled by the slave during the master's reboot to not work anymore, possibly for a long time if there is a lot of packages to download and reinstall.
Couldn't the master be artificially kept in CARP BACKUP mode until all packages have been reinstalled and started ?
Updated by Stéphane Lapie about 4 years ago
I have seen this improvement, so first of all, thank you so much.However, the problem still remains that the CARP master claims back the IP address before all services are up again.
In my case, I am using pfSense to provide service via HAproxy, and this leaves a time frame where service is not available because :
- pfSense master boots
- Network is down, and in the meantime packages get installed, which is much better. :)
- However, network is brought up and CARP along with it, but HAproxy does not start (for some reason on the next reboot after the upgrade, some services do not get brought up, I have to reboot the instance once again for everything to come back nicely ; but the point remains, there is an ever so slight time window where network is up but userland services are not up yet!)
- When rebooting, processes are shut down first but CARP is still up, so I technically have downtime. It might be nice to have CARP be brought down first.
- By disabling the front-facing network interface after everything has been downloaded, and just before rebooting, but this is not exactly a viable option.
- By deactivating CARP manually with
ifconfigbefore doing a reboot
An option allowing CARP activation to wait until such and such userland service might be nice,
and a hook to deactivate CARP first when using interface triggered reboots.