Thank you for digging this out!
On Mon Mar 9, 2026 at 10:57 PM CET, Thomas Lamprecht wrote:
[snip]
> TBD:
> - more in-depth (real-world!) testing
In a real cluster, consisting of:
- node1 with 2 ha-resources;
- node2 with 2 ha-resources; and
- node3 with 0 ha-resources,
the following has been tested:
- with resource mode 'freeze':
- CRM master takeover while HA stack is fully disarmed (OK)
- new commands are not applied: (OK)
- stop node (OK)
- enable node-maintenance (OK)
- disable node-maintenance (OK)
NOTE: it is possible to disable node-maintenance in
disarmed state. The disable command is applied
upon re-arming, accordingly services are moved
back upon re-arming, could this be critical?
- relocate ha-resource (OK)
- migrate ha-resource (OK)
- state changes are not applied (OK)
NOTE: it is possible to change the state, but the
change will only be applied upon re-arming
- services stay in their current state (OK)
- HA stack does not react to failures (OK)
- stop some node (OK)
- with resource mode 'ignore':
- manually starting, stopping, migrating services (OK)
> - UI integration
I started drafting something. UI integration requires protected
endpoints.
> - docs (got something started here, but can be finished once this is
[snip]
I found no major flaws, neither in the present approach nor in the
implementation. Just some minor things, constituted by inline comments
across this series' patches. Consider this series modulo:
- prohibit disarming with resource mode 'ignore' if at least one node
is in maintenance mode
- make endpoints protected
Reviewed-by: Dominik Rusovac <[email protected]>
Tested-by: Dominik Rusovac <[email protected]>
