How it can be pre-configured?

If you have nodes A and B, where B is the backup of A.

Node A knows who it's backup is, by nature of the backup-connector-ref element.

The backup *does not know* who it's live node is.

If node A now dies, node B will become live.

Note that node B *does not have any backup connector-ref*

So I don't see how it can pre-configured like you suggest.

When the live node dies, it might have blown up, so you cannot assume it is available for the new live node to use as it's backup.

"clebert.suconic@jboss.com" wrote:

it might have blown up

I thought about that. But I thought the user would be able to deploy a similar node.

Ok.. We will need a management operation then. That means 2.


I'm assuming it is already possible to update the ConnectionFactory at the client side. Do you have any pointers on how this is currently done?

can we step back and agree on what's the end game here?

I need to document the task relates to HA and failover and regardless of the implementation, I am not even sure about what we want to achieve here.
afaiui, we need to provide the ability to add on the fly a backup to a running live server.
This is the fundamental step to go from a working HA env to failover env to another working HA env.

1. user starts with live server A and backup server B.
2. live server A crashes
=> clients fail over to server B and activate it
3. there is no longer any HA as server B is the only server up and running

What are the operations hornetq/admins must do to go back to a HA environment?

* this depends on the type of HA (replicating store vs shared store)
* this should take into account the clients (the clients must be aware of the new HA)
- this will depend on the way clients are informed of servers (discovery groups vs static connectors)

at step 3. the admin must:
* start a new backup server C (it might not be a good idea to restart server A, see below)
- copy server B config + flag the server C as backup
- if the server B is using a shared store -> server C must also use it
- start server C
* update configuration on running server B:
- if server B is using a shared store, nothing to do
- if server B has a replicated store:
- add a connector to server C (management operation)
- sync server B data to C (depending on the HA mode) (triggered by a management operation)
* inform the clients of the new HA env (B is live, C is backup)
- modify B's hornetq-jms.xsd for JMS with JNDI resources
- broadcast new config

am I missing steps?
When all these operations are performed, HornetQ will again offer a HA env.

A few things to mention:

* difference in server B live config vs configuration file:
- in configuration file, server B is flagged as backup and has no connector to server C
- running server B is a live server and has a connector to server C
=> restarting server B w/o changing its config file will break the HA env
* do not use server A as server's B backup
- there could be failed over clients which are configured to connect to server A<->live and server B<->backup
if these clients are restarted in the new HA env (A<->backup, B<->live), they'll connect to the server A first,
activate it and trigger a split brain