I am trying to use a CARP/HAST setup for redundancy and reply on devd
for the carp up/down events to trigger role switch for the nodes.
What is interesting is that upon reboot, the CARP interface always first
comes up, like this:
carp0: link state changed to UP
carp0: MASTER -> BACKUP (more frequent advertisement received)
carp0: link state changed to DOWN
This causes devd to execute the event scripts as 'master' first, then
shortly after execute the script as 'backup'. This may cause undesired
writing to the hast providers and possibly split-brain condition.
What is worse, on two hosts with the same advskew value if you reboot
the BACKUP server, it would become MASTER. This results in all services
teardown and starting them again on the new master.
I understand that for routers, which is the original design goal for
CARP it does not matter much if roles switch from time to time, but for
high-latency startup systems, this is not desirable. It is best when a
node becomes MASTER it stays MASTER until failure and not change state
when the other node is rebooted.
Perhaps CARP and devd are not the best tool, but it will help if at
least the carp interface does not start as MASTER and if it waits
longer, before requesting to become MASTER after reboot.