Skip to main content

FailoverController

heliosdb_proxy::failover_controller

Struct FailoverController 

Source 
pub struct FailoverController { /* private fields */ }
Expand description

Failover Controller

Implementations§

Source§

impl FailoverController

Source

pub fn new(config: FailoverConfig) -> Self

Create a new failover controller

Source

pub fn with_backend_template(self, template: BackendConfig) -> Self

Attach a backend-connection template so sync-wait and promotion can actually run SQL against the candidate.

Source

pub async fn set_primary(&self, node_id: NodeId)

Set the current primary

Source

pub async fn get_primary(&self) -> Option<NodeId>

Get the current primary

Source

pub async fn register_candidate(&self, candidate: FailoverCandidate)

Register a failover candidate (standby)

Source

pub async fn remove_candidate(&self, node_id: &NodeId)

Remove a failover candidate

Source

pub async fn update_candidate_lag(&self, node_id: &NodeId, lag_bytes: u64)

Update candidate lag

Source

pub async fn state(&self) -> FailoverState

Get current state

Source

pub async fn on_primary_failed(&self, node_id: NodeId) -> Result<()>

Handle primary failure

Source

pub async fn initiate_failover(&self) -> Result<()>

Initiate failover to best candidate

Source

pub async fn on_old_primary_recovered(&self, node_id: NodeId)

Handle old primary recovery (split-brain prevention).

PostgreSQL has no built-in “demote the current primary” command — re-joining as a standby requires stopping the process and re-initialising (pg_rewind or pg_basebackup). This method therefore cannot fully automate demotion. What it CAN do:

  1. Connect to the recovered node and verify whether it still believes it is the primary (pg_is_in_recovery() = false).
  2. Emit OldPrimaryRecovered so operators (or an external orchestrator like Patroni / pg_auto_failover) can react.

This is deliberately read-only. Rewriting WAL on a live cluster without operator oversight is the canonical way to lose data; the proxy refuses to do it.

Source

pub async fn manual_failover(&self, target: NodeId) -> Result<()>

Manual failover to specific node

Source

pub fn failover_count(&self) -> u64

Get failover count

Source

pub async fn history(&self) -> Vec<FailoverHistoryEntry>

Get failover history

Source

pub fn take_event_receiver(&mut self) -> Option<Receiver<FailoverEvent>>

Take the event receiver

Source

pub async fn coordinate_failover_replay( &self, journal: &TransactionJournal, failed_node: NodeId, new_primary_endpoint: &NodeEndpoint, ) -> Result<CoordinatedReplayResult>

Coordinate transaction replay after failover (TR integration)

This method orchestrates the replay of in-flight transactions on a new primary after a failover event. It ensures transaction atomicity by:

  1. Getting all active transactions from the journal that were on the failed node
  2. Waiting for the new primary to catch up to the required LSN
  3. Replaying each transaction’s statements on the new primary
  4. Verifying results match the original execution (via checksums)

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more