Add SAFE option to SHUTDOWN to reject shutdown in unsafe situations #2195
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add SAFE option to SHUTDOWN. If we passed SAFE, the SHUTDOWN will refuse to shutdown if it is not safe to shutdown. Like if myself is a voting primary, it will refuse to shutdown. This avoids the situation where a replica suddenly becomes the primary when we shutting down the replica, or shutting down a primary node by mistake and then causing the cluster to down. Add SAFE option to SHUTDOWN command. Add safe option to shutdown-on-sigint and shutdown-on-sigterm. Note that safe cannot prevent force, in the case of force, safe will print the relevant logs and do the force shutdown. Signed-off-by: Binbin <[email protected]>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## unstable #2195 +/- ##
============================================
- Coverage 71.50% 71.35% -0.15%
============================================
Files 122 123 +1
Lines 66452 66936 +484
============================================
+ Hits 47515 47764 +249
- Misses 18937 19172 +235
🚀 New features to boost your workflow:
|
Member
|
Didn't really read the code, but directionally I'm OK with adding a safe option to shutdown. |
Signed-off-by: Binbin <[email protected]>
madolson
approved these changes
Jun 13, 2025
Member
madolson
left a comment
madolson
left a comment
There was a problem hiding this comment.
I've now actually read the code and am OK with it.
jsoref
reviewed
Jun 16, 2025
madolson
added
major-decision-approved
enjoy-binbin
added
release-notes
zuiderkwast
reviewed
Jun 17, 2025
jsoref
reviewed
Jun 19, 2025
Contributor
jsoref
left a comment
jsoref
left a comment
There was a problem hiding this comment.
This is a slightly more detailed reading of the text with an English lense.
Signed-off-by: Binbin <[email protected]>
Member
Author
|
thanks for the review and suggestions, sorry about that, i have always had this problem, chinese english as a Chinese, i am very bad at grammar. |
zuiderkwast
reviewed
Jun 19, 2025
Co-authored-by: Viktor Söderqvist <[email protected]> Signed-off-by: Binbin <[email protected]>
Member
Author
|
@valkey-io/core-team Do any of you want to review (or ack) it before the final merge? |
Signed-off-by: Binbin <[email protected]>
Signed-off-by: Binbin <[email protected]>
zuiderkwast
pushed a commit
to valkey-io/valkey-doc
that referenced
this pull request
Jul 1, 2025
…325) See valkey-io/valkey#2195. Signed-off-by: Binbin <[email protected]>
zuiderkwast
removed
the
needs-doc-pr
zuiderkwast
added a commit
that referenced
this pull request
Jul 22, 2025
In #1091, a new config `auto-failover-on-shutdown` was added. This PR changes the config to make it unified with other shutdown related options. This feature has not yet been released, so it's not a breaking change. The auto-failover-on-shutdown config is replaced by * A new "failover" option to the existing configs `shutdown-on-sigterm` and `shutdown-on-sigint`. * A new FAILOVER option to the SHUTDOWN command. Additionally, a history entry is added to the SHUTDOWN command which was missing in #2195. Follow-up of #1091. Signed-off-by: Viktor Söderqvist <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add SAFE option to SHUTDOWN. If we passed SAFE, the SHUTDOWN
will refuse to shutdown if it is not safe to shutdown. Like if
myself is a voting primary, it will refuse to shutdown. This
avoids the situation where a replica suddenly becomes the primary
when we shutting down the replica, or shutting down a primary node
by mistake and then causing the cluster to down.
Add SAFE option to SHUTDOWN command.
Add safe option to shutdown-on-sigint and shutdown-on-sigterm.
Note that SAFE cannot prevent FORCE, in the case of FORCE, SAFE
will print the relevant logs and do the FORCE shutdown, we allow
this combination.
Doc PR: valkey-io/valkey-doc#325