RBMC: Only allow failovers after full sync #99
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: Ifad448a1cea06971c99928180eca55d8bb82467b
spinler
force-pushed
the
fo_allowed_after_sync
branch
from
d7995d1 to
b70abd2
Compare
After the active BMC determined redundancy could be enabled, it was
setting the 'RedundancyEnabled' and 'FailoversAllowed' properties to
true and then starting a full sync.
However, it is not desired to actually allow a failover to occur until
the full sync is complete. So, add a new check into the code that
calculates failovers allowed to also check for the full sync being
complete.
The flag that tracks if the full sync is complete lasts until redundancy
is disabled.
Tested:
Traces during initial full sync that show failovers not being allowed:
```
phosphor-rbmc-state-manager[1516]: Finished waiting for obmc-bmc-active.target to start (result = active)
phosphor-rbmc-state-manager[1516]: Done waiting for sibling steady state. State = xyz.openbmc_project.State.BMC.BMCState.Ready
phosphor-rbmc-state-manager[1516]: Enabling redundancy
phosphor-rbmc-state-manager[1516]: Failovers not allowed because A full sync hasn't been completed
phosphor-rbmc-state-manager[1516]: Starting full sync and waiting for completion
phosphor-rbmc-state-manager[1516]: Full sync completed with status xyz.openbmc_project.Control.SyncBMCData.FullSyncStatus.FullSyncCompleted
phosphor-rbmc-state-manager[1516]: Changing failovers to allowed
```
rbmctool output during that time:
```
Local BMC
-----------------------------
Role: Active
BMC Position: 0
Redundancy Enabled: true
BMC State: Ready
Failovers Allowed: false
FW version hash: 7969307F
Provisioned: true
Role Reason: Sibling is already passive
Reasons failovers are not allowed:
A full sync hasn't been completed
```
Change-Id: I14dedd43619fffdeea11449319b681f8b95a1698
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
spinler
force-pushed
the
fo_allowed_after_sync
branch
from
b70abd2 to
7bf78ab
Compare
RameshIyyar
reviewed
Jun 20, 2025
RameshIyyar
approved these changes
Jun 23, 2025
geissonator
approved these changes
Jun 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After the active BMC determined redundancy could be enabled, it was setting the 'RedundancyEnabled' and 'FailoversAllowed' properties to true and then starting a full sync.
However, it is not desired to actually allow a failover to occur until the full sync is complete. So, add a new check into the code that calculates failovers allowed to also check for the full sync being complete.
The flag that tracks if the full sync is complete lasts until redundancy is disabled.
Tested:
Traces during initial full sync that show failovers not being allowed:
rbmctool output during that time:
Change-Id: I14dedd43619fffdeea11449319b681f8b95a1698