From 90c366b82d7d5befa1754e59693e85fee199ba2c Mon Sep 17 00:00:00 2001
From: Alvar Penning <alvar.penning@icinga.com>
Date: Fri, 11 Oct 2024 17:00:07 +0200
Subject: [PATCH] HA State: ensure not this and another instance can be
 responsible

In theory, this should not happen. This assumption is based on the trust
in the database transaction performing the HA realization logic.
However, one debugged log let one assume that this happened anyway.

This change mostly signals an error while also explicitly giving up the
HA state. Doing so should at least alarm a person reading the logs.
---
 pkg/icingadb/ha.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/icingadb/ha.go b/pkg/icingadb/ha.go
index 6460ac32d..49216d3d8 100644
--- a/pkg/icingadb/ha.go
+++ b/pkg/icingadb/ha.go
@@ -428,6 +428,11 @@ func (h *HA) realize(
 
 		h.signalTakeover(takeover)
 	} else if otherResponsible {
+		if state, _ := h.state.Load(); state.responsible {
+			h.logger.Error("Other instance is responsible while this node itself is responsible, dropping responsibility")
+			h.signalHandover("other instance is responsible as well")
+			// h.signalHandover will update h.state
+		}
 		if state, _ := h.state.Load(); !state.otherResponsible {
 			state.otherResponsible = true
 			h.state.Store(state)