Standby server as a backup when deploying changes

Using SBS as a backup of the "verified" application configuration

In practice, a situation may arise when it is necessary to make a major configuration intervention in the application during full operation, and there is a risk that configuration changes may cause unexpected application problems.

A solution may be to back up the configuration before deploying the changes and, in case of problems, restart the application cluster from the backup configuration. However, this method has the disadvantage that restarting the system will cause its (short-term) outage.

Suppose it is necessary to avoid the outage completely. In that case, it is possible to use the standby server as a "backup" of the configuration by suppressing the replication of configuration changes from the HOT/MASTER kernel to the STANDBY kernel. Stopping the reception of replication is performed by the TELL command STANDBYCFGFREEZE, which must be executed on the STANDBY kernel. From the moment the TELL command is received, the application configuration in the STANDBY kernel is effectively "frozen" and is logically disconnected from the synchronized redundant cluster.

After the configuration change is complete:

a) If we want to preserve the configuration changes on the HOT/MASTER server, i.e., no unexpected problems occurred, we just restart the STANDBY kernel. It will synchronize to the configuration from the HOT/MASTER server upon startup and join the cluster (redundancy group).
b) If problems have occurred and we need to return to the backup, we shut down the HOT/MASTER server (and before that, all other STANDBY servers that are not in the "CFGFREEZE" state).
Our backup STANDBY will then automatically switch to the HOT/MASTER state and push the backed-up configuration to the connected clients. At the moment of switching to the HOT/MASTER state, the kernel loses the "CFGFREEZE" flag, so if the kernel later, after connecting other kernels to the cluster, switches to STANDBY, the redundancy works in full synchronization between the kernels.
Warning: It is necessary that at the moment of transition of the "CFGFREEZE" kernel from the STANDBY state to the HOT/MASTER state, no other kernel is running within the redundant cluster that is not in the "CFGFREEZE" state. Otherwise, when switching redundancy to such a kernel later, the configuration may become out of sync.

The information that the kernel is in the "CFGFREEZE" state is displayed in the SysConsole application in the "State" column