nogara-redis_failover 0.9.7 → 0.9.7.2

data/Changes.md

@@ -1,3 +1,20 @@
+HEAD
+-----------
+- redis_failover now supports distributed monitoring among the node managers! Previously, the node managers were only used
+as a means of redundancy in case a particular node manager crashed. Starting with version 1.0 of redis_failover, the node
+managers will all periodically report their health report/snapshots. The primary node manager will utilize a configurable
+"node strategy" to determine if a particular node is available or unavailable.
+- redis_failover now supports a configurable "failover strategy" that's consulted when performing a failover. Currently,
+a single strategy is provided that takes into account the average latency of the last health check to the redis server.
+
+0.9.7.2
+-----------
+- Add support for Redis#client's location method. Fixes a compatibility issue with redis_failover and Sidekiq.
+
+0.9.7.1
+-----------
+- Stop repeated attempts to acquire exclusive lock in Node Manager (#36)
+
 0.9.7
 -----------
 - Stubbed Client#client to return itself, fixes a fork reconnect bug with Resque (dbalatero)

data/README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://secure.travis-ci.org/ryanlecompte/redis_failover.png?branch=master)](http://travis-ci.org/ryanlecompte/redis_failover)
 
-redis_failover attempts to provides a full automatic master/slave failover solution for Ruby. Redis does not provide
+redis_failover attempts to provides a full automatic master/slave failover solution for Ruby. Redis does not currently provide
 an automatic failover capability when configured for master/slave replication. When the master node dies,
 a new master must be manually brought online and assigned as the slave's new master. This manual
 switch-over is not desirable in high traffic sites where Redis is a critical part of the overall
@@ -10,8 +10,8 @@ architecture. The existing standard Redis client for Ruby also only supports con
 Redis server. When using master/slave replication, it is desirable to have all writes go to the
 master, and all reads go to one of the N configured slaves.
 
-This gem (built using [ZK][]) attempts to address these failover scenarios. A redis failover Node Manager daemon runs as a background
-process and monitors all of your configured master/slave nodes. When the daemon starts up, it
+This gem (built using [ZK][]) attempts to address these failover scenarios. One or more Node Manager daemons run as background
+processes and monitor all of your configured master/slave nodes. When the daemon starts up, it
 automatically discovers the current master/slaves. Background watchers are setup for each of
 the redis nodes. As soon as a node is detected as being offline, it will be moved to an "unavailable" state.
 If the node that went offline was the master, then one of the slaves will be promoted as the new master.
@@ -22,8 +22,10 @@ nodes. Note that detection of a node going down should be nearly instantaneous,
 used to keep tabs on a node is via a blocking Redis BLPOP call (no polling). This call fails nearly
 immediately when the node actually goes offline. To avoid false positives (i.e., intermittent flaky
 network interruption), the Node Manager will only mark a node as unavailable if it fails to communicate with
-it 3 times (this is configurable via --max-failures, see configuration options below). Note that you can
-deploy multiple Node Manager daemons for added redundancy.
+it 3 times (this is configurable via --max-failures, see configuration options below). Note that you can (and should)
+deploy multiple Node Manager daemons since they each report periodic health reports/snapshots of the redis servers. A
+"node strategy" is used to determine if a node is actually unavailable. By default a majority strategy is used, but
+you can also configure "consensus" or "single" as well.
 
 This gem provides a RedisFailover::Client wrapper that is master/slave aware. The client is configured
 with a list of ZooKeeper servers. The client will automatically contact the ZooKeeper cluster to find out
@@ -64,15 +66,20 @@ following options:
 
     Usage: redis_node_manager [OPTIONS]
 
+
     Specific options:
-        -n, --nodes NODES                Comma-separated redis host:port pairs
-        -z, --zkservers SERVERS          Comma-separated ZooKeeper host:port pairs
-        -p, --password PASSWORD          Redis password
-            --znode-path PATH            Znode path override for storing redis server list
-            --max-failures COUNT         Max failures before manager marks node unavailable
-        -C, --config PATH                Path to YAML configuration file
-        -E, --environment ENV            Config environment to use
-        -h, --help                       Display all options
+        -n, --nodes NODES                  Comma-separated redis host:port pairs
+        -z, --zkservers SERVERS            Comma-separated ZooKeeper host:port pairs
+        -p, --password PASSWORD            Redis password
+            --znode-path PATH              Znode path override for storing redis server list
+            --max-failures COUNT           Max failures before manager marks node unavailable
+        -C, --config PATH                  Path to YAML config file
+            --with-chroot ROOT             Path to ZooKeepers chroot
+        -E, --environment ENV              Config environment to use
+            --node-strategy STRATEGY       Strategy used when determining availability of nodes (default: majority)
+            --failover-strategy STRATEGY   Strategy used when failing over to a new node (default: latency)
+            --required-node-managers COUNT Required Node Managers that must be reachable to determine node state (default: 1)
+        -h, --help                         Display all options
 
 To start the daemon for a simple master/slave configuration, use the following:
 
@@ -103,10 +110,12 @@ directory for configuration file samples.
 
 The Node Manager will automatically discover the master/slaves upon startup. Note that it is
 a good idea to run more than one instance of the Node Manager daemon in your environment. At
-any moment, a single Node Manager process will be designated to monitor the redis servers. If
+any moment, a single Node Manager process will be designated to manage the redis servers. If
 this Node Manager process dies or becomes partitioned from the network, another Node Manager
-will be promoted as the primary monitor of redis servers. You can run as many Node Manager
-processes as you'd like for added redundancy.
+will be promoted as the primary manager of redis servers. You can run as many Node Manager
+processes as you'd like. Every Node Manager periodically records health "snapshots" which the
+primary/master Node Manager consults when determining if it should officially mark a redis 
+server as unavailable. By default, a majority strategy is used.
 
 ## Client Usage
 
@@ -149,6 +158,25 @@ server passed to #manual_failover, or it will pick a random slave to become the
     client = RedisFailover::Client.new(:zkservers => 'localhost:2181,localhost:2182,localhost:2183')
     client.manual_failover(:host => 'localhost', :port => 2222)
 
+## Node & Failover Strategies
+
+As of redis_failover version 1.0, the notion of "node" and "failover" strategies exists. All running Node Managers will periodically record
+"snapshots" of their view of the redis nodes. The primary Node Manager will process these snapshots from all of the Node Managers by running a configurable
+node strategy. By default, a majority strategy is used. This means that if a majority of Node Managers indicate that a node is unavailable, then the primary
+Node Manager will officially mark it as unavailable. Other strategies exist:
+
+- consensus (all Node Managers must agree that the node is unavailable)
+- single (at least one Node Manager saying the node is unavailable will cause the node to be marked as such)
+
+When a failover happens, the primary Node Manager will now consult a "failover strategy" to determine which candidate node should be used. Currently only a single
+strategy is provided by redis_failover: latency. This strategy simply selects a node that is both marked as available by all Node Managers and has the lowest
+average latency for its last health check.
+
+Note that you should set the "required_node_managers" configuration option appropriately. This value (defaults to 1) is used to determine if enough Node
+Managers have reported their view of a node's state. For example, if you have deployed 5 Node Managers, then you should set this value to 5 if you only
+want to accept a node's availability when all 5 Node Managers are part of the snapshot. To give yourself flexibility, you may want to set this value to 3
+instead. This would give you flexibility to take down 2 Node Managers, while still allowing the cluster to be managed appropriately.
+
 ## Documentation
 
 redis_failover uses YARD for its API documentation. Refer to the generated [API documentation](http://rubydoc.info/github/ryanlecompte/redis_failover/master/frames) for full coverage.
@@ -166,8 +194,6 @@ redis_failover uses YARD for its API documentation. Refer to the generated [API
 
 - Note that it's still possible for the RedisFailover::Client instances to see a stale list of servers for a very small window. In most cases this will not be the case due to how ZooKeeper handles distributed communication, but you should be aware that in the worst case the client could write to a "stale" master for a small period of time until the next watch event is received by the client via ZooKeeper.
 
-- Note that currently multiple Node Managers are currently used for redundancy purposes only. The Node Managers do not communicate with each other to perform any type of election or voting to determine if they all agree on promoting a new master. Right now Node Managers that are not "active" just sit and wait until they can grab the lock to become the single decision-maker for which Redis servers are available or not. This means that a scenario could present itself where a Node Manager thinks the Redis master is available, however the actual RedisFailover::Client instances think they can't reach the Redis master (either due to network partitions or the Node Manager flapping due to machine failure, etc). We are exploring ways to improve this situation.
-
 ## Resources
 
 - Check out Steve Whittaker's [redis-failover-test](https://github.com/swhitt/redis-failover-test) project which shows how to test redis_failover in a non-trivial configuration using Vagrant/Chef.

data/examples/config.yml

@@ -2,6 +2,9 @@
 #   redis_node_manager -C config.yml
 ---
 :max_failures: 2
+:node_strategy: majority
+:failover_strategy: latency
+:required_node_managers: 2
 :nodes:
   - localhost:6379
   - localhost:1111

data/lib/redis_failover.rb

@@ -6,6 +6,7 @@ require 'thread'
 require 'logger'
 require 'timeout'
 require 'optparse'
+require 'benchmark'
 require 'multi_json'
 require 'securerandom'
 
@@ -16,7 +17,9 @@ require 'redis_failover/errors'
 require 'redis_failover/client'
 require 'redis_failover/runner'
 require 'redis_failover/version'
+require 'redis_failover/node_strategy'
 require 'redis_failover/node_manager'
 require 'redis_failover/node_watcher'
+require 'redis_failover/node_snapshot'
 require 'redis_failover/manual_failover'
-
+require 'redis_failover/failover_strategy'

data/lib/redis_failover/cli.rb

@@ -48,6 +48,21 @@ module RedisFailover
           options[:config_environment] = config_env
         end
 
+        opts.on('--node-strategy STRATEGY',
+         'Strategy used when determining availability of nodes (default: majority)') do |strategy|
+          options[:node_strategy] = strategy
+        end
+
+        opts.on('--failover-strategy STRATEGY',
+         'Strategy used when failing over to a new node (default: latency)') do |strategy|
+          options[:failover_strategy] = strategy
+        end
+
+        opts.on('--required-node-managers COUNT',
+         'Required Node Managers that must be reachable to determine node state (default: 1)') do |count|
+          options[:required_node_managers] = Integer(count)
+        end
+
         opts.on('-h', '--help', 'Display all options') do
           puts opts
           exit
@@ -59,7 +74,7 @@ module RedisFailover
         options = from_file(config_file, options[:config_environment])
       end
 
-      if required_options_missing?(options)
+      if invalid_options?(options)
         puts parser
         exit
       end
@@ -68,7 +83,7 @@ module RedisFailover
     end
 
     # @return [Boolean] true if required options missing, false otherwise
-    def self.required_options_missing?(options)
+    def self.invalid_options?(options)
       return true if options.empty?
       return true unless options.values_at(:nodes, :zkservers).all?
       false
@@ -113,6 +128,14 @@ module RedisFailover
         options[:nodes].each { |opts| opts.update(:password => password) }
       end
 
+      if node_strategy = options[:node_strategy]
+        options[:node_strategy] = node_strategy.to_sym
+      end
+
+      if failover_strategy = options[:failover_strategy]
+        options[:failover_strategy] = failover_strategy.to_sym
+      end
+
       options
     end
   end

data/lib/redis_failover/client.rb

@@ -79,10 +79,12 @@ module RedisFailover
       self
     end
 
-    # Sidekiq-web asks for a location in the redis client. Implements something here
-    # just to make sure it works
+    # Delegates to the underlying Redis client to fetch the location.
+    # This method always returns the location of the master.
+    #
+    # @return [String] the redis location
     def location
-      'location'
+      dispatch(:client).location
     end
 
     # Specifies a callback to invoke when the current redis node list changes.
@@ -131,7 +133,7 @@ module RedisFailover
     # @option options [String] :host the host of the failover candidate
     # @option options [String] :port the port of the failover candidate
     def manual_failover(options = {})
-      ManualFailover.new(@zk, options).perform
+      ManualFailover.new(@zk, @root_znode, options).perform
       self
     end
 
@@ -176,12 +178,12 @@ module RedisFailover
     # Sets up the underlying ZooKeeper connection.
     def setup_zk
       @zk = ZK.new(@zkservers)
-      @zk.watcher.register(@znode) { |event| handle_zk_event(event) }
+      @zk.watcher.register(redis_nodes_path) { |event| handle_zk_event(event) }
       if @safe_mode
         @zk.on_expired_session { purge_clients }
       end
-      @zk.on_connected { @zk.stat(@znode, :watch => true) }
-      @zk.stat(@znode, :watch => true)
+      @zk.on_connected { @zk.stat(redis_nodes_path, :watch => true) }
+      @zk.stat(redis_nodes_path, :watch => true)
       update_znode_timestamp
     end
 
@@ -194,12 +196,12 @@ module RedisFailover
         build_clients
       elsif event.node_deleted?
         purge_clients
-        @zk.stat(@znode, :watch => true)
+        @zk.stat(redis_nodes_path, :watch => true)
       else
         logger.error("Unknown ZK node event: #{event.inspect}")
       end
     ensure
-      @zk.stat(@znode, :watch => true)
+      @zk.stat(redis_nodes_path, :watch => true)
     end
 
     # Determines if a method is a known redis operation.
@@ -308,7 +310,7 @@ module RedisFailover
     #
     # @return [Hash] the known master/slave redis servers
     def fetch_nodes
-      data = @zk.get(@znode, :watch => true).first
+      data = @zk.get(redis_nodes_path, :watch => true).first
       nodes = symbolize_keys(decode(data))
       logger.debug("Fetched nodes: #{nodes.inspect}")
 
@@ -474,7 +476,7 @@ module RedisFailover
     # @param [Hash] options the configuration options
     def parse_options(options)
       @zkservers = options.fetch(:zkservers) { raise ArgumentError, ':zkservers required'}
-      @znode = options.fetch(:znode_path, Util::DEFAULT_ZNODE_PATH)
+      @root_znode = options.fetch(:znode_path, Util::DEFAULT_ROOT_ZNODE_PATH)
       @namespace = options[:namespace]
       @password = options[:password]
       @db = options[:db]
@@ -483,5 +485,10 @@ module RedisFailover
       @safe_mode = options.fetch(:safe_mode, true)
       @master_only = options.fetch(:master_only, false)
     end
+
+    # @return [String] the znode path for the master redis nodes config
+    def redis_nodes_path
+      "#{@root_znode}/nodes"
+    end
   end
 end

data/lib/redis_failover/errors.rb

@@ -51,8 +51,4 @@ module RedisFailover
       super("Operation `#{operation}` is currently unsupported")
     end
   end
-
-  # Raised when we detect an expired ZK session.
-  class ZKDisconnectedError < Error
-  end
 end

data/lib/redis_failover/failover_strategy.rb

@@ -0,0 +1,25 @@
+module RedisFailover
+  # Base class for strategies that determine which node is used during failover.
+  class FailoverStrategy
+    include Util
+
+    # Loads a strategy based on the given name.
+    #
+    # @param [String, Symbol] name the strategy name
+    # @return [Object] a new strategy instance
+    def self.for(name)
+      require "redis_failover/failover_strategy/#{name.downcase}"
+      const_get(name.capitalize).new
+    rescue LoadError, NameError
+      raise "Failed to find failover strategy: #{name}"
+    end
+
+    # Returns a candidate node as determined by this strategy.
+    #
+    # @param [Hash<Node, NodeSnapshot>] snapshots the node snapshots
+    # @return [Node] the candidate node or nil if one couldn't be found
+    def find_candidate(snapshots)
+      raise NotImplementedError
+    end
+  end
+end

data/lib/redis_failover/failover_strategy/latency.rb

@@ -0,0 +1,21 @@
+module RedisFailover
+  class FailoverStrategy
+    # Failover strategy that selects an available node that is both seen by all
+    # node managers and has the lowest reported health check latency.
+    class Latency < FailoverStrategy
+      # @see RedisFailover::FailoverStrategy#find_candidate
+      def find_candidate(snapshots)
+        candidates = {}
+        snapshots.each do |node, snapshot|
+          if snapshot.all_available?
+            candidates[node] = snapshot.avg_latency
+          end
+        end
+
+        if candidate = candidates.min_by(&:last)
+          candidate.first
+        end
+      end
+    end
+  end
+end

data/lib/redis_failover/manual_failover.rb

@@ -2,37 +2,49 @@ module RedisFailover
   # Provides manual failover support to a new master.
   class ManualFailover
     # Path for manual failover communication.
-    ZNODE_PATH = '/redis_failover_manual'.freeze
+    ZNODE_PATH = 'manual_failover'.freeze
 
     # Denotes that any slave can be used as a candidate for promotion.
     ANY_SLAVE = "ANY_SLAVE".freeze
 
+    def self.path(root_znode)
+      "#{root_znode}/#{ZNODE_PATH}"
+    end
+
     # Creates a new instance.
     #
     # @param [ZK] zk the ZooKeeper client
+    # @param [ZNode] root_znode the root ZK node
     # @param [Hash] options the options used for manual failover
     # @option options [String] :host the host of the failover candidate
     # @option options [String] :port the port of the failover candidate
     # @note
     #   If options is empty, a random slave will be used
     #   as a failover candidate.
-    def initialize(zk, options = {})
+    def initialize(zk, root_znode, options = {})
       @zk = zk
+      @root_znode = root_znode
       @options = options
+
+      unless @options.empty?
+        port = Integer(@options[:port]) rescue nil
+        raise ArgumentError, ':host not properly specified' if @options[:host].to_s.empty?
+        raise ArgumentError, ':port not properly specified' if port.nil?
+      end
     end
 
     # Performs a manual failover.
     def perform
       create_path
       node = @options.empty? ? ANY_SLAVE : "#{@options[:host]}:#{@options[:port]}"
-      @zk.set(ZNODE_PATH, node)
+      @zk.set(self.class.path(@root_znode), node)
     end
 
     private
 
     # Creates the znode path used for coordinating manual failovers.
     def create_path
-      @zk.create(ZNODE_PATH)
+      @zk.create(self.class.path(@root_znode))
     rescue ZK::Exceptions::NodeExists
       # best effort
     end

data/lib/redis_failover/node.rb

@@ -22,7 +22,8 @@ module RedisFailover
     # @option options [String] :host the host of the redis server
     # @option options [String] :port the port of the redis server
     def initialize(options = {})
-      @host = options.fetch(:host) { raise InvalidNodeError, 'missing host'}
+      @host = options[:host]
+      raise InvalidNodeError, 'missing host' if @host.to_s.empty?
       @port = Integer(options[:port] || 6379)
       @password = options[:password]
     end

data/lib/redis_failover/node_manager.rb

@@ -3,20 +3,23 @@ module RedisFailover
   # will discover the current redis master and slaves. Each redis node is
   # monitored by a NodeWatcher instance. The NodeWatchers periodically
   # report the current state of the redis node it's watching to the
-  # NodeManager via an asynchronous queue. The NodeManager processes the
-  # state reports and reacts appropriately by handling stale/dead nodes,
-  # and promoting a new redis master if it sees fit to do so.
+  # NodeManager. The NodeManager processes the state reports and reacts
+  # appropriately by handling stale/dead nodes, and promoting a new redis master
+  # if it sees fit to do so.
   class NodeManager
     include Util
 
     # Number of seconds to wait before retrying bootstrap process.
-    TIMEOUT = 3
+    TIMEOUT = 5
+    # Number of seconds for checking node snapshots.
+    CHECK_INTERVAL = 10
+    # Number of max attempts to promote a master before releasing master lock.
+    MAX_PROMOTION_ATTEMPTS = 3
 
     # ZK Errors that the Node Manager cares about.
     ZK_ERRORS = [
       ZK::Exceptions::LockAssertionFailedError,
-      ZK::Exceptions::InterruptedSession,
-      ZKDisconnectedError
+      ZK::Exceptions::InterruptedSession
     ].freeze
 
     # Errors that can happen during the node discovery process.
@@ -38,15 +41,16 @@ module RedisFailover
     def initialize(options)
       logger.info("Redis Node Manager v#{VERSION} starting (#{RUBY_DESCRIPTION})")
       @options = options
-      @znode = @options[:znode_path] || Util::DEFAULT_ZNODE_PATH
-      @manual_znode = ManualFailover::ZNODE_PATH
-      @mutex = Mutex.new
+      @required_node_managers = options.fetch(:required_node_managers, 1)
+      @root_znode = options.fetch(:znode_path, Util::DEFAULT_ROOT_ZNODE_PATH)
+      @node_strategy = NodeStrategy.for(options.fetch(:node_strategy, :majority))
+      @failover_strategy = FailoverStrategy.for(options.fetch(:failover_strategy, :latency))
+      @nodes = Array(@options[:nodes]).map { |opts| Node.new(opts) }.uniq
+      @master_manager = false
+      @master_promotion_attempts = 0
+      @sufficient_node_managers = false
+      @lock = Monitor.new
       @shutdown = false
-      @leader = false
-      @master = nil
-      @slaves = []
-      @unavailable = []
-      @lock_path = "#{@znode}_lock".freeze
     end
 
     # Starts the node manager.
@@ -54,21 +58,18 @@ module RedisFailover
     # @note This method does not return until the manager terminates.
     def start
       return unless running?
-      @queue = Queue.new
       setup_zk
-      logger.info('Waiting to become master Node Manager ...')
-      with_lock do
-        @leader = true
-        logger.info('Acquired master Node Manager lock')
-        if discover_nodes
-          initialize_path
-          spawn_watchers
-          handle_state_reports
-        end
-      end
+      spawn_watchers
+      wait_until_master
     rescue *ZK_ERRORS => ex
       logger.error("ZK error while attempting to manage nodes: #{ex.inspect}")
       reset
+      sleep(TIMEOUT)
+      retry
+    rescue NoMasterError
+      logger.error("Failed to promote a new master after #{MAX_PROMOTION_ATTEMPTS} attempts.")
+      reset
+      sleep(TIMEOUT)
       retry
     end
 
@@ -77,78 +78,58 @@ module RedisFailover
     #
     # @param [Node] node the node
     # @param [Symbol] state the state
-    def notify_state(node, state)
-      @queue << [node, state]
+    # @param [Integer] latency an optional latency
+    def notify_state(node, state, latency = nil)
+      @lock.synchronize do
+        if running?
+          update_current_state(node, state, latency)
+        end
+      end
+    rescue => ex
+      logger.error("Error handling state report #{[node, state].inspect}: #{ex.inspect}")
+      logger.error(ex.backtrace.join("\n"))
     end
 
     # Performs a reset of the manager.
     def reset
-      @leader = false
+      @master_manager = false
+      @master_promotion_attempts = 0
       @watchers.each(&:shutdown) if @watchers
-      @queue.clear
-      @zk.close! if @zk
-      @zk_lock = nil
     end
 
     # Initiates a graceful shutdown.
     def shutdown
       logger.info('Shutting down ...')
-      @mutex.synchronize do
+      @lock.synchronize do
         @shutdown = true
       end
+
+      reset
+      exit
     end
 
     private
 
     # Configures the ZooKeeper client.
     def setup_zk
-      @zk.close! if @zk
-      @zk = ZK.new("#{@options[:zkservers]}#{@options[:chroot] || ''}")
-      @zk.on_expired_session { notify_state(:zk_disconnected, nil) }
-
-      @zk.register(@manual_znode) do |event|
-        if event.node_created? || event.node_changed?
-          perform_manual_failover
+      unless @zk
+        @zk = ZK.new("#{@options[:zkservers]}#{@options[:chroot] || ''}")
+        @zk.register(manual_failover_path) do |event|
+          handle_manual_failover_update(event)
         end
+        @zk.on_connected { @zk.stat(manual_failover_path, :watch => true) }
       end
 
-      @zk.on_connected { @zk.stat(@manual_znode, :watch => true) }
-      @zk.stat(@manual_znode, :watch => true)
-    end
-
-    # Handles periodic state reports from {RedisFailover::NodeWatcher} instances.
-    def handle_state_reports
-      while running? && (state_report = @queue.pop)
-        begin
-          @mutex.synchronize do
-            return unless running?
-            @zk_lock.assert!
-            node, state = state_report
-            case state
-            when :unavailable     then handle_unavailable(node)
-            when :available       then handle_available(node)
-            when :syncing         then handle_syncing(node)
-            when :zk_disconnected then raise ZKDisconnectedError
-            else raise InvalidNodeStateError.new(node, state)
-            end
-
-            # flush current state
-            write_state
-          end
-        rescue *ZK_ERRORS
-          # fail hard if this is a ZK connection-related error
-          raise
-        rescue => ex
-          logger.error("Error handling #{state_report.inspect}: #{ex.inspect}")
-          logger.error(ex.backtrace.join("\n"))
-        end
-      end
+      create_path(@root_znode)
+      create_path(current_state_root)
+      @zk.stat(manual_failover_path, :watch => true)
     end
 
     # Handles an unavailable node.
     #
     # @param [Node] node the unavailable node
-    def handle_unavailable(node)
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
+    def handle_unavailable(node, snapshots)
       # no-op if we already know about this node
       return if @unavailable.include?(node)
       logger.info("Handling unavailable node: #{node}")
@@ -157,7 +138,7 @@ module RedisFailover
       # find a new master if this node was a master
       if node == @master
         logger.info("Demoting currently unavailable master #{node}.")
-        promote_new_master
+        promote_new_master(snapshots)
       else
         @slaves.delete(node)
       end
@@ -166,7 +147,8 @@ module RedisFailover
     # Handles an available node.
     #
     # @param [Node] node the available node
-    def handle_available(node)
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
+    def handle_available(node, snapshots)
       reconcile(node)
 
       # no-op if we already know about this node
@@ -179,7 +161,7 @@ module RedisFailover
         @slaves << node
       else
         # no master exists, make this the new master
-        promote_new_master(node)
+        promote_new_master(snapshots, node)
       end
 
       @unavailable.delete(node)
@@ -188,74 +170,75 @@ module RedisFailover
     # Handles a node that is currently syncing.
     #
     # @param [Node] node the syncing node
-    def handle_syncing(node)
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
+    def handle_syncing(node, snapshots)
       reconcile(node)
 
       if node.syncing_with_master? && node.prohibits_stale_reads?
         logger.info("Node #{node} not ready yet, still syncing with master.")
         force_unavailable_slave(node)
-        return
+      else
+        # otherwise, we can use this node
+        handle_available(node, snapshots)
       end
-
-      # otherwise, we can use this node
-      handle_available(node)
     end
 
     # Handles a manual failover request to the given node.
     #
     # @param [Node] node the candidate node for failover
-    def handle_manual_failover(node)
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
+    def handle_manual_failover(node, snapshots)
       # no-op if node to be failed over is already master
       return if @master == node
       logger.info("Handling manual failover")
 
+      # ensure we can talk to the node
+      node.ping
+
       # make current master a slave, and promote new master
       @slaves << @master if @master
       @slaves.delete(node)
-      promote_new_master(node)
+      promote_new_master(snapshots, node)
     end
 
     # Promotes a new master.
     #
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
     # @param [Node] node the optional node to promote
-    # @note if no node is specified, a random slave will be used
-    def promote_new_master(node = nil)
-      delete_path
+    def promote_new_master(snapshots, node = nil)
+      delete_path(redis_nodes_path)
       @master = nil
 
-      # make a specific node or slave the new master
-      candidate = node || @slaves.pop
-      unless candidate
+      # make a specific node or selected candidate the new master
+      candidate = node || failover_strategy_candidate(snapshots)
+
+      if candidate.nil?
         logger.error('Failed to promote a new master, no candidate available.')
-        return
+      else
+        @slaves.delete(candidate)
+        @unavailable.delete(candidate)
+        redirect_slaves_to(candidate)
+        candidate.make_master!
+        @master = candidate
+        write_current_redis_nodes
+        @master_promotion_attempts = 0
+        logger.info("Successfully promoted #{candidate} to master.")
       end
-
-      redirect_slaves_to(candidate)
-      candidate.make_master!
-      @master = candidate
-
-      create_path
-      write_state
-      logger.info("Successfully promoted #{candidate} to master.")
     end
 
     # Discovers the current master and slave nodes.
     # @return [Boolean] true if nodes successfully discovered, false otherwise
     def discover_nodes
-      @mutex.synchronize do
-        return false unless running?
-        nodes = @options[:nodes].map { |opts| Node.new(opts) }.uniq
+      @lock.synchronize do
+        return unless running?
+        @slaves, @unavailable = [], []
         if @master = find_existing_master
           logger.info("Using master #{@master} from existing znode config.")
-        elsif @master = guess_master(nodes)
+        elsif @master = guess_master(@nodes)
           logger.info("Guessed master #{@master} from known redis nodes.")
         end
-        @slaves = nodes - [@master]
-        logger.info("Managing master (#{@master}) and slaves " +
-          "(#{@slaves.map(&:to_s).join(', ')})")
-        # ensure that slaves are correctly pointing to this master
-        redirect_slaves_to(@master)
-        true
+        @slaves = @nodes - [@master]
+        logger.info("Managing master (#{@master}) and slaves #{stringify_nodes(@slaves)}")
       end
     rescue *NODE_DISCOVERY_ERRORS => ex
       msg = <<-MSG.gsub(/\s+/, ' ')
@@ -273,7 +256,7 @@ module RedisFailover
 
     # Seeds the initial node master from an existing znode config.
     def find_existing_master
-      if data = @zk.get(@znode).first
+      if data = @zk.get(redis_nodes_path).first
         nodes = symbolize_keys(decode(data))
         master = node_from(nodes[:master])
         logger.info("Master from existing znode config: #{master || 'none'}")
@@ -302,10 +285,13 @@ module RedisFailover
 
     # Spawns the {RedisFailover::NodeWatcher} instances for each managed node.
     def spawn_watchers
-      @watchers = [@master, @slaves, @unavailable].flatten.compact.map do |node|
-        NodeWatcher.new(self, node, @options[:max_failures] || 3)
+      @zk.delete(current_state_path, :ignore => :no_node)
+      @monitored_available, @monitored_unavailable = {}, []
+      @watchers = @nodes.map do |node|
+        NodeWatcher.new(self, node, @options.fetch(:max_failures, 3))
       end
       @watchers.each(&:watch)
+      logger.info("Monitoring redis nodes at #{stringify_nodes(@nodes)}")
     end
 
     # Searches for the master node.
@@ -373,77 +359,361 @@ module RedisFailover
       }
     end
 
+    # @return [Hash] the set of currently available/unavailable nodes as
+    # seen by this node manager instance
+    def node_availability_state
+      {
+        :available => Hash[@monitored_available.map { |k, v| [k.to_s, v] }],
+        :unavailable => @monitored_unavailable.map(&:to_s)
+      }
+    end
+
     # Deletes the znode path containing the redis nodes.
-    def delete_path
-      @zk.delete(@znode)
-      logger.info("Deleted ZooKeeper node #{@znode}")
+    #
+    # @param [String] path the znode path to delete
+    def delete_path(path)
+      @zk.delete(path)
+      logger.info("Deleted ZK node #{path}")
     rescue ZK::Exceptions::NoNode => ex
       logger.info("Tried to delete missing znode: #{ex.inspect}")
     end
 
-    # Creates the znode path containing the redis nodes.
-    def create_path
-      unless @zk.exists?(@znode)
-        @zk.create(@znode, encode(current_nodes))
-        logger.info("Created ZooKeeper node #{@znode}")
+    # Creates a znode path.
+    #
+    # @param [String] path the znode path to create
+    # @param [Hash] options the options used to create the path
+    # @option options [String] :initial_value an initial value for the znode
+    # @option options [Boolean] :ephemeral true if node is ephemeral, false otherwise
+    def create_path(path, options = {})
+      unless @zk.exists?(path)
+        @zk.create(path,
+          options[:initial_value],
+          :ephemeral => options.fetch(:ephemeral, false))
+        logger.info("Created ZK node #{path}")
       end
     rescue ZK::Exceptions::NodeExists
       # best effort
     end
 
-    # Initializes the znode path containing the redis nodes.
-    def initialize_path
-      create_path
-      write_state
+    # Writes state to a particular znode path.
+    #
+    # @param [String] path the znode path that should be written to
+    # @param [String] value the value to write to the znode
+    # @param [Hash] options the default options to be used when creating the node
+    # @note the path will be created if it doesn't exist
+    def write_state(path, value, options = {})
+      create_path(path, options.merge(:initial_value => value))
+      @zk.set(path, value)
+    end
+
+    # Handles a manual failover znode update.
+    #
+    # @param [ZK::Event] event the ZK event to handle
+    def handle_manual_failover_update(event)
+      if event.node_created? || event.node_changed?
+        perform_manual_failover
+      end
+    rescue => ex
+      logger.error("Error scheduling a manual failover: #{ex.inspect}")
+      logger.error(ex.backtrace.join("\n"))
+    ensure
+      @zk.stat(manual_failover_path, :watch => true)
+    end
+
+    # Produces a FQDN id for this Node Manager.
+    #
+    # @return [String] the FQDN for this Node Manager
+    def manager_id
+      @manager_id ||= [
+        Socket.gethostbyname(Socket.gethostname)[0],
+        Process.pid
+      ].join('-')
+    end
+
+    # Writes the current master list of redis nodes. This method is only invoked
+    # if this node manager instance is the master/primary manager.
+    def write_current_redis_nodes
+      write_state(redis_nodes_path, encode(current_nodes))
+    end
+
+    # @return [String] root path for current node manager state
+    def current_state_root
+      "#{@root_znode}/manager_node_state"
+    end
+
+    # @return [String] the znode path for this node manager's view
+    # of available nodes
+    def current_state_path
+      "#{current_state_root}/#{manager_id}"
+    end
+
+    # @return [String] the znode path for the master redis nodes config
+    def redis_nodes_path
+      "#{@root_znode}/nodes"
+    end
+
+    # @return [String] the znode path used for performing manual failovers
+    def manual_failover_path
+      ManualFailover.path(@root_znode)
+    end
+
+    # @return [Boolean] true if this node manager is the master, false otherwise
+    def master_manager?
+      @master_manager
     end
 
-    # Writes the current redis nodes state to the znode path.
-    def write_state
-      create_path
-      @zk.set(@znode, encode(current_nodes))
+    # Used to update the master node manager state. These states are only handled if
+    # this node manager instance is serving as the master manager.
+    #
+    # @param [Node] node the node to handle
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
+    def update_master_state(node, snapshots)
+      state = @node_strategy.determine_state(node, snapshots)
+      case state
+      when :unavailable
+        handle_unavailable(node, snapshots)
+      when :available
+        if node.syncing_with_master?
+          handle_syncing(node, snapshots)
+        else
+          handle_available(node, snapshots)
+        end
+      else
+        raise InvalidNodeStateError.new(node, state)
+      end
+    rescue *ZK_ERRORS
+      # fail hard if this is a ZK connection-related error
+      raise
+    rescue => ex
+      logger.error("Error handling state report for #{[node, state].inspect}: #{ex.inspect}")
+    end
+
+    # Updates the current view of the world for this particular node
+    # manager instance. All node managers write this state regardless
+    # of whether they are the master manager or not.
+    #
+    # @param [Node] node the node to handle
+    # @param [Symbol] state the node state
+    # @param [Integer] latency an optional latency
+    def update_current_state(node, state, latency = nil)
+      case state
+      when :unavailable
+        @monitored_unavailable |= [node]
+        @monitored_available.delete(node)
+      when :available
+        @monitored_available[node] = latency
+        @monitored_unavailable.delete(node)
+      else
+        raise InvalidNodeStateError.new(node, state)
+      end
+
+      # flush ephemeral current node manager state
+      write_state(current_state_path,
+        encode(node_availability_state),
+        :ephemeral => true)
+    end
+
+    # Fetches each currently running node manager's view of the
+    # world in terms of which nodes they think are available/unavailable.
+    #
+    # @return [Hash<String, Array>] a hash of node manager to host states
+    def fetch_node_manager_states
+      states = {}
+      @zk.children(current_state_root).each do |child|
+        full_path = "#{current_state_root}/#{child}"
+        begin
+          states[child] = symbolize_keys(decode(@zk.get(full_path).first))
+        rescue ZK::Exceptions::NoNode
+          # ignore, this is an edge case that can happen when a node manager
+          # process dies while fetching its state
+        rescue => ex
+          logger.error("Failed to fetch states for #{full_path}: #{ex.inspect}")
+        end
+      end
+      states
+    end
+
+    # Builds current snapshots of nodes across all running node managers.
+    #
+    # @return [Hash<Node, NodeSnapshot>] the snapshots for all nodes
+    def current_node_snapshots
+      nodes = {}
+      snapshots = Hash.new { |h, k| h[k] = NodeSnapshot.new(k) }
+      fetch_node_manager_states.each do |node_manager, states|
+        available, unavailable = states.values_at(:available, :unavailable)
+        available.each do |node_string, latency|
+          node = nodes[node_string] ||= node_from(node_string)
+          snapshots[node].viewable_by(node_manager, latency)
+        end
+        unavailable.each do |node_string|
+          node = nodes[node_string] ||= node_from(node_string)
+          snapshots[node].unviewable_by(node_manager)
+        end
+      end
+
+      snapshots
+    end
+
+    # Waits until this node manager becomes the master.
+    def wait_until_master
+      logger.info('Waiting to become master Node Manager ...')
+
+      with_lock do
+        @master_manager = true
+        logger.info('Acquired master Node Manager lock.')
+        logger.info("Configured node strategy #{@node_strategy.class}")
+        logger.info("Configured failover strategy #{@failover_strategy.class}")
+        logger.info("Required Node Managers to make a decision: #{@required_node_managers}")
+        manage_nodes
+      end
+    end
+
+    # Manages the redis nodes by periodically processing snapshots.
+    def manage_nodes
+      # Re-discover nodes, since the state of the world may have been changed
+      # by the time we've become the primary node manager.
+      discover_nodes
+
+      # ensure that slaves are correctly pointing to this master
+      redirect_slaves_to(@master)
+
+      # Periodically update master config state.
+      while running? && master_manager?
+        @zk_lock.assert!
+        sleep(CHECK_INTERVAL)
+
+        @lock.synchronize do
+          snapshots = current_node_snapshots
+          if ensure_sufficient_node_managers(snapshots)
+            snapshots.each_key do |node|
+              update_master_state(node, snapshots)
+            end
+
+            # flush current master state
+            write_current_redis_nodes
+
+            # check if we've exhausted our attempts to promote a master
+            unless @master
+              @master_promotion_attempts += 1
+              raise NoMasterError if @master_promotion_attempts > MAX_PROMOTION_ATTEMPTS
+            end
+          end
+        end
+      end
+    end
+
+    # Creates a Node instance from a string.
+    #
+    # @param [String] node_string a string representation of a node (e.g., host:port)
+    # @return [Node] the Node representation
+    def node_from(node_string)
+      return if node_string.nil?
+      host, port = node_string.split(':', 2)
+      Node.new(:host => host, :port => port, :password => @options[:password])
     end
 
     # Executes a block wrapped in a ZK exclusive lock.
     def with_lock
-      @zk_lock = @zk.locker(@lock_path)
-      while running? && !@zk_lock.lock
-        sleep(TIMEOUT)
+      @zk_lock ||= @zk.locker('master_redis_node_manager_lock')
+
+      begin
+        @zk_lock.lock!(true)
+      rescue Exception
+        # handle shutdown case
+        running? ? raise : return
       end
 
       if running?
+        @zk_lock.assert!
         yield
       end
     ensure
-      @zk_lock.unlock! if @zk_lock
+      if @zk_lock
+        begin
+          @zk_lock.unlock!
+        rescue => ex
+          logger.warn("Failed to release lock: #{ex.inspect}")
+        end
+      end
     end
 
     # Perform a manual failover to a redis node.
     def perform_manual_failover
-      @mutex.synchronize do
-        return unless running? && @leader && @zk_lock
+      @lock.synchronize do
+        return unless running? && @master_manager && @zk_lock
         @zk_lock.assert!
-        new_master = @zk.get(@manual_znode, :watch => true).first
+        new_master = @zk.get(manual_failover_path, :watch => true).first
         return unless new_master && new_master.size > 0
         logger.info("Received manual failover request for: #{new_master}")
         logger.info("Current nodes: #{current_nodes.inspect}")
-        node = new_master == ManualFailover::ANY_SLAVE ?
-          @slaves.shuffle.first : node_from(new_master)
+        snapshots = current_node_snapshots
+
+        node = if new_master == ManualFailover::ANY_SLAVE
+          failover_strategy_candidate(snapshots)
+        else
+          node_from(new_master)
+        end
+
         if node
-          handle_manual_failover(node)
+          handle_manual_failover(node, snapshots)
         else
           logger.error('Failed to perform manual failover, no candidate found.')
         end
       end
     rescue => ex
-      logger.error("Error handling a manual failover: #{ex.inspect}")
+      logger.error("Error handling manual failover: #{ex.inspect}")
       logger.error(ex.backtrace.join("\n"))
     ensure
-      @zk.stat(@manual_znode, :watch => true)
+      @zk.stat(manual_failover_path, :watch => true)
     end
 
     # @return [Boolean] true if running, false otherwise
     def running?
-      !@shutdown
+      @lock.synchronize { !@shutdown }
+    end
+
+    # @return [String] a stringified version of redis nodes
+    def stringify_nodes(nodes)
+      "(#{nodes.map(&:to_s).join(', ')})"
+    end
+
+    # Determines if each snapshot has a sufficient number of node managers.
+    #
+    # @param [Hash<Node, Snapshot>] snapshots the current snapshots
+    # @return [Boolean] true if sufficient, false otherwise
+    def ensure_sufficient_node_managers(snapshots)
+      currently_sufficient = true
+      snapshots.each do |node, snapshot|
+        node_managers = snapshot.node_managers
+        if node_managers.size < @required_node_managers
+          logger.error("Not enough Node Managers in snapshot for node #{node}. " +
+            "Required: #{@required_node_managers}, " +
+            "Available: #{node_managers.size} #{node_managers}")
+          currently_sufficient = false
+        end
+      end
+
+      if currently_sufficient && !@sufficient_node_managers
+        logger.info("Required Node Managers are visible: #{@required_node_managers}")
+      end
+
+      @sufficient_node_managers = currently_sufficient
+      @sufficient_node_managers
+    end
+
+    # Invokes the configured failover strategy.
+    #
+    # @param [Hash<Node, NodeSnapshot>] snapshots the node snapshots
+    # @return [Node] a failover candidate
+    def failover_strategy_candidate(snapshots)
+      # only include nodes that this master Node Manager can see
+      filtered_snapshots = snapshots.select do |node, snapshot|
+        snapshot.viewable_by?(manager_id)
+      end
+
+      logger.info('Attempting to find candidate from snapshots:')
+      logger.info("\n" + filtered_snapshots.values.join("\n"))
+      @failover_strategy.find_candidate(filtered_snapshots)
     end
   end
 end