RubyGems - redis_failover - Versions diffs - 0.9.7.2 → 1.0.0 - Mend

redis_failover 0.9.7.2 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

data/Changes.md +14 -0
data/README.md +57 -20
data/examples/config.yml +3 -0
data/lib/redis_failover.rb +4 -1
data/lib/redis_failover/cli.rb +25 -2
data/lib/redis_failover/client.rb +25 -10
data/lib/redis_failover/errors.rb +0 -4
data/lib/redis_failover/failover_strategy.rb +25 -0
data/lib/redis_failover/failover_strategy/latency.rb +21 -0
data/lib/redis_failover/manual_failover.rb +16 -4
data/lib/redis_failover/node.rb +2 -1
data/lib/redis_failover/node_manager.rb +419 -144
data/lib/redis_failover/node_snapshot.rb +81 -0
data/lib/redis_failover/node_strategy.rb +34 -0
data/lib/redis_failover/node_strategy/consensus.rb +18 -0
data/lib/redis_failover/node_strategy/majority.rb +18 -0
data/lib/redis_failover/node_strategy/single.rb +17 -0
data/lib/redis_failover/node_watcher.rb +13 -13
data/lib/redis_failover/util.rb +12 -4
data/lib/redis_failover/version.rb +1 -1
data/redis_failover.gemspec +1 -1
data/spec/failover_strategy/latency_spec.rb +41 -0
data/spec/failover_strategy_spec.rb +17 -0
data/spec/node_snapshot_spec.rb +30 -0
data/spec/node_strategy/consensus_spec.rb +30 -0
data/spec/node_strategy/majority_spec.rb +22 -0
data/spec/node_strategy/single_spec.rb +22 -0
data/spec/node_strategy_spec.rb +22 -0
data/spec/node_watcher_spec.rb +2 -2
data/spec/spec_helper.rb +2 -1
data/spec/support/node_manager_stub.rb +29 -8
metadata +35 -8

data/lib/redis_failover/node.rb CHANGED

@@ -22,7 +22,8 @@ module RedisFailover
     # @option options [String] :host the host of the redis server
     # @option options [String] :port the port of the redis server
     def initialize(options = {})
-      @host = options.fetch(:host) { raise InvalidNodeError, 'missing host'}
+      @host = options[:host]
+      raise InvalidNodeError, 'missing host' if @host.to_s.empty?
       @port = Integer(options[:port] || 6379)
       @password = options[:password]
     end

data/lib/redis_failover/node_manager.rb CHANGED

@@ -3,21 +3,20 @@ module RedisFailover
   # will discover the current redis master and slaves. Each redis node is
   # monitored by a NodeWatcher instance. The NodeWatchers periodically
   # report the current state of the redis node it's watching to the
-  # NodeManager via an asynchronous queue. The NodeManager processes the
-  # state reports and reacts appropriately by handling stale/dead nodes,
-  # and promoting a new redis master if it sees fit to do so.
+  # NodeManager. The NodeManager processes the state reports and reacts
+  # appropriately by handling stale/dead nodes, and promoting a new redis master
+  # if it sees fit to do so.
   class NodeManager
     include Util
     # Number of seconds to wait before retrying bootstrap process.
-    TIMEOUT = 3
-    # ZK Errors that the Node Manager cares about.
-    ZK_ERRORS = [
-      ZK::Exceptions::LockAssertionFailedError,
-      ZK::Exceptions::InterruptedSession,
-      ZKDisconnectedError
-    ].freeze
+    TIMEOUT = 5
+    # Number of seconds for checking node snapshots.
+    CHECK_INTERVAL = 5
+    # Number of max attempts to promote a master before releasing master lock.
+    MAX_PROMOTION_ATTEMPTS = 3
+    # Latency threshold for recording node state.
+    LATENCY_THRESHOLD = 0.5
     # Errors that can happen during the node discovery process.
     NODE_DISCOVERY_ERRORS = [
@@ -38,15 +37,16 @@ module RedisFailover
     def initialize(options)
       logger.info("Redis Node Manager v#{VERSION} starting (#{RUBY_DESCRIPTION})")
       @options = options
-      @znode = @options[:znode_path] || Util::DEFAULT_ZNODE_PATH
-      @manual_znode = ManualFailover::ZNODE_PATH
-      @mutex = Mutex.new
+      @required_node_managers = options.fetch(:required_node_managers, 1)
+      @root_znode = options.fetch(:znode_path, Util::DEFAULT_ROOT_ZNODE_PATH)
+      @node_strategy = NodeStrategy.for(options.fetch(:node_strategy, :majority))
+      @failover_strategy = FailoverStrategy.for(options.fetch(:failover_strategy, :latency))
+      @nodes = Array(@options[:nodes]).map { |opts| Node.new(opts) }.uniq
+      @master_manager = false
+      @master_promotion_attempts = 0
+      @sufficient_node_managers = false
+      @lock = Monitor.new
       @shutdown = false
-      @leader = false
-      @master = nil
-      @slaves = []
-      @unavailable = []
-      @lock_path = "#{@znode}_lock".freeze
     end
     # Starts the node manager.
@@ -54,21 +54,18 @@ module RedisFailover
     # @note This method does not return until the manager terminates.
     def start
       return unless running?
-      @queue = Queue.new
       setup_zk
-      logger.info('Waiting to become master Node Manager ...')
-      with_lock do
-        @leader = true
-        logger.info('Acquired master Node Manager lock')
-        if discover_nodes
-          initialize_path
-          spawn_watchers
-          handle_state_reports
-        end
-      end
+      spawn_watchers
+      wait_until_master
     rescue *ZK_ERRORS => ex
       logger.error("ZK error while attempting to manage nodes: #{ex.inspect}")
       reset
+      sleep(TIMEOUT)
+      retry
+    rescue NoMasterError
+      logger.error("Failed to promote a new master after #{MAX_PROMOTION_ATTEMPTS} attempts.")
+      reset
+      sleep(TIMEOUT)
       retry
     end
@@ -77,81 +74,58 @@ module RedisFailover
     #
     # @param [Node] node the node
     # @param [Symbol] state the state
-    def notify_state(node, state)
-      @queue << [node, state]
+    # @param [Integer] latency an optional latency
+    def notify_state(node, state, latency = nil)
+      @lock.synchronize do
+        if running?
+          update_current_state(node, state, latency)
+        end
+      end
+    rescue => ex
+      logger.error("Error handling state report #{[node, state].inspect}: #{ex.inspect}")
+      logger.error(ex.backtrace.join("\n"))
     end
     # Performs a reset of the manager.
     def reset
-      @leader = false
+      @master_manager = false
+      @master_promotion_attempts = 0
       @watchers.each(&:shutdown) if @watchers
-      @queue.clear
-      @zk.close! if @zk
-      @zk_lock = nil
     end
     # Initiates a graceful shutdown.
     def shutdown
       logger.info('Shutting down ...')
-      @mutex.synchronize do
+      @lock.synchronize do
         @shutdown = true
-        unless @leader
-          reset
-        end
       end
+      reset
+      exit
     end
     private
     # Configures the ZooKeeper client.
     def setup_zk
-      @zk.close! if @zk
-      @zk = ZK.new("#{@options[:zkservers]}#{@options[:chroot] || ''}")
-      @zk.on_expired_session { notify_state(:zk_disconnected, nil) }
-      @zk.register(@manual_znode) do |event|
-        if event.node_created? || event.node_changed?
-          perform_manual_failover
+      unless @zk
+        @zk = ZK.new("#{@options[:zkservers]}#{@options[:chroot] || ''}")
+        @zk.register(manual_failover_path) do |event|
+          handle_manual_failover_update(event)
         end
+        @zk.on_connected { @zk.stat(manual_failover_path, :watch => true) }
       end
-      @zk.on_connected { @zk.stat(@manual_znode, :watch => true) }
-      @zk.stat(@manual_znode, :watch => true)
-    end
-    # Handles periodic state reports from {RedisFailover::NodeWatcher} instances.
-    def handle_state_reports
-      while running? && (state_report = @queue.pop)
-        begin
-          @mutex.synchronize do
-            return unless running?
-            @zk_lock.assert!
-            node, state = state_report
-            case state
-            when :unavailable     then handle_unavailable(node)
-            when :available       then handle_available(node)
-            when :syncing         then handle_syncing(node)
-            when :zk_disconnected then raise ZKDisconnectedError
-            else raise InvalidNodeStateError.new(node, state)
-            end
-            # flush current state
-            write_state
-          end
-        rescue *ZK_ERRORS
-          # fail hard if this is a ZK connection-related error
-          raise
-        rescue => ex
-          logger.error("Error handling #{state_report.inspect}: #{ex.inspect}")
-          logger.error(ex.backtrace.join("\n"))
-        end
-      end
+      create_path(@root_znode)
+      create_path(current_state_root)
+      @zk.stat(manual_failover_path, :watch => true)
     end
     # Handles an unavailable node.
     #
     # @param [Node] node the unavailable node
-    def handle_unavailable(node)
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
+    def handle_unavailable(node, snapshots)
       # no-op if we already know about this node
       return if @unavailable.include?(node)
       logger.info("Handling unavailable node: #{node}")
@@ -160,7 +134,7 @@ module RedisFailover
       # find a new master if this node was a master
       if node == @master
         logger.info("Demoting currently unavailable master #{node}.")
-        promote_new_master
+        promote_new_master(snapshots)
       else
         @slaves.delete(node)
       end
@@ -169,7 +143,8 @@ module RedisFailover
     # Handles an available node.
     #
     # @param [Node] node the available node
-    def handle_available(node)
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
+    def handle_available(node, snapshots)
       reconcile(node)
       # no-op if we already know about this node
@@ -182,7 +157,7 @@ module RedisFailover
         @slaves << node
       else
         # no master exists, make this the new master
-        promote_new_master(node)
+        promote_new_master(snapshots, node)
       end
       @unavailable.delete(node)
@@ -191,74 +166,75 @@ module RedisFailover
     # Handles a node that is currently syncing.
     #
     # @param [Node] node the syncing node
-    def handle_syncing(node)
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
+    def handle_syncing(node, snapshots)
       reconcile(node)
       if node.syncing_with_master? && node.prohibits_stale_reads?
         logger.info("Node #{node} not ready yet, still syncing with master.")
         force_unavailable_slave(node)
-        return
+      else
+        # otherwise, we can use this node
+        handle_available(node, snapshots)
       end
-      # otherwise, we can use this node
-      handle_available(node)
     end
     # Handles a manual failover request to the given node.
     #
     # @param [Node] node the candidate node for failover
-    def handle_manual_failover(node)
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
+    def handle_manual_failover(node, snapshots)
       # no-op if node to be failed over is already master
       return if @master == node
       logger.info("Handling manual failover")
+      # ensure we can talk to the node
+      node.ping
       # make current master a slave, and promote new master
       @slaves << @master if @master
       @slaves.delete(node)
-      promote_new_master(node)
+      promote_new_master(snapshots, node)
     end
     # Promotes a new master.
     #
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
     # @param [Node] node the optional node to promote
-    # @note if no node is specified, a random slave will be used
-    def promote_new_master(node = nil)
-      delete_path
+    def promote_new_master(snapshots, node = nil)
+      delete_path(redis_nodes_path)
       @master = nil
-      # make a specific node or slave the new master
-      candidate = node || @slaves.pop
-      unless candidate
+      # make a specific node or selected candidate the new master
+      candidate = node || failover_strategy_candidate(snapshots)
+      if candidate.nil?
         logger.error('Failed to promote a new master, no candidate available.')
-        return
+      else
+        @slaves.delete(candidate)
+        @unavailable.delete(candidate)
+        redirect_slaves_to(candidate)
+        candidate.make_master!
+        @master = candidate
+        write_current_redis_nodes
+        @master_promotion_attempts = 0
+        logger.info("Successfully promoted #{candidate} to master.")
       end
-      redirect_slaves_to(candidate)
-      candidate.make_master!
-      @master = candidate
-      create_path
-      write_state
-      logger.info("Successfully promoted #{candidate} to master.")
     end
     # Discovers the current master and slave nodes.
     # @return [Boolean] true if nodes successfully discovered, false otherwise
     def discover_nodes
-      @mutex.synchronize do
-        return false unless running?
-        nodes = @options[:nodes].map { |opts| Node.new(opts) }.uniq
+      @lock.synchronize do
+        return unless running?
+        @slaves, @unavailable = [], []
         if @master = find_existing_master
           logger.info("Using master #{@master} from existing znode config.")
-        elsif @master = guess_master(nodes)
+        elsif @master = guess_master(@nodes)
           logger.info("Guessed master #{@master} from known redis nodes.")
         end
-        @slaves = nodes - [@master]
-        logger.info("Managing master (#{@master}) and slaves " +
-          "(#{@slaves.map(&:to_s).join(', ')})")
-        # ensure that slaves are correctly pointing to this master
-        redirect_slaves_to(@master)
-        true
+        @slaves = @nodes - [@master]
+        logger.info("Managing master (#{@master}) and slaves #{stringify_nodes(@slaves)}")
       end
     rescue *NODE_DISCOVERY_ERRORS => ex
       msg = <<-MSG.gsub(/\s+/, ' ')
@@ -276,7 +252,7 @@ module RedisFailover
     # Seeds the initial node master from an existing znode config.
     def find_existing_master
-      if data = @zk.get(@znode).first
+      if data = @zk.get(redis_nodes_path).first
         nodes = symbolize_keys(decode(data))
         master = node_from(nodes[:master])
         logger.info("Master from existing znode config: #{master || 'none'}")
@@ -305,10 +281,13 @@ module RedisFailover
     # Spawns the {RedisFailover::NodeWatcher} instances for each managed node.
     def spawn_watchers
-      @watchers = [@master, @slaves, @unavailable].flatten.compact.map do |node|
-        NodeWatcher.new(self, node, @options[:max_failures] || 3)
+      @zk.delete(current_state_path, :ignore => :no_node)
+      @monitored_available, @monitored_unavailable = {}, []
+      @watchers = @nodes.map do |node|
+        NodeWatcher.new(self, node, @options.fetch(:max_failures, 3))
       end
       @watchers.each(&:watch)
+      logger.info("Monitoring redis nodes at #{stringify_nodes(@nodes)}")
     end
     # Searches for the master node.
@@ -376,39 +355,278 @@ module RedisFailover
       }
     end
+    # @return [Hash] the set of currently available/unavailable nodes as
+    # seen by this node manager instance
+    def node_availability_state
+      {
+        :available => Hash[@monitored_available.map { |k, v| [k.to_s, v] }],
+        :unavailable => @monitored_unavailable.map(&:to_s)
+      }
+    end
     # Deletes the znode path containing the redis nodes.
-    def delete_path
-      @zk.delete(@znode)
-      logger.info("Deleted ZooKeeper node #{@znode}")
+    #
+    # @param [String] path the znode path to delete
+    def delete_path(path)
+      @zk.delete(path)
+      logger.info("Deleted ZK node #{path}")
     rescue ZK::Exceptions::NoNode => ex
       logger.info("Tried to delete missing znode: #{ex.inspect}")
     end
-    # Creates the znode path containing the redis nodes.
-    def create_path
-      unless @zk.exists?(@znode)
-        @zk.create(@znode, encode(current_nodes))
-        logger.info("Created ZooKeeper node #{@znode}")
+    # Creates a znode path.
+    #
+    # @param [String] path the znode path to create
+    # @param [Hash] options the options used to create the path
+    # @option options [String] :initial_value an initial value for the znode
+    # @option options [Boolean] :ephemeral true if node is ephemeral, false otherwise
+    def create_path(path, options = {})
+      unless @zk.exists?(path)
+        @zk.create(path,
+          options[:initial_value],
+          :ephemeral => options.fetch(:ephemeral, false))
+        logger.info("Created ZK node #{path}")
       end
     rescue ZK::Exceptions::NodeExists
       # best effort
     end
-    # Initializes the znode path containing the redis nodes.
-    def initialize_path
-      create_path
-      write_state
+    # Writes state to a particular znode path.
+    #
+    # @param [String] path the znode path that should be written to
+    # @param [String] value the value to write to the znode
+    # @param [Hash] options the default options to be used when creating the node
+    # @note the path will be created if it doesn't exist
+    def write_state(path, value, options = {})
+      create_path(path, options.merge(:initial_value => value))
+      @zk.set(path, value)
     end
-    # Writes the current redis nodes state to the znode path.
-    def write_state
-      create_path
-      @zk.set(@znode, encode(current_nodes))
+    # Handles a manual failover znode update.
+    #
+    # @param [ZK::Event] event the ZK event to handle
+    def handle_manual_failover_update(event)
+      if event.node_created? || event.node_changed?
+        perform_manual_failover
+      end
+    rescue => ex
+      logger.error("Error scheduling a manual failover: #{ex.inspect}")
+      logger.error(ex.backtrace.join("\n"))
+    ensure
+      @zk.stat(manual_failover_path, :watch => true)
+    end
+    # Produces a FQDN id for this Node Manager.
+    #
+    # @return [String] the FQDN for this Node Manager
+    def manager_id
+      @manager_id ||= [
+        Socket.gethostbyname(Socket.gethostname)[0],
+        Process.pid
+      ].join('-')
+    end
+    # Writes the current master list of redis nodes. This method is only invoked
+    # if this node manager instance is the master/primary manager.
+    def write_current_redis_nodes
+      write_state(redis_nodes_path, encode(current_nodes))
+    end
+    # Writes the current monitored list of redis nodes. This method is always
+    # invoked by all running node managers.
+    def write_current_monitored_state
+      write_state(current_state_path, encode(node_availability_state), :ephemeral => true)
+    end
+    # @return [String] root path for current node manager state
+    def current_state_root
+      "#{@root_znode}/manager_node_state"
+    end
+    # @return [String] the znode path for this node manager's view
+    # of available nodes
+    def current_state_path
+      "#{current_state_root}/#{manager_id}"
+    end
+    # @return [String] the znode path for the master redis nodes config
+    def redis_nodes_path
+      "#{@root_znode}/nodes"
+    end
+    # @return [String] the znode path used for performing manual failovers
+    def manual_failover_path
+      ManualFailover.path(@root_znode)
+    end
+    # @return [Boolean] true if this node manager is the master, false otherwise
+    def master_manager?
+      @master_manager
+    end
+    # Used to update the master node manager state. These states are only handled if
+    # this node manager instance is serving as the master manager.
+    #
+    # @param [Node] node the node to handle
+    # @param [Hash<Node, NodeSnapshot>] snapshots the current set of snapshots
+    def update_master_state(node, snapshots)
+      state = @node_strategy.determine_state(node, snapshots)
+      case state
+      when :unavailable
+        handle_unavailable(node, snapshots)
+      when :available
+        if node.syncing_with_master?
+          handle_syncing(node, snapshots)
+        else
+          handle_available(node, snapshots)
+        end
+      else
+        raise InvalidNodeStateError.new(node, state)
+      end
+    rescue *ZK_ERRORS
+      # fail hard if this is a ZK connection-related error
+      raise
+    rescue => ex
+      logger.error("Error handling state report for #{[node, state].inspect}: #{ex.inspect}")
+    end
+    # Updates the current view of the world for this particular node
+    # manager instance. All node managers write this state regardless
+    # of whether they are the master manager or not.
+    #
+    # @param [Node] node the node to handle
+    # @param [Symbol] state the node state
+    # @param [Integer] latency an optional latency
+    def update_current_state(node, state, latency = nil)
+      old_unavailable = @monitored_unavailable.dup
+      old_available = @monitored_available.dup
+      case state
+      when :unavailable
+        unless @monitored_unavailable.include?(node)
+          @monitored_unavailable << node
+          @monitored_available.delete(node)
+          write_current_monitored_state
+        end
+      when :available
+        last_latency = @monitored_available[node]
+        if last_latency.nil? || (latency - last_latency) > LATENCY_THRESHOLD
+          @monitored_available[node] = latency
+          @monitored_unavailable.delete(node)
+          write_current_monitored_state
+        end
+      else
+        raise InvalidNodeStateError.new(node, state)
+      end
+    rescue => ex
+      # if an error occurs, make sure that we rollback to the old state
+      @monitored_unavailable = old_unavailable
+      @monitored_available = old_available
+      raise
+    end
+    # Fetches each currently running node manager's view of the
+    # world in terms of which nodes they think are available/unavailable.
+    #
+    # @return [Hash<String, Array>] a hash of node manager to host states
+    def fetch_node_manager_states
+      states = {}
+      @zk.children(current_state_root).each do |child|
+        full_path = "#{current_state_root}/#{child}"
+        begin
+          states[child] = symbolize_keys(decode(@zk.get(full_path).first))
+        rescue ZK::Exceptions::NoNode
+          # ignore, this is an edge case that can happen when a node manager
+          # process dies while fetching its state
+        rescue => ex
+          logger.error("Failed to fetch states for #{full_path}: #{ex.inspect}")
+        end
+      end
+      states
+    end
+    # Builds current snapshots of nodes across all running node managers.
+    #
+    # @return [Hash<Node, NodeSnapshot>] the snapshots for all nodes
+    def current_node_snapshots
+      nodes = {}
+      snapshots = Hash.new { |h, k| h[k] = NodeSnapshot.new(k) }
+      fetch_node_manager_states.each do |node_manager, states|
+        available, unavailable = states.values_at(:available, :unavailable)
+        available.each do |node_string, latency|
+          node = nodes[node_string] ||= node_from(node_string)
+          snapshots[node].viewable_by(node_manager, latency)
+        end
+        unavailable.each do |node_string|
+          node = nodes[node_string] ||= node_from(node_string)
+          snapshots[node].unviewable_by(node_manager)
+        end
+      end
+      snapshots
+    end
+    # Waits until this node manager becomes the master.
+    def wait_until_master
+      logger.info('Waiting to become master Node Manager ...')
+      with_lock do
+        @master_manager = true
+        logger.info('Acquired master Node Manager lock.')
+        logger.info("Configured node strategy #{@node_strategy.class}")
+        logger.info("Configured failover strategy #{@failover_strategy.class}")
+        logger.info("Required Node Managers to make a decision: #{@required_node_managers}")
+        manage_nodes
+      end
+    end
+    # Manages the redis nodes by periodically processing snapshots.
+    def manage_nodes
+      # Re-discover nodes, since the state of the world may have been changed
+      # by the time we've become the primary node manager.
+      discover_nodes
+      # ensure that slaves are correctly pointing to this master
+      redirect_slaves_to(@master)
+      # Periodically update master config state.
+      while running? && master_manager?
+        @zk_lock.assert!
+        sleep(CHECK_INTERVAL)
+        @lock.synchronize do
+          snapshots = current_node_snapshots
+          if ensure_sufficient_node_managers(snapshots)
+            snapshots.each_key do |node|
+              update_master_state(node, snapshots)
+            end
+            # flush current master state
+            write_current_redis_nodes
+            # check if we've exhausted our attempts to promote a master
+            unless @master
+              @master_promotion_attempts += 1
+              raise NoMasterError if @master_promotion_attempts > MAX_PROMOTION_ATTEMPTS
+            end
+          end
+        end
+      end
+    end
+    # Creates a Node instance from a string.
+    #
+    # @param [String] node_string a string representation of a node (e.g., host:port)
+    # @return [Node] the Node representation
+    def node_from(node_string)
+      return if node_string.nil?
+      host, port = node_string.split(':', 2)
+      Node.new(:host => host, :port => port, :password => @options[:password])
     end
     # Executes a block wrapped in a ZK exclusive lock.
     def with_lock
-      @zk_lock = @zk.locker(@lock_path)
+      @zk_lock ||= @zk.locker('master_redis_node_manager_lock')
       begin
         @zk_lock.lock!(true)
@@ -418,39 +636,96 @@ module RedisFailover
       end
       if running?
+        @zk_lock.assert!
         yield
       end
     ensure
-      @zk_lock.unlock! if @zk_lock
+      if @zk_lock
+        begin
+          @zk_lock.unlock!
+        rescue => ex
+          logger.warn("Failed to release lock: #{ex.inspect}")
+        end
+      end
     end
     # Perform a manual failover to a redis node.
     def perform_manual_failover
-      @mutex.synchronize do
-        return unless running? && @leader && @zk_lock
+      @lock.synchronize do
+        return unless running? && @master_manager && @zk_lock
         @zk_lock.assert!
-        new_master = @zk.get(@manual_znode, :watch => true).first
+        new_master = @zk.get(manual_failover_path, :watch => true).first
         return unless new_master && new_master.size > 0
         logger.info("Received manual failover request for: #{new_master}")
         logger.info("Current nodes: #{current_nodes.inspect}")
-        node = new_master == ManualFailover::ANY_SLAVE ?
-          @slaves.shuffle.first : node_from(new_master)
+        snapshots = current_node_snapshots
+        node = if new_master == ManualFailover::ANY_SLAVE
+          failover_strategy_candidate(snapshots)
+        else
+          node_from(new_master)
+        end
         if node
-          handle_manual_failover(node)
+          handle_manual_failover(node, snapshots)
         else
           logger.error('Failed to perform manual failover, no candidate found.')
         end
       end
     rescue => ex
-      logger.error("Error handling a manual failover: #{ex.inspect}")
+      logger.error("Error handling manual failover: #{ex.inspect}")
       logger.error(ex.backtrace.join("\n"))
     ensure
-      @zk.stat(@manual_znode, :watch => true)
+      @zk.stat(manual_failover_path, :watch => true)
     end
     # @return [Boolean] true if running, false otherwise
     def running?
-      !@shutdown
+      @lock.synchronize { !@shutdown }
+    end
+    # @return [String] a stringified version of redis nodes
+    def stringify_nodes(nodes)
+      "(#{nodes.map(&:to_s).join(', ')})"
+    end
+    # Determines if each snapshot has a sufficient number of node managers.
+    #
+    # @param [Hash<Node, Snapshot>] snapshots the current snapshots
+    # @return [Boolean] true if sufficient, false otherwise
+    def ensure_sufficient_node_managers(snapshots)
+      currently_sufficient = true
+      snapshots.each do |node, snapshot|
+        node_managers = snapshot.node_managers
+        if node_managers.size < @required_node_managers
+          logger.error("Not enough Node Managers in snapshot for node #{node}. " +
+            "Required: #{@required_node_managers}, " +
+            "Available: #{node_managers.size} #{node_managers}")
+          currently_sufficient = false
+        end
+      end
+      if currently_sufficient && !@sufficient_node_managers
+        logger.info("Required Node Managers are visible: #{@required_node_managers}")
+      end
+      @sufficient_node_managers = currently_sufficient
+      @sufficient_node_managers
+    end
+    # Invokes the configured failover strategy.
+    #
+    # @param [Hash<Node, NodeSnapshot>] snapshots the node snapshots
+    # @return [Node] a failover candidate
+    def failover_strategy_candidate(snapshots)
+      # only include nodes that this master Node Manager can see
+      filtered_snapshots = snapshots.select do |node, snapshot|
+        snapshot.viewable_by?(manager_id)
+      end
+      logger.info('Attempting to find candidate from snapshots:')
+      logger.info("\n" + filtered_snapshots.values.join("\n"))
+      @failover_strategy.find_candidate(filtered_snapshots)
     end
   end
 end