Performing a Failover Restore on a Standby Controller

If the primary controller is no longer functional, you can fail over to the standby controller and restore from the most recent backup. On the standby controller, go to the Restore page (at /recovery/standbys/). If particular conditions exist, a warning will appear:

  • If the primary controller is still reachable, the restore option will not be available. You will need to shut down or disable the primary controller to proceed.

    Warning

    An active primary controller can interfere with the restore process by preventing nodes from reconnecting to the newly promoted standby controller.

  • If the latest available backup was generated by a SwiftStack Controller On-Premises running a more recent version than the standby, then Restore will be disabled. (This is why SwiftStack recommends you always upgrade your recovery controllers first, before your primary controller.) If this condition exists, a message will be displayed indicating the version needed. A restore will only be able to proceed after the standby controller version is greater than or equal to the backup's version. If you need assistance updating the version, please contact SwiftStack Technical Support.

  • If the latest available backup is old, a warning will be displayed. You may override this warning and restore anyway.

Note that configuration setting changes made since the most recent backup will be lost upon restore and will need to be made again.

Before initiating the restore process, update the DNS record for the CNAME to point to the soon-to-be promoted standby controller. Once the restore begins, the standby controller will restore from the latest backup file (either on local disk or a configured Swift cluster) and then move time-series data into place. A success message will be displayed once the restore is complete.

Caution

Some browsers cache the IP Address associated with a particular hostname for quite some time. If the (old) primary is not properly disabled, the browser may not be able to reach the (new) standby.