We often need to do cluster restart as part of release for a cluster of > 1000 nodes. We have tried our best to get clean shutdown but 50% of the time, hmaster still thinks it is a failover. This increases the restart time from 5 min to 30 min and decreases locality from 99% to 5% since we didn't use a locality-aware balancer. We had a bug
HBASE-14129 but the fix didn't work.
After adding more logging and inspecting the logs, we identified two things that trigger the failover handling:
1. When Hmaster.AssignmentManager detects any dead servers on service manager during joinCluster(), it determines this is a failover without further check. I added a check whether there is even any region assigned to these servers. During a clean restart, the regions are not even assigned.
2. When there are some leftover empty folders for log and split directories or empty wal files, it is also treated as a failover. I added a check for that. Although this can be resolved by manual cleanup, it is still too tedious for restarting a large cluster.
Patch will follow shortly. The fix is tested and used in production now.