fix(arbitrator): resolve startup failure with missing config backup directory (#1309)

[tanji]

Summary

Fixes #1309 - Arbitrator service failing to start with error "Monitoring config backup directory not defined"

Problem Analysis

The arbitrator was failing during initialization due to multiple interconnected issues:

1. Duplicate flag parsing: Go's flag package was conflicting with Cobra, causing --user flag value to be lost when using --user=value syntax
2. Empty ConfDirBackup: User lookup failed with empty username, resulting in empty backup directory path
3. Inappropriate fatal error: Arbitrator never saves config and doesn't need backup directory, but the check didn't account for this

Changes Made

Core Fixes

• server/server.go:

  • Removed duplicate flag.Parse() that conflicted with Cobra flag handling
  • Removed unused flag import
  • Added WithArbitration != "ON" condition to skip ConfDirBackup requirement for arbitrator
  • Guarded os.MkdirAll(conf.ConfDirBackup) to prevent operations on empty paths
  • Added early return in PushConfigToBackupDir() when in arbitrator mode

• server/server_cmd.go:

  • WithArbitration variable already existed (defaults to "OFF")

• arbitrator/arbitrator_cmd.go:

  • Added server package import
  • Set server.WithArbitration = "ON" in init() to signal arbitrator mode
  • Registered --user flag as PersistentFlag on rootCmd

Service Files

• service/replication-manager-arb.service:

  • Fixed flag syntax: --user=repman → --user repman
  • Added Restart=on-failure and RestartSec=5 for consistency

• service/replication-manager-osc.service:

  • Fixed flag syntax: --user=repman → --user repman

• service/replication-manager-pro.service:

  • Fixed flag syntax: --user=repman → --user repman

Test Results

All tests pass ✅

• ✅ Arbitrator builds successfully
• ✅ --user flag recognized and functional
• ✅ No "Monitoring config backup directory not defined" error
• ✅ No "unknown flag: --user" error
• ✅ Arbitrator starts and discovers cluster configuration
• ✅ Server builds continue to work normally with safety checks intact

Verification

# Build arbitrator
make arb

# Test with --user flag
./build/binaries/replication-manager-arb --user repman arbitrator

# Test without --user flag
./build/binaries/replication-manager-arb arbitrator

Both scenarios now work correctly. The arbitrator proceeds to cluster discovery and database connection without requiring ConfDirBackup to be set.

Backward Compatibility

No breaking changes:

• Service file syntax correction (old syntax was already broken)
• WithArbitration flag follows existing pattern used by WithTarball, WithProvisioning, etc.
• Server/client builds maintain identical behavior with WithArbitration="OFF"
• Arbitrator gets working binary instead of broken one

Migration Notes

Users with custom systemd service files should update to space-separated flag syntax:

• ❌ Old: --user=repman
• ✅ New: --user repman

No other migration needed.

[claude]

Code Review

I've reviewed this PR and overall it's a solid fix for issue #1309. The changes correctly address the arbitrator startup failure. Here's my detailed feedback:

---

✅ Strengths

1. Root Cause Analysis: The PR correctly identifies three interconnected issues:

   • Duplicate flag parsing causing flag value loss
   • Empty ConfDirBackup from failed user lookup
   • Inappropriate fatal error for arbitrator mode

2. Appropriate Use of Feature Flags: The WithArbitration variable follows the existing pattern used by other build-time feature flags (WithTarball, WithProvisioning, etc.), maintaining architectural consistency.

3. Minimal, Targeted Changes: The fix doesn't over-engineer or add unnecessary complexity. It specifically guards only the code paths that don't apply to the arbitrator.

4. Service File Corrections: Fixing the systemd flag syntax from --user=repman to --user repman resolves the "unknown flag" error. Both syntaxes are typically valid with GNU-style parsers, but the space-separated form is more universally compatible with Cobra/pflag.

5. Backward Compatibility: No breaking changes to existing server/client builds.

---

🔍 Code Quality Observations

server/server.go (Lines 277-281)

Potential Issue: The removal of the flag.Parse() call is correct, but the logic for setting usr has changed:

// BEFORE (removed code):
var usr string
flag.StringVar(&usr, "user", "", "help message")
flag.Parse()
if usr == "" && repman != nil {
    usr = repman.OsUser.Username
}

// AFTER:
var usr string
if repman != nil && repman.OsUser != nil {
    usr = repman.OsUser.Username
}

Concern: The usr variable is now set but never used after line 280. It appears to be dead code. The actual flag binding happens on line 281:

flags.StringVar(&conf.MonitoringSystemUser, "user", "", "OS User for running repman")

Recommendation: Consider removing the unused usr variable entirely for cleaner code:

func (repman *ReplicationManager) AddFlags(flags *pflag.FlagSet, conf *config.Config, isClient bool) {
    flags.IntVar(&conf.TokenTimeout, "api-token-timeout", 48, "Timespan of API Token before expired in hour")
    
    if WithDeprecate == "ON" {
        //	initDeprecated() // not needed used alias in main
    }
    flags.StringVar(&conf.MonitoringSystemUser, "user", "", "OS User for running repman")
    // ... rest of function
}

---

arbitrator/arbitrator_cmd.go (Lines 23, 58)

Minor Observation: The local withArbitration variable is defined but only used to set server.WithArbitration. This is fine for consistency with other packages, but it could be simplified:

// Current:
var withArbitration = "ON"
// ...
server.WithArbitration = withArbitration

// Alternative (more direct):
server.WithArbitration = "ON"

However, keeping the local variable maintains consistency with how other packages handle feature flags, so this is acceptable either way.

---

🛡️ Security Considerations

No security concerns identified. The changes:

• Don't introduce input validation issues
• Don't expose sensitive data
• Don't create privilege escalation vectors
• Properly handle empty/nil values with guard conditions

---

🐛 Potential Bugs

server/server.go (Line 1185-1187)

Defensive Programming Issue: The guard condition checks both WithArbitration != "ON" AND conf.ConfDirBackup != "", but this could mask configuration errors in non-arbitrator builds.

if WithArbitration != "ON" && conf.ConfDirBackup != "" {
    os.MkdirAll(conf.ConfDirBackup, os.ModePerm)
}

Scenario: If ConfDirBackup is empty in a server build (not arbitrator), the directory won't be created, but the check on line 1178 would have already caught this with a fatal error. So this is safe, but the double-check is slightly redundant.

Recommendation: This is actually fine as-is for defense in depth. The fatal check above ensures ConfDirBackup is set for non-arbitrator builds.

---

⚡ Performance Considerations

No performance impact. The changes add simple string comparisons that occur only during initialization, not in hot paths.

---

🧪 Test Coverage

Observation: The PR description mentions manual testing:

• ✅ Arbitrator builds successfully
• ✅ --user flag functional
• ✅ No fatal errors
• ✅ Service starts correctly

Recommendation: Consider adding a regression test in the regtest/ package to verify arbitrator initialization doesn't require ConfDirBackup. Example:

// regtest/test_arbitrator_init.go
func testArbitratorNoBackupDir(cluster *cluster.Cluster, conf string, test *cluster.Test) bool {
    // Verify arbitrator can start without ConfDirBackup set
    // ...
}

However, this may be out of scope for this bug fix.

---

📝 Documentation

Minor Suggestion: The PR body is excellent and thorough. Consider documenting the WithArbitration flag in the doc/BUILD.md file, which already lists other build-time flags.

---

🎯 Final Verdict

Approve with minor suggestions. The fix is:

• ✅ Correct and complete
• ✅ Minimal and focused
• ✅ Architecturally consistent
• ✅ Well-tested manually
• ✅ Properly documented in PR

Minor Improvements (non-blocking):

1. Remove unused usr variable in server/server.go:277-280
2. Consider adding regression test for arbitrator init
3. Update doc/BUILD.md with WithArbitration flag documentation

Great work fixing a critical blocker for arbitrator deployments! 🎉