TOPIC:

I've checked the forum and found that soft shutdown of host can sometimes lead split brain scenario.

While managing and trying to restart the host you could remember to follow the procedure of deactivating ha and so on.

But... if hosts are managed by UPS then in case of power failure they will try to gracefully shutdown. Which is good practice of course.

But then they could experience split brain situation which I find much more dangerous.

That's why it would be great if HA-lizard could handle this situation.

P.S.
You could write proper UPS handling scripts, but it is not towards automation any more

If you have access to the UPS shutdown script you may want to instruct it to disable HA before shutdown. If this is a possibility, let us know. We can provide a few lines of code to properly shut things down.

Regarding split-brain - there have been occasional cases of DRBD split brain (not xenserver). This generally does not impact system availability. Also, the system will send an email alert if this condition is present.

XenServer split brain is a less likely scenario especially when the hosts are directly connected as shown in the how-to document. This eliminates the possibility of potentially writing to both block storages simultaneously.

In a worst case scenario - with complete loss of network on both nodes, the slave would enter a restricted HA state to avoid XenServer split brain.