When a server is detected as down, PyBal tries to depool it. Before doing so however, PyBal checks whether the operation can be performed. Every service has a configurable depool-threshold limiting the number of servers that can be depooled. The current "can-depool" logic looks like this:
return len(self.servers) - len(downServers) >= len(self.servers) * self.lvsservice.getDepoolThreshold()
If the above condition is true, the server can be depooled. However, the logic currently only takes servers marked as "down" into account, failing to consider servers administratively disabled.
Let's consider the following scenario:
In the given situation, canDepool currently returns true (4 - 0 >= 4 * 0.5), allowing the depool operation to proceed and leaving the service with only one pooled server. In this scenario we want instead to have a minimum of 2 servers always enabled and pooled. To enforce such constraint, the logic needs to be changed as follows:
return len(self.servers) - len(downServers) - len(disabledServers) >= len(self.servers) * self.lvsservice.getDepoolThreshold()