Risk of crash during migration in a emergency cluster

[a1div0]

Description of the risk

Sometimes, for various reasons, the operations team upgrades only part of the cluster. In our practice, a cluster usually consists of two parts. But in theory it can have three or more parts. When there are different versions of the application on the cluster in different instances, this is, of course, an abnormal state of the cluster. However, it is possible to run the migration on all leaders with the "migrator" role.

What do you need

I would like to have some kind of verification mechanism that would not allow migration to be launched if at least one instance has an inappropriate version of the application.

[a1div0]

Нашёл такую же задачу от декабря 2021:

• https://github.com/tarantool/mfactory/issues/163