Does HA failover on Panorama trigger synchronisation of DAG objects pulled via plugins?

• Panorama in High Availability (HA) setup
• Plugins installed on Panorama and used to pull DAG objects: aws, azure, vmware_vcenter, kubernetes or NSX-T

The behaviour

Full synchronisation is not triggered right after failover in all the panorama plugins (apart from NSX-T). That is as per the design. Once the passive panorama becomes the active node, it waits for the next retrieval interval to fetch the latest updates.

How to verify the behaviour

To verify the behaviour, the following logs can be checked over Tech Support File which should be collected after doing a couple of failovers. The following logs and HA setup are documented for your references so you should be adjusting the log that you will be checking based on the plugin that is being troubleshooted. 

• Check the system logs to get the timestamp for HA failover event. As it is seen below, failover happened at 2025/01/27 14:57:16

2025/01/27 14:57:16 2025/01/27 14:57:16 high     ha             state-c 0      Moved from state Passive to state Active

• If it is the issue with kubernetes plugin, check "plugin_kubernetes_tag_ret.log" to follow the sequence of the events. For kubernetes plugin, default monitoring interval is 30 seconds

2025-01-27 14:56:56.200 +0000 INFO: k8s-ret: Tag retrieval complete, going to sleep for 30 seconds.  -->> last poll
2025-01-27 14:57:16.153 +0000 INFO: k8s-ret: Ha-state changing...   -->> HA triggered
2025-01-27 14:57:26.233 +0000 INFO: k8s-ret: Beginning to retrieve tags in 'safe state' mode   -->> 30 seconds passed and started to poll, meaning not triggered by HA failover
........
2025-01-27 14:57:28.984 +0000 INFO: k8s-ret: Tag retrieval complete, going to sleep for 30 seconds.

• If it is the issue with aws plugin, check "plugin_aws_ret.log" to follow the sequence of the events. For aws plugin, default monitoring interval is 60 seconds

2025-01-27 14:56:57.199 +0000 DEBUG: Tag-ret: Tag retrieval complete, going to sleep.   -->> last poll
2025-01-27 14:57:16.153 +0000 INFO: Retrieval Ha-state changing...   -->> HA triggered
2025-01-27 14:57:57.261 +0000 DEBUG: Tag-ret: beginning to retrieve tags in 'safe state' mode.   -->> 60 seconds passed and started to poll, meaning not triggered by HA failover
..............
2025-01-27 14:57:57.276 +0000 DEBUG: Tag-ret: Tag retrieval complete, going to sleep.

• If it is the issue with vmware_vcenter plugin, check "plugin_aws_ret.log" to follow the sequence of the events. For vmware_vcenter plugin, monitoring interval is set to 1800 seconds in this example

2025-01-27 14:29:45.598 +0000 DEBUG: Tag-ret: Tag retrieval complete, going to sleep   -->> last poll
2025-01-27 14:57:16.153 +0000 INFO: Retrieval Ha-state changing...   -->> HA triggered
2025-01-27 14:59:47.130 +0000 DEBUG: Tag-ret: Tag ret beginning to process commit.   -->>1800 seconds passed and started to poll, meaning not triggered by HA failover

• To check the mentioned log files on CLI, you may run the following command and try to track the logs over there by correlating to the above samples

          less plugins-log <name of the log file>