Thanks to @Leonard that pointed out the possibility of creating a redundant system!
Redundancy is basically the duplication of critical components of a system with the intention of increasing reliability of the system.
In my case I'm going to use two Arduino that do the same task: sail the boat. In the event that one fails the other could take his place.
One is gonna be the master Arduino which in normal conditions operates the sailboat by himself. The other one is gonna be the slave Arduino that will provide its sensors readings in case of failure of sensors of the master Arduino or will substitute the master Arduino in case of complete failure. They will be located in two independent waterproof enclosures.
The only parts in common are the I2C bus between the master and the slave and the servos operating rudder and sails.
The slave Arduino will be in standby mode most of the time in order to prevent as much as possible power consumption, periodically it will wake up to send a signal over the I2C to the master to see if everything is working fine. It can also be activated by the master in case of necessity.
The master/slave choosing policy is quite simple: the slave periodically check if the master is alive and if it does not receive any answer switch to master mode. From its part the master periodically checks if the slave is not in master mode, if this occurs the master automatically switch to slave mode.
There can be a problem in the scenario in which the connection between the Arduinos fails but both of them are still operating. In this case there will be two master Arduino in competition for operating the boat. I'm evaluating two options:
- To use a control circuit as an intermediary between the two Arduinos and the sails and rudder. If it receives two signals it listens only to one, based on statistics calculated on previously received commands. Obviously this choice has one BIG gap: the control circuit itself is a weak point if it fails.
- The options that I'm actually more willing to consider is to create more than one I2C bus between the Arduinos. So if the first bus fails to deliver the signal the second will be used and so on.
If you have any questions or suggestions please feel free to comment :)