yahoo-eng-team team mailing list archive

[Artom Lifshitz <2006689@xxxxxxxxxxxxxxxxxx>]

Heya,

I think there's some confusion around expectations for evacuations.

Evacuations _must_ be done with the source compute fenced, and brought
back online by a human in a controlled manner to ensure evacuated
instances are destroyed properly. Any monitoring software that initiates
evacuations without first fencing the source host (think STONITH) is
incorrect.

** Changed in: nova
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2006689

Title:
  Evacuation will lead to double instances in some situation

Status in OpenStack Compute (nova):
  Invalid

Bug description:
  In our production environment,due to some reason one compute node rebooted and our monitoring software issued evacuation action to ensure high availability of VMs.
  But we got some unexpected error and that lead to double instances for one VM. The acutal situation is that the source compute node has been restarted and the nova-compute service also restarted, but the management network have some problem, this lead to monitoring soft got misjudgment and it issued evacuation action. The management network restored while instance evacuation have been completed.
  Under these conditions，the virtual machine dual instance problem arises.
  In the nova-computes service start progress, the _destroy_evacuated_instances function will destroy evacuated instance and this ensure the evacuated VM will not have dual instances. But this just a one-shot action, it can't cover our got problem.
  So can we change the _destroy_evacuated_instances function's logic to a periodic task to avoid dual instanes in our situation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2006689/+subscriptions