diff options
| -rw-r--r-- | requirements/03-architecture.rst | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/requirements/03-architecture.rst b/requirements/03-architecture.rst index 14055485..9b618e01 100644 --- a/requirements/03-architecture.rst +++ b/requirements/03-architecture.rst @@ -183,9 +183,18 @@ Without fencing -- when the perceived disconnection is due to some transient or partial failure -- the evacuation might lead into two identical instances running together and having a dangerous conflict. -There is a cross-project effort in OpenStack ongoing to implement fencing. A -general description of fencing in OpenStack is available here: -https://wiki.openstack.org/wiki/Fencing_Instances_of_an_Unreachable_Host . +There is a cross-project definition in OpenStack of how to implement +fencing, but there has not been any progress. The general description is +available here: +https://wiki.openstack.org/wiki/Fencing_Instances_of_an_Unreachable_Host + +As OpenStack does not cover fencing it is in the responsibility of the Doctor +project to make sure fencing is done by using tools like pacemaker and by +calling OpenStack APIs. Only after fencing is done OpenStack resources can be +marked as down. In case there are gaps in OpenStack projects to have all +relevant resources marked as down, those gaps need to be identified and fixed. +The Doctor Inspector component will be responsible of marking resources down in +the OpenStack and back up if necessary. Recovery Action ^^^^^^^^^^^^^^^ |