summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--requirements/03-architecture.rst15
1 files changed, 12 insertions, 3 deletions
diff --git a/requirements/03-architecture.rst b/requirements/03-architecture.rst
index 14055485..9b618e01 100644
--- a/requirements/03-architecture.rst
+++ b/requirements/03-architecture.rst
@@ -183,9 +183,18 @@ Without fencing -- when the perceived disconnection is due to some transient
or partial failure -- the evacuation might lead into two identical instances
running together and having a dangerous conflict.
-There is a cross-project effort in OpenStack ongoing to implement fencing. A
-general description of fencing in OpenStack is available here:
-https://wiki.openstack.org/wiki/Fencing_Instances_of_an_Unreachable_Host .
+There is a cross-project definition in OpenStack of how to implement
+fencing, but there has not been any progress. The general description is
+available here:
+https://wiki.openstack.org/wiki/Fencing_Instances_of_an_Unreachable_Host
+
+As OpenStack does not cover fencing it is in the responsibility of the Doctor
+project to make sure fencing is done by using tools like pacemaker and by
+calling OpenStack APIs. Only after fencing is done OpenStack resources can be
+marked as down. In case there are gaps in OpenStack projects to have all
+relevant resources marked as down, those gaps need to be identified and fixed.
+The Doctor Inspector component will be responsible of marking resources down in
+the OpenStack and back up if necessary.
Recovery Action
^^^^^^^^^^^^^^^