From 236143f29b63205a6e3271bab553de448d9dfe1d Mon Sep 17 00:00:00 2001 From: Tomi Juvonen Date: Wed, 23 Sep 2015 09:45:06 +0300 Subject: Fencing requirement. Update requirement documentation about fencing. Change-Id: I3c0b4aaaa31c3eb958efc5cc483821ce96082aa8 Jira: DOCTOR-10 --- requirements/03-architecture.rst | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'requirements') diff --git a/requirements/03-architecture.rst b/requirements/03-architecture.rst index 14055485..9b618e01 100644 --- a/requirements/03-architecture.rst +++ b/requirements/03-architecture.rst @@ -183,9 +183,18 @@ Without fencing -- when the perceived disconnection is due to some transient or partial failure -- the evacuation might lead into two identical instances running together and having a dangerous conflict. -There is a cross-project effort in OpenStack ongoing to implement fencing. A -general description of fencing in OpenStack is available here: -https://wiki.openstack.org/wiki/Fencing_Instances_of_an_Unreachable_Host . +There is a cross-project definition in OpenStack of how to implement +fencing, but there has not been any progress. The general description is +available here: +https://wiki.openstack.org/wiki/Fencing_Instances_of_an_Unreachable_Host + +As OpenStack does not cover fencing it is in the responsibility of the Doctor +project to make sure fencing is done by using tools like pacemaker and by +calling OpenStack APIs. Only after fencing is done OpenStack resources can be +marked as down. In case there are gaps in OpenStack projects to have all +relevant resources marked as down, those gaps need to be identified and fixed. +The Doctor Inspector component will be responsible of marking resources down in +the OpenStack and back up if necessary. Recovery Action ^^^^^^^^^^^^^^^ -- cgit 1.2.3-korg