OpenStack Compute (nova)

Evacuation will lead to double instances in some situation

Bug #2006689 reported by benlei on 2023-02-09

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Invalid	Undecided	Unassigned

Bug Description

In our production environment,due to some reason one compute node rebooted and our monitoring software issued evacuation action to ensure high availability of VMs.
But we got some unexpected error and that lead to double instances for one VM. The acutal situation is that the source compute node has been restarted and the nova-compute service also restarted, but the management network have some problem, this lead to monitoring soft got misjudgment and it issued evacuation action. The management network restored while instance evacuation have been completed.
Under these conditions，the virtual machine dual instance problem arises.
In the nova-computes service start progress, the _destroy_evacuated_instances function will destroy evacuated instance and this ensure the evacuated VM will not have dual instances. But this just a one-shot action, it can't cover our got problem.
So can we change the _destroy_evacuated_instances function's logic to a periodic task to avoid dual instanes in our situation.

Revision history for this message

Artom Lifshitz (notartom) wrote on 2023-02-13:

Heya,

I think there's some confusion around expectations for evacuations.

Evacuations _must_ be done with the source compute fenced, and brought back online by a human in a controlled manner to ensure evacuated instances are destroyed properly. Any monitoring software that initiates evacuations without first fencing the source host (think STONITH) is incorrect.

Changed in nova:
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.