“UNKNOWN” host_status notification may cause unsafe evacuation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
masakari |
Fix Released
|
Critical
|
Shilpa Devharakar |
Bug Description
Currently, masakari-
If a failed host remains power on for some reasons and VM instances are still running on the host, those instances are requested to evacuate through Nova API. Moreover, if nova-compute is ‘down’ status and corosync is ‘offline’ status due to network infrastructure instability or so, the failover of VM instances are executed even though existing VM instances are not fenced, which is dangerous and may cause unavailable instance and data loss.
To avoid unsafe failover, the failover process must not be triggered by a notification with “UNKNOWN” host_status.
Changed in masakari: | |
status: | New → Confirmed |
Changed in masakari: | |
importance: | Undecided → Critical |
Changed in masakari: | |
assignee: | nobody → Shilpa Devharakar (shilpasd) |
Fix proposed to branch: master /review. opendev. org/714573
Review: https:/