fencing host from storage

Registered by Ehud Trainin on 2013-10-30

 Fence storage form host would include preventing the host from accessing the volumes, which were attached to it.

Fencing will be done with a fence-host method, called with the arguments: context, host-name and connector.

The fencing will take care of
1) Finding all storage devices with volumes attached to one or more of the host's instances.
2) For each storage device in that list, removing the host from the list of hosts permitted to access volumes in the storage device. If the driver needs further information about the host, such as iSCSI initiator names or WWPNs, it would derive them out of the connector.
3) Detach at the Cinder level each volume attached to one of the host's instances.

Part of the host-fencing would be done at the driver. Given there are many drivers, the fence-host would be implemented and tested first only with one or two drivers: iSCSI and maybe NFS.

It should be noted that currently Cinder supports a detach-volume command, which is only detaching volume at the Cinder management level, but does not force detachment at the storage device level. One may consider an alternative fencing implementation, in which the behavior of volume detach is changed, such that it would also force detach at the storage controller level. However, there are three reasons why this should not be done:
1) In case a volume is shared, it is impossible to force-detach it from a single instance, since a volume is connected - at the storage device level - to the host and not to an instance. It would neither be possible to detach a shared volume from all instances, since it may disconnect the volume from instances on other hosts.
2) In NFS it is not possible to disconnect a volume from an instance even if it is not shared.
3) Since we like to fence an instance, only as part of the fencing of all instances of a given host, sending a single fence-host request would be more efficient and thus enable a faster recovery.

For more details about fencing integration in OpenStack see
https://wiki.openstack.org/wiki/Fencing_Instances_of_an_Unreachable_Host

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
Ehud Trainin
Direction:
Needs approval
Assignee:
Ehud Trainin
Definition:
Obsolete
Series goal:
Accepted for future
Implementation:
Not started
Milestone target:
milestone icon next
Completed by
Sean McGinnis on 2015-10-18

Related branches

Sprints

Whiteboard

(smcginnis): Marking obsolete as this has been sitting out there for a long time. If this is still needed, please submit a new bp.

Given I haven't seen any updates, or had any communication from the on this feature I'm removing this from I3. FFE is rapidly approaching and there are plenty of items in the queue that people have been working on for quite some time.

Feel free to propose code if you finish this up, but it's low on the priority list at this point.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.