Two Node System: VMs did not switch to ERROR state after host reboot
A logically failed (rebooted) active controller is not being
administratively failed by maintenance. As a result the host's
offline availability state is not reported to the VIM and the
VMs on that (rebooted) All-in-one host are not evacuated.
This issue only applies to two node systems because of how the heartbeat
enable of an All-in-one host needs to be held off until its compute
manifests apply in the DOR case so as to avoid maintenance failing the
peer controller over a DOR.
The challange in maintenance is to distinguish between this spontaneous
failure and a DOR. For All-in-one hosts, DOR mode is active for a
whopping 600 seconds ; long enough to account for both sets of manifests
to apply.
It's that long delay that is making this silent fault stand out so
obviously.
This update uses 'active DOR mode' to decide whether or not to enable a
host's heartbeat in the add handler.
To better handle early active controller failure the qualifier for DOR
mode was reduced from 20 to 15 minutes. Meaning that maintenance DOR
mode is activated if its host up time is less than 15 minutes ; rather
than 20 as it was before this update. Note that normally the active
controller starts maintenance with an uptime of 5-7 minutes.
Story: 2002995
Task: 23009
Change-Id: I749aefef45b9db6e86a2c6b81d131ebeccc68926
Signed-off-by: David Sullivan <david.sullivan@windriver.com>