From 24a40d57da89dc489457cf7b57235d810238cbab Mon Sep 17 00:00:00 2001
From: Iustin Pop <iustin@google.com>
Date: Wed, 31 Oct 2007 14:56:18 +0000
Subject: [PATCH] More sane handling of errors during failover

Currently we ignore errors on instance shutdown (on the source node)
during instance failover. We should do this only if the user gave a
command line options allowing this, as it's a dangerous thing to do.

This patch fixes this by using the same "--ignore-consistency" option
for deciding whether to continue or abort. It also expands a bit the man
page.

Reviewed-by: imsnah
---
 lib/cmdlib.py         | 10 +++++++---
 man/gnt-instance.sgml |  5 ++++-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/cmdlib.py b/lib/cmdlib.py
index 697e902b0..bcb29a39d 100644
--- a/lib/cmdlib.py
+++ b/lib/cmdlib.py
@@ -2527,9 +2527,13 @@ class LUFailoverInstance(LogicalUnit):
                 (instance.name, source_node))
 
     if not rpc.call_instance_shutdown(source_node, instance):
-      logger.Error("Could not shutdown instance %s on node %s. Proceeding"
-                   " anyway. Please make sure node %s is down"  %
-                   (instance.name, source_node, source_node))
+      if self.op.ignore_consistency:
+        logger.Error("Could not shutdown instance %s on node %s. Proceeding"
+                     " anyway. Please make sure node %s is down"  %
+                     (instance.name, source_node, source_node))
+      else:
+        raise errors.OpExecError("Could not shutdown instance %s on node %s" %
+                                 (instance.name, source_node))
 
     feedback_fn("* deactivating the instance's disks on source node")
     if not _ShutdownInstanceDisks(instance, self.cfg, ignore_primary=True):
diff --git a/man/gnt-instance.sgml b/man/gnt-instance.sgml
index 692ac83a4..39ab31cc8 100644
--- a/man/gnt-instance.sgml
+++ b/man/gnt-instance.sgml
@@ -813,7 +813,10 @@ node1.example.com:sdb:/dev/md1
           disks before failing over the instance. If you are trying to
           migrate instances off a dead node, this will fail. Use the
           <option>--ignore-consistency</option> option for this
-          purpose.
+          purpose. Note that this option can be dangerous as errors in
+          shutting down the instance will be ignored, resulting in
+          possibly having the instance running on two machines in
+          parallel (on disconnected DRBD drives).
         </para>
 
         <para>
-- 
GitLab