Unit assignment to "unused" machines
william.reade at canonical.com
Sun Dec 25 09:22:06 UTC 2011
As I work on the constraints code, I've been paying a bit more attention
to the unit placement logic, and I've started to fret a little about the
consequences. The motivation for assigning units to unused machines
seems perfectly sensible on its face: that if we've provisioned a
machine, but it's not carrying any units (and hasn't yet been noticed
and shut down by the PA), we should reuse that machine to deploy new
However, I'm concerned about its interaction with 3 bugs (well, 2 bugs
and a missing feature).
1) No stop hooks will be fired (lp:802995; lp:872264). So, an "unused"
machine is in fact still running the original service unit. OK, we
should fix those bugs by 12.04; and assuming we do, we can forget about
*this* point. But:
2) Even if we *do* fire the stop hooks, we don't have any guarantee that
the stop hook has *actually* shut down the service properly... AFAICT,
we can only guarantee that the machine is genuinely unused once we've
implemented unit containerization -- which surely won't happen by 12.04
-- and actually stopped the *container* itself.
In light of the above, it seems to me that we should temporarily back
out the use of assign_to_unused_machine, and *always* create new
machines for new units; this means we won't get to reuse machines, ofc
, but we also won't risk weird and hard-to-repro bugs caused by
not-actually-stopped units sharing machines.
I should reiterate that I don't oppose the feature, and I would be glad
to see it reinstated when it's safe to do so; but it's *currently* doing
more harm than good, and that's justification enough to cut it for now.
 ...but this is not an exceptionally big deal, because we will *only*
currently reuse machines when we happen to create a new service unit in
the window between destroying an old one and having its machine shut
down by the PA; and that's not behaviour you can reliably induce anyway.
More information about the Juju