On 5/22/2019 8:58 PM, melanie witt wrote:
So, for an end user, when they do a server list, they see their server as ACTIVE when it's actually powered off.
Well, it might be powered off, we don't know. If nova-compute is down the guest could still be running if the hypervisor is running.
We have another field called 'host_status' available since API microversion 2.16 [1] which is controlled by policy and defaults to admin, which is capable of showing the server status as UNKNOWN if the field is specified, for example:
nova list --fields id,name,status,task_state,power_state,networks,host_status
This is cool, but it is only available to admin by default, and it requires that the end user adds the field to their CLI command in the --fields option.
As I said elsewhere in this thread, if you're proposing to add a new policy rule to change the 'status' field based on host_status, why not just tell people to open up the policy rule we already have for the host_status field so non-admins can see it in their server details? This sounds like an education problem more than a technical problem to me. Also, --fields is one thing on one interface to the API. Microversions are opt-in on purpose to avoid backward incompatible and behavior changes to the client, so if the client has a need to know this information, they can opt into getting it via the host_status field by using the 2.16 microversion or higher. That's the case for any microversion that adds new fields like the embedded instance.flavor details in 2.47 - we didn't just say "let's add a new policy rule to expose those details".
Question: do people think we should make the server status field reflect UNKNOWN as well, if the 'host_status' is UNKNOWN? And if so, should it be controlled by policy or no?
I'm going to vote no given we have a way to determine this already, as noted above.
Normally, we do not expose compute host details to non-admin in the API by default, but I noticed recently that our "down cells" support will show server status as UNKNOWN if a server is in a down cell [2]. So I wondered if it would be considered OK to show UNKNOWN if a host is down we well, without defaulting it to admin-only.
The down-cell UNKNOWN stuff is also opt-in behavior using the 2.69 microversion. I would likely only get behind changing the behavior of the 'status' field based on the compute service status in a new microversion, and then we have to talk about whether or not the response should mirror the down-cell case where we return partial results. That all sounds like a lot more work than just educating people about the host_status field and the existing policy rule to expose it. -- Thanks, Matt