update to track SledFailuresOnly policy

2db6eff added a `SledFailuresOnly` auto-restart policy in addition to `Never` and `AllFailures`. I discussed the rationale for that in [this comment][1]. Currently, there isn't a mechanism to detect whether an instance is `Failed` because the individual instance crashed or because the whole sled was restarted, so for now, we assume all failures are instance-level. But, we still need to handle the new variant. [1]: #6499 (comment)
oxidecomputer · Sep 16, 2024 · ba72fc4 · ba72fc4
1 parent f344612
commit ba72fc4
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 7 deletions.
diff --git a/nexus/db-model/src/instance.rs b/nexus/db-model/src/instance.rs
@@ -242,9 +242,14 @@ impl InstanceRuntimeState {
         match policy {
             InstanceAutoRestart::Never => false,
             InstanceAutoRestart::AllFailures => true,
-            // TODO(eliza): future auto-restart policies may
-            // require additional checks here, such as a limited restart
-            // budget...
+            // TODO(eliza): currently, we don't have the ability to determine
+            // whether an instance is failed because the sled it was on has
+            // rebooted, or because the individual Propolis VMM crashed. For
+            // now, we assume all failures are VMM failures rather than sled
+            // failures. In the future, we will need to determine if a failure
+            // was a sled-level or VMM-level failure, and use that here to
+            // determine whether or not the instance is restartable.
+            InstanceAutoRestart::SledFailuresOnly => false,
         }
     }
 }
diff --git a/nexus/src/app/background/tasks/instance_reincarnation.rs b/nexus/src/app/background/tasks/instance_reincarnation.rs
@@ -408,12 +408,14 @@ mod test {
         let mut will_not_reincarnate = std::collections::BTreeSet::new();
         // Some instances which are `Failed`` but don't have policies permitting
         // them to be reincarnated.
-        for _ in 0..3 {
+        for policy in
+            [InstanceAutoRestart::Never, InstanceAutoRestart::SledFailuresOnly]
+        {
             let id = create_instance(
                 &cptestctx,
                 &opctx,
                 &authz_project,
-                InstanceAutoRestart::Never,
+                policy,
                 InstanceState::Failed,
             )
             .await;
@@ -422,12 +424,12 @@ mod test {
 
         // Some instances with policies permitting them to be reincarnated, but
         // which are not `Failed`.
-        for _ in 0..3 {
+        for _ in 0..2 {
             let id = create_instance(
                 &cptestctx,
                 &opctx,
                 &authz_project,
-                InstanceAutoRestart::Never,
+                InstanceAutoRestart::AllFailures,
                 InstanceState::NoVmm,
             )
             .await;