declare data center / region failures out of scope

This would be way too ambitious for this user story. Change-Id: Ia3f79659d47785fb2de6b51edfc896d3cc3f3210 Signed-off-by: Adam Spiers <aspiers@suse.com>
2016-05-24 16:38:47 +01:00
parent 196c19c44f
commit d2d17f2f13
1 changed files with 13 additions and 1 deletions
--- a/user-stories/proposed/ha_vm.rst
+++ b/user-stories/proposed/ha_vm.rst
@@ -62,7 +62,19 @@ can be detected and recovered by the system. Possible failure events include:

 * Attached Cinder volume failure

-* Availability Zone/Data Center/Region failure
+* Availability Zone failure
+
+* Data Center / Region failure
+
+  Failure of a whole region or data center is obviously much more severe,
+  requiring recovery of not just compute nodes but also OpenStack services in
+  the control plane.  It needs to be covered by a Disaster Recovery plan,
+  which will vary greatly for each cloud depending on its architecture,
+  supported workloads, required SLAs, and organizational structure.  As such,
+  a general solution to Disaster Recovery is a problem of considerable
+  complexity, therefore it makes sense to keep it out of scope for this user
+  story, which should instead be viewed as a necessary and manageable step on
+  the long road to that solution.

 N.B. This user story concerns high availability, not 100% availability.
 Therefore some service interruption is usually expected when failures occur.