diff --git a/nexus/db-model/src/schema_versions.rs b/nexus/db-model/src/schema_versions.rs index 2438f37fba8..83dd24bc32d 100644 --- a/nexus/db-model/src/schema_versions.rs +++ b/nexus/db-model/src/schema_versions.rs @@ -17,7 +17,7 @@ use std::collections::BTreeMap; /// /// This must be updated when you change the database schema. Refer to /// schema/crdb/README.adoc in the root of this repository for details. -pub const SCHEMA_VERSION: SemverVersion = SemverVersion::new(93, 0, 0); +pub const SCHEMA_VERSION: SemverVersion = SemverVersion::new(94, 0, 0); /// List of all past database schema versions, in *reverse* order /// @@ -29,6 +29,7 @@ static KNOWN_VERSIONS: Lazy> = Lazy::new(|| { // | leaving the first copy as an example for the next person. // v // KnownVersion::new(next_int, "unique-dirname-with-the-sql-files"), + KnownVersion::new(94, "turn-boot-on-fault-into-auto-restart"), KnownVersion::new(93, "dataset-kinds-zone-and-debug"), KnownVersion::new(92, "lldp-link-config-nullable"), KnownVersion::new(91, "add-management-gateway-producer-kind"), diff --git a/schema/crdb/dbinit.sql b/schema/crdb/dbinit.sql index e851d2ed6bb..8f1f6ff46d4 100644 --- a/schema/crdb/dbinit.sql +++ b/schema/crdb/dbinit.sql @@ -1012,6 +1012,20 @@ CREATE TYPE IF NOT EXISTS omicron.public.vmm_state AS ENUM ( 'saga_unwound' ); +CREATE TYPE IF NOT EXISTS omicron.public.instance_auto_restart AS ENUM ( + /* + * The instance should not, under any circumstances, be automatically + * rebooted by the control plane. + */ + 'never', + /* + * The instance should be automatically restarted any time a fault is + * detected + */ + 'all_failures', +); + + /* * TODO consider how we want to manage multiple sagas operating on the same * Instance -- e.g., reboot concurrent with destroy or concurrent reboots or the @@ -1051,7 +1065,6 @@ CREATE TABLE IF NOT EXISTS omicron.public.instance ( ncpus INT NOT NULL, memory INT NOT NULL, hostname STRING(63) NOT NULL, - boot_on_fault BOOL NOT NULL DEFAULT false, /* ID of the instance update saga that has locked this instance for * updating, if one exists. */ @@ -1069,6 +1082,12 @@ CREATE TABLE IF NOT EXISTS omicron.public.instance ( */ state omicron.public.instance_state_v2 NOT NULL, + /* + * What failures should result in an instance being automatically restarted + * by the control plane. + */ + auto_restart_policy omicron.public.instance_auto_restart NOT NULL, + CONSTRAINT vmm_iff_active_propolis CHECK ( ((state = 'vmm') AND (active_propolis_id IS NOT NULL)) OR ((state != 'vmm') AND (active_propolis_id IS NULL)) @@ -4225,7 +4244,7 @@ INSERT INTO omicron.public.db_metadata ( version, target_version ) VALUES - (TRUE, NOW(), NOW(), '93.0.0', NULL) + (TRUE, NOW(), NOW(), '94.0.0', NULL) ON CONFLICT DO NOTHING; COMMIT; diff --git a/schema/crdb/turn-boot-on-fault-into-auto-restart/up01.sql b/schema/crdb/turn-boot-on-fault-into-auto-restart/up01.sql new file mode 100644 index 00000000000..4542373e871 --- /dev/null +++ b/schema/crdb/turn-boot-on-fault-into-auto-restart/up01.sql @@ -0,0 +1,12 @@ +CREATE TYPE IF NOT EXISTS omicron.public.instance_auto_restart AS ENUM ( + /* + * The instance should not, under any circumstances, be automatically + * rebooted by the control plane. + */ + 'never', + /* + * The instance should be automatically restarted any time a fault is + * detected + */ + 'all_failures', +); diff --git a/schema/crdb/turn-boot-on-fault-into-auto-restart/up02.sql b/schema/crdb/turn-boot-on-fault-into-auto-restart/up02.sql new file mode 100644 index 00000000000..b8d524208d8 --- /dev/null +++ b/schema/crdb/turn-boot-on-fault-into-auto-restart/up02.sql @@ -0,0 +1,2 @@ +ALTER TABLE omicron.public.instance +ADD COLUMN IF NOT EXISTS auto_restart_policy omicron.public.auto_restart_policy; diff --git a/schema/crdb/turn-boot-on-fault-into-auto-restart/up03.sql b/schema/crdb/turn-boot-on-fault-into-auto-restart/up03.sql new file mode 100644 index 00000000000..98a17781a40 --- /dev/null +++ b/schema/crdb/turn-boot-on-fault-into-auto-restart/up03.sql @@ -0,0 +1,5 @@ +SET LOCAL disallow_full_table_scans = off; +UPDATE omicron.public.instance SET auto_restart_policy = CASE + WHEN boot_on_fault = true THEN 'all_failures' + ELSE 'never' +END; diff --git a/schema/crdb/turn-boot-on-fault-into-auto-restart/up04.sql b/schema/crdb/turn-boot-on-fault-into-auto-restart/up04.sql new file mode 100644 index 00000000000..116e16b528c --- /dev/null +++ b/schema/crdb/turn-boot-on-fault-into-auto-restart/up04.sql @@ -0,0 +1 @@ +ALTER TABLE omicron.public.instance ALTER COLUMN auto_restart_policy SET NOT NULL; diff --git a/schema/crdb/turn-boot-on-fault-into-auto-restart/up05.sql b/schema/crdb/turn-boot-on-fault-into-auto-restart/up05.sql new file mode 100644 index 00000000000..214cab28732 --- /dev/null +++ b/schema/crdb/turn-boot-on-fault-into-auto-restart/up05.sql @@ -0,0 +1 @@ +ALTER TABLE omicron.public.instance DROP COLUMN IF EXISTS boot_on_fault;