We've found a number of cases where the current handling of VM state makes some failure modes difficult to debug and confusing to the customers. For example a VM which takes a long time in building can be terminated, go to shutdown, and then jump back into life when the build completes. There are also a number of cases where the API allows calls that are inconsistent with the current state - which leads to non-deterministic behavior. We propose to better define and control the allowed state transitions, and introduce some specific failure states to make some failure mode more explicit.
Monday October 3, 2011 12:00pm - 12:25pm