21258: Ensure at least one boot failure.
With the previous approach, it was possible for all containers needing
a type4 instance to finish, and a different instance type to report a
quota error and cause the scheduler to shut down the now-unneeded
instance, all before the "guaranteed broken" node reached
TimeoutBooting. In such a case it would not be counted as a boot
failure.
To avoid this, the new approach induces boot failures on *all* type4
instances until 2x TimeoutBooting intervals have passed.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
projects / arvados.git / commit