I think it would make the most sense to come up ACTIVE when evacuating from the ERROR state. The main reason why we would evacuate an instance at all is because it isn't running and we want it to run--if we didn't want it to be running we probably wouldn't have evacuated it in the first place, we could just wait and see if the compute node comes back up.
That said, I'm not totally happy with how we represent VMs that were on a compute node that died. It seems to me that we should leave the vm_state as-is and have something else that indicates that they're not actually in the desired state. If we had that then if we attempted to evacuate and failed we wouldn't set the vm_state to ERROR, we'd leave it in the previous state and have some other way of indicating a problem.
I think it would make the most sense to come up ACTIVE when evacuating from the ERROR state. The main reason why we would evacuate an instance at all is because it isn't running and we want it to run--if we didn't want it to be running we probably wouldn't have evacuated it in the first place, we could just wait and see if the compute node comes back up.
That said, I'm not totally happy with how we represent VMs that were on a compute node that died. It seems to me that we should leave the vm_state as-is and have something else that indicates that they're not actually in the desired state. If we had that then if we attempted to evacuate and failed we wouldn't set the vm_state to ERROR, we'd leave it in the previous state and have some other way of indicating a problem.