This adds a granular policy checking framework for
placement based on nova.policy but with a lot of
the legacy cruft removed, like the is_admin and
context_is_admin rules.
A new PlacementPolicyFixture is added along with
a new configuration option, [placement]/policy_file,
which is needed because the default policy file
that gets used in config is from [oslo_policy]/policy_file
which is being used as the nova policy file. As
far as I can tell, oslo.policy doesn't allow for
multiple policy files with different names unless
I'm misunderstanding how the policy_dirs option works.
With these changes, we can have something like:
/etc/nova/policy.json - for nova policy rules
/etc/nova/placement-policy.yaml - for placement rules
The docs are also updated to include the placement
policy sample along with a tox builder for the sample.
This starts by adding granular rules for CRUD operations
on the /resource_providers and /resource_providers/{uuid}
routes which use the same descriptions from the placement
API reference. Subsequent patches will add new granular
rules for the other routes.
Part of blueprint granular-placement-policy
Change-Id: I17573f5210314341c332fdcb1ce462a989c21940
The top level index (home page) was duplicating the
configuration/index content, so this simply changes
the home page into a table of contents for the configuration
sub-tree and leaves the config/policy content in the
sub-tree. This will be needed when we add docs about
placement policy.
The hidden configuration toc tree items are moved
into the sub-tree configuration/index to be closer
to the actual documents we're hiding from the toc tree.
Related to blueprint granular-placement-policy
Change-Id: Iad87dc339278ee7e7cf8de5eea252bbb7a5f75c2
The nova.virt.powervm.media module imports this so we
should include it in our runtime requirements list.
Change-Id: I818b8957d791cbfbae1fc33cc296ebfb8c6a6651
1. Beginning with the Queens release, the keystone install guide
recommends running all interfaces on the same port. This patch
updates the install guide to reflect that change.
2. update the deprecated neutron auth options
Change-Id: I5c0a6389b759153bae06fa43846f03ac083c3db4
Change I9a833aa35d474caa35e640bbad6c436a3b16ac5e added a custom error
code framework to the placement API and, as an example of a specific
error code, created INVENTORY_INUSE ('placement.inventory.inuse') for
PUT /resource_providers/{uuid}/inventories. We have essentially the
same error condition for DELETE /resource_providers/{uuid}/inventories,
so this change set adds the same error code there.
Change-Id: I52715205e607cef5deee1351099725885b282c08
The traits and the inventories wsgi handler inserted the detailed error
message to the webob.exc.HTTPXXX exceptions via the 'explanation' kwarg.
This caused that the generated error messages does not contain the generic
explanation of the HTTP error code just the passed in explanation text.
The rest of the placement API uses first positional arg of the exception
classes to pass in the extra details. Having this inconsistency makes
really hard to print proper error messages from the osc-placement
plugin.
This patch removes the incosistency by changing the code to use the
positional arg.
The change does not affect nova.scheduler.client.report._RE_INV_IN_USE
regex usage as that regex applied via re.search() and this change only
adds a new sentece to the message.
Change-Id: I196c2e3dabcbf0564c1ca0bd4870dc2df3efc836
Close-Bug: #1771325
Replace mox with mock or stub_out in
nova/tests/unit/api/openstack/compute/test_volumes.py.
Change-Id: I9acc2e4d6c57ea0f45ba161116993d9f1a0e1e9f
Implements: blueprint mox-removal
When using ImagePropertiesFilter with multiple architectures inside the
same deployment, it is possible that images can be uploaded without the
hw_architecture property defined.
This results in behaviour where the instance could be scheduled on any
type of hypervisor, resulting in an instance that will successfully
transition to ACTIVE but never properly run because of the difference
in architecture.
This makes the ImagePropertiesFilter problematic as most images are
generally uploaded without the architecture property set because
most documentation does not encourage doing that.
The addition of this flag allows to make using the filter possible
because it allows the deployer to assume a default architecture if
the user did not supply one (assuming it would be the most common
architecture in their deployment, such as x86_64) yet if the user
wants a more specific architecture, they can do it in their image
properties.
In order to avoid a circular import loop, the references to the
architecture field have been moved to a seperate module so that
they can be properly and cleaned imported inside configuration.
Change-Id: Ib52deb095028e93619b93ef9e5f70775df2a403a
Closes-Bug: #1769283
To make prettier log messages and aid debugging, add __str__ methods to
nova.api.openstack.placement.lib.RequestGroup and
nova.scheduler.utils.ResourceRequest and use the latter (which uses the
former) in the log message in
nova.scheduler.client.report.SchedulerReportClient.get_allocation_candidates
Change-Id: I80b2427fabc4004a9a8ce1e45fc46031ce9aadda
Create a tox environment for running the unit tests against the lower
bounds of the dependencies.
Create a lower-constraints.txt to be used to enforce the lower bounds
in those tests.
Add openstack-tox-lower-constraints job to the zuul configuration.
See http://lists.openstack.org/pipermail/openstack-dev/2018-March/128352.html
for more details.
Change-Id: Ic28558ee6481d49a9b4e5dc2c4182504e330448f
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
Co-Authored-by: Eric Fried <efried@us.ibm.com>
Co-Authored-by: Jim Rollenhagen <jim@jimrollenhagen.com>
None is not tolerated by ProcessUtils, therefore make sure that [0] is passed as the
expected return code
Change-Id: I7d6335633479dfd7715444ef4aefc85ed41b8fa3
Closes-Bug: #1771137
This implements support for placement version 1.24, which allows multiple
member_of query parameters to allocation_candidates.
Related to blueprint alloc-candidates-member-of
Change-Id: Id7eecbfe53f3a973d828122cf0149b2e10b8833f
nova-manage cells_v2 map_instances call uses a non canonical UUID
serialization to store the instance marker in the DB. The
oslo.versionedobjects UUIDField emits a warning. A later patch would
like to turn this warning to an error during the unit and functional
test to avoid adding new violations.
As the underlying DB schema is not violated this patch proposes to
suppress the warning in the affected unit tests.
Change-Id: I5b11b9df26e4e38516b5674e0e6c1fc79527129b
The libvirt driver validates the hw_video_ram image property,
if specified, and the flavor extra spec "hw_video:ram_max_mb"
is set. If validation fails, the libvirt driver raises
RequestedVRamTooHigh which is not handled explicitly in
ComputeManager._build_and_run_instance so it will result in
a RescheduledException to another compute to retry the spawn
but that will always fail because this isn't something that
is per-compute host.
This change adds the error handling in _build_and_run_instance
so that we'll fail and abort the build and not reschedule.
Long-term, this validation should be moved into the API code
since it's not specific to a compute host and would be user
error that should result in a 400 response.
Change-Id: I93b409ca2b7b36400759ee9d2cd5b71c6df186ab
Partial-Bug: #1770726
In change I524c93d30607ea6ab70de92ceea207ee77f34c25 keystonemiddleware
adjusted how the value of the Keystone uri is quoted when sending a
www-authenticate header. It went from using a single quote to double.
Double is more correct.
The existing version of the test changed in this commit relied on the
single quote to verify that a URL set in config would be used by the
middleware appropriately. Now, instead of one exact match test, two
in-string tests are used.
Change-Id: Ie9d1df419f2bdfa1d658f5f64ea9b7285de7b9b7
Closes-Bug: #1770718
The experimental job legacy-tempest-dsvm-nova-v20-api failed at the gate
always, because test_list_servers_by_changes_since_invalid_date touched
less validation part on the API.
This patch fixes it.
Change-Id: I0284a83a92d39d211af6108ed6cae2d8fe19da8f
Close-Bug: #1770705
If642e51a4e186833349a8e30b04224a3687f5594 started to correctly report
the actual size of preallocated file based disks but missed that this
value was later used as the virtual disk size for RAW disks.
This is an issue as nova.virt.libvirt.utils.create_image creates these
disks as sparse files with a reported actual size much smaller than the
virtual size. During block based LM this then results in disks
on the destination being created with a much smaller virtual size than
the disk should have leading to errors during the transfer.
Closes-Bug: #1770640
Change-Id: I464bc2b88123a012cd12213beac4b572c3c20a56
The nova-live-migration test hook configuration is in
nova/tests/live_migration/hooks and because of the
irrelevant-files list on the job, changes to those
setup scripts are not self-testing. This change fixes
the regex so we can self-test the nova-live-migration
job changes.
Change-Id: Ia7e35d483f660e98eea5e109e010f77d5419af85
Support for the 'multi_instance_display_name_template' option was
removed in commit 0e43002c9 and booting multiple instances now will
simply result in a simple numerical suffix (-1, -2, -3, ...) being added
to the instance's 'display_name' and 'hostname' attributes.
In that commit, it was noted that there was a lot more cleanup that
could be done in this area. The change gets that ball rolling by
squashing the '_apply_instance_name_template' function into
'_populate_instance_names'. This doesn't do much itself, but it allows
us to simplify a future change to remove much of the now-unnecessary
complexity of this feature.
Change-Id: I57ddfca39d9b76ac0cabf994d8a825a35b6d6e19
oslo.db includes additional essential options that are
at the moment hardcoded in Nova's api_database conf.
Here, we add connection_parameters, which itself was added
to oslo.db to work around Nova's database-persisted
database URLs being difficult to modify.
This change should have been included in
I22f8a19009408fb1f1587bf399e6aee3467c8bc6 as this is part of
allowing nova to support SQLAlchemy extensions including
profiling.
Change-Id: I249aeabb5f029a2c4648651cf1e7b9b2e552e395
Matt Riedemann