in libvirt driver support
This is split 3 of 3 for the architecture emulation feature.
Added initial ci content for tempest test.
Implements: blueprint pick-guest-arch-based-on-host-arch-in-libvirt-driver
Signed-off-by: Jonathan Race <jrace@augusta.edu>
Change-Id: I0159baa99ccf1e76040c197becf2a56c3d69d026
Related to blueprint volume-backed-server-build
Co-Authored-By: Rajat Dhasmana <rajatdhasmana@gmail.com>
Change-Id: I2fcf73e0e6f7fba47bd70fded241f2101eae6f10
host arch in libvirt driver support
This is split 2 of 3 for the architecture emulation feature.
This implements emulated multi-architecture support through qemu
within OpenStack Nova.
Additional config variable check to pull host architecture into
hw_architecture field for emulation checks to be made.
Adds a custom function that simply performs a check for
hw_emulation_architecture field being set, allowing for core code to
function as normal while enabling a simple check to enable emulated
architectures to follow the same path as all multi-arch support
already established for physical nodes but instead levaraging qemu
which allows for the overall emulation.
Added check for domain xml unit test to strip arch from the os tag,
as it is not required uefi checks, and only leveraged for emulation
checks.
Added additional test cases test_driver validating emulation
functionality with checking hw_emulation_architecture against the
os_arch/hw_architecture field. Added required os-traits and settings
for scheduler request_filter.
Added RISCV64 to architecture enum for better support in driver.
Implements: blueprint pick-guest-arch-based-on-host-arch-in-libvirt-driver
Closes-Bug: 1863728
Change-Id: Ia070a29186c6123cf51e1b17373c2dc69676ae7c
Signed-off-by: Jonathan Race <jrace@augusta.edu>
arch in libvirt driver support
This is split 1 of 3 for the architecture emulation feature.
This adds the 'hw_emulation_architecture' property to the image meta
properties, allowing for operator to define whether they will use
emulation or not.
This adds the capability as a feature to ensure no impact to normal
operations or functionality.
Account for object versioning has been added to raise exceptions and
handle proper
Implements: blueprint pick-guest-arch-based-on-host-arch-in-libvirt-driver
Signed-off-by: Jonathan Race <jrace@augusta.edu>
Change-Id: If4f598c0d3f9e64617beb54450faa04e7d20dd20
Adding tests so its clear what happens with the noop driver when using
the quota APIs.
To make the unit tests work, we had to make the caching of the quota
driver slightly more dynamic. We verify the current config matches
the currently cached driver, and reload the driver if there is a miss-match.
It also preserves the ability of some unit tests to pass in a fake
quota driver.
We also test the current unified limits driver, as it is currently
identical in behaviour to the noop driver.
As things evolve the tests will diverge, but will show the common
approach to what is returned from the API in both cases.
blueprint unified-limits-nova
Change-Id: If3c58d6cbf0a0aee62766c7142beab165c1fb9a4
The unified limits driver is starting with the noop driver. This gives us
the closest API behaviour to what we describe in the spec.
The Unified Limits quota driver will has several purposes:
* stop all existing quota enforcement, so we can replace it
* stop checking the database for quota info
* make the API do what it does today with the noop driver enabled
The next few patches will assert the existing API behaviour with the
unified limits quota driver. This is the exact same thing that happens
today when you enable the noop driver.
As we add back limits, using the new unified limits approach, we will
update the API so users are informed about what limits are actually
being enforced.
blueprint unified-limits-nova
Change-Id: Iab152a6b2bb58454c32889390ec9add43771fa62
The KeypairLimitExceeded exception has a message string which is never
used. We raise this exception and then return a different message to
the API user. For the unified limit work, we want to move to using
oslo.limit's better error messages when available, which means we
need to honor the message in the exception. This just moves the
legacy string into the exception and makes the API use that instead
of overriding it.
Related to bp/unified-limits-nova
Change-Id: I217b3d0551291498191b556f62d78abf159778c2
This adds an image property show and image property set command to
nova-manage to allow users to update image properties stored for an
instance in system metadata without having to rebuild the instance.
This is intended to ease migration to new machine types, as updating
the machine type could potentially invalidate the existing image
properties of an instance.
Co-Authored-By: melanie witt <melwittt@gmail.com>
Blueprint: libvirt-device-bus-model-update
Change-Id: Ic8783053778cf4614742186e94059d5675121db1
Currently, device bus and model types defined as image properties
associated with an instance are always used when launching instances
with the libvirt driver. When these types are not defined as image
properties, their values either come from libosinfo or those directly
hardcoded into the libvirt driver. This means that any changes to the
defaults provided by libosinfo or the libvirt driver could result in
unforeseen changes to existing instances. This has been encountered in
the past as libosinfo assumes that libvirt domain definitions are
static when OpenStack Nova specifically rewrites and redefines these
domains during a hard reboot or migration allowing changes to possibly
occur.
This adds persistence of device bus and model type defaults to the
instance's system metadata so that they will remain stable across
reboots and migrations.
Co-Authored-By: melanie witt <melwittt@gmail.com>
Blueprint: libvirt-device-bus-model-update
Change-Id: I44d41a134a7fab638e2ea88e7ae86d25070e8a43
Before, the definition of live_migration_downtime didn't explain
if any exception/timeout occurs if the migration exceeds the value.
This is just used as a reference for nova and if any problem happens
when the VM gets paused, there will be no abort or force-complete.
Closes-Bug: #1960345
Signed-off-by: Pedro Almeida <pedro.monteiroazevedodemouraalmeida@windriver.com>
Change-Id: I336481d1801a367b5628fedcd2aa5f5cf763355a
This commit introduces the LightOS driver for nova. LightOS is a
software-defined disaggregated clustered storage solution running on
commodity servers with commodity SSDs. It it developed by Lightbits
Labs (https://www.lightbitslabs.com) and is actively developed and
maintained. LightOS is proprietary but the openstack drivers are
licensed under Apache v2.0.
The Cinder driver for LightOS currently supports the following
functionality:
Create volume
Delete volume
Attach volume
Detach volume
Create image from volume
create volume from image
Live migration
Volume replication
Thin provisioning
Multi-attach
Extend volume
Create snapshot
Delete snapshot
Create volume from snapshot
Create volume from volume (clone)
This driver has been developed and has been in use for a couple of
years by Lightbits and our clients. We have tested it extensively
internally with multiple openstack versions, including Queens, Rocky,
Stein, and Train. We have also tested it with master (19.1 xena) and we
are working to extend testing to cover additional openstack releases.
We are glad to join the openstack community and hope to get your
feedback and comments on this driver, and if it is acceptable, to see
it merged into the tree.
Note: the patch depends on os-brick 5.2.0. That version also increased
the lower constraints of several dependencies, thus needs nova to
increase those as well in requirements.txt, lower-constraints.txt and
setup.cfg.
Depends-On: I2e86fa84049053b7c75421d33ad1a1af459ef4e0
Signed-off-by: Yuval Brave yuval@lightbitslabs.com
Change-Id: Ic314b26695d9681d31a18adcec0794c2ff41fe71
As per the RBAC new direction, we will allow
project resources operation to be performed by
the project scoped token only and system user will
be allowed to perform system level operation only
not project resources specific.
Details about new direction can be found in community-wide
goal
- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
This commit modify more projects level APIs to be scoped
to project only.
Also modifying and adding tests for four cases:
1. enforce_scope=False + legacy rule (current default policies)
2. enforce_scope=False + No legacy rule
3. enforce_scope=True + legacy rule
4. enforce_scope=True + no legacy rule (end goal of new RBAC)
Partial implement blueprint policy-defaults-refresh-2
Change-Id: I6731aa6edd0c6bed5edb9eaaaa98b5e43aaeeb74
Check the features list we get from the firmware descriptor file
to see if we need SMM (requires-smm), if so then enable it as
we aren't using the libvirt built in mechanism to enable it
when grabbing the right firmware.
Closes-Bug: 1958636
Change-Id: I890b3021a29fa546d9e36b21b1111e8537cd0020
Signed-off-by: Imran Hussain <ih@imranh.co.uk>
As per the new direction, we will move all the
system level policies to system admin even GET
policies. system reader will be added in next phase
in future cycle.
To dissociate the scope checks form the new defaults,
check_str is added as 'admin' rule (role:admin) without
'system:all'. So that policy with that admin rule and
scope_type as 'system' works like:
- with enforce_scope=false, legacy or project admin still able to
access the system level APIs.
- with enforce_scope=True, only system user with admin role can
access the system level APIs.
Also modifying and adding tests for four cases:
1. enforce_scope=False + legacy rule (current default policies)
2. enforce_scope=False + No legacy rule
3. enforce_scope=True + legacy rule
4. enforce_scope=True + no legacy rule (end goal of new RBAC)
Partial implement blueprint policy-defaults-refresh-2
Change-Id: I344276d2ab054311a4b6c34c6998e116e7507246
rule_if_system() method can be used in multiple
test class for multipolicy verification. Moving
it to base test class.
Partial implement blueprint policy-defaults-refresh-2
Change-Id: I475b7b62944ba46ee0a8ee9501331dd3ea810157
PROJECT_ADMIN APIs are tested with no legacy rule
case where only new defaults rule will be tested.
Few APIs like create server on specific host, with
external network, with zero disk, and get all servers
does not pass the project id in oslo policies so
admin on any project will be allowed to perfome those
action but they will be creating server for their own
project. It means legacy admin is allowed for those APIs
even with no legacy rule case also.
other PROJECT_ADMIN APIs like show host_status in get servers
APIs will not allow legacy admin in no legacy rule case.
Partial implement blueprint policy-defaults-refresh-2
Change-Id: I8b5d342ee072770ce28ab231211ce74bd7005a98
Currently, all ports attached to an instance must have a fixed IP
address already associated with them ('immediate' IP allocation policy)
or must get one during instance creation ('deferred' IP allocation
policy). However, there are situations where is can be helpful to create
a port without an IP address, for example, when there is an IP address
but it is not managed by neutron (this is unfortunately quite common for
certain NFV applications). The 'vm-without-l3-address' neutron blueprint
[1] added support for these kinds of ports, but until now, nova still
insisted on either a pre-existing IP assignment or deferred IP
assignment. Close the gap and allow nova to use these ports.
Thanks to I438cbab43b45b5f7afc820b77fcf5a0e823d0eff we no longer need to
check after binding to ensure we're on a backend that has
'connectivity' of 'l2'.
[1] https://specs.openstack.org/openstack/neutron-specs/specs/newton/unaddressed-port.html
Change-Id: I3c49f151ff1391e0a72c073d0d9c24e986c08938
Implements-blueprint: vm-boot-with-unaddressed-port
vSphere 6.5 introduced APIs to manage virtual disks (volumes)
as first class objects. The new managed disk entity is called
VStorageObject aka First Class Disk (FCD). Adding support for
volumes backed by VStorageObject.
Change-Id: I4a5a9d3537dc175508f0a0fd82507c498737d1a5
Jonathan Race