This patch adds the following SPICE-related configuration option
to the 'spice' configuration group:
- require_secure
When set to true, libvirt will be provided with domain XML which
configures SPICE VDI consoles to require secure connections (that
is, connections protected by TLS). Attempts to connect without
TLS will receive an error indicating they should retry the connection
on the TLS port.
Change-Id: Ica7083b0836f8d66cad8a4b4097613103fc91560
This change implements the actual functionality to allow users to
launch instances with stateless firmware (read-only firmware image +
no NVRAM).
Note that this feature is supported by the libvirt virt driver, and
also requires libvirt >= 8.6.0.
Implements: blueprint libvirt-stateless-firmware
Change-Id: I7219bfa11ae98e65c326bec1a99c49d3e245cb9a
We have a lot of special cases all around our code for AMI (et al)
images, in the boot, snapshot, and other areas. It was recently
discussed (after the major CVE which was complicated by AMI support)
that we should drop these special cases and support for AMI with it.
This starts that timer.
Change-Id: I90efaaa35225ce82bada0b427e09c8289adaae1e
Libvirt uses swtpm_ioctl to terminate swtpm processes. If the binary
does not exist, swtpm processes are kept running after the associated
VM terminates, because QEMU does not send shutdown to swtpm.
Closes-Bug: #2052761
Change-Id: I682f71512fc33a49b8dfe93894f144e48f33abe6
A Request-Too-Long error can be raised in case of too many aggregates
are attached to a host. The fix is to split the requests.
The request is executed by host via a periodic task. Result is set in
cache so no performances impact is expected.
The change introduce a new compute configuration option
`compute.sharing_providers_max_uuids_per_request = 200`.
Closes-bug: #2068893
Change-Id: I1355c0813cb99067ead60f9835938566289beb20
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
We have no schemas yet and thus nothing to use this, but we enable it in
our tests for when we start adding these.
Change-Id: I160ee724459403a10516a356ee860831545d7d65
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This address review feedback on change
I7e1d10e66a260efd0a3f2d6522aeb246c7582178 to add some clarifying text
to the docs and release note.
Related to blueprint persistent-mdevs
Change-Id: I472552c64cc2c2ce06896158664faac0199d90bd
After this patch nova rejects the add host to aggregate API action
if the host has instances and the new aggregate for the host would
mean that these instances need to move from one AZ (even from the
default one) to another. Such AZ change is not implemented in nova
and currently leads to stuck instances.
Similarly nova will reject remove host from aggregate API action if the
host has instances and the aggregate removal would mean that the
instances need to change AZ.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/821732
Change-Id: I19c4c6d34aa2cc1f32d81e8c1a52762fa3a18580
Closes-Bug: #1907775
This commit removes the previous limitation on the number of tenants
that can be filtered using the `filter_tenant_id` aggregate property
in the AggregateMultitenancyIsolation scheduler filter.
The `filter_tenant_id` can now be used as a suffix, allowing for an
unlimited number of tenant ID properties to be set on the
aggregate. This update maintains backward compatibility.
Implements: blueprint aggregatemultitenancyisolation-to-support-unlimited-tenant
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: Ic87d142647774b62a6af2cc5eb7a3cd66f9afeb7
Add file to the reno documentation build to show release notes for
stable/2024.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.1.
Sem-Ver: feature
Change-Id: Ifc9062236483c2139921ccdb2ceed197aa6b8b11
As of now, the server show and server list --long output
shows the availability zone, that is, the AZ to which the
host of the instance belongs. There is no way to tell from
this information if the instance create request included an
AZ or not.
This change adds a new api microversion to add support for
including availability zone requested during instance create
in server show and server list --long responses.
Change-Id: If4cf09c1006a3f56d243b9c00712bb24d2a796d3
With the change from ml2/ovs DHCP agents towards OVN implementation
in neutron there is no port with device_owner network:dhcp anymore.
Instead DHCP is provided by network:distributed port.
Closes-Bug: 2055245
Change-Id: Ibb569b9db1475b8bbd8f8722d49228182cd47f85
Now the destination returns the list of the needed mdevs for the
migration, we can change the XML.
Note: this is the last patch of the feature branch.
I'll work on adding mtty support in the next patches in the series
but that's not a feature usage.
Change-Id: Ib448444be09df50c3db5ccda8a49bfd882c18edf
Implements: blueprint libvirt-mdev-live-migrate
With Libvirt v8.7.0+, the <maxphysaddr> sub-element
of the <cpu> element specifies the number of vCPU
physical address bits [1].
[1] https://libvirt.org/news.html#v8-7-0-2022-09-01
New flavor extra_specs and image properties are added to
control the physical address bits of vCPUs in Libvirt guests.
The nova-scheduler requests COMPUTE_ADDRESS_SPACE_* traits
based on them. The traits are already defined in os-traits
v2.10.0. Also numerical comparisons are performed at
both compute capabilities filter and image props filter.
blueprint: libvirt-maxphysaddr-support-caracal
Change-Id: I98968f6ef1621c9fb4f682c119038e26d62ce381
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
When people transition from three ironic nova-compute processes down
to one process, we need a way to move the ironic nodes, and any
associcated instances, between nova-compute processes.
For saftey, a nova-compute process must first be forced_down via
the API, similar to when using evacaute, before moving the associated
ironic nodes to another nova-compute process. The destination
nova-compute process should ideally not be running, but not forced
down.
blueprint ironic-shards
Change-Id: I33034ec77b033752797bd679c6e61cef5af0a18f
Ironic in API 1.82 added the option for nodes to be associated with
a specific shard key. This can be used to partition up the nodes within
a single ironic conductor group into smaller sets of nodes that can
each be managed by their own nova-compute ironic service.
We add a new [ironic]shard config option to allow operators to say
which shard each nova-compute process should target.
As such, when the shard is set we ignore the peer_list setting
and always have a hash ring of one.
Also corrects an issue where [ironic]/conductor_group was considered
a mutable configuration; it is not mutable, nor is shards. In any
situation where an operator changes the scope of nodes managed by a
nova compute process, a restart is required.
blueprint ironic-shards
Co-Authored-By: Jay Faulkner <jay@jvf.cc>
Change-Id: Ie0c71f7bc5a62d607ffd3134837299fee952a947
Server rescue in stable device mode has dependency on the original
image used to create or rebuild the server. If the original image
was deleted from Glance, the server could not be rescued. Nova has
server.image_ref reference to non-existent image. Rescue in stable
device rescue mode leads to driver error and Server in ERROR state.
Proposed fix use falling back to the instance image metadata if
the original image is not found in Glance.
Closes-Bug: #2002606
Change-Id: Ia0f747158721f82ef1803618b6cb30661b6252c9
There are a few extra spec which are only applicable for HyperV driver,
therefore those are removed.
Change-Id: I9bd959fdf9938b2752c4927c5ff7daf89b5f0d38
RDP console was only for HyperV driver so removing the
API. As API url stay same (because same used for other
console types API), RDP console API will return 400.
Cleaning up the related config options as well as moving its
API ref to obsolete seciton.
Keeping RPC method to avoid error when old controller is used
with new compute. It can be removed in next RPC version bump.
Change-Id: I8f5755009da4af0d12bda096d7a8e85fd41e1a8c
Sylvain Bauza