The link of `TLS everywhere` should be 'https://docs.openstack.org/
project-deploy-guide/tripleo-docs/latest/features/tls-everywhere.html'.
Closes-Bug: #1933062
Change-Id: I468b82edeb899b0a780f8b545ad23ee0428a93ea
We now have good documentation on the PCI NUMA affinity policies
(thanks, artom!) so we can close out this TODO. Hurrah!
Change-Id: I4e6402bd192ea0d2efb26b52a7ceb65d924ec928
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
A new dumping ground for libvirt'y things that can't easily be
categorized or placed elsewhere.
Change-Id: I6999b9d66e12e1df7970aff6ce63e5323de6be45
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-Bug: #1843542
Use the formatting established in the style guide. There's a lot of
out-of-date information in here, but that's a battle for another day.
Change-Id: Ieec2c8f450c05a2451179e3bdba77514f2cc956e
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
There's no real need for this to exist as its own standalone document
now that we have a separate CPU models doc. Combine them.
Change-Id: I3a3e19b1f2660dd773fd3d47332abadc0c0e5c55
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
More information taken out of the catchall KVM guide and put into its
own doc, where it belongs.
Change-Id: I4a03561368b945e3aacbef8011b46933cc1fcfd7
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This was previously hidden in the hypervisor configuration guide. Make
it a top-level document.
Change-Id: If402522c859c1413f0d90912e357496a0a67c5cf
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
There's also a PCI passthrough guide. Use that instead, allowing us to
remove the sections for various extra specs from the 'user/flavors'
guide:
- hw:pci_numa_affinity_policy
- pci_passthrough:alias
Change-Id: I5701d284c2cfdadf825f8e2f699651b3f8c0c9ab
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We have a perfectly good TPM guide. Enhance that, allowing us to remove
the special section dedicated to this from the generic flavor docs.
Change-Id: If484074c01595f747f9201b5ec12164779195b61
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This beefy patch closes a long-standing TODO and allows us to move yet
more information out of the flavors guide and into specific documents.
This, combined with existing documentation in place, means we can remove
the sections for various extra specs from the 'user/flavors' guide:
- hw:cpu_realtime -> doc/source/admin/real-time.rst
- hw:cpu_realtime_mask -> doc/source/admin/real-time.rst
- hw:emulator_threads_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_thread_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_sockets -> doc/source/admin/cpu-topologies.rst
- hw:cpu_cores -> doc/source/admin/cpu-topologies.rst
- hw:cpu_threads -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_sockets -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_cores -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_threads -> doc/source/admin/cpu-topologies.rst
- hw:numa_nodes -> doc/source/admin/cpu-topologies.rst
- hw:numa_cpus.N -> doc/source/admin/cpu-topologies.rst
- hw:numa_mem.N -> doc/source/admin/cpu-topologies.rst
- hw:mem_page_size -> doc/source/admin/huge-pages.rst
Multiple improvements to the libvirt extra spec docs are included here,
for want of a better place to include them.
Change-Id: I02b044f8246f4a42481bb5f00259842692b29b71
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is mostly regurgitated information from the current flavors guide
but we take the opportunity to significantly expand upon what we've
already stated here.
Change-Id: I9ad798427bbc6451fd920d6c08357d6e1eaa5136
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This patch adds the config option 'live_migration_scheme = tls' to the
secure live migration guide.
To let the live migration use the qemu native tls, some configuration of
the compute nodes is needed. The guide describes this but misses the
'live_migration_scheme' config option.
It is necessary to set 'live_migration_scheme' to tls to use the
connection uri for encrypted traffic. Without this parameter everything
seems to work, but the unencrypted tcp-connection is still used for the
live migration.
Closes-Bug: #1919357
Change-Id: Ia5130d411706bf7e1c983156158011a3bc6d5cd6
Introduce two new guides on UEFI and Secure Boot. In addition, update
the flavors guide to document the secure boot feature (though this doc
should really be removed in near term in favour of the auto-generated
docs, as noted inline).
Note that this change includes our first use of the ':nova:extra-spec:'
cross-reference role and highlights a small bug in that implementation.
This is resolved.
Blueprint: allow-secure-boot-for-qemu-kvm-guests
Change-Id: I4eb370b87ba8d0403c8c0ef038a909313a48d1d6
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
These were missed in the original change but add some useful context to
readers of when things have been changed.
blueprint: libvirt-default-machine-type
Change-Id: I64ef0efc80a088385c9ac45a818cc807490d2de1
This change simply documents how an operator/admin would go about
changing the underlying [libvirt]hw_machine_type config within an
environment while ensuring existing instances are not impacted.
blueprint: libvirt-default-machine-type
Change-Id: I66003220bf173dfa917a13c5a408b1ea31cbc057
During Icehouse release default value of 'can_set_password' sets
to False for horizon(dashboard) but nova document is not updated
yet and acc. to nova doc default value for above setting is True.
So this patch correct the doc. For more info. please refer [1].
[1] https://docs.openstack.org/releasenotes/horizon/icehouse.html#default-hypervisor-settings-changes
Change-Id: I3007e1f157e329f121b99ceaddd59625c86f428c
This hasn't been validated upstream and there doesn't appear to be
anyone using it. It's time to drop support for this. This is mostly test
and documentation damage, though there is some other cleanup going on,
like the removal of the essentially noop 'pick_disk_driver_name' helper.
Change-Id: I73305e82da5d8da548961b801a8e75fb0e8c4cf1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This has not been tested in the gate for a long time and was only added
to enable CI in the early days of OpenStack. Time to bid adieu.
Change-Id: I7a157f37d2a67e1174a1725fd579c761d81a09b1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The cross-cell resize code does not consider neutron ports with resource
request. To avoid migration failures this patch makes nova to fall back
to same cell resize if the instance has neutron ports with resource
request.
Change-Id: Icaad4b2375b491c8a7e87fb6f4977ae2e13e8190
Closes-Bug: #1907522
Nova and QEMU[1] supports PCI devices with a PCI address that has 16 bit
domain. However there are hypervisors that reports PCI addresses with
32 bit domain. While today we cannot assign these to guests this should
not prevent the nova-compute service to start.
This patch changes the PCI manager to ignore such PCI devices.
Please note that this patch does not change fact that nova does not
allow specifying PCI addresses with 32bit domain in the
[pci]/passthrough_whitelist configuration. Such configuration is still
rejected at nova-compute service startup.
Closes-Bug: #1897528
[1] https://github.com/qemu/qemu/blob/f2a1cf9180f63e88bb38ff21c169da97c3f2bad5/hw/core/qdev-properties.c#L993
Change-Id: I59a0746b864610b6a314078cf5661d3d2b84b1d4
For amending a single value, `--amend` switch is required to be
used. Otherwise Placement will return 400 about required
properties being missing.
Change-Id: Ia94be98dea22f97bc89201ee2a0a1a4e6b54c875
In commit a76277f81a, the introduction
of flavor extra specs, such as 'hw:cpu_policy', 'hw:cpu_thread_policy'
and ... , have been moved to 'doc/source/user/flavors.rst' from
'doc/source/admin/flavors.rst', while in 'cpu-topologiest.rst' this
change hasn't been updated. Apply this change.
Change-Id: I031a5ea6de00a8c5cf67897ddb78075c8bc79c0b
Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
When we introduced the 'ImageMetaProps' o.vo in Liberty, we lost the
ability to consume arbitrary metadata configured for images. This
affects users of the 'AggregateImagePropertiesIsolation' filter, who may
have set such arbitrary metadata and expected their instances to be
restricted to host aggregates matching that metadata.
The world has changed a lot since Liberty was released, and it's
probably too late and maybe even a little unwise to let that genie back
out of its bottle, however, we can and should probably do a better job
of warning people of this change in behavior in our documentation. Do
just this.
Change-Id: If7245a90711bd2ea13095ba26b9bc82ea3e17202
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-Bug: #1741810
For attach:
* Generates InstancePciRequest for SRIOV interfaces attach requests
* Claims and allocates a PciDevice for such request
For detach:
* Frees PciDevice and deletes the InstancePciRequests
On the libvirt driver side the following small fixes was necessar:
* Fixes PCI address generation to avoid double 0x prefixes in LibvirtConfigGuestHostdevPCI
* Adds support for comparing LibvirtConfigGuestHostdevPCI objects
* Extends the comparison of LibvirtConfigGuestInterface to support
macvtap interfaces where target_dev is only known by libvirt but not
nova
* generalize guest.get_interface_by_cfg() to work with both
LibvirtConfigGuest[Inteface|HostdevPCI] objects
Implements: blueprint sriov-interface-attach-detach
Change-Id: I67504a37b0fe2ae5da3cba2f3122d9d0e18b9481
policy file default and JSON format 'policy.json' is now
deprecated. Let's replace all the ref and test start using the
policy.yaml.
Change-Id: I78a273576702fb95d831bd9b801b5774fb9fd19e
These are now supported.
Part of blueprint add-emulated-virtual-tpm
Change-Id: I7a6026c157c56fb2f47902e93f83e36d35c91a8e
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Zuul