The instance action notifications contain the user id and the
project id of the owner of the instance. However an instance
action might be initiated by another user. It could be another
user from the same project or can be an admin from the admin project.
To be able to distinguish between the user who initiated the instance
action from the user owning the instance we need to add two new
fields to the instance action notifications, action_initiator_user
and action_initiator_project
Change-Id: I649d8a27baa8840bc1bb567fef027c749c663432
Closes-bug: #1744658
Blueprint: add-action-initiator-to-instance-action-notifications
Replace nova commands with openstack commands.
Add an example to create a private flavor.
Repopulate the "Modify a flavor" section.
Replace 'extra_spec' with 'extra_specs'.
Fix a wrong link.
Remove rxtx-factor in descriptions and command examples.
Change-Id: I14295dddc302a603a71f71ccb6fcc5745ca7826c
Python 3 is used in executing 'tox -e docs' by default currently.
When Python 3 is used, there are some missing notification examples.
In python 3, map function returns an iterator instead of a list,
and importlib.import_module is not executed in the document generation.
So it causes missing versioned notification examples in the nova docs.
This patch fixes it.
Change-Id: Ie4f3f9be0ca7f94ce00a14f3d825a067a807eb12
Closes-Bug: #1779606
When rescuing an instance having a vGPU, we were not using the vGPU.
There would then be a race condition during the rescue where the vGPU
could be passed to another instance.
Instead, we should just make sure the vGPU would also be in the rescued
instance.
Change-Id: I7150e15694bb149ae67da37b5e43b6ea7507fe82
Closes-bug: #1762688
This adds two things:
1. Mention the img_config_drive image property
which can be used to force a config drive.
2. Note that the config_drive_cdrom config option
is for hyper-v only.
Change-Id: Id9a16e07709a445814fb7a183bd12f7740722ced
File injection is disabled by default (see
[libvirt]/inject_partition) and deprecated
in the API since microversion 2.57. We
don't really want people relying on file
injection, so this removes it from the
config drive docs. While in here, also
replace the 'nova boot' command mention
with 'openstack server create' since that
is the command used through the examples.
Change-Id: I4521eca6f6cbd4f8cd6dad48ab1d40a1b136bf73
There were a few changes needed here:
1. There is no "API cell database", just the API
database, so this removes mentions of cells.
2. The VERSION argument was missing from the sync help.
3. The sync command does not create a database, it upgrades
the schema. Wording for that was borrowed from the
nova-manage db sync help.
4. Starting in Rocky, the api_db sync command also upgrades
the schema for the optional placement database if configured
so that's mentioned here as well.
Change-Id: Ibc49f93b8bd51d9a050acde5ef3dc8aad91321ca
Closes-Bug: #1778733
The instance.unlock versioned notification is introduced in this
patch.
The unlock operation just changes the instance.locked to False in
API, we send the notification after db operation.
Change-Id: Ic750c33b4f88ba9c62ea8cba86915c6010f2cd6f
blueprint: trigger-notifications-when-lock-unlock-instances
Add the discard flag to libvirt XML when supported by libvirt and qemu,
and when using file backed memory.
The discard flag causes qemu to discard allocated memory via calling
madvise with MADV_REMOVE when using file backed memory, to prevent
writing out dirty instance memory. This is a significant performance
improvement for shutting down instances that have recently written to
significant portions of their memory.
As qemu and libvirt do not guarantee the discard is run, this cannot be
used for security purposes.
Change-Id: Ia7cf4414feb335b3c2e863b4c8b4ff559b275c34
Implements: blueprint libvirt-file-backed-memory
The instance.lock versioned notification is introduced in this
patch.
The lock operation just changes the instance.locked to True in
API, we send the notification after db operation.
Change-Id: I03a13afa91c29f4fee25336cb82ea5c887eae2f8
blueprint: trigger-notifications-when-lock-unlock-instances
File backed memory is enabled per Nova compute host. When enabled, host
will report 'file_backed_memory_capacity' for available memory.
When enabled, instances will create memory backing files in the
directory specified in libvirt's qemu.conf file 'memory_backing_dir'
config option.
This feature is not compatible with memory overcommit, and requires
'ram_allocation_ratio' to be set to 1.0
Change-Id: I676291ec0faa1dea0bd5050ef8e3426d171de4c6
Implements: blueprint libvirt-file-backed-memory
This patch adds full traceback to ExceptionPayload in versioned
notifications.
The instance fault field and instance-action REST API has already
provide the traceback to the admin users (controlable through policy)
and the notifications are also admin only things as they are emitted
to the message bus by default. So it is assumed that security is not
a bigger concern for the notification than for the REST API.
On the ML [1] post there was no objection to add new string field to the
ExceptionPayload that will hold the serialized traceback object.
[1] http://lists.openstack.org/pipermail/openstack-dev/2018-March/128105.html
Implements: blueprint add-full-traceback-to-error-notifications
Change-Id: Id587967ea4f9980c292492e2f659bf55fb037b28
osprofiler is optional, but if it's installed we'll
load up the configuration options from the library,
but they weren't in the generated config sample so
people would have to find the osprofiler docs, or
worse the code, to figure out how to configure it.
This simply adds the osprofiler config options to the
nova config sample, which will also show up in the
config reference docs.
Change-Id: I28d35165ed77487cd49d560fb1eda4f1d640734e
Closes-Bug: #1774208
This adds a new policy rule which defaults to behave in a
backward compatible way, but will allow operators to enforce
that servers created with a zero disk flavor must also be
volume-backed servers.
Allowing users to upload their own images and create image-backed
servers on local disk with zero root disk size flavors can be
potentially hazardous if the size of the image is unexpectedly
large, since it can consume the local disk (or shared storage pool).
It should be noted that disabling the new policy rule will
result in a non-backward compatible API behavior change and no
microversion is being introduced for this because enforcement via
a new microversion would not close the security gap on any previous
microversions.
Related compute API reference and user documentation is updated
to mention the policy rule along with a release note since
this is tied to a security bug, which will be backported to stable
branches.
Change-Id: Id67e1285a0522474844de130c9263e11868f67fb
Closes-Bug: #1739646
Even though the feature is technically virt driver agnostic,
the plumbing happens through the virt drivers, so the feature
is only supported by certain virt drivers (libvirt only at
the time of this patch). So this adds a section to the feature
support matrix about the trusted certs validation feature.
Also updates the certificate validation user docs based on
the nova boot --trusted-image-certificate-id option name
in the dependent python-novaclient change.
Depends-On: https://review.openstack.org/500396/
Related to blueprint nova-validate-certificates
Change-Id: Ic5cb4a98c73cc404c7033cf183f25a97aba3c994
Mention that if no transport_url is provided then the one
in the configuration file will be used for command
``nova-manage cell_v2 simple_cell_setup [--transport-url <transport_url>]``,
just like that for other cell_v2 commands.
Change-Id: Ifededa59f7ffe5887e67e29b93f70fa70dfaef33
If the compute endpoint in the service catalog is configured
for /v2 legacy compat mode, microversions in the request are
silently ignored by the LegacyV2CompatibleWrapper. This
adds a troubleshooting entry for that situation.
At this point, we might want to consider deprecating or at
least logging warnings if microversions are requested and
LegacyV2CompatibleWrapper strips them out, but that's fodder
for a separate change.
Change-Id: Ia7ecbf95d0a3e14c7f82b6a93c2ac4c4cfb89549
Add the 'trusted_image_certificates' field to InstanceCreatePayload
and InstanceActionRebuildPayload notifications.
Change-Id: Ib5b50a3889ab15d5aac992f92e9be372a915eeff
This change adds support for the trusted_image_certificates parameter,
which is used to define a list of trusted certificate IDs that can be
used during image signature verification and certificate validation. The
parameter may contain a list of strings, each string representing the ID
of a trusted certificate. The list is restricted to a maximum of 50 IDs.
The list of certificate IDs will be stored in the trusted_certs field of
the instance InstanceExtra and will be used to verify the validity of
the signing certificate of a signed instance image.
The trusted_image_certificates request parameter can be passed to
the server create and rebuild APIs (if allowed by policy):
* POST /servers
* POST /servers/{server_id}/action (rebuild)
The following policy rules were added to restrict the usage of the
``trusted_image_certificates`` request parameter in the server create
and rebuild APIs:
* os_compute_api:servers:create:trusted_certs
* os_compute_api:servers:rebuild:trusted_certs
The trusted_image_certificates parameter will be in the response
body of the following APIs (not restricted by policy):
* GET /servers/detail
* GET /servers/{server_id}
* PUT /servers/{server_id}
* POST /servers/{server_id}/action (rebuild)
APIImpact
Implements blueprint: nova-validate-certificates
Change-Id: Iedd3fea0e86648fae364f075915555dcb2c4f199
shuangyang.qian