This change migrates the code currently written only to serve libvirt
driver to be generally useful, adding driver-neutral data structures
and a method to build them.
The libvirt driver is reworked to use get_instance_driver_metadata
instead of it's current code.
The ironic driver is reworked, per the blueprint, to send along some of
this additional metadata to the Ironic node.instance_info.
blueprint ironic-guest-metadata
Needed-By: https://review.opendev.org/c/openstack/ironic/+/924887
Change-Id: I2b23c8463f66c38e64625486157f245cd74cec61
This file is being automatically generated during the docs build, no
need to have it persisted in git.
Change-Id: Ib45f722cc305e1d828d31724535e31ad3dda6c2e
pip 23.1 removed the "setup.py install" fallback for projects
that do not have pyproject.toml and now uses a pyproject.toml
which is vendored in pip.
To address that, this change adds the minimal pyproject.toml
to enable pbr to be properly used to build editable wheels.
This is required to support installing devstack on
centos stream 9 and related distros with GLOBAL_VENV=True
Without this change the wsgi scripts are not generated in
editable mode. i.e. pip install -e /opt/stack/keystone
See https://pip.pypa.io/en/stable/news/#v23-1
and https://github.com/pypa/pip/issues/8368 for more
details on the removal of the fallback support.
setuptools v64.0.0 is used to support editable installs
via its PEP-660 implmentation
https://github.com/pypa/setuptools/pull/3488
Depends-On: https://review.opendev.org/c/openstack/devstack/+/902758
Change-Id: I3255edb67fd7fe7a25b5871ec071c4b4c9d98ac2
This removes the in-tree format_inspector and makes us use the one in
oslo.utils. Minor changes are required around the behavior of the
safety_check() (raising instead of returning). This also allows images
detected as 'gpt' but registered as 'raw', since that's how everything
currently works. Hopefully later we can start registering in glance as
gpt, and rejecting boots from raw images.
Change-Id: I5b89e17438157690495961c306861a06532c8b4e
Depends-On: https://review.opendev.org/c/openstack/tempest/+/927146
This patch adds the following SPICE-related configuration option
to the 'spice' configuration group:
- require_secure
When set to true, libvirt will be provided with domain XML which
configures SPICE VDI consoles to require secure connections (that
is, connections protected by TLS). Attempts to connect without
TLS will receive an error indicating they should retry the connection
on the TLS port.
Change-Id: Ica7083b0836f8d66cad8a4b4097613103fc91560
The method get_root_info sometimes receives a BlockDeviceMapping object,
which lacks a copy method. The previous code assumed root_bdm was always
an instance of DriverBlockDevice, a subclass of dict that supports the copy()
method. However, during testing, it was discovered that root_bdm could also
be a BlockDeviceMapping object, which does not have a copy method.
To address this, the change replaces the copy() call with copy.deepcopy()
according to the suggestion in the comment [1], which works for both
BlockDeviceMapping and DriverBlockDevice instances. The deepcopy method is
supported because oslo.versionedobjects implements the __deepcopy__ method.
This change ensures the function handles both object types correctly,
preventing the AttributeError observed during testing.
[1] https://review.opendev.org/c/openstack/nova/+/909611/4/nova/virt/libvirt/blockinfo.py
Change-Id: I9432718586855ff57e8e6a5cae064e0685dd01e8
Add the new image property to request stateless firmware. The property
will be used by the libvirt driver once the actual logic to enable
the feature is implemented.
Partially-Implements: blueprint libvirt-stateless-firmware
Change-Id: I05d4ff89d2b713b217b6c690e40fd4a16a397b63
This is the first step to support launching instances with stateless
firmware. At this stage none of the virt drivers report the trait to
support the feature.
Depends-on: https://review.opendev.org/c/openstack/os-traits/+/908885
Partially-Implements: blueprint libvirt-stateless-firmware
Change-Id: I4c1df950af11687ae5a52e4eba7943029ec36e69
In case nova fails to parse the XML from libvirt the lxml exception is
dumped to the log but it only states the location of the error in the
XML string like
lxml.etree.XMLSyntaxError: StartTag: invalid element name, line 40, column 35
To be able to troubleshoot the actual XML error we need to see the
invalid XML as well. So this patch makes sure that if nova fails to
parse the XML then the XML itself is dumped to DEBUG log.
Change-Id: I14cce6db4c86f663e61d3668d081858741e88add
While we do cache the hosts's capabilities in self._caps in the
libvirt Host object, if we happen to fist call get_capabilities() with
some of our dedicated CPUs offline, libvirt erroneously reports them
as being on socket 0 regardless of their real socket. We would then
cache that topology, thus breaking pretty much all of our NUMA
accounting.
To fix this, this patch makes sure to call get_capabilities()
immediately upon host init, and to power up all our dedicated CPUs
before doing so. That way, we cache their real socket ID.
For testing, because we don't really want to implement a libvirt bug
in our Python libvirt fixture, we make due with a simple unit tests
that asserts that init_host() has powered on the correct CPUs.
Closes-bug: 2077228
Change-Id: I9a2a7614313297f11a55d99fb94916d3583a9504
The resource tracker Claim object works on a copy of the instance object
got from the compute manager. But the PCI claim logic does not use the
copy but use the original instance object. However the abort claim logic
including the abort PCI claim logic worked on the copy only. Therefore the
claimed PCI devices are visible to the compute manager in the
instance.pci_decives list even after the claim is aborted.
There was another bug in the PCIDevice object where the instance object
wasn't passed to the free() function and therefore the
instance.pci_devices list wasn't updated when the device was freed.
Closes-Bug: #1860555
Change-Id: Iff343d4d78996cd17a6a584fefa7071c81311673
The nova-ceph-multistore job is currently
not configured properly for the new image format
tests. This change skips them until we decided
how to fix this.
Change-Id: I3de7588ba224453c24beabf8a799c71677603ba7
We currently get the following error message if attempting to fit a
guest with hugepages on a node that doesn't have enough:
Host does not support requested memory pagesize, or not enough free
pages of the requested size. Requested: -2 kB
Correct this, removing the kB suffix and adding a note on the meaning of
the negative values, like we have for the success path.
Change-Id: I247dc0ec03cd9e5a7b41f5c5534bdfb1af550029
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-Bug: #2075959
We have a lot of special cases all around our code for AMI (et al)
images, in the boot, snapshot, and other areas. It was recently
discussed (after the major CVE which was complicated by AMI support)
that we should drop these special cases and support for AMI with it.
This starts that timer.
Change-Id: I90efaaa35225ce82bada0b427e09c8289adaae1e
Lets first ensure we have a test that proves we have bad behaviour,
then follow up with the fix and the test tweak to prove it.
On the first compute node it fails due to group policy error.
On the second compute node instance should have exactly one PCI device.
Related-Bug: #1860555
Change-Id: Ia122fff268c8f45ad3e5a3071d2cb7c990cb2c1d
Libvirt 8.0.0 introduced the new domain capabilities API filed to
present available TPM models. This introduces the logic to report
available TPM models as compute node traits, and use that trait for
scheduling to ensure a request tpm model is available at the compute
node where the instance is being launched.
Depends-on: https://review.opendev.org/c/openstack/os-traits/+/909107
Implements: blueprint libvirt-detect-vtpm-support
Change-Id: Iec98e7b0d19f37f094152a61a26790fcdf3328d9
Node device XML validation flags [1]:
VIR_NODE_DEVICE_(CREATE|DEFINE)_XML_VALIDATE
were added in libvirt 8.10.0 but we support older libvirt versions
which will raise an AttributeError when flag access is attempted.
We are not currently using the flags (nothing calling with
validate=True) so this removes the flags from the code entirely. If the
flags are needed in the future, they can be added again at that time.
Closes-Bug: #2076163
[1] https://github.com/libvirt/libvirt/commit/d8791c3c7caa6e3cadaf98a5a2c94b232ac30fed
Change-Id: I015d9b7cad413986058da4d29ca7711c844bfa84
Libvirt 8.0.0 introduced the field to tell availability of TPM support,
which internally checks availability of swtpm[1]. We can use this
feature instead of implementing the own logic to detect availability.
The feature in libvirt relies on libvirt itself, so allows us to ensure
the swtpm binaries are present in the PATH used by libvirt, not in one
used by nova-compute.
In addition, libvirt 8.6.0 introduced the additional field to expose
available TPM versions[2], which can be used to report available TPM
versions.
<domainCapabilities>
<devices>
<tpm supported='yes'>
<enum name='model'>
<value>tpm-tis</value>
<value>tpm-crb</value>
</enum>
<enum name='backendModel'>
<value>passthrough</value>
<value>emulator</value>
<value>external</value>
</enum>
<enum name='backendVersion'>
<value>1.2</value>
<value>2.0</value>
</enum>
</tpm>
</devices>
</domainCapabilities>
[1] https://github.com/libvirt/libvirt/commit/6f7fc0b54ad97e62e10cd6f9524fcc29b4bb4cc5
[2] https://github.com/libvirt/libvirt/commit/1277a9c884039e92765c977917420511f45e52e8
Partially-Implements: blueprint libvirt-detect-vtpm-support
Change-Id: I9d07635883f413b8e91312f602a3f5de8f3bf266
Libvirt uses swtpm_ioctl to terminate swtpm processes. If the binary
does not exist, swtpm processes are kept running after the associated
VM terminates, because QEMU does not send shutdown to swtpm.
Closes-Bug: #2052761
Change-Id: I682f71512fc33a49b8dfe93894f144e48f33abe6
Takashi Kajinami