This is prep work to support launching instances with AMD SEV-ES memory
encryption and adds the object field to select the CPU feature to
encrypt and protect memory data of instances.
Partially-Implements: blueprint amd-sev-es-libvirt-support
Change-Id: I71fde5438d4e22c9e2566f8a684c5a965a7f3dd3
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This patch adds just the objects and notifications required to
support an extra spec to configure a USB controller inside
the guest. This is useful for SPICE consoles using the native
protocol.
Change-Id: I791b16c5bf0e860a188783c863e95dc423998b0a
Signed-off-by: Michael Still <mikal@stillhq.com>
This patch adds just the objects and notifications required to
support an extra spec to configure a sound device inside
the guest. This is useful for SPICE consoles using the native
protocol.
Change-Id: I2faeda0fd0fb9c8894d69558a1ccaab8da9f6a1b
Signed-off-by: Michael Still <mikal@stillhq.com>
This patch add share information to the InstancePayload that can be sent
if the include_share_mapping configuration parameter is enabled.
Manila is the OpenStack Shared Filesystems service.
These series of patches implement changes required in Nova to allow the shares
provided by Manila to be associated with and attached to instances using
virtiofs.
Implements: blueprint libvirt-virtiofs-attach-manila-shares
Change-Id: I3d5005eab9e3f23be149e955e8cb4608a6ee1312
This patch add a notification when a share is attached to an instance.
Manila is the OpenStack Shared Filesystems service.
These series of patches implement changes required in Nova to allow the shares
provided by Manila to be associated with and attached to instances using
virtiofs.
Implements: blueprint libvirt-virtiofs-attach-manila-shares
Change-Id: I6fe3807164bd2ca6439342abd32f8e4ce9057c8c
Qemu 8.0 and libvirt 9.3.0 added support for qemu emulated igb
network device. This patch adds the new igb value for hw_vif_model
so nova could eventually support booting VMs with such devices.
Subsequent patches will enable libvirt support.
Implements: blueprint igb-vif-model
Change-Id: I9c8dc1a663d0534d62798c5b4c8d4539551f7ae4
Add the new image property to request stateless firmware. The property
will be used by the libvirt driver once the actual logic to enable
the feature is implemented.
Partially-Implements: blueprint libvirt-stateless-firmware
Change-Id: I05d4ff89d2b713b217b6c690e40fd4a16a397b63
This change adds a new hw:locked_memory extra spec and hw_locked_memory
image property to contol preventing guest memory from swapping.
This change adds docs and extend the flavor
validators for the new extra spec.
Also add new image property.
Blueprint: libvirt-viommu-device
Change-Id: Id3779594f0078a5045031aded2ed68ee4301abbd
arch in libvirt driver support
This is split 1 of 3 for the architecture emulation feature.
This adds the 'hw_emulation_architecture' property to the image meta
properties, allowing for operator to define whether they will use
emulation or not.
This adds the capability as a feature to ensure no impact to normal
operations or functionality.
Account for object versioning has been added to raise exceptions and
handle proper
Implements: blueprint pick-guest-arch-based-on-host-arch-in-libvirt-driver
Signed-off-by: Jonathan Race <jrace@augusta.edu>
Change-Id: If4f598c0d3f9e64617beb54450faa04e7d20dd20
Finish up removing these entries from the versioned instance
notifications. They're useless since we dropped support for the XenAPI
virt driver. The underlying model is retained for now: that will be
handled separately.
Change-Id: I774c50fca99bc655ca5010e3b9d8247b739293b3
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The 'bochs' display device is a recommended[1] safe option for UEFI
guests. This is supported in libvirt from version 5.6.0; Nova's current
MIN_LIBVIRT_VERSION (6.0.0) satisfies this requirement.
Partially quoting the "bochs display device" section from a post written
by a QEMU graphics maintainer[1]:
[...] Main advantage over standard VGA is that this device is alot
simpler. The code size and complexity needed to emulate this device
is an order of magnitude smaller, resulting in a reduced attack
surface. Another nice feature is that you can place this device in a
PCI Express slot.
For UEFI guests it is safe to use the bochs display device instead
of the standard VGA device. The firmware will setup a linear
framebuffer as GOP anyway and never use any legacy VGA features.
For BIOS guests this device might be useable as well, depending on
whenever they depend on direct VGA hardware access or not. There is
a vgabios which supports text rendering on a linear framebuffer, so
software which uses the vgabios services for text output will
continue to work. Linux bootloaders typically fall into this
category. The linux text mode console (vgacon) uses direct hardware
access and does not work. The framebuffer console (fbcon running on
vesafb or bochs-drm) works.
[1] https://www.kraxel.org/blog/2019/09/display-devices-in-qemu/
Implements: blueprint add-bochs-display-device
Change-Id: Id194028f5d2cbaac1c5e699b71fd9751f87f5da5
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
The USB-based tablet is often the only USB device in an x86 instance,
while the USB-based keyboard is often the only such device in an AArch64
instance (x86 have PS2 keyboards and mice). Replacing these with
virtio-based devices can eliminate the need to have a USB host adapter
in the instance. Enable just that possibility by adding a new value
image metadata property, 'hw_input_bus'. This allows us to specify not
only virtio-based pointer and keyboard input devices but also USB
equivalents.
Note that this also fixes one instance of a particular class of bugs,
whereby we have checks for *guest* architecture-specific behavior that
are being toggled based on the *host* architecture. In this instance,
we were attempting to add a keyboard device on AArch64 guests since they
don't have one by default, but we were determining the architecture by
looking at the CPU architecture reported in the host capabilities. By
replacing this check of the host capabilities with a call to the
'nova.virt.libvirt.utils.get_arch' helper, we correctly handle requests
to create non-host architecture guests via the 'hw_architecture' image
metadata property. There are many other instances of this bug and those
can be resolved separately.
Change-Id: If9f3ede3e8449f9a6c8d1da927974c0a73923d51
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This patch adds the 'socket' value to the allowed PCI NUMA affinity
policies, both to the 'hw:pci_numa_affinity_policy' flavor extra spec,
and the 'hw_pci_numa_affinity_policy' image property.
For now the new value is a no-op and remains undocumented. It will be
wired-in in a subsequent patch.
Implements: blueprint pci-socket-affinity
Change-Id: I0680d4e21f3e317ac702b55afef4c87e8acbfc3a
This one is a little more involved because there are persistent objects
and versioned notifications to worry about, neither of which we can
remove right now.
Change-Id: Ic7c330ee1cccdc44a2a555c16cb6090eecbf6ce1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Add support for the 'hw:tpm_version' and 'hw:tpm_model' flavor extra
specs along with the equivalent image metadata properties. These are
picked up by the scheduler and transformed into trait requests. This is
effectively a no-op for now since we don't yet have a driver that
reports these traits.
Part of blueprint add-emulated-virtual-tpm
Change-Id: I8645c31b4ecb18afea592b2a5b360b0165626009
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Introduce a 'mixed' instance CPU allocation policy and
will be worked with upcoming patches, for purpose of
creating an instance combined shared CPUs with dedicated
or realtime CPUs.
In an instance mixed with different type of CPUs, the shared CPU
shared CPU time slots with other instances, and also might be a
CPU with less or un-guaranteed hardware resources, which implies
to have no guarantee for the behavior of the workload running on
it. If we call the shared CPU as 'low priority' CPU, then the
realtime or dedicated CPU could be called as 'high priority' CPU,
user could assign more hardware CPU resources or place some
guaranteed resource to it to let the workload to entail high
performance or stable service quality.
Based on https://review.opendev.org/714704
Part of blueprint use-pcpu-and-vcpu-in-one-instance
Change-Id: I99cfee14bb105a8792651129426c0c5a3749796d
Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
Update the versioned object notification for 'InstanceNUMACell'
object to reflect the change of a new 'pcpuset' field.
Part of blueprint use-pcpu-and-vcpu-in-one-instance
Change-Id: Ifeb21b9eff828952f67002172c8500f738e9984c
Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
This change adds missing fields to the image metadata
notification object and adds a unit tests to assert
that the notification object and nova object stay in sync.
This change also adds unit tests to assert the notification
schema and fields are in sync and that the schema is
valid.
Change-Id: I36ea5d5e677ab3e6c88223b20f5377e9471c55db
Closes-Bug: #1856100
This addresses bug #1795920 by adding support for
defining a pci numa affinity policy via the flavor
extra specs or image metadata properties enabling
the policies to be applied to neutron sriov port
including hardware offloaded ovs.
Closes-Bug: #1795920
Related-Bug: #1805891
Implements: blueprint vm-scoped-sriov-numa-affinity
Change-Id: Ibd62b24c2bd2dd208d0f804378d4e4f2bbfdaed6
We do this because most of our sample tests are currently using a fake
network cache due to 'stub_compute_with_ips', and that fake cache uses
the name 'private' instead of 'private-network'. When we remove that in
a future change, there's going to be a lot of refactoring. Head some of
that off by just using the same name.
Change-Id: I6339005a0d49a6dfd376523d3f9e145a00cfc3bd
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
- This change extends the VideoModel field object to allow 3 new values
(virtio, gop, none)
- This change makes the libvirt driver use ALL tuple from the
nova.fields.VideoModel object instead of declaring a second
tuple inline for validation.
- This change allows the virtio video model to now be used
for all architectures when explicitly requested via the
hw_video_model image metadata property
- This change introduces unit tests and a release note
for the new capablities.
Change-Id: I2830ccfc81cfa9654cfeac7ad5effc294f523552
Implements: blueprint libvirt-video-device-models
This patch adds a new parameter ``locked_reason`` to
``POST /servers/{server_id}/action`` request where the
action is lock. It enables the user to specify a reason when locking
a server.
The locked_reason will be exposed through ``GET servers/{server_id}``,
``GET /servers/detail``, ``POST /servers/{server_id}/action`` where
the action is rebuild and ``PUT servers/{server_id}`` requests' responses.
The InstanceActionNotification will emit the locked_reason
along with the other instance details. This patch hence changes the
payload object to include the "locked_reason" field.
Note that "locked" will be allowed as a valid filtering/sorting parameter
for ``GET /servers/detail`` and ``GET /servers`` from this new microversion.
Implements blueprint add-locked-reason
Change-Id: I46edd595e7417c584106487123774a73c6dbe65e
Transform the scheduler.select_destinations.start and
scheduler.select_destinations.end notifications to the
versioned notification framework.
Change-Id: I019e88fabd1d386c0d6395a7b1969315873485fd
Implements: bp versioned-notification-transformation-stein
The following notifications have been transformed to
the versioned notification framework.
* compute_task.build_instances
* compute_task.migrate_server
* compute_task.rebuild_server
Co-Authored-By: Takashi Natsume <natsume.takashi@lab.ntt.co.jp>
Change-Id: Ibfb0a6db5920d921c4fc7cabf3f4d2838ea7f421
Implements: bp versioned-notification-transformation-stein
Enable users to define the policy rules on server group policy
to meet more advanced policy requirement. This microversion
brings the following changes in server group APIs:
* Add ``policy`` and ``rules`` fields in the request of POST
``/os-server-groups``.
* The ``policy`` and ``rules`` fields will be
returned in response body of POST, GET ``/os-server-groups``
API and GET ``/os-server-groups/{server_group_id}`` API.
* The ``policies`` and ``metadata`` fields have been removed
from the response body of POST, GET ``/os-server-groups`` API
and GET ``/os-server-groups/{server_group_id}`` API.
Part of blueprint: complex-anti-affinity-policies
Change-Id: I6911e97bd7f8df92511e90518dba21c127e106a5
In this patch, the ServerGroupPayload is updated to include
the new ``policy`` field; the ``policies`` field is deprecated
for removal but still put into the notification payload for
backward compatibility.
Related to blueprint complex-anti-affinity-policies
Change-Id: Ie739ee8dec4685cd70e735ff83f7f30bc7e95a57
The instance.rebuild_scheduled notification has been transformed
to the versioned notification framework.
Co-Authored-By: Takashi Natsume <natsume.takashi@lab.ntt.co.jp>
Change-Id: I640562b8dd049ff5b6fea9286dc3082b9d837ed3
Implements: bp versioned-notification-transformation-rocky
The instance action notifications contain the user id and the
project id of the owner of the instance. However an instance
action might be initiated by another user. It could be another
user from the same project or can be an admin from the admin project.
To be able to distinguish between the user who initiated the instance
action from the user owning the instance we need to add two new
fields to the instance action notifications, action_initiator_user
and action_initiator_project
Change-Id: I649d8a27baa8840bc1bb567fef027c749c663432
Closes-bug: #1744658
Blueprint: add-action-initiator-to-instance-action-notifications
Add the 'trusted_image_certificates' field to InstanceCreatePayload
and InstanceActionRebuildPayload notifications.
Change-Id: Ib5b50a3889ab15d5aac992f92e9be372a915eeff
This patch contains the instance.exists related notification
transformation. The functional test for instance_usage_audit
periodic task case is added in a subsequent patch.
Change-Id: I1a0afa0e8740c229db77c18b932e316196880de5
Implements: bp versioned-notification-transformation-rocky
As it was agreed on the Rocky PTG [1] it is useful to have the
request_id of in the payload of every instance action versioned
notification. For example it could help the deployer connect
the state change described in the notification with the user
action, the request, on the REST API.
So this patch proposes to extend the InstanceActionPayload
versioned object with a new request_id field and populate
the request_id from the context object used for emitting
the instance action notifications.
[1] https://etherpad.openstack.org/p/nova-ptg-rocky L391
Implements: bp add-request-id-to-instance-action-notifications
Change-Id: I7243b60938d6e9c7c2bc2aacdba5c667cca8ec9b
This patch refactors the sample files of:
* instance-update
* instance-update-tags
notifications to use a common InstanceUpdatePayload sample data.
Change-Id: I8720556ed8a9ce7f1db165a793fbb7070954cc5a
This patch refactors the sample files of:
* instance-live_migration_abort_start
* instance-live_migration_abort_end
* instance-shutdown-start
* instance-shutdown-end
notifications to use a common InstanceActionPayload sample data.
refactors the sample files:
* instance-snapshot-start
* instance-snapshot-end
notifications to use a common InstanceActionSnapshotPayload sample data.
Change-Id: I762b619c4410e3ff4a3660fc318832f81f523c05
This patch refactors the sample files of:
* instance-volume_attach-start
* instance-volume_attach-end
* instance-volume_attach-error
* instance-volume_detach-start
* instance-volume_detach-end
notifications to use a common InstanceActionVolumePayload sample data.
and refactor:
* instance-volume_swap-start
* instance-volume_swap-end
* instance-volume_swap-error
notifications to use a common InstanceActionVolumeSwapPayload sample data
Change-Id: I51fd194ac3b95be96db2676b4abf3df5a14d0faa
The instance.resize_prep.start and instance.resize_prep.end
notifications are transformed to the versioned framework.
Co-Authored-By: Takashi Natsume <natsume.takashi@lab.ntt.co.jp>
Change-Id: If33d092e8688ed4d4864b2f7130104ab85ce1ea4
Implements: bp versioned-notification-transformation-queens
This patch refactors the sample files of service-create, service-delete
and service-update notifications to use a common ServiceStatusPayload
sample data.
This patch addresses the problem which lead the revert of the commit
I708ce5423806d2913e77abbe338aec970a5009dc.
Change-Id: I2f619089ae88d05207bb3432c63546a298f0bf15
This patch refactors the sample files of aggregate-add_host,
aggregate-delete, aggregate-create and aggregate-remove_host
notifications to use a common AggregatePayload sample data.
Change-Id: I50382f4d829693412bbfe47ffd08a24e69342715
The rescue (instance.rescue.start and instance.rescue.end) and unrescue
(instance.unrescue.start and instance.unrescue.end) notifications are
transformed to the versioned framework.
This patch also fixes the power state of the server
when unrescuing it with the fake compute driver.
Co-Authored-By: Takashi Natsume <natsume.takashi@lab.ntt.co.jp>
Change-Id: Ib1d03c6d693e3b04886c638c956e35809fed8fc2
Implements: bp versioned-notification-transformation-queens
Closes-Bug: #1742133
This reverts commit 39f9ef719e.
The reverted change made the service.update notification sample tests
failing consistently on master. The CI did not catch this problem as
the functional test does not run for changes that only touches
nova/docs. This is a quick fix to unblock the gate and fix the
functional job defintion in a separate patch.
Change-Id: Idabbf70ae46f36be8343c0a00d812cbebf7f7670
Closes-Bug: #1742935
This patch refactors the sample files of service-create, service-delete
and service-update notifications to use a common ServiceStatusPayload
sample data.
Change-Id: I708ce5423806d2913e77abbe338aec970a5009dc
This patch refactors the sample files of instance.create notifications.
As these notifications use a different payload class as the most of the
instance notifications a new common payload sample fragment was also
needed.
Change-Id: I7a8e9507ee30d404e075a46e48070a0f94276e33
This patch refactors the sample files of keypair-create, keypair-delete
and keypair-import notifications to use a common KeypairPayload sample
data.
Change-Id: Ic8f2d51fe4922cd7633b0d77dc86702798bae1d6
Takashi Kajinami