Previous patches removed direct eventlet usage from nova-conductor so
now we can run it with native threading as well. This patch documents
the possibility and switches both nova-conductor process to native
threading mode in the nova-next job.
Change-Id: If26c0c7199cbda157f24b99a419697ecb6618fa6
Signed-off-by: Balazs Gibizer <gibi@redhat.com>
This change fixes duplicate consecutive words from docs
as well as code.
Signed-off-by: Rajesh Tailor <ratailor@redhat.com>
Change-Id: I236ff41fccf831023b6f85840097148a30e84743
This is the last piece to allow users to request AMD SEV-ES for memory
encryption instead of AMD SEV. The CPU feature for memory encryption
can now be requested via the hw:mem_encryption_model flavor extra spec
or via the hw_mem_encryption_model image property.
Implements: blueprint amd-sev-es-libvirt-support
Change-Id: Ifc9b86ad7db887cc22b2cd252fe8adc81fdc29c6
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This patch refines our logging, doc, and release notes about the native
threading mode of scheduler, api, and metadata services to ask for
pre-prod testing before enabled in production.
Change-Id: I04bbb3d7e4664a0cab8b30f4c34ee71774536353
Signed-off-by: Balazs Gibizer <gibi@redhat.com>
It turns out that nova-api and nova-metadata only depend on spawning
threads via scatter-gather. The scatter-gather already supports both
eventlet and threading mode so we can switch these services.
Our WSGI services (nova-api, nova-metadata) are not relying on
oslo.service to fork worker processes, but expect the web server to
handle that (uwsgi, apache mod_wsgi). This means we don't need to handle
any forking issues as no nova code runs before the fork.
Change-Id: Id3a339c605dfc730bdb7994c3ca45baafeb5af80
Signed-off-by: Balazs Gibizer <gibi@redhat.com>
Either the vendor_id and product_id needs to be set or the
resource_class needs to be set in each alias. This is now validated when
the alias is parsed to avoid late failure during placement
allocation_candidates query.
Closes-Bug: #2111440
Change-Id: I7fd43b3d6faac8c4098b0983e8adc596414823a1
Document and the limitation of the PCI in Placement feature that it
does not support [pci]alias configuration where the name of the alias is
repeated. E.g.
[pci]
alias = { "name": "vf1", "product_id":"10ca", "vendor_id":"8086", "device_type":"type-VF"}
alias = { "name": "vf1", "product_id":"f000", "vendor_id":"8086", "device_type":"type-VF"}
This would mean the alias vf1 can be fulfilled from devices with product
id 10ca OR f000. However this OR relationship cannot be encoded to a
single Placement allocation query as Placement does not support
requesting alternative resource classes for a request[2].
This limitation was encoded in the original PCI in Placement
implementation[1] but we missed to mention it in the doc.
This is now fixed.
[1]https://github.com/openstack/nova/blob/0d484ce37d86e989c8abdf57aec5e334f68206ef/nova/objects/request_spec.py#L504-L528
[2]https://docs.openstack.org/api-ref/placement/#list-allocation-candidates
Related-Bug: #2102038
Change-Id: I9dd78b1498f870a4e4c3f26c23d42d105aec0350
In c12eebd4c6 we missed that there are
another set of config option that become unused now. So this is a follow
up patch to remove those as well.
Change-Id: Ie00805b5f72b118db134aeb8399ef4c72f434966
The doc is now clarifying that [filter_scheduler]pci_in_placement needs
to be set to nova-api, nova-scheduler, and nova-conductor config as
well.
Closes-Bug: #2112303
Change-Id: I3c7be2f109a97ef5cc4b2dc76cb7c58ef8c68afa
When I069879a333152bb849c248b3dcb56357a11d0324 merged in Caracal, we forgot
to add documentation for the SR-IOV GPU caveat fix.
Also, given the new max_instances option was dynamic, we can't even see it
in the configuration list, so actually none of our operators can know that we
fixed it and how to do it 🤦
Change-Id: I3402c28f76cc51dd8c003181f11e0820ce5d9b7d
Related-Bug: #2041519
This change bumps to the latest version of each
of our pre-commit hooks. Of note this add py3.13
support to autopep8.
Codespell was also updated and the new spelling
issues resolved.
Change-Id: I1aab019ffb0ee9366a7d26515bef1335d09044df
We learned during recent installer development that triggering
GMR with apache/mod_wsgi API services via signals is hard due
to multiple reasons. We ended up using file based triggers instead of
signals. This patch document this approach.
Change-Id: I1fdbe6314ce4a1b173d01d3ebd9db07a0beb25a2
The previous patch[1] removed the entry points. As there is sizable
amount of doc change needed to remove all the references from the doc
to the removed entry points a separate patch, this, is created to do so.
[1] Ie758550c0b8fb02aeb398396961467d9f845fcc9
Change-Id: Ibe8e45e86912e747f07e5fabd5b1204341c1e606
This adds documentation to the PCI-passthrough doc in the admin guide,
explaining how to use one-time-use devices.
Keeping this separate so we can iterate on it separate from the code.
Related to blueprint one-time-use-devices
Change-Id: Iff91c0726bbb37c7a3ef885a73e3c3586feb6004
This patch adds the necessary documentation identified in:
- pci-passthrough: Explaining live migration and known issues.
- virtual-gpu: Updating the caveats section to clarify what to do
when VF devices are available instead of `mdev`.
The target goal of these series of patch is to enable VFIO devices
migration with kernel variant drivers.
Implements: blueprint migrate-vfio-devices-using-kernel-variant-drivers
Change-Id: I41271a8af5687fb1d18f9d0852492756e096720d
The target goal of these series of patch is to enable VFIO devices
with kernel variant drivers.
Implements: blueprint enable-vfio-devices-with-kernel-variant-drivers
Change-Id: I7949ba6da8b6257865d8e9e48bf3feabc10bdf17
This weigher will check how many instances in the host have the image
properties that are requested and will prefer by default to pack
instances with the same properties.
Implements blueprint: image-metadata-props-weigher
Change-Id: I3bfed44bd089c6b226d13c3ac4a0003411737cbd
The yum command has been replaced by the dnf command in recent releases
of Fedora-based distributions. Use the native command instead of
the alias kept for compatibility.
Partial-Bug: #2091586
Change-Id: I34cb4f28af65f426f8dd453435c79cbfd7d97394
Manila is the OpenStack Shared Filesystems service.
These series of patches implement changes required in Nova to allow the shares
provided by Manila to be associated with and attached to instances using
virtiofs.
Implements: blueprint libvirt-virtiofs-attach-manila-shares
Change-Id: I3963e9929c61751ed3ea176d1ef9dcc29c02de82
This adds config options for unified limits quotas that allow
admin/operators to specify which resources they will require or ignore
to have unified limits set in Keystone.
The options are only used when ``[quota]driver`` is set to
``UnifiedLimitsDriver``.
When the resource strategy is set to 'require' (the default), the
resource list will represent the resources that are required to have a
registered limit set in Keystone.
When the resource strategy is set to 'ignore', the resource list will
represent the resources that will be ignored for quota enforcement if
they do not have a registered limit set in Keystone.
Related to blueprint unified-limits-nova-unset-limits
Change-Id: Icb08fadbdbf9c1bf354c3091f05edce80ebf68c3
This changes the "note" about the requirement of configuring
[service_user] to a "warning" for better visibility.
Also replace a few setting values with variables instead of the
defaults from Devstack.
Change-Id: I561690582436832f4070a2d17aa8ff79b0f788fd
This patch adds the following SPICE-related configuration option
to the 'spice' configuration group:
- require_secure
When set to true, libvirt will be provided with domain XML which
configures SPICE VDI consoles to require secure connections (that
is, connections protected by TLS). Attempts to connect without
TLS will receive an error indicating they should retry the connection
on the TLS port.
Change-Id: Ica7083b0836f8d66cad8a4b4097613103fc91560
The 'openstack (registered )limit set' command examples are incorrectly
showing use of the --resource-name option. The --resource-name option
is only to be used to update the name of a limit's resource and will
actually result in a 409 error if the specified name already exists.
This removes --resource-name from those examples.
Change-Id: I785fce1ba927894cb3b1a2a13c4e8eaf91930f5b
This address review feedback on change
I7e1d10e66a260efd0a3f2d6522aeb246c7582178 to add some clarifying text
to the docs and release note.
Related to blueprint persistent-mdevs
Change-Id: I472552c64cc2c2ce06896158664faac0199d90bd
The admin docs are missing some details about enabling unified limits,
like oslo.limit configuration and Keystone roles. This adds more
information about what roles are needed for what actions, how to set
quota limits, quota enforcement, and unified limits in general.
This also removes a couple of tables from the user docs that show
obsolete/deprecated quota limits because they may be more confusing
than helpful considering we don't want new deployments to use them and
they add more clutter to the page.
More info is also added regarding the CLI commands for unified limits
and makes it consistent between the user and admin docs.
Change-Id: Id93f9997d1b217e0c2151c88323564f7a7fefc02
After this patch nova rejects the add host to aggregate API action
if the host has instances and the new aggregate for the host would
mean that these instances need to move from one AZ (even from the
default one) to another. Such AZ change is not implemented in nova
and currently leads to stuck instances.
Similarly nova will reject remove host from aggregate API action if the
host has instances and the aggregate removal would mean that the
instances need to change AZ.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/821732
Change-Id: I19c4c6d34aa2cc1f32d81e8c1a52762fa3a18580
Closes-Bug: #1907775
Balazs Gibizer