Due to glance behavioral changes, using the new location API causes
async hashing jobs to create confusion for tooling not expecting
undeletable images.
Revert this until glance can resolve the issue.
This reverts commit eab0de2900.
Change-Id: Ifc4631720a1872cb6d93e9ee490c19edd1a7b98e
This adds support for devices that will be allocated to an instance
once and left in a reserved=total state. An external workflow can
put them back into allocatable state by dropping reserved back to
zero. Note this requires PCI-in-placement tracking for the affected
devices and it is only valid for type-PCI and type-PF devices.
Related to blueprint one-time-use-devices
Depends-On: https://review.opendev.org/c/openstack/requirements/+/946181
Co-Authored-By: Balazs Gibizer <gibi@redhat.com>
Change-Id: Idfe8a746a97d68cd4eae30afb7d22f4e3af80327
Currently, even when [libvirt] volume_use_multipath is set to True,
volume attachment silently falls back to single path if multipathd is
not running in the host. This sometimes prevents operators from
noticing the misconfiguration, until they face any issue caused by
missing redundancy.
Introduce the new [libvirt] volume_enforce_multipath option, which
makes the attachment process fail if multipathd is not running.
A similar parameter (enforce_multipath_for_image_xfer) was already
implemented in cinder and this change follows how the parameter is
implemented there.
Also add the check in init phase to detect lack of mulitipath daemon
during initializing driver.
Min version of os-brick has to be bumped due to the interface change
made by 8d919696a9f1b1361f00aac7032647b5e1656082 .
Implements: blueprint enforce-multipath
Change-Id: I828de70ca7b343a4562ace4049d2b3857dbf900a
The netifaces library was abandoned and retired. Replace it by psutil
which is already part of the dependencies.
Note that localhost_supports_ipv6 from openstacksdk should be mocked
now because it uses psutil in recent versions.
Closes-Bug: #2071596
Change-Id: If9268cab8c2b3098d757571c6cab07d13d34a2c2
As the crypt module has been dropped in Python 3.13 switch to
using the oslo.utils crypt_password replacement instead.
Change-Id: Ib8c11db025cd12a9fa86e9185bf9ad172a86ef6d
This patch is inspired by /nova/volume/cinder.py, it is an abstraction to
the manila service.
Manila is the OpenStack Shared Filesystems service.
These series of patches implement changes required in Nova to allow the shares
provided by Manila to be associated with and attached to instances using
virtiofs.
Implements: blueprint libvirt-virtiofs-attach-manila-shares
Depends-On: https://review.opendev.org/c/openstack/openstacksdk/+/889519
Change-Id: I44ab37ec2c15fcfc351c42216660bda39461b163
olso.policy 4.5.0[1] changed the config options policy_file
default value to 'policy.yaml', which means it is changed
for all the OpenStack services and they do not need to
override the default anymore.
NOTE: There is no change in behaviour here, oslo.policy provides
the same configuration that services have overridden till now.
[1] https://review.opendev.org/c/openstack/releases/+/934012
[2] https://review.opendev.org/c/openstack/requirements/+/934295
Change-Id: I6e4c517eb81a50056563189753b21191bbf6b92d
Makes igb vif model supported for hosts with libvirt 9.3.0 and qemu
8.0.0 or higher.
Implements: blueprint igb-vif-model
Depends-On: https://review.opendev.org/c/openstack/os-traits/+/928582
(merged, released as 3.2.0)
Change-Id: I6a1d8058c640e5dc015889610c4ae864ed9a5ccb
Note: Initially this patch was related to new feature, but now it has
become a bug since os-brick's `setup` method is not being called and it
can create problems if os-brick changes.
As a new feature, os-brick now supports setting the location of file
locks in a different location from the locks of the service.
The functionality is intended for HCI deployments and hosts that are
running Cinder and Glance using Cinder backend. In those scenarios the
service can use a service specific location for its file locks while
only sharing the location of os-brick with the other services.
To leverage this functionality the new os-brick code is needed and
method ``os_brick.setup`` needs to be called once the service
configuration options have been loaded.
The default value of the os-brick ``lock_path`` is the one set in
``oslo_concurrency``.
This patch adds support for this new feature in a non backward
compatible way, so it requires an os-brick version bump in the
requirements.
The patch also ensures that ``tox -egenconfig`` includes the os-brick
configuration options when generating the sample config.
Closes-Bug: #2081859
Change-Id: I1b81eb65bd145869e8cf6f3aabc6ade58f832a19
This removes the in-tree format_inspector and makes us use the one in
oslo.utils. Minor changes are required around the behavior of the
safety_check() (raising instead of returning). This also allows images
detected as 'gpt' but registered as 'raw', since that's how everything
currently works. Hopefully later we can start registering in glance as
gpt, and rejecting boots from raw images.
Change-Id: I5b89e17438157690495961c306861a06532c8b4e
Depends-On: https://review.opendev.org/c/openstack/tempest/+/927146
This is the first step to support launching instances with stateless
firmware. At this stage none of the virt drivers report the trait to
support the feature.
Depends-on: https://review.opendev.org/c/openstack/os-traits/+/908885
Partially-Implements: blueprint libvirt-stateless-firmware
Change-Id: I4c1df950af11687ae5a52e4eba7943029ec36e69
RBAC config options enforce_scope and enforce_new_defaults
were disabled by default in oslo.policy and Nova had to override
the default value to enable those by default. Now oslo.policy
(4.4.0 onwards[1]) changed the default values[2] and enabled
by default for all the services. OpenStack service does not need
to override the default anymore.
NOTE: There is no change in behaviour here, oslo.policy provides the
same configuration that Nova has overridden till now.
[1] https://review.opendev.org/c/openstack/releases/+/925032
[2] https://review.opendev.org/c/openstack/oslo.policy/+/924283
Depends-On: https://review.opendev.org/c/openstack/requirements/+/925464
Change-Id: Ic0b5a75f01024e322ecbcd49f8caae0a6ab5c048
These are detected as errors since the clean up was done[1] in
the requirements repository.
[1] 314734e938f107cbd5ebcc7af4d9167c11347406
Bump the minimum versions to avoid installing these known bad versions.
Change-Id: I5ab0c3a1ac208e3967e65c298573079283a7b6cd
Based on the Libvirt and QEMU versions, two traits,
COMPUTE_ADDRESS_SPACE_PASSTHROUGH and COMPUTE_ADDRESS_SPACE_EMULATED,
are controlled. Since the two are supported from the same version on
the Libvirt and QEMU, Nova handles them in the same way.
Blueprint: libvirt-maxphysaddr-support
Depends-On: https://review.opendev.org/c/openstack/os-traits/+/871226
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: If6c7169b7b8f43ad15a8992831824fb546e85aab
This allows us to drop some logic from tests.
Change-Id: Idc11c1ce6e208774314a5a867789958372f0d591
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
sqlalchemy-migrate does not (and will not) support sqlalchemy 2.0. We
need to drop these migrations to ensure we can upgrade our sqlalchemy
version.
Change-Id: I7756e393b78296fb8dbf3ca69c759d75b816376d
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
As discussed in PTG, we need to test the new RBAC in the
integrated gate and accordingly enable the new defaults
and scope check by default. A new integrated testing job
has been added and results show that the new defaults and
scope checks are working fine. During testing, we found a
few bugs in neutron policies but all are fixed now.
enforce_scope and enforce_new_defaults are oslo policy config
options but they are per service level and the default value
can be overridden. Oslo policy 3.11.0 version allows to override
the default value for these config options[1] so upgrading the
oslo policy version in requirements.txt
Depends-On: https://review.opendev.org/c/openstack/devstack/+/869781
Depends-On: https://review.opendev.org/c/openstack/placement/+/869525
[1] https://github.com/openstack/oslo.policy/blob/3.11.0/oslo_policy/opts.py#L125
Change-Id: I977b2daedf880229c8d364ca011f2ea965b86e3a
Without the latest version, nova fails many unit tests (it failed
with os-traits 2.7.0 at least).
Closes-Bug: #1990121
Change-Id: I6b320ae1f9058aaa5bac91c7c7ca60136e0cee5c
The oslo.concurrency 5.0.1 fixes the fair lock we use heavily in the
ResourceTracker.
Closes-Bug: #1988311
Change-Id: I68914b2e21726138ee9a178fdf6a8bb6389c09be
The PowerVM driver was deprecated in November 2021 as part of change
Icdef0a03c3c6f56b08ec9685c6958d6917bc88cb. As noted there, all
indications suggest that this driver is no longer maintained and may be
abandonware. It's been some time and there's still no activity here so
it's time to abandon this for real.
This isn't as tied into the codebase as the old XenAPI driver was, so
removal is mostly a case of deleting large swathes of code. Lovely.
Change-Id: Ibf4f36136f2c65adad64f75d665c00cf2de4b400
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We no longer support Python 3.6 so there's no need for Python 3.6-only
dependencies.
Change-Id: I139e454a2c6e49a1d5229c90a56d518b0d96ca57
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The current rootwrap.conf file is outdated and doesn't include some
parameters. This change updates the content to make it consistent with
the latest example file in oslo.rootwrap.
Change-Id: I989b7da5ff6afae0c1a476e01c3df07870be5f74
Local API and DB limits are limits on resources that are counted either
as an API request parameter (example: server metadata items) or as
records in the database (example: server key pairs).
Future patches will make use of this logic, and actually enforce the
limits. This patch just adds the infrastructure to allow for the
enforcement of the limits.
We are moving all existing quotas to be managed via Keystone's
unified limits.
To stop confusion between injected_file_path_length and
injected_file_path_bytes, the unified limit in Keystone will use the
latter name to match the name used the API.
These local limits are all about preventing excessive load on the API
and database and have little to do with resource usage. These limits
are represented by keystone registered limits only, accordingly.
Local limits include things that just limit items in an API request:
* metadata_items
* injected_files
* injected_file_content_bytes
* injected_file_path_bytes
Local limits also include things that are stored in the database:
* key_pairs
* server_groups
* server_group_members
Some resource names have been changed to prepend a prefix of "server_"
in order to disambiguate them from other potential unified limits in
keystone:
* metadata_items => server_metadata_items
* injected_files => server_injected_files
* injected_file_content_bytes => server_injected_file_content_bytes
* injected_file_path_bytes => server_injected_file_path_bytes
* key_pairs => server_key_pairs
Note that each of the above are counted via a different scope. This new
code ensures that key_pairs are counted per user, server_groups are
counted per project and server_group_members are counted per
server_group.
Note: Previously server_group_member were counted per user inside each
server_group, which has proved very confusing, as adding more users into
a project increases the maximum size of allowed for a server_group.
blueprint unified-limits-nova
Change-Id: I0b6f4d29aaee1d71541a95cbecfd0708aac325d2
This commit introduces the LightOS driver for nova. LightOS is a
software-defined disaggregated clustered storage solution running on
commodity servers with commodity SSDs. It it developed by Lightbits
Labs (https://www.lightbitslabs.com) and is actively developed and
maintained. LightOS is proprietary but the openstack drivers are
licensed under Apache v2.0.
The Cinder driver for LightOS currently supports the following
functionality:
Create volume
Delete volume
Attach volume
Detach volume
Create image from volume
create volume from image
Live migration
Volume replication
Thin provisioning
Multi-attach
Extend volume
Create snapshot
Delete snapshot
Create volume from snapshot
Create volume from volume (clone)
This driver has been developed and has been in use for a couple of
years by Lightbits and our clients. We have tested it extensively
internally with multiple openstack versions, including Queens, Rocky,
Stein, and Train. We have also tested it with master (19.1 xena) and we
are working to extend testing to cover additional openstack releases.
We are glad to join the openstack community and hope to get your
feedback and comments on this driver, and if it is acceptable, to see
it merged into the tree.
Note: the patch depends on os-brick 5.2.0. That version also increased
the lower constraints of several dependencies, thus needs nova to
increase those as well in requirements.txt, lower-constraints.txt and
setup.cfg.
Depends-On: I2e86fa84049053b7c75421d33ad1a1af459ef4e0
Signed-off-by: Yuval Brave yuval@lightbitslabs.com
Change-Id: Ic314b26695d9681d31a18adcec0794c2ff41fe71
The new version contains changes needed by the multi-architecture
support and off-path SmartNIC DPU support code.
Needed-By: I168d3ccc914f25a3d4255c9b319ee6b91a2f66e2
Needed-By: Ia070a29186c6123cf51e1b17373c2dc69676ae7c
Change-Id: Ic1179f3e5e2c1aeb069972f21edffe5b003eb525
...and start skipping the relevant tests in 'nova.tests.unit.virt' if
these dependencies are not present. Thanks to hacking rules N311 and
N312, which prevent virt drivers using code from other virt drivers,
simply skipping the unit tests for a virt driver module is enough to
ensure we never load those modules.
This means users that want to use the powervm driver can install the
required dependencies using e.g. 'pip install .[powervm]', and packagers
can choose to skip packaging a dependency safe in the knowledge that the
relevant tests will be skipped.
Change-Id: I3787f9afd78cd0a7c7feb4dfe1bcb21437b5a128
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We no longer have a Xen driver. This is an unnecessary dependency.
Change-Id: Ic298fa9ac4a8935ce4e0dc17d8842d399d4eb808
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The commit I168fffac8002f274a905cfd53ac4f6c9abe18803 added a wrapper
around fasteners.ReaderWriterLock to fix up an issue with eventlet. But
the wrapper was added to nova.utils module that is use not only by the
nova tests but also the nova production code. This made the fixture
library a dependency of the nova production code. While the current
ReaderWriterLock usage only limited to the nova test sub tree. The
I712f88fc1b6053fe6d1f13e708f3bd8874452a8f commit fix the issue of not
having fixtures in the nova requirements.txt. However I think a better
fix is to move the wrapper to the test subtree instead. This patch does
that and restores the state of the requirements.txt
Change-Id: I6903ce53b9b91325f7268cf2ebd02e4488579560
Related-Bug: #1958075
The commit 887c445a7a made the nova.utils
module dependent on the fixtures library but the change missed updating
requirements and the fixtures library is not installed automatically.
This change migrates the fixtures library from test-requirements.txt to
requirements.txt so that the library is installed without test codes.
Closes-Bug: #1958075
Change-Id: I712f88fc1b6053fe6d1f13e708f3bd8874452a8f
Abhishek Kekane