This patch fixes an ambiguous regexp prevent using device_filename like
'mkwinimage-cdrom'.
The schema in Ib8857d9f725e277f27ccfab83335142b05e2cdf1 mistakenly
included r, which caused _-r to be interpreted as a range of items
from - to r.
The intent was to align the schema with what is allowed in
block_device.pyi -> validate_device_name()[1].
Since this brings the schema in line with existing validation logic, it
can be treated as a bug fix and does not require a microversion bump.
[1] https://github.com/openstack/nova/blob/73724fef9a66c4df3d018e7368067f883b1ed9e2/nova/block_device.py#L378
Closes-Bug: #2114951
Change-Id: Ie852e6dbd005ce46b41a486d3121d4d34d1fc1a2
Signed-off-by: René Ribaud <rribaud@redhat.com>
Ambiguous regexp prevent using device_filename like 'mkwinimage-cdrom'.
The regexp matches a single character in the range between _ (index 94)
and r (index 114) (case sensitive)
Related-Bug: #2114951
Change-Id: I5c7ce18eb635a75d5aadc889e730ed77c9a10dc3
Signed-off-by: René Ribaud <rribaud@redhat.com>
We agreed by I2dd906f34118da02783bb7755e0d6c2a2b88eb5d on the support
envelope.
Pre-RC1, we need to add a service version in the object.
Post-RC1, depending on whether it's SLURP or not SLURP, we need to bump
the minimum version or not.
This patch only focuses on pre-RC1 stage.
Given Gazpacho won't be skippable, we won't need a post-RC1 patch for updating the min
that will continue to support Epoxy.
HTH.
Signed-off-by: René Ribaud <rribaud@redhat.com>
Change-Id: I5bf6ad1077fe62e6ff628d211b745857167280fb
This change fixes duplicate consecutive words from docs
as well as code.
Signed-off-by: Rajesh Tailor <ratailor@redhat.com>
Change-Id: I236ff41fccf831023b6f85840097148a30e84743
As of now, if operator wants to set traits using 'nova-manage
image_property set' command, it fails with below error, because
in ImageMetaProps traits are not stored as individual fields, but
stored in 'traits_required' field which is of type list.
'Invalid image property name trait:CUSTOM_XYZ'
The setting of traits are handled by _set_attr_from_trait_names
method here [1].
This change handles the issue by continue the loop, if the
property startswith 'traits' string.
[1] https://opendev.org/openstack/nova/src/commit/725a307693806e6e32834198e23be75f771bebc1/nova/objects/image_meta.py#L708-L714
Closes-Bug: #2096341
Change-Id: Ifc20894801f723627726e3c9bed7076144542660
Signed-off-by: Rajesh Tailor <ratailor@redhat.com>
Ubuntu Jammy is no longer supported since 2025.2 . Replace it by
Ubuntu Noble which is used in the other jobs.
Change-Id: I790fb06ede2c41cb80b3d2e8ff7faa7315c84016
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
When VMCoreInfo device is enabled, the QEMU fw_cfg device in guest OS
requires DMA between host OS and guest OS through the device. However
DMA is prohibited when guest memory is encrypted using SEV, and
the attempt results in kernel crash.
Do not add VMCoreInfo when memory encryption is enabled.
Closes-Bug: #2117170
Change-Id: I05c7b1ae46ccd8d9aa42456b493ac6ee7ddd8bae
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
We also tackle the server security group and security group rules
controllers at the same time since they are so similar.
Change-Id: I7a039cdc172de59392215e9d6a9a24d03144cb85
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Address a few improvements we agreed to cover in follow-ups.
Also fix a few problems detected during the code update.
- Fix SEV-ES rp not purged when SEV and SEV-ES are disabled at
the same time. The previous logic requires 2 cycles which is
not necessary.
- Fix the lack of NOKS policy in SEV-ES.
Change-Id: I59866d39fcc6720e338c6736dffab4fd56b853da
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
We can determine exact names of these RPs using the compute node name,
independently from how nova is configured. So we can easily purge
these PRs.
Change-Id: I0a18e3a3750137061e04765f2feaf4889c6f5606
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
As a follow-up of change Iad51c32d0f64ef52513bd2f2b517c91f29c63787 ,
add a functional test scenario to ensure that new instances can be
created even when a cluster has both a compute node with old SEV RP and
the other with reshaped SEV RP, to simulate the real world upgrade
scenario in existing cluster with SEV feature enabled.
Change-Id: I2c576f8de05b69ab51743db53acf52bc2a35eb59
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This is the last piece to allow users to request AMD SEV-ES for memory
encryption instead of AMD SEV. The CPU feature for memory encryption
can now be requested via the hw:mem_encryption_model flavor extra spec
or via the hw_mem_encryption_model image property.
Implements: blueprint amd-sev-es-libvirt-support
Change-Id: Ifc9b86ad7db887cc22b2cd252fe8adc81fdc29c6
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This is prep work to support launching instances with AMD SEV-ES memory
encryption and adds the object field to select the CPU feature to
encrypt and protect memory data of instances.
Partially-Implements: blueprint amd-sev-es-libvirt-support
Change-Id: I71fde5438d4e22c9e2566f8a684c5a965a7f3dd3
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
Detect AMD SEV-ES support by kernel/qemu/libvirt and generate a nested
RP for ASID slots for SEV-ES under the compute node RP.
Deprecate the [libvirt] num_memory_encryption_guests option because
the option is effective only for SEV, and now the maximum numbers for
SEV/SEV-ES guests can be detected by domain capabilities presented by
libvirt.
Note that creating an instance with memory encryption enabled now
requires AMD SEV trait, because these instances can't run with SEV-ES
slots, which are added by this change.
Partially-Implements: blueprint amd-sev-es-libvirt-support
Change-Id: I5968e75325b989225ed1fc6921257751ae227a0b
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
If a service runs in threading mode nova.utils.cooperative_yield is noop
as yielding is only necessary for eventlet.
Change-Id: I72a52262f5c501f77d23ed56cbcd1a9c2be72fa7
Signed-off-by: Balazs Gibizer <gibi@redhat.com>
The nova test hardcoded to run the RPC servers in the test with eventlet
executor. We change that to be dynamic based on how the tests was
started it can use eventlet or threading.
This makes some of the so far hanging RPC dependent unit tests passing.
Change-Id: I5012122fe66d41459b68202e750391a1939d70d9
Signed-off-by: Balazs Gibizer <gibi@redhat.com>
Zuul