This file is being automatically generated during the docs build, no
need to have it persisted in git.
Change-Id: Ib45f722cc305e1d828d31724535e31ad3dda6c2e
pip 23.1 removed the "setup.py install" fallback for projects
that do not have pyproject.toml and now uses a pyproject.toml
which is vendored in pip.
To address that, this change adds the minimal pyproject.toml
to enable pbr to be properly used to build editable wheels.
This is required to support installing devstack on
centos stream 9 and related distros with GLOBAL_VENV=True
Without this change the wsgi scripts are not generated in
editable mode. i.e. pip install -e /opt/stack/keystone
See https://pip.pypa.io/en/stable/news/#v23-1
and https://github.com/pypa/pip/issues/8368 for more
details on the removal of the fallback support.
setuptools v64.0.0 is used to support editable installs
via its PEP-660 implmentation
https://github.com/pypa/setuptools/pull/3488
Depends-On: https://review.opendev.org/c/openstack/devstack/+/902758
Change-Id: I3255edb67fd7fe7a25b5871ec071c4b4c9d98ac2
This removes the in-tree format_inspector and makes us use the one in
oslo.utils. Minor changes are required around the behavior of the
safety_check() (raising instead of returning). This also allows images
detected as 'gpt' but registered as 'raw', since that's how everything
currently works. Hopefully later we can start registering in glance as
gpt, and rejecting boots from raw images.
Change-Id: I5b89e17438157690495961c306861a06532c8b4e
Depends-On: https://review.opendev.org/c/openstack/tempest/+/927146
The method get_root_info sometimes receives a BlockDeviceMapping object,
which lacks a copy method. The previous code assumed root_bdm was always
an instance of DriverBlockDevice, a subclass of dict that supports the copy()
method. However, during testing, it was discovered that root_bdm could also
be a BlockDeviceMapping object, which does not have a copy method.
To address this, the change replaces the copy() call with copy.deepcopy()
according to the suggestion in the comment [1], which works for both
BlockDeviceMapping and DriverBlockDevice instances. The deepcopy method is
supported because oslo.versionedobjects implements the __deepcopy__ method.
This change ensures the function handles both object types correctly,
preventing the AttributeError observed during testing.
[1] https://review.opendev.org/c/openstack/nova/+/909611/4/nova/virt/libvirt/blockinfo.py
Change-Id: I9432718586855ff57e8e6a5cae064e0685dd01e8
This is the first step to support launching instances with stateless
firmware. At this stage none of the virt drivers report the trait to
support the feature.
Depends-on: https://review.opendev.org/c/openstack/os-traits/+/908885
Partially-Implements: blueprint libvirt-stateless-firmware
Change-Id: I4c1df950af11687ae5a52e4eba7943029ec36e69
In case nova fails to parse the XML from libvirt the lxml exception is
dumped to the log but it only states the location of the error in the
XML string like
lxml.etree.XMLSyntaxError: StartTag: invalid element name, line 40, column 35
To be able to troubleshoot the actual XML error we need to see the
invalid XML as well. So this patch makes sure that if nova fails to
parse the XML then the XML itself is dumped to DEBUG log.
Change-Id: I14cce6db4c86f663e61d3668d081858741e88add
While we do cache the hosts's capabilities in self._caps in the
libvirt Host object, if we happen to fist call get_capabilities() with
some of our dedicated CPUs offline, libvirt erroneously reports them
as being on socket 0 regardless of their real socket. We would then
cache that topology, thus breaking pretty much all of our NUMA
accounting.
To fix this, this patch makes sure to call get_capabilities()
immediately upon host init, and to power up all our dedicated CPUs
before doing so. That way, we cache their real socket ID.
For testing, because we don't really want to implement a libvirt bug
in our Python libvirt fixture, we make due with a simple unit tests
that asserts that init_host() has powered on the correct CPUs.
Closes-bug: 2077228
Change-Id: I9a2a7614313297f11a55d99fb94916d3583a9504
The resource tracker Claim object works on a copy of the instance object
got from the compute manager. But the PCI claim logic does not use the
copy but use the original instance object. However the abort claim logic
including the abort PCI claim logic worked on the copy only. Therefore the
claimed PCI devices are visible to the compute manager in the
instance.pci_decives list even after the claim is aborted.
There was another bug in the PCIDevice object where the instance object
wasn't passed to the free() function and therefore the
instance.pci_devices list wasn't updated when the device was freed.
Closes-Bug: #1860555
Change-Id: Iff343d4d78996cd17a6a584fefa7071c81311673
The nova-ceph-multistore job is currently
not configured properly for the new image format
tests. This change skips them until we decided
how to fix this.
Change-Id: I3de7588ba224453c24beabf8a799c71677603ba7
We currently get the following error message if attempting to fit a
guest with hugepages on a node that doesn't have enough:
Host does not support requested memory pagesize, or not enough free
pages of the requested size. Requested: -2 kB
Correct this, removing the kB suffix and adding a note on the meaning of
the negative values, like we have for the success path.
Change-Id: I247dc0ec03cd9e5a7b41f5c5534bdfb1af550029
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-Bug: #2075959
We have a lot of special cases all around our code for AMI (et al)
images, in the boot, snapshot, and other areas. It was recently
discussed (after the major CVE which was complicated by AMI support)
that we should drop these special cases and support for AMI with it.
This starts that timer.
Change-Id: I90efaaa35225ce82bada0b427e09c8289adaae1e
Lets first ensure we have a test that proves we have bad behaviour,
then follow up with the fix and the test tweak to prove it.
On the first compute node it fails due to group policy error.
On the second compute node instance should have exactly one PCI device.
Related-Bug: #1860555
Change-Id: Ia122fff268c8f45ad3e5a3071d2cb7c990cb2c1d
Node device XML validation flags [1]:
VIR_NODE_DEVICE_(CREATE|DEFINE)_XML_VALIDATE
were added in libvirt 8.10.0 but we support older libvirt versions
which will raise an AttributeError when flag access is attempted.
We are not currently using the flags (nothing calling with
validate=True) so this removes the flags from the code entirely. If the
flags are needed in the future, they can be added again at that time.
Closes-Bug: #2076163
[1] https://github.com/libvirt/libvirt/commit/d8791c3c7caa6e3cadaf98a5a2c94b232ac30fed
Change-Id: I015d9b7cad413986058da4d29ca7711c844bfa84
Libvirt 8.0.0 introduced the field to tell availability of TPM support,
which internally checks availability of swtpm[1]. We can use this
feature instead of implementing the own logic to detect availability.
The feature in libvirt relies on libvirt itself, so allows us to ensure
the swtpm binaries are present in the PATH used by libvirt, not in one
used by nova-compute.
In addition, libvirt 8.6.0 introduced the additional field to expose
available TPM versions[2], which can be used to report available TPM
versions.
<domainCapabilities>
<devices>
<tpm supported='yes'>
<enum name='model'>
<value>tpm-tis</value>
<value>tpm-crb</value>
</enum>
<enum name='backendModel'>
<value>passthrough</value>
<value>emulator</value>
<value>external</value>
</enum>
<enum name='backendVersion'>
<value>1.2</value>
<value>2.0</value>
</enum>
</tpm>
</devices>
</domainCapabilities>
[1] https://github.com/libvirt/libvirt/commit/6f7fc0b54ad97e62e10cd6f9524fcc29b4bb4cc5
[2] https://github.com/libvirt/libvirt/commit/1277a9c884039e92765c977917420511f45e52e8
Partially-Implements: blueprint libvirt-detect-vtpm-support
Change-Id: I9d07635883f413b8e91312f602a3f5de8f3bf266
Libvirt uses swtpm_ioctl to terminate swtpm processes. If the binary
does not exist, swtpm processes are kept running after the associated
VM terminates, because QEMU does not send shutdown to swtpm.
Closes-Bug: #2052761
Change-Id: I682f71512fc33a49b8dfe93894f144e48f33abe6
Note that this includes seemingly-unrelated test changes because we
were actually skipping the snapshot_running test for libvirt, which
has been a bug for years. In that test case, when we went to look
for image_meta.disk_format, that attribute was not set on the o.vo
object, which raised a NotImplementedError. That error is also checked
by the test to skip the test for drivers that do not support snapshot,
which meant that for libvirt, we haven't been running that case
beyond the point at which we create snapshot metadata and trip that
exception. Thus, once removing that, there are other mocks not in
place that are required for the test to actually run. So, this adds
mocks for qemu_img_info() calls that actually try to read the file on
disk, as well as the privsep chown() that attempts to run after.
Change-Id: Ie731045629f0899840a4680d21793a16ade9b98e
When we moved the qemu-img command in fetch_to_raw() to force the
format to what we expect, we lost the ability to identify and react
to situations where qemu-img detected a file as a format that is not
supported by us (i.e. identfied and safety-checked by
format_inspector). In the case of some of the other VMDK variants
that we don't support, we need to be sure to catch any case where
qemu-img thinks it's something other than raw when we think it is,
which will be the case for those formats we don't support.
Note this also moves us from explicitly using the format_inspector
that we're told by glance is appropriate, to using our own detection.
We assert that we agree with glance and as above, qemu agrees with
us. This helps us avoid cases where the uploader lies about the
image format, causing us to not run the appropriate safety check.
AMI formats are a liability here since we have a very hard time
asserting what they are and what they will be detected as later in
the pipeline, so there is still special-casing for those.
Closes-Bug: #2071734
Change-Id: I4b792c5bc959a904854c21565682ed3a687baa1a
These tests depend on qemu-img being installed and in the path, if it is not installed, skip them.
Change-Id: I896f16c512f24bcdd898ab002af4e5e068f66b64
Closes-bug: #2073862
Signed-off-by: Julien Le Jeune <julien.le-jeune@ovhcloud.com>
Make it extra clear this is only for API response bodies.
Change-Id: Id88c828aa7bcb1eff6dd149e8a92a19649ba4b0e
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Kernels don't accept to access the governor strategy on an offline core, so
we need to only validate strategies for online cores.
Change-Id: I14c9b268d0b97221216bd1a9ab9e48b48d6dcc2c
Closes-Bug: #2073528
When the script was created there were only stable/* branches, but now
there are unmaintained/* branches as well, where the validator fails
when looking for hashes only on stable/* branches even if the given
hash is already on unmtaintained/* branch. This patch matches now both
stable/* and unmaintained/* branches.
Change-Id: I08fcc63ab0fbe5af1be70d5fde5af98bf006101c
This is a fix for the test whether a patch is bot generated or not, as
that did not worked as intended. The problem is that the script is
checking the email address of the parent patch (HEAD~), which probably
should be right in case the patch would be a MERGE patch. But this is
wrong in case the patch is not a MERGE patch. This fix uses the very
same pattern as it is using for the commit message parsing: the
$commit_hash variable, which is the parent's commit hash if the patch
is a MERGE patch, and an empty string in the other case (causing to
call 'git show' on HEAD).
Change-Id: I0abc72180edf34a6dd0624a40fb8682397805eca
Zuul