I don't actually grok what this does that 'oslopolicy-checker' couldn't
do, so perhaps we can deprecate this in the future. For now though,
simply document the thing. While we're here, we make some additional
related changes:
- Remove references to the 'policy.yaml' file for services that don't
use policy (i.e. everything except the API services and, due to a bug,
the nova-compute service).
- Update remaining references to the 'policy.yaml' file to include the
'policy.d/' directory
- Update the help text for the '--api-name' and '--target' options of
the 'nova-policy policy check' command to correct tense and better
explain their purpose.
Also, yes, 'nova-policy policy check' is dumb. Don't blame me :)
Change-Id: I913b0de9ec40a615da7bf9981852edef4a88fecb
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-bug: #1675486
Most of these share the same collection of oslo.config and oslo.log
options so it makes sense to group them together. The only exception is
nova-rootwrap, which is a wrapper around the 'oslo_rootwrap.cmd.main'
module, which curiously does not use argparse and doesn't have any
options.
Change-Id: I393ff162be58700956fbab29ff6b9ba3cf5860a6
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We have them. Let's use them. The resulting man pages aren't perfect,
but they're *much* better.
Change-Id: I84d54a246fecbd2f7d2950d6c6044f7cd1b8e9df
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This is step one in improving the usability of these docs. The current
style makes it impossible to link to individual commands from the built
docs. There is a better way. Use headers along with code blocks to show
the actual command. This was mostly generated from a find-replace along
with some follow-up manual fixes.
Change-Id: Icd25006f31c8e34fe33d79779e0577dc78f96a24
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
As called out in the review for
Ib7b9f4fd7673525129c03dc2943deedd0c7ad81f the use of a numerical anchor
causes a sequence id to be used that can change over time in the
document and thus is not stable to reference externally.
This change simply switches to a non-numerical anchor ensuring that
sphinx generates a stable anchor we can always reference.
Change-Id: I550f7fd89a13e58031b0ddfbcb4f6a5239dbf335
More information taken out of the catchall KVM guide and put into its
own doc, where it belongs.
Change-Id: I4a03561368b945e3aacbef8011b46933cc1fcfd7
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This was previously hidden in the hypervisor configuration guide. Make
it a top-level document.
Change-Id: If402522c859c1413f0d90912e357496a0a67c5cf
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
There's also a PCI passthrough guide. Use that instead, allowing us to
remove the sections for various extra specs from the 'user/flavors'
guide:
- hw:pci_numa_affinity_policy
- pci_passthrough:alias
Change-Id: I5701d284c2cfdadf825f8e2f699651b3f8c0c9ab
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We have a perfectly good TPM guide. Enhance that, allowing us to remove
the special section dedicated to this from the generic flavor docs.
Change-Id: If484074c01595f747f9201b5ec12164779195b61
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This beefy patch closes a long-standing TODO and allows us to move yet
more information out of the flavors guide and into specific documents.
This, combined with existing documentation in place, means we can remove
the sections for various extra specs from the 'user/flavors' guide:
- hw:cpu_realtime -> doc/source/admin/real-time.rst
- hw:cpu_realtime_mask -> doc/source/admin/real-time.rst
- hw:emulator_threads_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_thread_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_sockets -> doc/source/admin/cpu-topologies.rst
- hw:cpu_cores -> doc/source/admin/cpu-topologies.rst
- hw:cpu_threads -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_sockets -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_cores -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_threads -> doc/source/admin/cpu-topologies.rst
- hw:numa_nodes -> doc/source/admin/cpu-topologies.rst
- hw:numa_cpus.N -> doc/source/admin/cpu-topologies.rst
- hw:numa_mem.N -> doc/source/admin/cpu-topologies.rst
- hw:mem_page_size -> doc/source/admin/huge-pages.rst
Multiple improvements to the libvirt extra spec docs are included here,
for want of a better place to include them.
Change-Id: I02b044f8246f4a42481bb5f00259842692b29b71
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is mostly regurgitated information from the current flavors guide
but we take the opportunity to significantly expand upon what we've
already stated here.
Change-Id: I9ad798427bbc6451fd920d6c08357d6e1eaa5136
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This patch adds the config option 'live_migration_scheme = tls' to the
secure live migration guide.
To let the live migration use the qemu native tls, some configuration of
the compute nodes is needed. The guide describes this but misses the
'live_migration_scheme' config option.
It is necessary to set 'live_migration_scheme' to tls to use the
connection uri for encrypted traffic. Without this parameter everything
seems to work, but the unencrypted tcp-connection is still used for the
live migration.
Closes-Bug: #1919357
Change-Id: Ia5130d411706bf7e1c983156158011a3bc6d5cd6
Introduce two new guides on UEFI and Secure Boot. In addition, update
the flavors guide to document the secure boot feature (though this doc
should really be removed in near term in favour of the auto-generated
docs, as noted inline).
Note that this change includes our first use of the ':nova:extra-spec:'
cross-reference role and highlights a small bug in that implementation.
This is resolved.
Blueprint: allow-secure-boot-for-qemu-kvm-guests
Change-Id: I4eb370b87ba8d0403c8c0ef038a909313a48d1d6
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This was somehow missed when we landed the stable rescue doc updates in
Iaa2f27ccb2a77102fde6b24b76c9d5ae54608cca.
Change-Id: Ib7b9f4fd7673525129c03dc2943deedd0c7ad81f
This patch enables the 'socket' PCI NUMA affinity policy. The PCI
manager gets a new method to implement it, and the libvirt driver
starts reporting the necessary trait, enabling it to receive
instances with the 'socket' policy.
Implements: blueprint pci-socket-affinity
Change-Id: Ia875c9c3542ef4138d0d7a2c26c0cf49dcca0761
These were missed in the original change but add some useful context to
readers of when things have been changed.
blueprint: libvirt-default-machine-type
Change-Id: I64ef0efc80a088385c9ac45a818cc807490d2de1
This change simply documents how an operator/admin would go about
changing the underlying [libvirt]hw_machine_type config within an
environment while ensuring existing instances are not impacted.
blueprint: libvirt-default-machine-type
Change-Id: I66003220bf173dfa917a13c5a408b1ea31cbc057
This change introduces a new nova-status check to ensure a machine type
has been recorded for each instance within an environment.
nova-status will fail with a warning when instances are found, directing
the operator to use the previously added nova-manage list_unset and
update commands to set a machine type for these instances. The logic for
this check comes entirely from the list_unset command.
It is noted in the warning output that this can be ignored if no libvirt
or HyperV based computes are present in the environment as
hw_machine_type is only used by these two virt drivers at present.
blueprint: libvirt-default-machine-type
Change-Id: Ic3ae48c57e61c4e45883fbae1328a448be025953
This change adds a libvirt command to list all instance UUIDs with
hw_machine_type unset in their image metadata. This will be useful to
operators attempting to change the [libvirt]hw_machine_type default in
the future as it allows them to confirm if it is safe to change the
configurable without impacting existing instances.
blueprint: libvirt-default-machine-type
Change-Id: I39909ace97f62e87f326d4d822d4e4c391445765
This change adds a second update command to the libvirt group
within nova-manage. This command will set or update the machine type of
the instance when the following criteria are met:
* The instance must have a ``vm_state`` of ``STOPPED``, ``SHELVED`` or
``SHELVED_OFFLOADED``.
* The machine type is supported. The supported list includes alias and
versioned types of ``pc``, ``pc-i440fx``, ``pc-q35``, ``q35``, ``virt``
or ``s390-ccw-virtio``.
* The update will not move the instance between underlying machine types.
For example, ``pc`` to ``q35``.
* The update will not move the instance between an alias and versioned
machine type or vice versa. For example, ``pc`` to ``pc-1.2.3`` or
``pc-1.2.3`` to ``pc``.
A --force flag is provided to skip the above checks but caution
should be taken as this could easily lead to the underlying ABI of the
instance changing when moving between machine types.
blueprint: libvirt-default-machine-type
Change-Id: I6b80021a2f90d3379c821dc8f02a72f350169eb3
This change introduces the first machine_type command to nova-manage to
fetch and display the current machine type if set in the system metadata
of the instance.
blueprint: libvirt-default-machine-type
Change-Id: Idc035671892e4668141a93763f8f2bed7a630812
During Icehouse release default value of 'can_set_password' sets
to False for horizon(dashboard) but nova document is not updated
yet and acc. to nova doc default value for above setting is True.
So this patch correct the doc. For more info. please refer [1].
[1] https://docs.openstack.org/releasenotes/horizon/icehouse.html#default-hypervisor-settings-changes
Change-Id: I3007e1f157e329f121b99ceaddd59625c86f428c
Zuul