As a follow-up of change Iad51c32d0f64ef52513bd2f2b517c91f29c63787 ,
add a functional test scenario to ensure that new instances can be
created even when a cluster has both a compute node with old SEV RP and
the other with reshaped SEV RP, to simulate the real world upgrade
scenario in existing cluster with SEV feature enabled.
Change-Id: I2c576f8de05b69ab51743db53acf52bc2a35eb59
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This is the last piece to allow users to request AMD SEV-ES for memory
encryption instead of AMD SEV. The CPU feature for memory encryption
can now be requested via the hw:mem_encryption_model flavor extra spec
or via the hw_mem_encryption_model image property.
Implements: blueprint amd-sev-es-libvirt-support
Change-Id: Ifc9b86ad7db887cc22b2cd252fe8adc81fdc29c6
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This is prep work to support launching instances with AMD SEV-ES memory
encryption and adds the object field to select the CPU feature to
encrypt and protect memory data of instances.
Partially-Implements: blueprint amd-sev-es-libvirt-support
Change-Id: I71fde5438d4e22c9e2566f8a684c5a965a7f3dd3
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
Detect AMD SEV-ES support by kernel/qemu/libvirt and generate a nested
RP for ASID slots for SEV-ES under the compute node RP.
Deprecate the [libvirt] num_memory_encryption_guests option because
the option is effective only for SEV, and now the maximum numbers for
SEV/SEV-ES guests can be detected by domain capabilities presented by
libvirt.
Note that creating an instance with memory encryption enabled now
requires AMD SEV trait, because these instances can't run with SEV-ES
slots, which are added by this change.
Partially-Implements: blueprint amd-sev-es-libvirt-support
Change-Id: I5968e75325b989225ed1fc6921257751ae227a0b
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This is the preparation work to extend memory encryption support to
support AMD SEV-ES, and migrates the MEM_ENCRYPTION_CONTEXT resources
to the separate child resource provider, so that slots for different
memory encryption mechanism can be modeled.
Partially-Implements: blueprint amd-sev-es-libvirt-support
Change-Id: Iad51c32d0f64ef52513bd2f2b517c91f29c63787
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This change adds the the following new information to the existing
flavor metadata structure in the libvirt guest XML:
* Flavor ID
* Extra specs
Downstream clients that query this guest XML such as Ceilometer
may also require this information. If it's not defined in this
metadata, clients are forced to perform a Nova API query just
to fetch this additional information.
This change should almost eliminate the need to perform such
API queries.
Signed-off-by: Callum Dickinson <callum.dickinson@catalystcloud.nz>
Implements: blueprint xml-image-meta
Change-Id: I249bc117a796f28e9929e12707a5afb6c869eb89
Nova adds the temporary shelved image ID to libvirt metadata
when unshelving image-backed instances. This is corrected when
the instance is cold restarted, resized or migrated but causes
issues for other services such as Ceilometer which rely on this
data being correct.
This patch ensures the correct image ID is set in the libvirt
domain metadata when image-backed instances are unshelved.
Signed-off-by: Callum Dickinson <callum.dickinson@catalystcloud.nz>
Co-Authored-By: Jeremy Lamb <jeremy.lamb@catalystcloud.nz>
Closes-Bug: #2100588
Change-Id: Ifd9f092299912606931848b2b25b4be6b36effac
Port dns_names are cleared when ports are detached in order to fix
https://bugs.launchpad.net/nova/+bug/1572593. This incorrectly resets
the dns_name for shelved instances where ports are not detached.
This patch adds a conditional to ensure the dns_name is not
unnecessarily reset.
Closes-Bug: #2058725
Change-Id: I6fdd3d6365196b4e470b72545ec649dfabe058d3
Signed-Off-By: Dan Smith <dansmith@redhat.com>
This is mostly uneventful save for us needing to fix our API ref, which
indicated that the 'OS-EXT-IMG-SIZE:size' field shown in the 'show' and
'detail' views was a string rather than an int. You can confirm this is
*not* the case like so:
>>> import openstack
>>> conn = openstack.connect()
>>> conn.conn.compute.get('https://example.com/compute/v2.1/images/detail').json()
(obviously replace 'https://example.com/' with a compute API host)
Change-Id: Ia318478dfdb50f8d57a74958b3555f6ad97351ec
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
As part of removing Eventlet from the codebase,
this patch replaces eventlet.event.Event with the standard
library's threading.Event.
To maintain the existing interface behavior,
a helper class ThreadingEventWithResult is introduced.
This class mimics Eventlet's Event by supporting result
passing and retrieval, which threading.Event does
not natively support.
The interface between eventlet.event.Event and
ThreadingEventWithResult maps as follows:
send(value) → set()
wait() → wait()
ready() → is_set()
Change-Id: I469ca9592a5c6d1f7ea1f54e4d34546224ce7ada
Signed-off-by: Kamil Sambor <kamil.sambor@gmail.com>
This is the implementation for the USB controller extra spec as
desired by the new libvirt spice-direct console mode. USB device
redirection support is a frequently requested feature for VDI users.
Change-Id: I71edd03b5c63a8028c23a746c01c59d303994144
Signed-off-by: Michael Still <mikal@stillhq.com>
Before
Test id Runtime (s)
------------------------------------------------ -----------
LibvirtConnTestCase.test_qemu_announce_self 2.214
TestProfiler.test_all_public_methods_are_traced 0.079
After
Test id Runtime (s)
------------------------------------------------ -----------
LibvirtConnTestCase.test_qemu_announce_self 0.242
TestProfiler.test_all_public_methods_are_traced 0.097
Change-Id: Ib3c6e8c53f3eab5328eb30f5fd2e49a4b2e43097
Signed-off-by: Balazs Gibizer <gibi@redhat.com>
Before
Test id Runtime (s)
------------------------------------------------ -----------
RbdTestCase.test_cleanup_volumes_pending_resize 5.035
TestProfiler.test_all_public_methods_are_traced 0.080
After
Test id Runtime (s)
----------------------------------------------- -----------
TestProfiler.test_all_public_methods_are_traced 0.082
RbdTestCase.test_cleanup_volumes_pending_resize 0.029
Change-Id: Ibf43651d0a675ab7bf0dbfdf9f3fbd0072d39f98
Signed-off-by: Balazs Gibizer <gibi@redhat.com>
To observe the actual size of our pools and catch hanging threads in the
pools nova will log statistics of the executors each time a new work is
submitted but not more frequently than X seconds configurable via
[DEFAULT]thread_pool_statistic_period. But the default of the config is
-1 so the logging is disabled out of the box.
Most of the support should come from futurist but it isn't.
We can add them later there.
Change-Id: Id4244f5ae0fd49c99af2898789cdd510859e150d
Signed-off-by: Balazs Gibizer <gibi@redhat.com>
Keystone project manager role can be used for the project-level
management APIs. Nova introduced the manager role in policy
defaults.
To introduced the manager role, we need to make migrations
policies more granular. Adding the separate policies for host
related operation allow us to open the migration operations
to project manager role. Existing policy is checked if migration
without specifying host and new policy is checked if host is
specified. Same will be applied to list migrations, new policy
will control to return the host info.
Also, Adding doc and releasenotes.
Partial implement blueprint policy-manager-role-default
Change-Id: Ie7d135e4d24ac6d53c46a4c69ade0b0bda554e71
Signed-off-by: Ghanshyam Mann <gmaan@ghanshyammann.com>
Signed-off-by: ghanshyam <gmaan@ghanshyammann.com>
Takashi Kajinami