Introduce two new guides on UEFI and Secure Boot. In addition, update
the flavors guide to document the secure boot feature (though this doc
should really be removed in near term in favour of the auto-generated
docs, as noted inline).
Note that this change includes our first use of the ':nova:extra-spec:'
cross-reference role and highlights a small bug in that implementation.
This is resolved.
Blueprint: allow-secure-boot-for-qemu-kvm-guests
Change-Id: I4eb370b87ba8d0403c8c0ef038a909313a48d1d6
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This patch enables the 'socket' PCI NUMA affinity policy. The PCI
manager gets a new method to implement it, and the libvirt driver
starts reporting the necessary trait, enabling it to receive
instances with the 'socket' policy.
Implements: blueprint pci-socket-affinity
Change-Id: Ia875c9c3542ef4138d0d7a2c26c0cf49dcca0761
This hasn't been validated upstream and there doesn't appear to be
anyone using it. It's time to drop support for this. This is mostly test
and documentation damage, though there is some other cleanup going on,
like the removal of the essentially noop 'pick_disk_driver_name' helper.
Change-Id: I73305e82da5d8da548961b801a8e75fb0e8c4cf1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This has not been tested in the gate for a long time and was only added
to enable CI in the early days of OpenStack. Time to bid adieu.
Change-Id: I7a157f37d2a67e1174a1725fd579c761d81a09b1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
It's time to shine a light on this area of the codebase ahead of some
much required cleanup. This documentation is based on an email sent
almost 5 years ago but is still accurate today.
Change-Id: I66cc2c5549833f269872748fb1532438f9ba8489
With the landing of the cpu-resources series in train [1], the
hw:cpu_thread_policy extra spec has a different effect than before.
Correct our documentation.
[1] https://review.opendev.org/q/topic:bp/cpu-resources
Change-Id: I338408b01b1d2328035dd92d2588710a20aba323
Pygments 2.7.x is stricter in how it validates JSON escapes, aligning it
closer with the spec [1]. Turns out we have some invalid JSON in our
docs, meaning builds are now failing with the following error:
doc/source/user/metadata.rst:262: WARNING: Could not lex literal_block
as "json". Highlighting skipped.
Resolve this.
[1] https://github.com/pygments/pygments/commit/9514e794e0c2a5c7c048df97fcfef4a099e05ac3
Change-Id: Ic50e29e9c7817744ad0b4f9de309aa3e96a09505
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Not as many of these as I thought there would be. Also, yes, the change
to 'nova.conf.compute' is a doc change :)
Change-Id: I27626984ce94544bd81d998c5fdf141875faec92
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
What it is, why you'd want it and how you can configure it.
Part of blueprint add-emulated-virtual-tpm
Change-Id: I8e52a397bca8f09e6aaa6cab44eee7dded529c55
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The documentation states that property names for aggregate weight
multipliers should be prefixed with 'filter_scheduler.', however in
reality they should not.
This change fixes this in the documentation.
Change-Id: I3adabb052a859cccf59655c91cc366fbe1cf8386
The RetryFilter was deprecated in Train.
The Aggregate[core|ram|disk] filters were also deprecated in train.
This change removes all four deprecated filters and their docs.
Change-Id: Idc29c759632850d3d767a261c9f385af71348f65
The metadata service is going to be accessible over IPv6 too when
the following Neutron feature merges (still in Victoria, I hope):
https://bugs.launchpad.net/neutron/+bug/1460177
However all end-user facing metadata documentation is in Nova,
so unless we want to refactor/move this, let me propose this doc
change here.
Change-Id: I7e67680090da003e01e106be47b7a807164fecb3
Partial-Bug: #1460177
Before, realtime CPUs could only be combined with dedicated CPUs
in a 'dedicated' policy instance. This patch supports to create
a type of instance that makes realtime CPUs be mixed with shared
CPUs under the 'mixed' CPU allocation policy.
Part of blueprint use-pcpu-and-vcpu-in-one-instance
Change-Id: Iad7864bf375341ef065bfec229a059e444c910e2
Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
Enable the 'hw:cpu_dedicated_mask' flavor extra spec interface, user
can create CPU mixing instance through a flavor with following
extra spec settings:
openstack flavor set <flavor_id> \
--property hw:cpu_policy=mixed \
--property hw:cpu_dedicated_mask=0-3,7
In a topic coming later, we'll introduce another way to create a
mixed instance through the real-time interface.
Part of blueprint use-pcpu-and-vcpu-in-one-instance
Change-Id: I2a3311c08a52eb11859c68ef940a0bd755a94c6b
Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
If the end-user specifies a cpu_realtime_mask that does not begin
with a carat (i.e. it is not a purely-exclusion mask) it's likely
that they're expecting us to use the exact mask that they have
specified, not realizing that we default to all-vCPUs-are-RT.
Let's make nova's behaviour a bit more friendly by correctly
handling this scenario.
Note that the end-user impact of this is minimal/non-existent. As
discussed in bug #1884231, the only way a user could have used this
before would be if they'd configured an emulator thread and purposefully
set an invalid 'hw:cpu_realtime_mask' set. In fact, they wouldn't have
been able to use this value at all if they used API microversion 2.86
(extra spec validation).
Part of blueprint use-pcpu-and-vcpu-in-one-instance
Change-Id: Id81859186de6fb6b728ad566a532244008fe77d0
Closes-Bug: #1688673
By offloading emulator threads to other host cores (via the
'hw:emulator_threads_policy' extra spec), it's possible to allocate all
guest cores to realtime. Enable this.
Part of blueprint use-pcpu-and-vcpu-in-one-instance
Change-Id: I00805cf9cca9657955c7e1ef3a76e384adaa78f1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
When we use the flavor extra_specs "hide_hypervisor_id" in
AggregateInstanceExtraSpecsFilter, then will retrun False.
So we need correct the extra_specs.
Change-Id: I9d8d8c3a30cf6da7e8fb48374347e069ab075df2
Closes-Bug: 1841932
Add the validation framework necessary to verify extra specs along with
the definitions for every extra spec we currently recognize in-tree.
None of this is currently used since we don't have the API microversions
wired up, but that will come in a future patch.
Note that we must add the H238 hacking check to the ignore list here,
since this includes our first use of Python 3-type classes without the
explicit 'object' subclass. This can be removed when that check is
removed from hacking.
Part of blueprint flavor-extra-spec-validators
Change-Id: Ib64a1348cce1dca995746214616c4f33d9d664bd
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This change documents certain hyper-v driver features that are not
included in the driver support matrix.
Change-Id: I29f6d816138bd31ad6bc8d327636b202d718bdff
Operators can deploy their own scheduler filters. We currently provide
some minimal instructions for how to do this but it omits things like
the need to package these filters so they can be picked up correctly.
Change-Id: I725801c9c049455a0196e4664d767b81a8d4edf2
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Added JSON schema defining `network_data.json` contents and
beefed up the MetadataTest functional test cases to use a
real instance instead of a database shell. This way the
tests see real data in the metadata service like a real
network_data.json.
Besides internal Nova consumption, this schema might be
helpful to other tools (such as ironic or Glean) to
validate human-generated `network_data.json` prior to
using it.
Co-Authored-By: Balazs Gibizer <balazs.gibizer@est.tech>
Change-Id: Ie5a5a1fc81c7c2d3f61b72d19de464cfc9dab5ec
This adds two tests and updates the cross-cell resize docs to
show that _poll_unconfirmed_resizes can work if the cells are
able to "up-call" to the API DB to confirm the resize. Since
lots of deployments still enable up-calls we don't explicitly
block _poll_unconfirmed_resizes from processing cross-cell
migrations. The other test shows that _poll_unconfirmed_resizes
fails if up-calls are disabled.
Part of blueprint cross-cell-resize
Change-Id: I39e8159f3e734a1219e1a44434d6360572620424
Document a small wrinkle with the image signature validation feature
when using the Libvirt virt driver, rbd imagebackend and RAW image
format due to the validation being triggered during image download.
Change-Id: Ic67c4d251c17e5e93045eb50ff99580e2cf66c76
When performing a resize, we'll want to (by default) select
target hosts from the source cell to do a traditional resize
if possible before considering target hosts in another cell
which will be slower and more complicated. If the source cell
is disabled or target flavor is not available in the source cell,
then we'll have no choice but to select a host from another cell.
But all things being equal between hosts, we want to stay within
the source cell (by default). Therefore this change adds a new
CrossCellWeigher and related configuration option to prefer hosts
within the source cell when moving a server. The weigher is
completely noop unless a cross-cell move is permitted by
configuration, which will be provided in a future change.
Part of blueprint cross-cell-resize
Change-Id: Ib18752efa56cfeb860487fe6b26102bb4b1db038
This addresses bug #1795920 by adding support for
defining a pci numa affinity policy via the flavor
extra specs or image metadata properties enabling
the policies to be applied to neutron sriov port
including hardware offloaded ovs.
Closes-Bug: #1795920
Related-Bug: #1805891
Implements: blueprint vm-scoped-sriov-numa-affinity
Change-Id: Ibd62b24c2bd2dd208d0f804378d4e4f2bbfdaed6
The only ones remaining are some real crufty SVGs and references to
things that still exist because nova-network was once a thing.
Change-Id: I1aebf86c05c7b8c1562d0071d45de2fe53f4588b
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Yet another one of these. This time around, we make the following
changes:
- Put admin-focused stuff in '/admin', and user-focused docs in '/user'
- Merge the '/admin/quotas2' document into the '/admin/quotas' document
- Update references to novaclient to use openstackclient if possible and
include a TODO if not
- s/tenant/project/
Note that there is some duplication between the user and admin docs
here. That's necessary since, for example, showing a user's quotas is
also something an admin will want to do.
Change-Id: I733515cf0f939fe95203ff0b09df2709daee108c
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Zuul