This adds a new microversion to expose the instance action
event details in the
GET /servers/{server_id}/os-instance-actions/{request_id} API.
With the new microversion the "details" key is always returned
with each event dict but the value may be null because of old
records or events that did not fail.
The details are not constrained by policy like the traceback
field since the details are like a fault message on the server
resource when the server is in ERROR status and the fault
message is likewise not constraint by policy unlike the fault
details which is a traceback like the event traceback field.
This commit add a SYSTEM_READER ('rule: system_reader_api') role
to the Show Server Action Details API. With this default policy,
events fault details can be displayed. And also add some nova and
non-nova exception functional tests for os-instance-actions API.
Co-Authored-By: Brin Zhang <zhangbailin@inspur.com>
Implements blueprint action-event-fault-details
Change-Id: I6fe4dd265b0030ce12f92771b255a3d795f03d01
Microversion bump to allow non-admin user to use more filters key
when listing instances.
In order to stay coherent, all existing instance filters who are
related to a field readable by default to non admin users when showing
instance details, should be allowed by default without policy
modification.
Implements: blueprint non-admin-filter-instance-by-az
Change-Id: Ia66d3a1ceb74ed521cf44922929b2a502f3ee935
We have a custom of naming the directory after the API. Reinforce that
here.
Change-Id: I5bf68aacc1d987400a91467835c4b55f03c18beb
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The API URL is '/os-keypairs', not '/keypairs'. Attempting to use these
pagination links as-is will result in a HTTP 404 (Not Found).
Change-Id: Ic04568caecc138e6016418f6878d031c4a0d3fb4
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-bug: #1866373
This change documents certain hyper-v driver features that are not
included in the driver support matrix.
Change-Id: I29f6d816138bd31ad6bc8d327636b202d718bdff
APIImpact: Adds 2.82 microversion for /os-server-external-events API.
DocImpact: Adds new version to doc/api_samples/versions/.
Change-Id: I7a626544d8221dc0eeb5672986ca897ce4718be8
Blueprint: nova-cyborg-interaction
Hypervisor view builder's _collection_name,
'hypervisors' is used to build next link that
sdk use as uri to do paginated query. But correct
API should be `GET /v2.1/os-hypervisors?<params>`
rather than `GET /v2.1/hypervisors?<params>`.
This patch fixes this bug.
Change-Id: Idc4f3fe54136a6bd3dbc7dc0efd3f62745991199
Closes-Bug: 1864428
Signed-off-by: Fan Zhang <zh.f@outlook.com>
Tests were previously using arbitrary keys that weren't published
anywhere in the codebase. Switch to using meaningful ones.
Change-Id: I8da84b48e4d630eeb91d92346aa2323e25e28e3b
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Operators can deploy their own scheduler filters. We currently provide
some minimal instructions for how to do this but it omits things like
the need to package these filters so they can be picked up correctly.
Change-Id: I725801c9c049455a0196e4664d767b81a8d4edf2
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Added JSON schema defining `network_data.json` contents and
beefed up the MetadataTest functional test cases to use a
real instance instead of a database shell. This way the
tests see real data in the metadata service like a real
network_data.json.
Besides internal Nova consumption, this schema might be
helpful to other tools (such as ironic or Glean) to
validate human-generated `network_data.json` prior to
using it.
Co-Authored-By: Balazs Gibizer <balazs.gibizer@est.tech>
Change-Id: Ie5a5a1fc81c7c2d3f61b72d19de464cfc9dab5ec
The console proxies (VNC, SPICE, etc) currently don't allow the
allowed TLS ciphers and protocol versions to be configurable. This
results in the defaults being used from the underlying system,
which may not be secure enough for many deployments. This patch
allows for the ciphers and minimum SSL/TLS protocol version for
each console proxy to be configured in nova's config.
We utilize websockify underneath our console proxies, which added
support for allowed ciphers and the SSL/TLS version to be
configurable as of version 0.9.0. This change updates the lower
constraint for this dependency.
Closes-Bug: #1842149
Related-Bug: #1771773
Change-Id: I23ac1cc79482d0fabb359486a4b934463854cae5
There are different situations when allocations can be orphaned.
Adding a new nova-manage command to lookup at all resource providers
and check against the related compute nodes whether they have
orphaned allocations.
Change-Id: I537ed74503d208957f0a97af3ab754a6750dac20
Closes-Bug: #1793569
Nova documentation was missing information documentation about
Ironic virt driver.
Change-Id: I2431dc3db94da44001eefdead50607eab662d16f
Closes-Bug: #1852446
Fixing a couple of typos that wrongly refers to
update_available_resources()
insted of update_available_resource()
Change-Id: Iaf7828e9cfb73ac87018d78180d16aae91d838f3
The document which contains the steps to test different NUMA
setups was using legacy instructions. This change pretends to update
those instructions to improve the readability.
Change-Id: Id8bf96f035528b15a51c802f06e07422b9f36736
Placement microversion 1.35 gives us the root_required queryparam to GET
/allocation_candidates, allowing us to filter out candidates where the
*root* provider has/lacks certain traits, independent of traits
specified in any of the individual request groups.
Use it.
And add affordance for specifying such traits to the RequestSpec.
Which allows us to fix up the couple of request filters that were
hacking traits into the RequestSpec.flavor.
Change-Id: I44f02044ce178e84c23d178e5a23a3aa1208e502
Firewall support is not needed with neutron, which supports both
security groups for per-port filtering and FWaaS for per-network
filtering. Remove both the generic firewalls and the hypervisor-specific
implementations.
This change focuses on removing the firewall-related API calls from the
various virt drivers. The firewall drivers themselves are removed
separately.
Change-Id: I5a9e5532c46a5f7064441ae644125d21efe5fda1
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Marcin Juszkiewicz