In I147bf4d95e6d86ff1f967a8ce37260730f21d236 we added a new argument for
the rebuild_instance() RPC method. Unfortunately, we missed to that it
needs to be optional for older versions.
Adding a default none value for it so rolling upgrades would work.
Change-Id: I59c5e56b00114fea5ec19fa63ec73f032dc3bd5c
Closes-Bug: #1902925
At start up of nova-compute service, the PCI stat pools are
populated based on information in pci_devices table in Nova
database. The pools are updated only when new device is added
or removed but not on any device changes like device type.
If an existing device is configured as SRIOV and nova-compute
is restarted, the pci_devices table gets updated but the device
is still listed under the old pool in pci_tracker.stats.pool
(in-memory object).
This patch looks for device type updates in existing devices
and updates the pools accordingly.
Change-Id: Id4ebb06e634a612c8be4be6c678d8265e0b99730
Closes-Bug: #1892361
Add file to the reno documentation build to show release notes for
stable/victoria.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/victoria.
Change-Id: I90b2702b83512edd04e5a85a4b8ba2fbd0f0fd6e
Sem-Ver: feature
Ia18e9be4d07b732afd9db0007c541253f3cdaf82 bumped these versions in
Ussuri and while it's late in the Victoria cycle we now need to do the
same. Based on the LibvirtDistroSupportMatrix wiki page [1] the
following versions have been selected for the next min versions during
the Wallaby release:
NEXT_MIN_LIBVIRT_VERSION = (6, 0, 0)
NEXT_MIN_QEMU_VERSION = (4, 2, 0)
MIN_QEMU_VTPM is removed as part of this patch as it also requires
changes to functional tests that would otherwise fail.
Follow up patches will remove the following constants after this change:
- MIN_LIBVIRT_FILE_BACKED_DISCARD_VERSION
- MIN_{LIBVIRT,QEMU}_NATIVE_TLS_VERSION
- MIN_LIBVIRT_BETTER_SIGKILL_HANDLING
- MIN_LIBVIRT_VIDEO_MODEL_VERSIONS
- MIN_{LIBVIRT,QEMU}_PMEM_SUPPORT
This change depends on the following devstack change that introduces the
use of the Train UCA on Bionic nodes, allowing us to bump versions here
ahead of a move to Focal.
Depends-On: https://review.opendev.org/#/c/747123/
[1] https://wiki.openstack.org/wiki/LibvirtDistroSupportMatrix
Change-Id: I8e349849db0b1a540d295c903f1470917b82fd97
As noted inline, the 'policies' field may be a list but it expects one
of two items.
Change-Id: I34c68df1e6330dab1524aa0abec733610211a407
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-Bug: #1894966
When vif_type="tap" (such as when using calico),
attempting to create an instance using an image that has
the property hw_vif_multiqueue_enabled=True fails, because
the interface is always being created without multiqueue
flags.
This change checks if the property is defined and passes
the multiqueue parameter to create the tap interface
accordingly.
In case the multiqueue parameter is passed but the
vif_model is not virtio (or unspecified), the old
behavior is maintained.
Change-Id: I0307c43dcd0cace1620d2ac75925651d4ee2e96c
Closes-bug: #1893263
For attach:
* Generates InstancePciRequest for SRIOV interfaces attach requests
* Claims and allocates a PciDevice for such request
For detach:
* Frees PciDevice and deletes the InstancePciRequests
On the libvirt driver side the following small fixes was necessar:
* Fixes PCI address generation to avoid double 0x prefixes in LibvirtConfigGuestHostdevPCI
* Adds support for comparing LibvirtConfigGuestHostdevPCI objects
* Extends the comparison of LibvirtConfigGuestInterface to support
macvtap interfaces where target_dev is only known by libvirt but not
nova
* generalize guest.get_interface_by_cfg() to work with both
LibvirtConfigGuest[Inteface|HostdevPCI] objects
Implements: blueprint sriov-interface-attach-detach
Change-Id: I67504a37b0fe2ae5da3cba2f3122d9d0e18b9481
Default value of 'CONF.oslo_policy.policy_file' config option
has been changed from 'policy.json' to 'policy.yaml'. If new default
file 'policy.yaml' does not exist but old default 'policy.json' exist
then fallback to use old default file.
An upgrade checks is added to check the policy_file format and
fail upgrade checks if it is JSON formatted.
Added a warning in policy doc about JSON formatted file is deprecated,
also removed all the reference to policy.json file in doc as well as
in tests.
Related Blueprint: policy-json-to-yaml
Closes-Bug: #1875418
Change-Id: Ic4d3b998bb9701cb1e3ef12d9bb6f4d91cc19c18
In the rocky cycle nova was enhanced to support the multiple
port binding live migration workflow when neutron supports
the binding-extended API extension.
When the migration_data object was extended to support
multiple port bindings, populating the vifs field was used
as a sentinel to indicate that the new workflow should
be used.
In the train release
I734cc01dce13f9e75a16639faf890ddb1661b7eb
(SR-IOV Live migration indirect port support)
broke the semantics of the migrate_data object by
unconditionally populating the vifs field
This change restores the rocky semantics, which are depended
on by several parts of the code base, by only conditionally
populating vifs if neutron supports multiple port bindings.
Co-Authored-By: Sean Mooney <work@seanmooney.info>
Change-Id: Ia00277ac8a68a635db85f9e0ce2c6d8df396e0d8
Closes-Bug: #1888395
These options were deprecated way back in Rocky due to buggy behavior
they introduced. We can remove them now.
Change-Id: I9266edfd4ea6315239c54ff8d91e37d197c760c0
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
New option was introduced for faster download images directly from Ceph
instead of using the Glance API.
See the following blueprint for more details:
https://blueprints.launchpad.net/nova/+spec/nova-image-download-via-rbd
Compared to the blueprint, this new option was added instead of reviving
deprecated '[glance]/allowed_direct_url_schemes'.
Change-Id: Ib7e52f386df2134aa043dc703b378d0737b1d36d
The 4.14 kernel is sufficiently old in the tooth (Ubuntu 18.04 uses
4.15, RHEL 7.x has likely backported the fixes) that there are likely
not a great deal of users that could still use this broken feature if
they wanted to. Drop support for it almost entirely, retaining only a
warning to prevent accidental use.
Change-Id: Iad76bce128574dc2f86998ccf2a9c5e799c71313
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
None of these backends has had upstream testing in a very long time, if
ever, and their usage levels are unknown. Deprecate them now so that we
can at least remove the worst of them (UML, Xen) in the next cycle.
Change-Id: Id5b15aa846a5ddaf4ac26fe586327aef8c08c89d
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Only allow one detach/attach at a time with the same pattern instance-port_id
in order to avoid race condition when multiple detach/attach are run
concurrently.
When multiple detach run concurrently on a specific instance-port_id,
manager consider many of them as valid because info_cache still contains
the port and info_cache is refreshed only once the first request complete.
So during this gap of time, while the first request accomplishes the task,
all subsequent requests are destined to fail and log a warning [1] in
different location of code, depending on the outcome of the first request.
The Issue is that all those caught requests finally run a
deallocate_port_for_instance which will unbind the port.
This may cause a race condition, because a successful attach can pass between
those unbind, and be silently unbound, resulting in an infrastructure/DB
inconsistency.
[1] 'Detaching interface %(mac)s failed because the device is no longer found
on the guest.'
Closes-Bug: #1892870
Change-Id: Iea5969d0bd16dc9a6f1ba950224b0115e466ce66
Previously, the default value of num_retries for glance is 0.
It means that the request to glance is sent only one time.
On the other hand, neutron and cinder clients set the default
value to 3.
To align the default value for retry to other components, we
should change the default value to 3.
Closes-Bug: #1888168
Change-Id: Ibbd4bd26408328b9e1a1128b3794721405631193
This series implements the referenced blueprint to allow for specifying
custom resource provider traits and inventories via yaml config files.
This fourth commit adds the config option, release notes, documentation,
functional tests, and calls to the previously implemented functions in
order to load provider config files and merge them to the provider tree.
Change-Id: I59c5758c570acccb629f7010d3104e00d79976e4
Blueprint: provider-config-file
A recent release note is preventing Nova from being cloned on
Windows since the file name contains pipes.
Change-Id: I373e31e3776e6733b00d5536982228b8bf97877d
Well, don't actually detail them. Just note that things are incomplete.
People can read the docs for more info.
Change-Id: Ie470af3e738327c6f2800f386dbe43319f896222
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Previous patches added support for parsing the vTPM-related flavor extra
specs and image metadata properties, the necessary integrations with the
Castellan key manager API etc. This change adds the ability to enable
support in the libvirt driver and create guests with vTPM functionality
enabled. Cold migration and resize are not yet supported. These will be
addressed in follow-on changes.
Functional tests are included. These require expansion of the
fakelibvirt stubs to implement basic secret management
Part of blueprint add-emulated-virtual-tpm
[1] https://review.opendev.org/686804
Change-Id: I1ff51f608b85dbb621814e70079ecfdd3d1a1d22
Co-Authored-By: Eric Fried <openstack@fried.cc>
Co-Authored-By: Stephen Finucane <stephenfin@redhat.com>
The RetryFilter was deprecated in Train.
The Aggregate[core|ram|disk] filters were also deprecated in train.
This change removes all four deprecated filters and their docs.
Change-Id: Idc29c759632850d3d767a261c9f385af71348f65
Fixed an issue with detaching multi-attached fs-based volumes.
Volume drivers using _HostMountStateManager are special case.
_HostMountStateManager ensures that the compute node only attempts
to mount a single mountpoint in use by multiple attachments once,
and that it is not unmounted until it is no longer in use by any
attachments. So we can skip the multiattach check for volume drivers
that based on LibvirtMountedFileSystemVolumeDriver.
Closes-Bug: 1888022
Change-Id: Ia91b63c0676f42ad8a7a0d16e6870bafc2ee7675
In some environments the libvirt nodedev list can become out of sync
with the current MAC address assigned to a netdev, As a result the
nodedev lookup can fail. This results in an uncaught libvirt exception
which breaks the update_available_resource function resultingin an
incorrect resource view in the database.
e.g. libvirt.libvirtError: Node device not found:
no node device with matching name 'net_enp7s0f3v1_ea_60_77_1f_21_50'
This change removes the dependency on the nodedev name when looking up
nic feature flags.
Change-Id: Ibf8dca4bd57b3bddb39955b53cc03564506f5754
Closes-Bug: #1883671
Attempting to boot an instance with 'hw:cpu_policy=dedicated' will
result in a request from nova-scheduler to placement for allocation
candidates with $flavor.vcpu 'PCPU' inventory. Similarly, booting an
instance with 'hw:cpu_thread_policy=isolate' will result in a request
for allocation candidates with 'HW_CPU_HYPERTHREADING=forbidden', i.e.
hosts without hyperthreading. This has been the case since the
cpu-resources feature was implemented in Train. However, as part of that
work and to enable upgrades from hosts that predated Train, we also make
a second request for candidates with $flavor.vcpu 'VCPU' inventory. The
idea behind this is that old compute nodes would only report 'VCPU' and
should be useable, and any new compute nodes that got caught up in this
second request could never actually be scheduled to since there wouldn't
be enough cores from 'ComputeNode.numa_topology.cells.[*].pcpuset'
available to schedule to, resulting in rejection by the
'NUMATopologyFilter'. However, if a host was rejected in the first
query because it reported the 'HW_CPU_HYPERTHREADING' trait, it could
get picked up by the second query and would happily be scheduled to,
resulting in an instance consuming 'VCPU' inventory from a host that
properly supported 'PCPU' inventory.
The solution is simply, though also a huge hack. If we detect that the
host is using new style configuration and should be able to report
'PCPU', check if the instance asked for no hyperthreading and whether
the host has it. If all are True, reject the request.
Change-Id: Id39aaaac09585ca1a754b669351c86e234b89dd9
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-Bug: #1889633
Zuul