Idf84ccff254d26fa13473fe9741ddac21cbcf321 added this check in order for
Nova to avoid booting encrypted images created by Cinder as there is
currently no support for using such images (rotating keys etc).
The check however missed the slightly convoluted use case where this
image property is found against a volume after the volume in question is
created using an encrypted image created by cinder from an encrypted
volume. In other words:
- Cinder creates an encrypted volume A
- Glance creates an encrypted image A from volume A
- Cinder creates an encrypted volume B from image A
- Nova attempts to boot an instance using volume B
Note that Nova may request the creation of volume B or a user could also
do this directly through Cinder.
As such this change simply ensures that the instance isn't booting from
a volume when preforming the check as it is only valid when booting from
an image.
Closes-Bug: #1895696
Change-Id: Ic92cab7362fa25050e5bbef5c3e360108365b5c7
When we introduced the 'ImageMetaProps' o.vo in Liberty, we lost the
ability to consume arbitrary metadata configured for images. This
affects users of the 'AggregateImagePropertiesIsolation' filter, who may
have set such arbitrary metadata and expected their instances to be
restricted to host aggregates matching that metadata.
The world has changed a lot since Liberty was released, and it's
probably too late and maybe even a little unwise to let that genie back
out of its bottle, however, we can and should probably do a better job
of warning people of this change in behavior in our documentation. Do
just this.
Change-Id: If7245a90711bd2ea13095ba26b9bc82ea3e17202
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-Bug: #1741810
Migrate unit tests over to the new GlanceFixture, allowing us to fully
delete '_FakeImageService' and various helpers.
Change-Id: I3e3d9bbd32aa2fe0777681f21ba827610d5b3040
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This rather beefy (but also quite simple) patch replaces the
'stub_out_image_service' call and associated cleanup in all functional
tests with a new 'GlanceFixture', based on the old 'FakeImageService'.
The use of a fixture means we don't have to worry about teardown and
allows us to stub Glance in the same manners as Cinder, Neutron,
Placement etc.
Unit test cleanup is handled in a later patch.
Change-Id: I6daea47988181dfa6dde3d9c42004c0ecf6ae87a
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Enable the policy fixture by default, which should yield more realistic
functional tests. We need to update some tests to use admin APIs where
policy dictates they are necessary. Note that we're currently testing
the legacy policy - not the updated, scoped policy - since the legacy
policy is the default one currently.
Note that we also need to modify the 'SingleCellSimple' fixture in this
change to use the same project ID as the 'OSAPIFixture'.
Change-Id: Ia3dea78f16cb3c7081714c4db36e20d5ee76ed7d
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
As noted inline, the 'policies' field may be a list but it expects one
of two items.
Change-Id: I34c68df1e6330dab1524aa0abec733610211a407
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-Bug: #1894966
You must specify the 'policies' field. Currently, not doing so will
result in a HTTP 500 error code. This should be a 4xx error. Add a test
to demonstrate the bug before we provide a fix.
Change-Id: I72e85855f621d3a51cd58d14247abd302dcd958b
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-Bug: #1894966
During an assisted volume snapshot delete request from Cinder nova
removes the snapshot from the backing file chain. During that nova
checks the existence of such file. However in some cases (see the bug
report) the path is relative and therefore os.path.exists fails.
This patch makes sure that nova uses the volume absolute path to make
the backing file path absolute as well.
Closes-Bug #1885528
Change-Id: I58dca95251b607eaff602783fee2fc38e2421944
Resolve some TODOs. This is necessary to prove out SR-IOV live
migration.
Change-Id: I8a040f148427cdee7b8a4983efe2b586d73be88d
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Add a simple test to demonstrate the interaction between nova and
neutron when creating an instance with a (pre-created) SR-IOV port.
Change-Id: I9d0596f31ca342b952c35c742befd75fdc39d95c
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
setattr kills discoverability, making it hard to figure out who's
setting various fields. Don't do it.
While we're here, we drop legacy compat handlers for pre-Train
compute nodes.
Change-Id: Ie694a80e89f99c8d3e326eebb4590d93c0ebf671
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Previously, we were setting the environment variable to disable
greendns in eventlet *after* import eventlet. This has no effect, as
eventlet processes environment variables at import time. This patch
moves the setting of EVENTLET_NO_GREENDNS before importing eventlet in
order to correctly disable greendns.
Closes-bug: 1895322
Change-Id: I4deed815c8984df095019a7f61d089f233f1fc66
This adds a compute rpc version alias for the named release victoria.
Change-Id: I08d6b098492abfb216161fcdda152255583b6763
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
It only really existed to make unit testing easier back in the day,
and is trivial to move to its two callers.
Change-Id: I06c4408995d4bad0a4560e8e9cd5298d4bb6b043
Just follows the pattern that we do every release.
Change-Id: I8e2acf16bcf6a7d03e85c5b222f1b65c48941597
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
When vif_type="tap" (such as when using calico),
attempting to create an instance using an image that has
the property hw_vif_multiqueue_enabled=True fails, because
the interface is always being created without multiqueue
flags.
This change checks if the property is defined and passes
the multiqueue parameter to create the tap interface
accordingly.
In case the multiqueue parameter is passed but the
vif_model is not virtio (or unspecified), the old
behavior is maintained.
Change-Id: I0307c43dcd0cace1620d2ac75925651d4ee2e96c
Closes-bug: #1893263
This is no longer used by any in-tree virt drivers and can be removed.
The equivalent RPC API now always raises 'NotImplementedError', which
was the behavior with virt drivers that didn't support the feature.
Change-Id: Iab881ef4f52eff4815e781f10204497968f8a06b
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Remove references to the feature from various comments scattered
throughout the code.
Change-Id: Ic353a2489389c557859c249218eaf6060974e1a9
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Zuul