These top-level functions were not called from anywhere but tests.
- fetch_ca
- ensure_ca_filesystem
- fetch_crl
- decrypt_text
- revoke_certs_by_user
- revoke_certs_by_project
- revoke_certs_by_user_and_project
- generate_x509_cert
- generate_vpn_files
These other functions are used by the above and are no longer used
anywhere.
- ca_folder
- ca_path
- key_path
- crl_path
- revoke_cert
- _project_cert_subject
- _user_cert_subject
- _ensure_project_folder
- sign_csr
- _sign_csr
Tests for these are removed as are a number of scripts found in
'nova/CA', which were only used by the aforementioned functions.
Change-Id: Ie1dadc6bf935f777e0cd0c54a0a21b79545714c5
We have an API for setting the admin password for an already created
instance and we have a metadata API for retrieving the encrypted
password. In the libvirt driver, when a request to set the admin
password is received, it is indeed set in the guest but the instance
system metadata is never updated with the encrypted password, so
attempts to retrieve the password via the metadata service API result
in an empty string returned instead of the encrypted password.
This has been broken in the libvirt driver since the set admin password
password feature was added, as far as I can tell. The xen api driver,
however, handles the same thing correctly and this adds similar logic
to the libvirt driver to fix the problem.
Closes-Bug: #1748544
Change-Id: Icf44c4c94529cb75232abe1f3ecc5a4d3646b0cc
Add more test cases for placement.aggregates to cover some edge case.
blueprint placement-test-enhancement
Change-Id: Ia18de50f3265b358e64523229140ce9a6e70dbbb
With the addition of multiattach we need to ensure that we
don't make brick calls to remove connections on detach volume
if that volume is attached to another Instance on the same
node.
This patch adds a new helper method (_should_disconnect_target)
to the virt driver that will inform the caller if the specified
volume is attached multiple times to the current host.
The general strategy for this call is to fetch a current reference
of the specified volume and then:
1. Check if that volume has >1 active attachments
2. Fetch the attachments for the volume and extract the server_uuids
for each of the attachments.
3. Check the server_uuids against a list of all known server_uuids
on the current host. Increment a connection_count for each item
found.
If the connection_count is >1 we return `False` indicating that the
volume is being used by more than one attachment on the host and
we therefore should NOT destroy the connection.
*NOTE*
This scenario is very different than the `shared_targets`
case (for which we supply a property on the Volume object). The
`shared_targets` scenario is specifically for Volume backends that
present >1 Volumes using a single Target. This mechanism is meant
to provide a signal to consumers that locking is required for the
creation and deletion of initiator/target sessions.
Closes-Bug: #1752115
Change-Id: Idc5cecffa9129d600c36e332c97f01f1e5ff1f9f
When the doc structure was changed the location of the notification
devref also changed. This patch updates the reference to this doc in
the AssertionError emited in the test if new legacy notification is
introduced.
Change-Id: Iff30752bac64801ad8950eea5861d2b230f30fdf
We need this in a later change to pull volume attachment
information from cinder for the volume being detached so
that we can do some attachment counting for multiattach
volumes being detached from instances on the same host.
Change-Id: I751fcb7532679905c4279744919c6cce84a11eb4
Related-Bug: #1752115
The "MAX" constants in the db api are useful to import without
needing to import the rest of the api, so they are moved to a
constants.py file in the same package. api.py then imports the
symbols from that file for backwards compatibility.
The handler and schema for placement inventories (which use the MAX
constants) are updated to point to the constants file directly as
they do not need the db api.
Change-Id: Ifab10e023bcf4389f6514b477755c4cced2d1598
Notes: fakes.py/stub_out_key_pair_funcs() is already fixed
in another changeset.
Partially-Implements: blueprint mox-removal
Change-Id: I53333eb6f46bf4234de669f52558a256b627af44
xenapi likes enabling and disabling ext3 filesystem journals. They can
do that via privsep now.
Change-Id: Iad8198fbd01aa80bde0a6b295963391715c5cd48
blueprint: hurrah-for-privsep
Logging network information and the admin password
for guest instances is not ideal, so let's not do it.
Change-Id: I328ba88b128c6c125e65d850ed7a6e57049dc7e2
Closes-Bug: #1737207
The ability to list instance actions for deleted servers was
added in the 2.21 microversion, so we should update the wording
to make that clear.
Change-Id: Ibf05d5bd2c70aa579bb2a688d4d5fa63278176d2
This adds a pep8 function that will check for redundant import aliases.
Any imports of the forms below will not be allowed.
from x import y as y
import x as x
import x.y as y
Change-Id: Iff90f0172d97bd1d49d54c811a70c8af11776da4
Placement microversion 1.18 added support for filtering GET
/resource_providers by traits, allowing us to improve the algorithm in
_get_sharing_providers to a single call instead of 1 + (1 per provider
in the aggregate).
Change-Id: I42d4da1bc5b04436a3e160357bfc3e7b8802c7f3
Stephen Finucane