Keystone project manager role can be used for the project-level
management APIs. Nova introduced the manager role in policy
defaults.
To introduced the manager role, we need to make migrations
policies more granular. Adding the separate policies for host
related operation allow us to open the migration operations
to project manager role. Existing policy is checked if migration
without specifying host and new policy is checked if host is
specified. Same will be applied to list migrations, new policy
will control to return the host info.
Also, Adding doc and releasenotes.
Partial implement blueprint policy-manager-role-default
Change-Id: Ie7d135e4d24ac6d53c46a4c69ade0b0bda554e71
Signed-off-by: Ghanshyam Mann <gmaan@ghanshyammann.com>
Signed-off-by: ghanshyam <gmaan@ghanshyammann.com>
The _create_ephemeral() method is responsible for creating ephemeral
disks with image type "raw" and formatting them with mkfs. In the case
of [libvirt]images_type "qcow2", _create_ephemeral() will create
backing files.
Currently we are not using a consistent naming convention for choosing
the filesystem label for ephemeral disks. When we create a server for
example, we go through the disks and label them "ephemeral0",
"ephemeral1", "ephemeral2", etc.
When we hard reboot a server, there is a check to create missing
backing files and if so, a new backing file will be created but instead
of being labeled "ephemeralN" the code attempts to label them with the
name of the backing file itself for example "ephemeral_1_40d1d2c". This
will fail if the filesystem used for ephemeral disks has limitations on
the length of filesystem label names (VFAT, XFS, ...). For example:
mkfs.vfat: Label can be no longer than 11 characters
This adds a helper method for obtaining ephemeral disks filesystem
label names and uses it the same way in the few places fs_label is
specified.
Closes-Bug: #2061701
Change-Id: Id033a5760272e4fb06dee2342414b26aa16ffe24
This change bumps to the latest version of each
of our pre-commit hooks. Of note this add py3.13
support to autopep8.
Codespell was also updated and the new spelling
issues resolved.
Change-Id: I1aab019ffb0ee9366a7d26515bef1335d09044df
The tl;dr is to 1) avoid trying to disconnect volumes on the
destination if they were never connected in the first place and
2) avoid trying to disconnect volumes on the destination using block
device info for the source.
Details:
* Only remotely disconnect volumes on the destination if the failure
was not during pre_live_migration(). When pre_live_migration() fails,
its exception handling deletes the Cinder attachment that was created
before re-raising and returning from the RPC call. And the BDM
connection_info in the database is not guaranteed to reference the
destination because a failure could have happened after the Cinder
attachment was created but before the new connection_info was saved
back to the database. In this scenario, there is no way to reliably
disconnect volumes in the destination remotely from the source because
the destination connection_info needed to do it might not be
available.
* Due to the first point, this adds exception handling to disconnect
the volumes while still on the destination, while the destination
connection_info is still available instead of trying to do it
remotely from the source afterward.
* Do not pass Cinder volume block_device_info when calling
rollback_live_migration_on_destination() because volume BDM records
have already been rolled back to contain info for the source by
that point. Not passing volume block_device_info will prevent
driver.destroy() and subsequently driver.cleanup() from attempting to
disconnect volumes on the destination using connection_info for the
source.
Closes-Bug: #1899835
Change-Id: Ia62b99a16bfc802b8ba895c31780e9956aa74c2d
The nova debuger functionality was intended
to help debugging running process however it has
never been reliable due to our use of eventlet and is generally
not required when not using eventlet. I.e. you can just
run the nova console-scripts form a debugger or add pdb
statements as required.
As part of the eventlet removal the debugger functionality is
removed given its untested and undocumented.
Change-Id: I7bf88f06f3d1dbd2c7e342b27a21440a123c631d
Nova deprecated[1] running the API services under Eventlet in the Rocky
release 6 years ago. Now that we are trying to transition away from
Eventlet it is time to rip out these entry points fully.
[1] b53d81b03c
Change-Id: Ie758550c0b8fb02aeb398396961467d9f845fcc9
The request_specs_dict in the _list_view is initialized as a
defaultdict object in order to return empty string as default.
But the request_spec_dict is replaced with a normal dict object in
the v2.96 microversion, then if server list and RequestSpec missmatch
happens by any reason, the List Server API and the List
Server Detail API hit 500 Internal server error because of key error.
This commit updates the req_spec_dict to use normal dict object, then
it returns sentinel object if there is no appropriate
request_spec object.
Closes-Bug: #2095364
Change-Id: If282b8709954f276cb5d48114437809d771a9958
This adds documentation to the PCI-passthrough doc in the admin guide,
explaining how to use one-time-use devices.
Keeping this separate so we can iterate on it separate from the code.
Related to blueprint one-time-use-devices
Change-Id: Iff91c0726bbb37c7a3ef885a73e3c3586feb6004
This change adds a latch_error_on_raise decorator which
is applied to the init_applciation function in our
common wsgi_app module.
This decorator will catch all non retryable exceptions
and cause future invocations of the function to always
return that same exception forever.
a reset function is also added to the decorated function
which should be called in our bases test class to
prevent cross test interactons.
Closes-Bug: #2103811
Related-Bug: #1882094
Change-Id: I44b1f7e2acc36a5b557d6d8788f6099f52bbdfb8
The stats module uses the _find_pool() call to find a matching pool for
a new device or a device that is being deallocated. If no existing pool
matches with the dev then then a new pool is created for it. The
pool matching logic was faulty as it did not remove all the metadata
keys from the pool like rp_uuid. So if the dev did not have that key but
the pool did then the dev did not match.
On the other hand the PCI allocation logic (when PCI in Placement is
enabled) assumed that devices from a single rp_uuid are always in a
single pool. As this assumption was broken by the above bug the PCI
allocation blindly tried to allocate resources for an rp_uuid from each
matching pool causing overallocation.
The main fix in this patch is to ignore the metadata tags in
_find_pool(). But also two safety net are added to the allocation logic.
The logic now asserts that the assumption is correct and if not (i.e. it
found multiple pools with the same rp_uuid) then it bails out. It also
does not ever blindly allocate the same rp_uuid request from multiple
pools.
Closes-Bug: #2098496
Change-Id: I9678230397fa1a3c735ee01ed756d5af3b4e1191
Add file to the reno documentation build to show release notes for
stable/2025.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2025.1.
Sem-Ver: feature
Change-Id: Iba42aa129140dc494d99dede17f5ea7b44062d62
When validation of the node fails, since switching to the SDK the
address of the ValidationResult object is displayed instead of the
actual message. This has been broken since patch
Ibb5b168ee0944463b996e96f033bd3dfb498e304.
Closes-Bug: 2100009
Change-Id: I8fbdaadd125ece6a3050b2fbb772a7bd5d7e5304
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
This patch checks the revision of QEMU and libvirt to ensure support
for VFIO SR-IOV device migration.
It also updates the _live_migration_operation() function, particularly
the get_updated_guest_xml() function, to map source PCI addresses
to destination addresses in the destination XML file, using the data
provided by the LiveMigrateData object.
The target goal of these series of patch is to enable VFIO devices
migration with kernel variant drivers.
Partially-Implements: blueprint migrate-vfio-devices-using-kernel-variant-drivers
Change-Id: I62ec475988eab8de948498f50d8d4c0d47321102
The target goal of these series of patch is to enable VFIO devices
with kernel variant drivers.
Implements: blueprint enable-vfio-devices-with-kernel-variant-drivers
Change-Id: I7949ba6da8b6257865d8e9e48bf3feabc10bdf17
microversion 2.98 changed the GET and GET list details
API response to expand the image field
- https://review.opendev.org/c/openstack/nova/+/939649
but when we change the views/servers.py then update server
and rebuild server API response also gets updated.
- https://review.opendev.org/c/openstack/nova/+/939649/12/nova/api/openstack/compute/views/servers.py#595
The microversion change actually changed the response for
the update and rebuild API but did not update the documentation
about this change. Neither added test for rebuild and update
which verify the response change.
Since microversion 2.75, we have made all these 4 APIs response
consistent.
Implements: blueprint image-properties-in-server-show
Change-Id: Ifc2edc59c601391a31fd8953c742969e5b368767
microversion 2.96 changed the GET and GET list details
APi response to add a new field 'pinned_availability_zone'
- https://review.opendev.org/c/openstack/nova/+/904568
but when we change the views/servers.py then update server
and rebuild server API response also gets updated.
- https://review.opendev.org/c/openstack/nova/+/904568/17/nova/api/openstack/compute/views/servers.py#309
The microversion change actually changed the response for
the update and rebuild API but did not update the documentation
about this change. Neither added test for rebuild and update
which verify the response change.
Since microversion 2.75, we have made all these 4 APIs response
consistent.
Change-Id: I31fbb3c5e689302713bfb7a254c5d0cc12de2dc4
Currently, even when [libvirt] volume_use_multipath is set to True,
volume attachment silently falls back to single path if multipathd is
not running in the host. This sometimes prevents operators from
noticing the misconfiguration, until they face any issue caused by
missing redundancy.
Introduce the new [libvirt] volume_enforce_multipath option, which
makes the attachment process fail if multipathd is not running.
A similar parameter (enforce_multipath_for_image_xfer) was already
implemented in cinder and this change follows how the parameter is
implemented there.
Also add the check in init phase to detect lack of mulitipath daemon
during initializing driver.
Min version of os-brick has to be bumped due to the interface change
made by 8d919696a9f1b1361f00aac7032647b5e1656082 .
Implements: blueprint enforce-multipath
Change-Id: I828de70ca7b343a4562ace4049d2b3857dbf900a
The minimum required version of QEMU is now 6.2.0, and of libvirt is
8.0.0.
Minimum cleanup to make the tests happy.
Adjust the related unit tests accordingly.
Following patch will clean all constants not useful anymore.
Change-Id: I381a6c180494ed7b6ae47853132673f153733587
Nova currently lacks a straightforward way to expose scheduler hints
associated with a server. This change extends existing Nova's
API to allow users to retrieve this information when it is available.
It adds a new API microversion to support returning the associated
scheduler_hints in ``GET /servers/{server_id}``, `GET /servers/detail``,
``PUT /servers/{server_id}`` and ``POST /server/{server_id}/action``
(rebuild) responses.
Implements: blueprint show-scheduler-hints-in-server-details
Change-Id: If0070cfbc218e0515bf3b58fc8c5067ae22c7072
This patch adds a new console type, "spice-direct", which provides
the connection information required to talk the native SPICE protocol
directly to qemu on the hypervisor. This is intended to be fronted
by a proxy which will handle authentication separately.
A new microversion is introduced which adds the type "spice-direct"
to the existing "spice" protocol.
An example request:
POST /servers/<uuid>/remote-consoles
{
"remote_console": {
"protocol": "spice",
"type": "spice-direct"
}
}
An example response:
{
"remote_console": {
"protocol": "spice",
"type": "spice-direct",
"url": "http://localhost:13200/nova?token=XXX";
}
}
This token can then be used to lookup connection details for the
console using a request like this:
GET /os-console-auth-tokens/<consoletoken>
Which returns something like this:
{
"console": {
"instance_uuid": <uuid>,
"host": <hypervisor>,
"port": <a TCP port number>,
"tls_port": <another TCP port number>,
"internal_access_path": null
}
}
APIImpact
Change-Id: I1e701cbabc0e2c435685e31465159eec09e3b1a0
This weigher will check how many instances in the host have the image
properties that are requested and will prefer by default to pack
instances with the same properties.
Implements blueprint: image-metadata-props-weigher
Change-Id: I3bfed44bd089c6b226d13c3ac4a0003411737cbd
In centos/rhel 9 qemu supprot for the qxl model was removed
with the removal of spice support.
In ubuntu 24.04 qemu support for qxl and spice supprot
has now also been removed.
debian 12 bookworm still support spice in there qemu package.
When we updated the default video model to virtio for x86 we
left a config driven special case for spice to default to qxl
since that nolonger works on centos or ubuntu based distos that
default is not helpful so this change removes the special case
making virtio the default for x86 regardless of the console used.
This change also updates the nova-ovs-hybrid-plug to test with spice
so that we have at least one job using it. to enable that the job is
moved to debian.
Closes-Bug: #2097529
Change-Id: I265ad2ced3729bed41bf53c58dcebadb775ce1f7
Ghanshyam Maan