delta/openstack/nova.git/nova/network, branch master opendev.org: openstack/nova.git Enable use of service user token with admin context 2023-05-10T14:52:59+00:00 melanie witt melwittt@gmail.com 2023-05-09T03:11:25+00:00 41c64b94b0af333845e998f6cc195e72ca5ab6bc When the [service_user] section is configured in nova.conf, nova will have the ability to send a service user token alongside the user's token. The service user token is sent when nova calls other services' REST APIs to authenticate as a service, and service calls can sometimes have elevated privileges. Currently, nova does not however have the ability to send a service user token with an admin context. This means that when nova makes REST API calls to other services with an anonymous admin RequestContext (such as in nova-manage or periodic tasks), it will not be authenticated as a service. This adds a keyword argument to service_auth.get_auth_plugin() to enable callers to provide a user_auth object instead of attempting to extract the user_auth from the RequestContext. The cinder and neutron client modules are also adjusted to make use of the new user_auth keyword argument so that nova calls made with anonymous admin request contexts can authenticate as a service when configured. Related-Bug: #2004555 Change-Id: I14df2d55f4b2f0be58f1a6ad3f19e48f7a6bfcb4 
When the [service_user] section is configured in nova.conf, nova will
have the ability to send a service user token alongside the user's
token. The service user token is sent when nova calls other services'
REST APIs to authenticate as a service, and service calls can sometimes
have elevated privileges.

Currently, nova does not however have the ability to send a service user
token with an admin context. This means that when nova makes REST API
calls to other services with an anonymous admin RequestContext (such as
in nova-manage or periodic tasks), it will not be authenticated as a
service.

This adds a keyword argument to service_auth.get_auth_plugin() to
enable callers to provide a user_auth object instead of attempting to
extract the user_auth from the RequestContext.

The cinder and neutron client modules are also adjusted to make use of
the new user_auth keyword argument so that nova calls made with
anonymous admin request contexts can authenticate as a service when
configured.

Related-Bug: #2004555

Change-Id: I14df2d55f4b2f0be58f1a6ad3f19e48f7a6bfcb4
Fix get_segments_id with subnets without segment_id 2023-05-03T15:00:14+00:00 Sylvain Bauza sbauza@redhat.com 2023-05-03T15:00:14+00:00 6d7bd6a03446d5227d515b2b4c0da632ef4aa4a1 Unfortunatly when we merged Ie166f3b51fddeaf916cda7c5ac34bbcdda0fd17a we forgot that subnets can have no segment_id field. Change-Id: Idb35b7e3c69fe8efe498abe4ebcc6cad8918c4ed Closes-Bug: #2018375 
Unfortunatly when we merged Ie166f3b51fddeaf916cda7c5ac34bbcdda0fd17a we
forgot that subnets can have no segment_id field.

Change-Id: Idb35b7e3c69fe8efe498abe4ebcc6cad8918c4ed
Closes-Bug: #2018375
Unbind port when offloading a shelved instance 2022-11-29T16:06:46+00:00 Arnaud Morin arnaud.morin@ovhcloud.com 2022-08-18T15:52:58+00:00 4eef0fe6354304b4639a3b635e4955457188e4ce When offloading a shelved instance, the compute needs to remove the binding so the port will appear as "unbound" in neutron. Closes-Bug: 1983471 Change-Id: Ia49271b126870c7936c84527a4c39ab96b6c5ea7 Signed-off-by: Arnaud Morin <arnaud.morin@ovhcloud.com> 
When offloading a shelved instance, the compute needs to remove the
binding so the port will appear as "unbound" in neutron.

Closes-Bug: 1983471

Change-Id: Ia49271b126870c7936c84527a4c39ab96b6c5ea7
Signed-off-by: Arnaud Morin <arnaud.morin@ovhcloud.com>
Gracefully ERROR in _init_instance if vnic_type changed 2022-09-08T07:19:16+00:00 Balazs Gibizer gibi@redhat.com 2022-07-15T11:48:46+00:00 e43bf900dc8ca66578603bed333c56b215b1876e If the vnic_type of a bound port changes from "direct" to "macvtap" and then the compute service is restarted then during _init_instance nova tries to plug the vif of the changed port. However as it now has macvtap vnic_type nova tries to look up the netdev of the parent VF. Still that VF is consumed by the instance so there is no such netdev on the host OS. This error killed the compute service at startup due to unhandled exception. This patch adds the exception handler, logs an ERROR and continue initializing other instances on the host. Also this patch adds a detailed ERROR log when nova detects that the vnic_type changed during _heal_instance_info_cache periodic. Closes-Bug: #1981813 Change-Id: I1719f8eda04e8d15a3b01f0612977164c4e55e85 
If the vnic_type of a bound port changes from "direct" to "macvtap" and
then the compute service is restarted then during _init_instance nova
tries to plug the vif of the changed port. However as it now has macvtap
vnic_type nova tries to look up the netdev of the parent VF. Still that
VF is consumed by the instance so there is no such netdev on the host
OS. This error killed the compute service at startup due to unhandled
exception. This patch adds the exception handler, logs an ERROR and
continue initializing other instances on the host.

Also this patch adds a detailed ERROR log when nova detects that the
vnic_type changed during _heal_instance_info_cache periodic.

Closes-Bug: #1981813
Change-Id: I1719f8eda04e8d15a3b01f0612977164c4e55e85
Generate request_id for Flavor based InstancePCIRequest 2022-08-27T10:44:11+00:00 Balazs Gibizer gibi@redhat.com 2022-08-19T18:21:15+00:00 ccab6fed463337c029459469c76e92af3b96fa06 The InstancePCIRequest.request_id is used to correlate allocated PciDevice objects with the InstancePCIRequest object triggered the PCI allocation. For neutron port based PCI requests the IstancePCIRequest.request_id was already set to a generated UUID by nova. But for Flavor based request the request_id was kept None. The placement PCI scheduling code depends on the request_id to be a unique identifier of the request. So this patch starts filling the request_id for flavor based requests as well. This change showed than in some places nova still uses the request_id == None condition to distinguish between flavor based and neutron based requests. This logic is now adapted to use the newer and better InstancePCIRequest.source based approach. Also we took the opportunity to move the logic of querying PCI devices allocated to an instance to the Instance ovo. This change fills the request_id for newly created flavor based InstancePCIRequest ovos. But the change in logic to use the InstancePCIRequest.source property instead of the request_id == None condition works even if the request_id is None for already existing InstancePCIRequest objects. So this patch does not include a data migration logic to fill request_id for existing objects. blueprint: pci-device-tracking-in-placement Change-Id: I53e03ff7a0221db682b043fb6d5adba3f5c9fdbe 
The InstancePCIRequest.request_id is used to correlate allocated
PciDevice objects with the InstancePCIRequest object triggered the PCI
allocation. For neutron port based PCI requests the
IstancePCIRequest.request_id was already set to a generated UUID by
nova. But for Flavor based request the request_id was kept None. The
placement PCI scheduling code depends on the request_id to be a unique
identifier of the request. So this patch starts filling the request_id
for flavor based requests as well.

This change showed than in some places nova still uses the request_id ==
None condition to distinguish between flavor based and neutron based
requests. This logic is now adapted to use the newer and better
InstancePCIRequest.source based approach. Also we took the opportunity
to move the logic of querying PCI devices allocated to an instance to the
Instance ovo.

This change fills the request_id for newly created flavor based
InstancePCIRequest ovos. But the change in logic to use the
InstancePCIRequest.source property instead of the request_id == None
condition works even if the request_id is None for already existing
InstancePCIRequest objects. So this patch does not include a data
migration logic to fill request_id for existing objects.

blueprint: pci-device-tracking-in-placement
Change-Id: I53e03ff7a0221db682b043fb6d5adba3f5c9fdbe
Add VDPA support for suspend and livemigrate 2022-08-23T08:32:00+00:00 Sean Mooney work@seanmooney.info 2022-05-07T10:49:18+00:00 0aad338b1c68f319df603bca340ff33dc7fd7b54 This change append vnic-type vdpa to the list of passthough vnic types and removes the api blocks This should enable the existing suspend and live migrate code to properly manage vdpa interfaces enabling "hot plug" live migrations similar to direct sr-iov. Implements: blueprint vdpa-suspend-detach-and-live-migrate Change-Id: I878a9609ce0d84f7e3c2fef99e369b34d627a0df 
This change append vnic-type vdpa to the list
of passthough vnic types and removes the api blocks

This should enable the existing suspend and live migrate
code to properly manage vdpa interfaces enabling
"hot plug" live migrations similar to direct sr-iov.

Implements: blueprint vdpa-suspend-detach-and-live-migrate
Change-Id: I878a9609ce0d84f7e3c2fef99e369b34d627a0df
Rename [pci]passthrough_whitelist to device_spec 2022-08-10T15:08:35+00:00 Balazs Gibizer gibi@redhat.com 2022-05-30T10:01:29+00:00 14e68ac6e996587a969a6006030cbca686643dd9 A later patch in the pci-device-tracking-in-placement work will extend the existing [pci]passthrough_whitelist config syntax. So we take the opportunity here to deprecate the old non inclusive passthrough_whitelist name and introduce a better one. All the usage of CONF.pci.passthrough_whitelist is now changed over to the new device_spec config. Also the in tree documentation is updated accordinly. However the nova code still has a bunch of references to the "whitelist" terminology. That will be handled in subsequent patches. blueprint: pci-device-tracking-in-placement Change-Id: I843032e113642416114f169069eebf6a56ed78dd 
A later patch in the pci-device-tracking-in-placement work
will extend the existing [pci]passthrough_whitelist config syntax.
So we take the opportunity here to deprecate the old non inclusive
passthrough_whitelist name and introduce a better one.

All the usage of CONF.pci.passthrough_whitelist is now changed over to
the new device_spec config. Also the in tree documentation is updated
accordinly.

However the nova code still has a bunch of references to the
"whitelist" terminology. That will be handled in subsequent patches.

blueprint: pci-device-tracking-in-placement
Change-Id: I843032e113642416114f169069eebf6a56ed78dd
[trivial] Simplify dict get call by removing unused default 2022-07-22T15:18:45+00:00 liuhuajie liu.huajie@99cloud.net 2022-07-20T05:09:01+00:00 ff7d9d7b7e0f3cc943310582ab29f03d94d1c348 The default value of the dictionary get method is None, so remove the default value of None in the get method Change-Id: Ic1b69047b6edd4987df3191ce84658393a1cb968 
The default value of the dictionary get method is None,
so remove the default value of None in the get method

Change-Id: Ic1b69047b6edd4987df3191ce84658393a1cb968
Merge "Record SRIOV PF MAC in the binding profile" 2022-06-13T17:25:14+00:00 Zuul zuul@review.opendev.org 2022-06-13T17:25:14+00:00 93a65f06df67ce39d65827692150c78013c7f6d5 






neutron: Unbind remaining ports after PortNotFound
2022-05-19T11:19:55+00:00

Stephen Finucane
sfinucan@redhat.com

2022-05-19T11:04:08+00:00

9e0dcb52ab308a63c6a18e47d1850cc3ade4d807

Just because we encountered a PortNotFound error when unbinding a port
doesn't mean we should stop unbinding the remaining ports. If this error
is encountered, simply continue with the other ports.

While we're here, we clean up some other tests related to '_unbind_port'
since they're clearly duplicates.

Change-Id: Id04e0df12829df4d8929e03a8b76b5cbe0549059
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Closes-Bug: #1974173





Just because we encountered a PortNotFound error when unbinding a port
doesn't mean we should stop unbinding the remaining ports. If this error
is encountered, simply continue with the other ports.

While we're here, we clean up some other tests related to '_unbind_port'
since they're clearly duplicates.

Change-Id: Id04e0df12829df4d8929e03a8b76b5cbe0549059
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Closes-Bug: #1974173