| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit afb0f774841d30dcae9c074d524e7fa9be840678.
Reason for revert:
We unfortunately leak the token in the logs which is considered a security flaw, even if only provided on DEBUG level.
Change-Id: I52b52e65b689dadbdb08122c94652c491f850de6
Closes-Bug: #2012993
(cherry picked from commit 6833695e70bba31b84a0a19301657bc59ae1710b)
(cherry picked from commit a02f96687350ad74d9921406a525ee991bbe8882)
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the [service_user] section is configured in nova.conf, nova will
have the ability to send a service user token alongside the user's
token. The service user token is sent when nova calls other services'
REST APIs to authenticate as a service, and service calls can sometimes
have elevated privileges.
Currently, nova does not however have the ability to send a service user
token with an admin context. This means that when nova makes REST API
calls to other services with an anonymous admin RequestContext (such as
in nova-manage or periodic tasks), it will not be authenticated as a
service.
This adds a keyword argument to service_auth.get_auth_plugin() to
enable callers to provide a user_auth object instead of attempting to
extract the user_auth from the RequestContext.
The cinder and neutron client modules are also adjusted to make use of
the new user_auth keyword argument so that nova calls made with
anonymous admin request contexts can authenticate as a service when
configured.
Related-Bug: #2004555
Change-Id: I14df2d55f4b2f0be58f1a6ad3f19e48f7a6bfcb4
(cherry picked from commit 41c64b94b0af333845e998f6cc195e72ca5ab6bc)
(cherry picked from commit 1f781423ee4224c0871ab4aafec191bb2f7ef0e4)
|
| |\ \ \
| |/ / |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The 'force' parameter of os-brick's disconnect_volume() method allows
callers to ignore flushing errors and ensure that devices are being
removed from the host.
We should use force=True when we are going to delete an instance to
avoid leaving leftover devices connected to the compute host which
could then potentially be reused to map to volumes to an instance that
should not have access to those volumes.
We can use force=True even when disconnecting a volume that will not be
deleted on termination because os-brick will always attempt to flush
and disconnect gracefully before forcefully removing devices.
Closes-Bug: #2004555
Change-Id: I3629b84d3255a8fe9d8a7cea8c6131d7c40899e8
(cherry picked from commit db455548a12beac1153ce04eca5e728d7b773901)
(cherry picked from commit efb01985db88d6333897018174649b425feaa1b4)
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
validate-backport job started to fail as only old stable branch naming
is accepted. This patch extends the script to allow numbers and dot as
well in the branch names (like stable/2023.1).
Change-Id: Icbdcd5d124717e195d55d9e42530611ed812fadd
(cherry picked from commit fe125da63b6508788654f0dab721f13005c09d25)
(cherry picked from commit 09f85a8a922e4ad68271886d2389042d4f4d6896)
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After a baremetal instance is deleted, and its allocation is removed
in placement, the ironic node might start cleaning. Eventually nova
will notice and update the inventory to be reserved.
During this window, a new instance may have already picked this
ironic node.
When that race happens today the build fails with an error:
"Failed to reserve node ..."
This change tries to ensure the remaining alternative hosts are
attempted before aborting the build.
Clearly the race is still there, but this makes it less painful.
Related-Bug: #1974070
Change-Id: Ie5cdc17219c86927ab3769605808cb9d9fa9fa4d
(cherry picked from commit 8a476061c5e034016668cd9e5a20c4430ef6b68d)
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously Nova was unable to remove deleted projects from flavor's
access lists. This patch lifts described limitation and improves
logic of nova/api/openstack/identity.py library by introducing two
separate kinds of exceptions:
- webob.exc.HTTPInternalServerError is raised when Keystone identity
service version 3.0 was not found.
- webob.exc.HTTPBadRequest is raised when specified project is not
found.
Closes-bug: #1980845
Change-Id: Icbf3bdd944f9a6c38f25ddea0b521ca48ee87a7f
(cherry picked from commit 8c6daaacbedc33e738ce85aec0ead5f6947d60bf)
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When instance task state is 'deleting' or 'migrating', then
get_vnc_console throws 500 error, as InstanceInvalidState
exception is not handled there.
This change handles InstanceInvalidState in api layer in
get_vnc_console call.
Closes-Bug: #1968618
Change-Id: Ia738a0972b050f549f446c85171d3f33e60ada4f
(cherry picked from commit ec40d5aee34e9428e2a19231fc3df4d23d75b779)
|
| |\ \ \ \ |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As of now, when attempting to rescue a volume-based instance
using an image without the hw_rescue_device and/or hw_rescue_bus
properties set, the rescue api call fails (as non-stable rescue
for volume-based instances are not supported) leaving the instance
in error state.
This change checks for hw_rescue_device/hw_rescue_bus image
properties before attempting to rescue and if the property
is not set, then fail with proper error message, without changing
instance state.
Related-Bug: #1978958
Closes-Bug: #1926601
Change-Id: Id4c8c5f3b32985ac7d3d7c833b82e0876f7367c1
(cherry picked from commit 6eed55bf55469f4ceaa7d4d4eb1be635e14bc73b)
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Libvirt 7.7 changed the mdev device naming to include the parent PCI
device when listing node devices. The domain, however, will still only
see the UUID and not see the parent PCI device. Changing the parsing to
simply drop the PCI identifier is not enough as the device cannot be
found when attempting to lookup the new ID.
Modify the Libvirt Driver's _get_mediated_device_information to tolerate
different formats of the mdev name. This first uses the legacy behavior
by trying to lookup the device name that is passed in (typically
mdev_<uuid> format) and if that is not found, iterates the list of mdev
node devices until the right UUID is found and selects that one.
Note that the lookup of the mdev device by UUID are needed in order
to keep the ability to recreate assigned mediated devices on a reboot of
the compute node.
Additionally, the libvirt utils parsing method mdev_name2uuid, has
been updated to tolerate both mdev_<uuid> and mdev_<uuid>_<pciid>
formats.
Closes-Bug: 1951656
Change-Id: Ifed0fa16053228990a6a8df8d4c666521db7e329
(cherry picked from commit a28b907c4f0dbba6e141a8fbea807e6cb0438977)
|
| |\ \ \ \ \
| |/ / / / |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Due to a new mdev naming, we can't parse it.
Change-Id: I0f785178b132dfef668829558dea9f7e674abadb
Related-Bug: #1951656
(cherry picked from commit 185201974775bab966f4e5ca3bbdc31b8269fa4c)
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adding both 'info' and 'debug' messages with the intention of telling
which mdevs are available, which get allocated and whether new ones
are created.
Closes-Bug: #1992451
Change-Id: Ibd331df51fd4eaeed4831a98469f06a4ce0cd452
(cherry picked from commit 6feb3350b048606297068841e3feba110bb0b0ab)
|
| |\ \ \ \
| | | | |
| | | | |
| | | | | |
into stable/zed
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
NOTE(sbauza): Stable policy allows us to proactively merge a backport without waiting for the parent patch to be merged (exception to rule #4 in [1]. Marking [stable-only] in order to silence nova-tox-validate-backport
[1] https://docs.openstack.org/project-team-guide/stable-branches.html#appropriate-fixes
Related-Bug: #1996188
Change-Id: I5a399f1d3d702bfb76c067893e9c924904c8c360
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The options list in 'Related Options:' section doesn't rendered
as bulleted list for some params because of missing blank line.
This changes adds missing blank line wherever needed in [1].
[1] https://docs.openstack.org/nova/latest/configuration/config.html
Change-Id: I7077aea2abcf3cab67592879ebd1fde066bfcac5
(cherry picked from commit ac42c43e431b2bd1089910cd52aec8552a8e9755)
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, when you delete an ironic instance, we trigger
and undeploy in ironic and we release our allocation in placement.
We do this well before the ironic node is actually available.
We have attempted to fix this my marking unavailable nodes
as reserved in placement. This works great until you try
and re-image lots of nodes.
It turns out, ironic nodes that are waiting for their automatic
clean to finish, are returned as a valid allocation candidates
for quite some time. Eventually we mark then as reserved.
This patch takes a strange approach, if we mark all nodes as
reserved as soon as the instance lands, we close the race.
That is, when the allocation is removed the node is still
unavailable until the next update of placement is done and
notices that the node has become available. That may or may
not have been after automatic cleaning. The trade off is
that when you don't have automatic cleaning, we wait a bit
longer to notice the node is available again.
Note, this is also useful when a broken Ironic node is
marked as in-maintainance while it is in-use by a nova
instance. In a similar way, we mark the Nova as reserved
immmeidately, rather than first waiting for the instance to be
deleted before reserving the resources in Placement.
Closes-Bug: #1974070
Change-Id: Iab92124b5776a799c7f90d07281d28fcf191c8fe
(cherry picked from commit 3c022e968375c1b2eadf3c2dd7190b9434c6d4c1)
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unlike uwsgi, apache mod_wsgi does not support passing
commandline arguments to the python wsgi script it invokes.
As a result while you can pass --config-file when hosting the
api and metadata wsgi applications with uwsgi there is no
way to use multiple config files with mod_wsgi.
This change mirrors how this is supported in keystone today
by intoducing a new OS_NOVA_CONFIG_FILES env var to allow
operators to optional pass a ';' delimited list of config
files to load.
This change also add docs for this env var and the existing
undocumented OS_NOVA_CONFIG_DIR.
Closes-Bug: 1994056
Change-Id: I8e3ccd75cbb7f2e132b403cb38022787c2c0a37b
(cherry picked from commit 73fe84fa0ea6f7c7fa55544f6bce5326d87743a6)
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This handles the case where the live migration monitoring thread may
race and call jobStats() after the migration has completed resulting in
the following error:
libvirt.libvirtError: internal error: migration was active, but no
RAM info was set
Closes-Bug: #1982284
Change-Id: I77fdfa9cffbd44b2889f49f266b2582bcc6a4267
(cherry picked from commit 9fea934c71d3c2fa7fdd80c67d94e18466c5cf9a)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change add a new _post_live_migration_update_host
function that wraps _post_live_migration and just ensures
that if we exit due to an exception instance.host is set
to the destination host.
when we are in _post_live_migration the guest has already
started running on the destination host and we cannot revert.
Sometimes admins or users will hard reboot the instance expecting
that to fix everything when the vm enters the error state after
the failed migrations. Previously this would end up recreating the
instance on the source node leading to possible data corruption if
the instance used shared storage.
Change-Id: Ibc4bc7edf1c8d1e841c72c9188a0a62836e9f153
Partial-Bug: #1628606
(cherry picked from commit 8449b7caefa4a5c0728e11380a088525f15ad6f5)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds a regression test or repoducer for post live migration
fail at destination, the possible casue can be fail to get
instance network info or block device info
changes:
adds updating server after _live_migrate in reproducer
test (missed in main commit)
Related-Bug: #1628606
Change-Id: I48dbe0aae8a3943fdde69cda1bd663d70ea0eb19
(cherry picked from commit a20baeca1f5ebb0dfe9607335a6986e9ed0e1725)
|
| |/
|
|
|
| |
Change-Id: I1348cca8cbd8b1142dab8507c8aa1b9baf01e73c
(cherry picked from commit 4fb4f6832c156907b786571f214984894703bf16)
|
| |
|
|
|
|
|
|
|
| |
Without the latest version, nova fails many unit tests (it failed
with os-traits 2.7.0 at least).
Closes-Bug: #1990121
Change-Id: I6b320ae1f9058aaa5bac91c7c7ca60136e0cee5c
(cherry picked from commit 6a06a57290b6f38b6a7c97e47017127472834d1f)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.
Until the requirements repository has as stable/zed branch, tests will
continue to use the upper-constraints list on master.
Change-Id: I9dad37b404c41f6837bff49c8dcb0d9d254d37f7
|
| |
|
|
| |
Change-Id: Ia232e95b1b0cb0281990cf326764951ef8c1b678
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Nova only supports compute services that are not older than version
N-1. So in Zed the smallest supported nova compute version is Yoga
and the smallest Yoga service version is 61.
Change-Id: I4cbe233087577c7754856afcc4e3fe9fdc2d3008
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
We need it before RC1.
Change-Id: Ib674ca6a13f7c5d0254b222effa20d1948a80fe5
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds a compute rpc version alias for the named release zed.
Change-Id: Ib81433b4f5a4615d81a74b10e3e99a72ed5b3e1d
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
|
| |\ \ \ \ |
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The oslo.concurrency 5.0.1 fixes the fair lock we use heavily in the
ResourceTracker.
Closes-Bug: #1988311
Change-Id: I68914b2e21726138ee9a178fdf6a8bb6389c09be
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Depends-On: https://review.opendev.org/c/openstack/tempest/+/831607
Change-Id: Ic8da6ee0313a911d742190ea5b0d4362cb6aef2f
|
| |\ \ \ \
| |_|_|/
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the vnic_type of a bound port changes from "direct" to "macvtap" and
then the compute service is restarted then during _init_instance nova
tries to plug the vif of the changed port. However as it now has macvtap
vnic_type nova tries to look up the netdev of the parent VF. Still that
VF is consumed by the instance so there is no such netdev on the host
OS. This error killed the compute service at startup due to unhandled
exception. This patch adds the exception handler, logs an ERROR and
continue initializing other instances on the host.
Also this patch adds a detailed ERROR log when nova detects that the
vnic_type changed during _heal_instance_info_cache periodic.
Closes-Bug: #1981813
Change-Id: I1719f8eda04e8d15a3b01f0612977164c4e55e85
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
Just follows the pattern that we do every release.
Change-Id: I6ce6d536290d0126006413aa4b15ba89162d5761
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
|
| | | |
| | |
| | |
| | |
| | | |
Related-Bug: #1981813
Change-Id: I9367b7ed475917bdb05eb3f209ce1a4e646534e2
|
