| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change Idd49b0c70caedfcd42420ffa2ac926a6087d406e added support for
discovery of PMEM devices by the libvirt driver. Some error handling
code in this was expected to raise a 'GetPMEMNamespacesFailed'
exception, however, a typo meant the exception was actually called
'GetPMEMNamespaceFailed' (singular). This exception was later removed in
change I6fd027fb51823b8a8a24ed7b864a2191c4e8e8c0 because it had no
references.
Re-introduce the exception, this time with the correct name, and add
some unit tests to prevent us regressing.
Change-Id: I3b597a46314a1b29a952fc0f7a9c4537341e37b8
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Closes-Bug: #1904446
(cherry picked from commit 160ed6ff652b80cd0a86d41dc3f66c15cee66290)
(cherry picked from commit 82d415d200e39a5c11fe134e9ef62e427988f2ba)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nova services only support computes that are not older than
the previous major release. This patch introduces a check in the
service startup that warns at staring the service if too old computes
are detected.
This is a partial backport from master. As we agreed on the Wallaby PTG
[1] we would like to backport the check but we don't want to make it a
hard failure of the service startup as that felt too harsh for a stable
branch. So this patch changes the behavior from hard failure to emitting
a warning in the log.
This commit also contains two bugfixes from master squashed into it to
avoid merging broken code:
* Improve error handling during service level check
Change-Id: I89cdf3852266ed93a2ac7cd6261fe269932026ac
cherry picked from commit 3b44275868e08992a36e9163f533d689f27a0119
* Restore retrying the RPC connection to conductor
Change-Id: Iad0ba1a02868eebc2f43b1ac843fcc5096cd5c47
cherry picked from commit 433bee58bc8d7d65edb6a0805021e51972e6bed6
stable/ussuri specific change:
* need to use six.text_type() instead of str() as we still support
python2.7
[1] https://etherpad.opendev.org/p/nova-wallaby-ptg
Closes-Bug: #1903545
Related-Bug: #1871482
Closes-Bug: #1904181
Change-Id: Ie15ec8299ae52ae8f5334d591ed3944e9585cf71
(cherry picked from commit aa7c6f87699ec1340bd446a7d47e1453847a637f)
(cherry picked from commit 0c5ca351e27ca74610478d8af9777de0db5c0acc)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deletion of an instance after disabling the hypervisor by a non-admin
user leaks the host fqdn in fault msg of instance.Removing the
'host' field from the error message of HypervisorUnavaiable
cause it's leaking host fqdn to non-admin users. The admin user will
see the Hypervisor unavailable exception msg but will be able to figure
on which compute host the guest is on and that the connection is broken.
Conflicts:
nova/virt/libvirt/host.py
NOTE(melwitt): The conflict is because change
I404ca316b1bf2a963106cd34e927934befbd9b12 is not in Ussuri.
Change-Id: I0eae19399670f59c17c9a1a24e1bfcbf1b514e7b
Closes-Bug: #1851587
(cherry picked from commit a89ffab83261060bbb9dedb2b8de6297b2d07efd)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously disk_bus values were never validated and could easily end up
being ignored by the underlying virt driver and hypervisor.
For example, a common mistake made by users is to request a virtio-scsi
disk_bus when using the libvirt virt driver. This however isn't a valid
bus and is ignored, defaulting back to the virtio (virtio-blk) bus.
This change adds a simple validation in the compute API using the
potential disk_bus values provided by the DiskBus field class as used
when validating the hw_*_bus image properties.
Closes-Bug: #1876301
Change-Id: I77b28b9cc8f99b159f628f4655d85ff305a71db8
(cherry picked from commit 5913bd889f9d3dfc8d154415e666c821054c229d)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As seen in I7356b54bef0c614d9bfd1ed0d7b42574b58966f9 Nova is currently
unable to rescue instances using volume snapshot based images. This
currently results in zero length files being created on the compute as
the images are actually metadata stores and contain no image data.
This change adds a simple check within the compute API to reject
requests that provided an image reference that itself provides an
img_block_device_mapping before we cast out to the computes.
Depends-On: https://review.opendev.org/#/c/725812/
Closes-Bug: #1879500
Change-Id: I87253c518bd60a3e7cd08af68da9ade96f4a40db
(cherry picked from commit b9ff0ca94e670a080f82358c2003a0bf4b963bc8)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change introduces a new method of instance rescue to the Libvirt
driver where all original devices remain attached in their original
order while booting from the provided rescue image. This differs from
the original method of instance rescue where only the rescue disk,
original root disk and regenerated config drive would be attached.
This new method is enabled by the presence of either the
hw_rescue_device or hw_rescue_bus image metadata properties on the
provided rescue image. As their name suggests these properties control
the device and bus type used to attach the rescue boot device to the
instance. The properties will allow users to rescue instances using the
emulated equivalents of more traditional bare metal rescue media such as
USB disks or CD-ROM ISOs.
While the rescue disk is attached last to the instance we are able to
boot directly from it using the boot element and order attribute when
defining the disk within the Libvirt domain [1]. This is not however
supported for Xen or LXC virt types and as a result this new method is
not available for these types.
To enable this new mode and building on I9c2d9013d741774e521021913ec0 we
can now provide the full block_device_info for the instance when
building the disk mapping where we now add the rescue boot device. This
now allows instances with attached volumes to be rescued. Boot from
volume instances however are still not supported and blocked within the
compute API. Future work will remove this restriction.
[1] https://libvirt.org/formatdomain.html#elementsNICSBoot
Implements: blueprint virt-rescue-stable-disk-devices
Change-Id: I0e1241ae691afd2af12ef15706c454c05d9f932c
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It's now possible to have a different vGPU type for each pGPU. By modifying
the config, you can say which PCI device (ie. a pGPU) should use a specific
vGPU type.
For upgrades, the behaviour from Train won't be changed since we only use
the first type if we don't have the dynamic options (so operators don't
need to change nova.conf before upgrading).
Implements: blueprint vgpu-multiple-types
Change-Id: I46f0a76811142888db2bbc66cc3fde04ff890c01
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
The block is applied to primary operations, such as pause
or shelve, but not to their reverse operations, like
unpause or unshelve, because that is not necessary.
Added functional tests for various instance operations,
including those that work and those that fail.
Rebuild functional test passes.
Change-Id: I016bc1812404ce1019c71b7a3363f34acc3f8aed
Blueprint: nova-cyborg-interaction
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Call Cyborg with device profile name to get ARQs (Accelerator Requests).
Each ARQ corresponds to a single device profile group, which
corrresponds to a single request group in request spec.
* Match each ARQ to associated request group, and thereby obtain the
corresponding RP for that ARQ.
* Call Cyborg to bind the ARQ to that host/device-RP.
* When Cyborg sends the ARQ bind notification events, wait for those
events with a timeout.
Change-Id: I0f8b6bf2b4f4510da6c84fede532533602b6af7f
Blueprint: nova-cyborg-interaction
|
|
|
|
|
|
|
|
|
|
|
| |
Find the name of the device profile, if any, in flavor extra specs.
Get its profile groups (equiv to flavor request groups) from Cyborg.
Parse/validate them similar to extra_specs.
Generate RequestGroup objects and add them to the request spec
(in requested_resources field, following precedent).
Change-Id: Icd2ee9024dd4af0a7eb105eca14df8e458e9de77
Blueprint: nova-cyborg-interaction
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a followon from [1] to address [2] (remove unnecessary noqa
comment from a long docstring line) and [3] (make the exception text for
RequestGroupSuffixConflict calmer by s/!/./).
[1] I55e4d61ba1c5920c44fd71eb36a9ed2cc64c4117
[2] https://review.opendev.org/#/c/696946/7/nova/scheduler/utils.py@84
[3] https://review.opendev.org/#/c/696946/7/nova/exception.py@2478
Change-Id: I8721be16c29697ca43c7ca1c32570e7daa1fb4c1
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With the removal of the related quotas, the 'FixedIP', 'FloatingIP',
'SecurityGroupRule', 'Network' and 'NetworkList' objects can all be
deleted. As noted previously, the 'SecurityGroup' object must be
retained until we bump the 'Instance' object version to v3 and drop the
'security_group' field. In addition, we need to make a small change to
the object versioning test to ensure we're only testing objects in the
nova namespace. If we don't do this, we end up pulling in things like
os_vif objects. This was previously noted in change
Ica9f217d0318fc7c2db4bcdea12d00aad749c30c.
Change-Id: I6aba959eff1e50af4ac040148c7177f235a09a1f
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With the removal of nova-network, a whole swathe of exceptions are no
longer raised on certain code paths. Start cleaning things up by
removing these. Some of these features can be removed now while the
remainder will be removed once we have removed the (now unused) code
that calls them.
Change-Id: I131062ded9ddedc31cf3b448b2c38306b55e874b
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
This was missed in change Ie01ab1c3a1219f1d123f0ecedc66a00dfb2eb2c1.
Change-Id: I7c56d5ecc1131c20324f41c83dc97f41e4628d4d
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Not all of these are nova-network related, but all are unused
Change-Id: I6fd027fb51823b8a8a24ed7b864a2191c4e8e8c0
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch addresses a number of typos and minor
issues raised during review of [1][2]. A summary
of the changes are corrections to typos in comments,
a correction to the exception message, an update to
the release note and the addition of debug logging.
[1] I0322d872bdff68936033a6f5a54e8296a6fb3434
[2] I48bccc4b9adcac3c7a3e42769c11fdeb8f6fd132
Related-Bug: #1804502
Related-Bug: #1763766
Change-Id: I8975e524cd5a9c7dfb065bb2dc8ceb03f1b89e7b
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch moves _update_pci_request_spec_with_allocated_interface_name
from the ComputeManager to nova.compute.utils as a later patch needs to
call it from outside of the ComputeManager.
This patch also changes the exception types raised from
update_pci_request_spec_with_allocated_interface_name as raising
BuildAbortException from a util method does not make too much
sense. This means that some of the callers also needed to be adjusted to
handle the new exception types.
In the _do_rebuild_instance_with_claim code path the exception type is
not translated back to BuildAbortException as the old and the new
exceptions are both handled by the except Exception branch in
rebuild_instance [1].
[1] https://github.com/openstack/nova/blob/ed503ce3e1a8598c6e8ee9d8b345c1d92df01539/nova/compute/manager.py#L3448
Change-Id: I5853a0f6e133044ffc1861d21008e568ad62ffc7
blueprint: support-move-ops-with-qos-ports-ussuri
|
|\ \ \
| |/ /
|/| | |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This addresses bug #1795920 by adding support for
defining a pci numa affinity policy via the flavor
extra specs or image metadata properties enabling
the policies to be applied to neutron sriov port
including hardware offloaded ovs.
Closes-Bug: #1795920
Related-Bug: #1805891
Implements: blueprint vm-scoped-sriov-numa-affinity
Change-Id: Ibd62b24c2bd2dd208d0f804378d4e4f2bbfdaed6
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, request groups built from ports would have a unique integer
suffix generated for them as the suffix used for the GET
/allocation_candidates query to placement. Since [1] we've been using a
microversion permitting string suffixes (added in 1.33). This allows us
to use the port UUID (pulled from the RequestGroup.requester_id) as the
suffix instead.
This lays the groundwork for future patches that will:
- Take advantage of the suffix-to-provider mappings returned by GET
/allocation_candidates as of placement microversion 1.34 (also
included in [1]) to get rid of the
map_requested_resources_to_providers hack.
- Seamlessly support request groups from other sources, such as cyborg
device profiles.
[1] I52499ff6639c1a5815a8557b22dd33106dcc386b
Change-Id: I55e4d61ba1c5920c44fd71eb36a9ed2cc64c4117
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the image change during a rebuild it's possible for the request
NUMA topology to change. As a rebuild uses a noop claim in the
resource tracker the NUMA topology will not be updated as part of
a rebuild.
If the NUMA constraints do not change, a rebuild will continue as normal.
If the new constraints conflict with the existing NUMA constraints of the
instance the rebuild will be rejected without altering the status of the
instance.
This change introduces an API check to block rebuild when the NUMA
requirements for the new image do not match the existing NUMA constraints.
This is in line with the previous check introduced to prevent the rebuild of
volume-backed instances which similarly are not supported.
This change adds functional tests to assert the expected behaviour of
rebuilding NUMA instances with new images. This change also asserts that
in place rebuilds of numa instances is currently not supported.
Closes-Bug: #1763766
Partial-implements: blueprint inplace-rebuild-of-numa-instances
Change-Id: I0322d872bdff68936033a6f5a54e8296a6fb3434
|
|
|
|
|
|
|
|
| |
Remove the last few references to nova-net from the VMWare driver,
simplifying some of the code in the process.
Change-Id: I21e1cd412d5caae22ebc4de31f09e3817c8a710a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This legacy service was only compatible with the XenServer driver and
has effectively been replaced by the noVNC console proxy service. Remove
the service. The API that provided remote access to this service,
'os-consoles', was removed in a previous change. Note that
'os-remote-consoles' is unrelated and therefore is not removed, though
it will now reject requests for XVP VNC consoles.
This was previously discussed and agreed on openstack-dev [1] and
openstack-discuss [1].
Part of blueprint remove-xvpvncproxy
[1] http://lists.openstack.org/pipermail/openstack-dev/2018-October/135413.html
[2] http://lists.openstack.org/pipermail/openstack-discuss/2019-April/005369.html
Change-Id: Ib1ff32f04b16af7981471f67c8e0bf04e6ecb6be
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|
|
|
|
|
|
| |
With the API removed, nothing is using these anymore. Remove them.
Change-Id: Id303edc0e3b4af5647ce171b7763e094d1aa244c
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before [1] this could be raised from the API resize()
method if getting a RequestSpec failed and a target host
was specified for cold migration. Since that change the
usage of the exception was removed so we can remove it
altogether since only unit test code is using it.
[1] I34ffaf285718059b55f90e812b57f1e11d566c6f
Change-Id: I19db48bd03855d1a1edbeff5adf15a28abcb5d92
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
If snapshot creation via glance fails due to lack of space or over
quota, we want to have a clearer error message.
Change-Id: Ic9133f6bc14d4fe766d37a438bf52c33e89da768
Closes-Bug: #1613770
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These were added in Rocky [1] and can now been removed, since we don't
need to support anything from before Train in Ussuri.
[1] I4636a8d270ce01c1831bc951c4497ad472bc9aa8
Change-Id: Ib01ebeff0647f6e27714856f3a36c3896eeab27f
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support for boot from volume where nova creates the volume
with a specified volume type was added in Stein [1] and an API
validation check was added to only allow that if the computes
were upgraded to Stein [2]. Now that we're in Ussuri and don't
need to support pre-Stein computes we can drop that API compat
check.
[1] Icc301230fe7c8e3ebbbcc7f4a807e562db7f93e3
[2] I45bd42908d44a0f05e1231febab926b23232b57b
Change-Id: If9c459a9a0aa752c478949e4240286cbdb146494
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the vpmems config into guest config xml according to
resources info in the instance object, then users can build
a VM with vpmems. Also this patch add the support for
data cleanup on the backend device of the vpmems.
note:
We modify the root <domain> element generated for libvirt to
include <maxMemory> elements when memory device is used.[1]
Requiring vpmems implies a NUMA topology because libvirt won't let us
use vpmem without NUMA.[2]
[1]https://github.com/libvirt/libvirt/blob/master/src/qemu/qemu_domain.c#L11593-L11599
[2]https://github.com/libvirt/libvirt/blob/master/src/qemu/qemu_domain.c#L11604-L11615
Change-Id: I725deb0312c930087c9e60115abe68b4e06e6804
Partially-Implements: blueprint virtual-persistent-memory
Co-Authored-By: He Jie Xu <hejie.xu@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add related functions to enable libvirt driver to get PMEM
namespaces(VPMEMs) info from host and configuration.
note: PMEM namespaces configuration is not supported yet,
so libvirt driver will not get any PMEM namespaces
from host.
Change-Id: Idd49b0c70caedfcd42420ffa2ac926a6087d406e
Partially-Implements: blueprint virtual-persistent-memory
Co-Authored-By: He Jie Xu <hejie.xu@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In periodic update_available_resource, ResourceTracker.provider_tree
will be updated, and ResourceTracker.assigned_resources will be
populated. When claiming resources, it will get free resources based on
ResourceTracker.provider_tree and ResourceTracker.assigned_resources.
Change-Id: If7f48933db10fcca3b9a05e1e978dfc51f6dabd0
Partially-Implements: blueprint virtual-persistent-memory
Co-Authored-By: He Jie Xu <hejie.xu@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
As per the spec[0], live migration and suspend are not (yet) supported
for SEV guests, so reject them at the API level with an HTTP
409 (Conflict).
[0] http://specs.openstack.org/openstack/nova-specs/specs/train/approved/amd-sev-libvirt-support.html#limitations
blueprint: amd-sev-libvirt-support
Change-Id: I69b6e153324a3e5680e096cd714e5d4dd05bae34
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new sev_enabled() function to the libvirt utils to detect that
SEV is required and return True if and only if the following are both
true:
a) the supports_amd_sev instance variable in the host is
true, *and*
b) the instance extra specs and/or image properties request
memory encryption to be enabled.
In this case we know that SEV functionality is required, so tweak the
guest config accordingly in various ways:
- Ensure that the machine type is some q35 variant. If the image had
an hw_machine_type property requesting some other type, an
InvalidMachineType exception will be raised.
- Set the "iommu" attribute to "on" for all relevant devices including
disk / network devices, but excluding input/graphics/video/serial
devices. This is achieved via a new set_driver_iommu_for_sev()
method added to nova.virt.libvirt.designer. In order to test this
thoroughly, beef up the fake KVM guest fixture with extra devices
of each type.
- Add the <launchSecurity> element to enable use of SEV. Two related
configuration values are extracted from domain capabilities and set
on the element.
- Enable memory locking. All the memory pages allocated by QEMU must
be pinned for SEV, which is achieved via <memoryBacking> and <locked />
elements.
blueprint: amd-sev-libvirt-support
Change-Id: Ie54fca066f3333d1d5d18a2c0e8f6c7d5042490b
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As explained in the SEV spec[0], SEV needs a q35 machine type in order
to bind all the virtio devices to the PCIe bridge so that they use
virtio 1.0 and not virtio 0.9, since QEMU's iommu_platform feature was
added in virtio 1.0 only.
So add an extra check to be run in the API layer whenever SEV is
requested, to ensure that a machine type *outside* the q35
family (e.g. 'pc', or something like 'pc-i440fx-2.11') is not
explicitly selected in the image via the hw_machine_type property.
Since code in the API layer doesn't run on the compute host, at this
stage we can't check CONF.libvirt.hw_machine_type via libvirt.utils.
A subsequent commit will change the libvirt driver to trigger an
extra, later check on the compute node, although if that late check
fails, the best we can do is to fail the operation on that compute
host, in which case it will potentially be retried on another compute
host.
nova's hardcoded default for x86_64 is 'pc' (which in fact matches
QEMU's current default). This means that it will be recommended that
SEV-capable compute hosts have CONF.libvirt.hw_machine_type configured
to include 'x86_64=q35', otherwise attempts to boot SEV guests without
the image property 'hw_machine_type=q35' will fail unpleasantly.
In the future it is expected that both of these defaults will change
to 'q35'[1]. Once that happens, x86_64 images will be bootable
without needing to set either the hw_machine_type image property or
CONF.libvirt.hw_machine_type.
While extending the unit tests for invalid combinations of image
properties, add tests for the case where the 'hw_firmware_type'
property is not specified at all; previously the tests only covered
the case where it was set to 'bios'.
[0] http://specs.openstack.org/openstack/nova-specs/specs/train/approved/amd-sev-libvirt-support.html
[1] https://bugs.launchpad.net/nova/+bug/1780138
blueprint: amd-sev-libvirt-support
Change-Id: Ibf66a0b371685c673644493bf12663dbf71fab6c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new "hw:mem_encryption" extra spec parameter, and a new
"hw_mem_encryption" image property, which indicate that any guest
booted with that extra spec parameter or image property respectively
needs to be booted with its memory hardware-encrypted.
This is achieved by converting the requirement stated in the extra
spec parameter and/or image property into an additional extra spec
parameter which requests resources for one slot of the inventory of
the new MEM_ENCRYPTION_CONTEXT resource class (introduced in
os-resource-classes 0.4.0). The inventory will be provided by the
follow-up commit I659cb77f12a38a4d2fb118530ebb9de88d2ed30d.
Since future commits adding support for SEV to guest XML config will
also need to know at launch-time whether memory encryption has been
requested, add a reusable mem_encryption_requested() function to the
nova.virt.hardware library for detecting which of the extra spec /
image property (if either) have requested encrypted memory.
If both the extra spec parameter and the image property are explicitly
specified and they contradict each other, or if either request memory
encryption but the image does not have hw_firmware_type set to UEFI,
then log an error and raise a new generic FlavorImageConflict
exception. This exception can also be useful in the future for
handling other similar conflicts. In this particular use case,
FlavorImageConflict is raised by mem_encryption_requested(), and then
if caught during API call validation, it's re-raised as
HTTPBadRequest.
In order to test this code, we need to construct various ImageMeta
objects containing fake data and a ImageMetaProps instance for each.
This is a slightly fiddly task which future patches in the SEV series
will also need to perform, so add a helper to nova.tests.unit.image.fake
for this.
blueprint: amd-sev-libvirt-support
Change-Id: I8c63b5cc5ad97ce831adb2eb96a995ebc798ecb7
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support, in a new microversion, for specifying an availability
zone to the unshelve server action when the server is shelved offloaded.
Note that the functional test changes are due to those tests using the
"latest" microversion where an empty dict is not allowed for unshelve
with 2.77 so the value is changed from an empty dict to None.
Implements: blueprint support-specifying-az-when-restore-shelved-server
Closes-Bug: #1723880
Change-Id: I4b13483eef42bed91d69eabf1f30762d6866f957
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The new names will make much more sense in a future patch.
Part of blueprint cpu-resources
Change-Id: Ie99347c47ec054cde34a6dc058660967805bd4a3
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Add missing coverage for 'iptables_set_rules' and 'iptables_get_rules'
- Use a class-level mock for common mocks
- Use 'fixtures.MockPatch' instead of 'fixtures.MonkeyPatch'
- Move exception handling for the 'ovs_plug' and 'ovs_unplug' functions
to the functions themselves, allowing us to include the full command
attempted in the exception message
- OvsConfigurationFailure is renamed to OVSConfigurationFailure
Change-Id: Ib8bb847598db2a6b8de95fdb222279cd22eaabcc
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds the ablity for a user or operator to contol
the virtualisation of a performance monitoring unit within a vm.
This change introduces a new "hw:pmu" extra spec and a corresponding
image metadata property "hw_pmu".
The glance image metadata doc will be updated seperately by:
https://review.opendev.org/#/c/675182
Change-Id: I5576fa2a67d2771614266022428b4a95487ab6d5
Implements: blueprint libvirt-pmu-configuration
|
|\ |
|