| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
NOTE(sbauza): Stable policy allows us to proactively merge a backport without waiting for the parent patch to be merged (exception to rule #4 in [1]. Marking [stable-only] in order to silence nova-tox-validate-backport
[1] https://docs.openstack.org/project-team-guide/stable-branches.html#appropriate-fixes
Conflicts vs victoria in:
nova/conf/compute.py
Related-Bug: #1996188
Change-Id: I5a399f1d3d702bfb76c067893e9c924904c8c360
|
|\
| |
| |
| | |
stable/ussuri
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change add a new _post_live_migration_update_host
function that wraps _post_live_migration and just ensures
that if we exit due to an exception instance.host is set
to the destination host.
when we are in _post_live_migration the guest has already
started running on the destination host and we cannot revert.
Sometimes admins or users will hard reboot the instance expecting
that to fix everything when the vm enters the error state after
the failed migrations. Previously this would end up recreating the
instance on the source node leading to possible data corruption if
the instance used shared storage.
Change-Id: Ibc4bc7edf1c8d1e841c72c9188a0a62836e9f153
Partial-Bug: #1628606
(cherry picked from commit 8449b7caefa4a5c0728e11380a088525f15ad6f5)
(cherry picked from commit 643b0c7d35752b214eee19b8d7298a19a8493f6b)
(cherry picked from commit 17ae907569e45cc0f5c7da9511bb668a877b7b2e)
(cherry picked from commit 15502ddedc23e6591ace4e73fa8ce5b18b5644b0)
(cherry picked from commit 43c0e40d288960760a6eaad05cb9670e01ef40d0)
(cherry picked from commit 0ac64bba8b7aba2fb358e00e970e88b32d26ef7e)
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In response to bug 1927677 we added a workaround to
NovaProxyRequestHandler to respond with a 400 Bad Request if an open
redirect is attempted:
Ie36401c782f023d1d5f2623732619105dc2cfa24
I95f68be76330ff09e5eabb5ef8dd9a18f5547866
Recently in python 3.10.6, a fix has landed in cpython to respond with
a 301 Moved Permanently to a sanitized URL that has had extra leading
'/' characters removed.
This breaks our existing unit tests which assume a 400 Bad Request as
the only expected response.
This adds handling of a 301 Moved Permanently response and asserts that
the redirect location is the expected sanitized URL. Doing this instead
of checking for a given python version will enable the tests to continue
to work if and when the cpython fix gets backported to older python
versions.
While updating the tests, the opportunity was taken to commonize the
code of two unit tests that were nearly identical.
Related-Bug: #1927677
Closes-Bug: #1986545
Change-Id: I27441d15cc6fa2ff7715ba15aa900961aadbf54a
(cherry picked from commit 15769b883ed4a86d62b141ea30d3f1590565d8e0)
(cherry picked from commit 4a2b44c7cf55d1d79d5a2dd638bd0def3af0f5af)
(cherry picked from commit 0e4a257e8636a979605c614a35e79ba47b74d870)
(cherry picked from commit 3023e162e1a415ddaa70b4b8fbe24b1771dbe424)
(cherry picked from commit 77bc3f004e7fe4077ea035c659630bedef1cfea1)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a regression test or repoducer for post live migration
fail at destination, the possible casue can be fail to get
instance network info or block device info
changes:
adds return server from _live_migrate in _integrated_helpers
NOTE(auniyal): Differences
* Replaced GlanceFixture with fake.stub_out_image_service in regression test, as GlanceFixture does not exist in Ussuri
Related-Bug: #1628606
Change-Id: I48dbe0aae8a3943fdde69cda1bd663d70ea0eb19
(cherry picked from commit a20baeca1f5ebb0dfe9607335a6986e9ed0e1725)
(cherry picked from commit 74a618a8118642c9fd32c4e0d502d12ac826affe)
(cherry picked from commit 71e5a1dbcc22aeaa798d3d06ce392cf73364b8db)
(cherry picked from commit 5efcc3f695e02d61cb8b881e009308c2fef3aa58)
(cherry picked from commit ed1ea71489b60c0f95d76ab05f554cd046c60bac)
(cherry picked from commit 6dda4f7ca3f25a11cd0178352ad24fe2e8b74785)
|
|
|
|
|
|
|
|
|
|
|
|
| |
ignore instance task state and continue with vm evacutaion.
Closes-Bug: #1978983
Change-Id: I5540df6c7497956219c06cff6f15b51c2c8bc29d
(cherry picked from commit db919aa15f24c0d74f3c5c0e8341fad3f2392e57)
(cherry picked from commit 6d61fccb8455367aaa37ae7bddf3b8befd3c3d88)
(cherry picked from commit 8e9aa71e1a4d3074a94911db920cae44334ba2c3)
(cherry picked from commit 0b8124b99601e1aba492be8ed564f769438bd93d)
(cherry picked from commit 3224ceb3fffc57d2375e5163d8ffbbb77529bc38)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change add a repoducer test for evacuating
a vm in the powering-off state
Conflicts:
nova/tests/functional/integrated_helpers.py
nova/tests/functional/test_servers.py
Difference:
nova/tests/functional/regressions/test_bug_1978983.py
NOTE(auniyal): Conflicts are due to the following changes that are not in Ussuri:
* I147bf4d95e6d86ff1f967a8ce37260730f21d236 (Cyborg evacuate support)
* Ia3d7351c1805d98bcb799ab0375673c7f1cb8848 (Functional tests for NUMA live migration)
NOTE(auniyal): Differences
* Replaced GlanceFixture with fake.stub_out_image_service in regression test, as GlanceFixture does not exist in Ussuri
Related-Bug: #1978983
Change-Id: I5540df6c7497956219c06cff6f15b51c2c8bc299
(cherry picked from commit 5904c7f993ac737d68456fc05adf0aaa7a6f3018)
(cherry picked from commit 6bd0bf00fca6ac6460d70c855eded3898cfe2401)
(cherry picked from commit 1e0af92e17f878ce64bd16e428cb3c10904b0877)
(cherry picked from commit b57b0eef218fd7604658842c9277aad782d11b45)
(cherry picked from commit b6c877377f58ccaa797af3384b199002726745ea)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the nova-compute service starts, by default it attempts to
startup instance configuration states for aspects such as networking.
This is fine in most cases, and makes a lot of sense if the
nova-compute service is just managing virtual machines on a hypervisor.
This is done, one instance at a time.
However, when the compute driver is ironic, the networking is managed
as part of the physical machine lifecycle potentially all the way into
committed switch configurations. As such, there is no need to attempt
to call ``plug_vifs`` on every single instance managed by the
nova-compute process which is backed by Ironic.
Additionally, using ironic tends to manage far more physical machines
per nova-compute service instance then when when operating co-installed
with a hypervisor. Often this means a cluster of a thousand machines,
with three controllers, will see thousands of un-needed API calls upon
service start, which elongates the entire process and negatively
impacts operations.
In essence, nova.virt.ironic's plug_vifs call now does nothing,
and merely issues a debug LOG entry when called.
Closes-Bug: #1777608
Change-Id: Iba87cef50238c5b02ab313f2311b826081d5b4ab
(cherry picked from commit 7f81cf28bf21ad2afa98accfde3087c83b8e269b)
(cherry picked from commit eb6d70f02daa14920a2522e5c734a3775ea2ea7c)
(cherry picked from commit f210115bcba3436b957a609cd388a13e6d77a638)
(cherry picked from commit 35fb52f53fbd3f8290f775760a842d70f583fa67)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is based upon a downstream patch which came up in discussion
amongst the ironic community when some operators began discussing a case
where resource providers had disappeared from a running deployment with
several thousand baremetal nodes.
Discussion amongst operators and developers ensued and we were able
to determine that this was still an issue in the current upstream code
and that time difference between collecting data and then reconciling
the records was a source of the issue. Per Arun, they have been running
this change downstream and had not seen any reoccurances of the issue
since the patch was applied.
This patch was originally authored by Arun S A G, and below is his
original commit mesage.
An instance could be launched and scheduled to a compute node between
get_uuids_by_host() call and _get_node_list() call. If that happens
the ironic node.instance_uuid may not be None but the instance_uuid
will be missing from the instance list returned by get_uuids_by_host()
method. This is possible because _get_node_list() takes several minutes to return
in large baremetal clusters and a lot can happen in that time.
This causes the compute node to be orphaned and associated resource
provider to be deleted from placement. Once the resource provider is
deleted it is never created again until the service restarts. Since
resource provider is deleted subsequent boots/rebuilds to the same
host will fail.
This behaviour is visibile in VMbooter nodes because it constantly
launches and deletes instances there by increasing the likelihood
of this race condition happening in large ironic clusters.
To reduce the chance of this race condition we call _get_node_list()
first followed by get_uuids_by_host() method.
Change-Id: I55bde8dd33154e17bbdb3c4b0e7a83a20e8487e8
Co-Authored-By: Arun S A G <saga@yahoo-inc.com>
Related-Bug: #1841481
(cherry picked from commit f84d5917c6fb045f03645d9f80eafbc6e5f94bdd)
(cherry picked from commit 0c36bd28ebd05ec0b1dbae950a24a2ecf339be00)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RPC version check in Ussuri should allow Train hosts. Use version 38
to identify them (next one after Stein which uses version 37).
NOTE(elod.illes): this is a stable only fix as this bug was introduced
in stable/ussrui with bug fix [1] as OLDEST_SUPPORTED_SERVICE_VERSION
variable was not adjusted to the target branch.
[1] https://review.opendev.org/c/openstack/nova/+/770764
Change-Id: Ieb821cb6efb3822974ad299839009e1ea8ab8db8
Closes-Bug: #1983263
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is a race condition between an incoming resize and an
update_available_resource periodic in the resource tracker. The race
window starts when the resize_instance RPC finishes and ends when the
finish_resize compute RPC finally applies the migration context on the
instance.
In the race window, if the update_available_resource periodic is run on
the destination node, then it will see the instance as being tracked on
this host as the instance.node is already pointing to the dest. But the
instance.numa_topology still points to the source host topology as the
migration context is not applied yet. This leads to CPU pinning error if
the source topology does not fit to the dest topology. Also it stops the
periodic task and leaves the tracker in an inconsistent state. The
inconsistent state only cleanup up after the periodic is run outside of
the race window.
This patch applies the migration context temporarily to the specific
instances during the periodic to keep resource accounting correct.
Conflicts: on resource_tracker: changed
'MigrationList.get_in_progress_and_error' call back to
'MigrationList.get_in_progress_by_host_and_node', since this change was
only added by 255b3f2f918843ca5dd9b99e109ecd2189b6b749, and is not
present in stable/ussuri.
Change-Id: Icaad155e22c9e2d86e464a0deb741c73f0dfb28a
Closes-Bug: #1953359
Closes-Bug: #1952915
(cherry picked from commit 32c1044d86a8d02712c8e3abdf8b3e4cff234a9c)
(cherry picked from commit 1235dc324ebc1c6ac6dc94da0f45ffffcc546d2c)
(cherry picked from commit 5f2f283a75243d2e2629d3c5f7e5ef4b3994972d)
(cherry picked from commit d54bd316b331d439a26a7318ca68cab5f6280ab2)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch extends the original reproduction
I4be429c56aaa15ee12f448978c38214e741eae63 to cover
bug 1952915 as well as they have a common root cause.
Change-Id: I57982131768d87e067d1413012b96f1baa68052b
Related-Bug: #1953359
Related-Bug: #1952915
(cherry picked from commit 9f296d775d8f58fcbd03393c81a023268c7071cb)
(cherry picked from commit 0411962938ae1de39f8dccb03efe4567f82ad671)
(cherry picked from commit 94f17be190cce060ba8afcafbade4247b27b86f0)
(cherry picked from commit 8d4487465b60cd165dc76dea5a9fdb3c4dbf5740)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds a functional test that reproduces a race between
incoming migration and the update_available_resource periodic
Conflicts: fixed conflict on test_numa_server to only add test case for
1953359
Fixes:
- Changed 'start_compute' call to 'start_computes', since the former
is not present in Ussuri
- Added more memory to mock 'host_info', since the default would not
fit the instance. Default was changed in later releases
- Bumped the API version from 2.0 to 2.1 in the test, since
microversion 2.47 is required creating an instance
in a specific host and 2.0 is not supporting microversions. This
was not needed for later releases, because the API version was
bumped with some changes made by [1]
- Reset the original microversion in 'create_server' after the POST
request, so that subsequent calls are not affected
[1] Later change that bumps API version on parent classes
https://review.opendev.org/c/openstack/nova/+/741282
Co-Authored-By: Gabriel Silva Trevisan <gabriel.silvatrevisan@windriver.com>
Change-Id: I4be429c56aaa15ee12f448978c38214e741eae63
Related-Bug: #1953359
(cherry picked from commit c59224d715a21998f40f72cf4e37efdc990e4d7e)
(cherry picked from commit f0a6d946aaa6c30f826cfced75c2fb06fdb379a8)
(cherry picked from commit d8859e4f95f5abb20c844d914f2716cba047630e)
(cherry picked from commit e549fec76fd2015e6e21ee5138bf06142a71e71a)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As we lookup the existing dynamic options *before* creating them as
_get_supported_vgpu_types() is called *before* compute init_host(),
we need to make sure we call again the dynamic options registration
within it.
Change-Id: Ib9387c381d39fac389374c731b210815c6d4af03
Closes-Bug: #1900006
(cherry picked from commit 2bd8900d9b2600fba74341e249701051fb78eb37)
(cherry picked from commit c7d9d6d9dd25e21ec76ceea294cdf1690686a086)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently neutron can report ports to have MAC addresses
in upper case when they're created like that. In the meanwhile
libvirt configuration file always stores MAC in lower case
which leads to KeyError while trying to retrieve migrate_vif.
Closes-Bug: #1945646
Change-Id: Ie3129ee395427337e9abcef2f938012608f643e1
(cherry picked from commit 6a15169ed9f16672c2cde1d7f27178bb7868c41f)
(cherry picked from commit 63a6388f6a0265f84232731aba8aec1bff3c6d18)
(cherry picked from commit 6c3d5de659e558e8f6ee353475b54ff3ca7240ee)
(cherry picked from commit 28d0059c1f52e51add31bff50f1f6e443c938792)
|
|\
| |
| |
| | |
stable/ussuri
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When configure 'os_compute_api:servers:create:forced_host' to
'rule:admin_or_owner', but still doesn't allow.
In nova/api/openstack/compute/servers.py#L669, the target is
set to '{}' that is not equal None, so then it will not be set
in nova/policy.py#L205.
This patch configures the target param.
Change-Id: I7a563386bd2f5d1930b5eb2cfc00425a19747e24
Closes-Bug: #1894975
(cherry picked from commit fd99a7ca0f56223d878142a58525d9ed64c84ed1)
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To query a resource provider by uuid, request path should look like
/resource_providers?uuid=<uuid>
istead of
/resource_providers&uuid=<uuid>
This change fixes the wrong path so that "nova-manage placement audit"
command can look up the target resource provider properly.
Closes-Bug: #1936278
Change-Id: I2ae7e9782316e3662e4e51e3f5ba0ef597bf281b
(cherry picked from commit 1d3373dcf0a05d4a2c5b51fc1b74d41ec1bb1175)
(cherry picked from commit 62a3fa4fff70a1d03998626406a71b7dc09da733)
(cherry picked from commit 7dbceeceef0ca3657c72341375afc639be0b5c02)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ie36401c782f023d1d5f2623732619105dc2cfa24 was intended
to address OSSA-2021-002 (CVE-2021-3654) however after its
release it was discovered that the fix only worked
for urls with 2 leading slashes or more then 4.
This change adresses the missing edgecase for 3 leading slashes
and also maintian support for rejecting 2+.
Change-Id: I95f68be76330ff09e5eabb5ef8dd9a18f5547866
co-authored-by: Matteo Pozza
Closes-Bug: #1927677
(cherry picked from commit 6fbd0b758dcac71323f3be179b1a9d1c17a4acc5)
(cherry picked from commit 47dad4836a26292e9d34e516e1525ecf00be127c)
(cherry picked from commit 9588cdbfd4649ea53d60303f2d10c5d62a070a07)
|
|\ \ \
| | | |
| | | |
| | | | |
stable/ussuri
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is a followup for change Ie36401c782f023d1d5f2623732619105dc2cfa24
to reduce mocking in the unit test coverage for it.
While backporting the bug fix, it was found to be incompatible with
earlier versions of Python < 3.6 due to a difference in internal
implementation [1].
This reduces the mocking in the unit test to be more agnostic to the
internals of the StreamRequestHandler (ancestor of
SimpleHTTPRequestHandler) and work across Python versions >= 2.7.
Related-Bug: #1927677
[1] https://github.com/python/cpython/commit/34eeed42901666fce099947f93dfdfc05411f286
Change-Id: I546d376869a992601b443fb95acf1034da2a8f36
(cherry picked from commit 214cabe6848a1fdb4f5941d994c6cc11107fc4af)
(cherry picked from commit 9c2f29783734cb5f9cb05a08d328c10e1d16c4f1)
(cherry picked from commit 94e265f3ca615aa18de0081a76975019997b8709)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix for bug #1893263 introduced a regression where
1 vcpu instances would fail to build when paired with
multiqueue-enabled images, in the scenario vif_type=tap.
Solution is to not pass multiqueue parameter when
instances.get_flavor().vcpus = 1.
Closes-bug: #1939604
Change-Id: Iaccf2eeeb6e8bb80c658f51ce9ab4e8eb4093a55
(cherry picked from commit 7fc6fe6fae891eae42b36ccb9d69cd0f6d6db21d)
(cherry picked from commit aa5b8d12bcacc01e5f9be45cc1eef24ac9efd2fc)
(cherry picked from commit aaa56240b0311ad47ccccc3b7850ddc5b0a21702)
|
|\ \ \
| | | |
| | | |
| | | | |
stable/ussuri
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, it is possible to "partially archive" the database by
running 'nova-manage db archive_deleted_rows' with --max_rows or by
interrupting the archive process in any way. When this happens, it is
possible to have archived a record with a foreign key relationship to a
parent record (example: 'instance_extra' table record is archived while
the 'instances' table record remains).
When an instance's records become "split" in this way, any API request
that can (1) access the deleted instance and (2) tries to access data
that should be in a child table (example: the embedded flavor for an
instance) will fail with an OrphanedObjectError and HTTP 500 to the
user. Examples of APIs that are affected by this are the tenant usage
APIs and listing of deleted instances as admin.
In the tenant usage example, the API looks at deleted instances to
calculate usage over a time period. It pulls deleted and non-deleted
instances and does instance.get_flavor() to calculate their usage. The
flavor data is expected to be present because
expecteds_attrs=['flavor'] is used to do a join with the
'instance_extra' table and populate the instance object's flavor data.
When get_flavor() is called, it tries to access the instance.flavor
attribute (which hasn't been populated because the 'instance_extra'
record is gone). That triggers a lazy-load of the flavor which loads
the instance from the database again with expected_attrs=['flavor']
again which doesn't populate instance.flavor (again) because the
'instance_extra' record is gone. Then the Instance._load_flavor code
intentionally orphans the instance record to avoid triggering
lazy-loads while it attempts to populate instance.flavor,
instance.new_flavor, and instance.old_flavor. Finally, another
lazy-load is triggered (because instance.flavor is still not populated)
and fails with OrphanedObjectError.
One way to solve this problem is to make it impossible for
archive_deleted_records to orphan records that are related by foreign
key relationships. The approach is to process parent tables first
(opposite of today where we process child tables first) and find all of
the tables that refer to it by foreign keys, create and collect
insert/delete statements for those child records, and then put them all
together in a single database transaction to archive all related
records "atomically". The idea is that if anything were to interrupt
the transaction (errors or other) it would roll back and keep all the
related records together. Either all or archived or none are archived.
This changes the logic of the per table archive to discover tables that
refer to the table by foreign keys and generates insert/delete query
statements to execute in the same database transaction as the table
archive itself. The extra records archived along with the table are
added to the rows_archived result. The existing code for "archiving
records if instance is deleted" also has to be removed along with this
because the new logic does the same thing dynamically and makes it
obsolete. Finally, some assertions in the unit tests need to be changed
or removed because they were assuming certain types of archiving
failures due to foreign key constraint violations that can no longer
occur with the new dynamic logic for archiving child records.
Closes-Bug: #1837995
Change-Id: Ie653e5ec69d16ae469f1f8171fee85aea754edff
(cherry picked from commit becb94ae643ab4863daa564783646921b4a2b372)
(cherry picked from commit 7b4f4796478941eafa9c0997f7ef03293c442d94)
|
|\ \ \ \
| |/ / / |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds a functional test to reproduce the bug where when calling an
API that will examine a deleted instance record (examples: GET /servers/detail
and GET /os-simple-tenant-usage), if that instance's related records
have only been partially archived (example: 'instance_extra' record was
archived but 'instances' record has not been archived yet) then the API
call fails with the following error:
Unexpected API Error ... <class 'nova.exception.OrphanedObjectError'>
(HTTP 500)
Related-Bug: #1837995
Change-Id: Ia225ee86536248d2540de0d7a1cd012333e708a2
(cherry picked from commit 3d4e53f832792cc49001f1588164e28b84c16d7a)
(cherry picked from commit 21241b38dd4bc2c74a69aed489ada5c611395920)
|
|\ \ \ \
| |/ / / |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
There's a TODO in the code to centralize foreign key constraint
enforcement for sqlite for unit and functional tests and we're missing
enforcement of FK constraints in a couple of test classes that should
have it.
This resolves the TODO and turns on FK constraint enforcement where it
is missing. Do this to enhance testing in preparation for a proposed
change to the database archiving logic later in this patch series.
Change-Id: Idcf026d020e63e4e6ece1db46e4cdc7b7742b76f
(cherry picked from commit 172024db7174bdac05a3d3172c645b0db83ae41e)
(cherry picked from commit 382d64ea36e5cf3b47929fee0b93539d2f126975)
|
|\ \ \ \
| | | | |
| | | | |
| | | | | |
stable/ussuri
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
NOTE(melwitt): This is a combination of two changes to avoid
intermittent test failure that was introduced by the original bug fix,
and was fixed by change I2bd360dcc6501feea7baf02d4510b282205fc061.
We have discovered that if an exception is raised at any point during
the running of the init_application WSGI script in an apache/mod_wsgi
Daemon Mode environment, it will prompt apache/mod_wsgi to re-run the
script without starting a fresh python process. Because we initialize
global data structures during app init, subsequent runs of the script
blow up as some global data do *not* support re-initialization. It is
anyway not safe to assume that init of global data is safe to run
multiple times.
This mod_wsgi behavior appears to be a special situation that does not
behave the same as a normal reload in Daemon Mode as the script file is
being reloaded upon failure instead of the daemon process being
shutdown and restarted as described in the documentation [1].
In order to handle this situation, we can move the initialization of
global data structures to a helper method that is decorated to run only
once per python interpreter instance. This way, we will not attempt to
re-initialize global data that are not safe to init more than once.
Co-Authored-By: Michele Baldessari <michele@redhat.com>
Co-Authored-By: melanie witt <melwittt@gmail.com>
Conflicts:
nova/test.py
NOTE(melwitt): The conflict is because change
I1fea14d5be10bb4e884f52e0ae8be722519ddd3f (Poison
netifaces.interfaces() in tests) is not in Ussuri.
Closes-Bug: #1882094
[1] https://modwsgi.readthedocs.io/en/develop/user-guides/reloading-source-code.html#reloading-in-daemon-mode
Reset global wsgi app state in unit test
Since I2bd360dcc6501feea7baf02d4510b282205fc061 there is a global state
set during the wsgi_app init making our unit test cases
non-deterministic based on the order of them. This patch makes sure
that the global state is reset for each test case.
Closes-Bug: #1921098
(cherry picked from commit bc2c19bb2db901af0c48d34fb15a335f4e343361)
Change-Id: I2bd360dcc6501feea7baf02d4510b282205fc061
(cherry picked from commit 7c9edc02eda45aafbbb539b759e6b92f7aeb5ea8)
(cherry picked from commit e3085fa6310ddeaafa493c3f718aab0ce64f0994)
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Change Ifb3afb13aff7e103c2e80ade817d0e63b624604a added a nova side
config option for specifying neutron client retries that maps to the
ksa connect_retries config option to provide parity with the cinder and
glance clients that have nova side config options.
That change missed passing CONF.neutron.http_retries to the manual
client used for calling the port binding API. This sets the
connect_retries attribute on the manual ksa client so http_retries
will be honored.
Closes-Bug: #1929886
Related-Bug: #1866937
Change-Id: I8296e4be9f0706fab043451b856efadbb7bd41f6
(cherry picked from commit 56eb253e9febccf721df6bca4eb851ad26cb70a6)
(cherry picked from commit 46aa3f4ec769e948d9eb73604bf9b66f4b0230b0)
(cherry picked from commit f20346bc00a30c914cbefb48009db776f8e00b09)
|
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Our console proxies (novnc, serial, spice) run in a websockify server
whose request handler inherits from the python standard
SimpleHTTPRequestHandler. There is a known issue [1] in the
SimpleHTTPRequestHandler which allows open redirects by way of URLs
in the following format:
http://vncproxy.my.domain.com//example.com/%2F..
which if visited, will redirect a user to example.com.
We can intercept a request and reject requests that pass a redirection
URL beginning with "//" by implementing the
SimpleHTTPRequestHandler.send_head() method containing the
vulnerability to reject such requests with a 400 Bad Request.
This code is copied from a patch suggested in one of the issue comments
[2].
Closes-Bug: #1927677
[1] https://bugs.python.org/issue32084
[2] https://bugs.python.org/issue32084#msg306545
Change-Id: Ie36401c782f023d1d5f2623732619105dc2cfa24
(cherry picked from commit 781612b33282ed298f742c85dab58a075c8b793e)
(cherry picked from commit 470925614223c8dd9b1233f54f5a96c02b2d4f70)
(cherry picked from commit 6b70350bdcf59a9712f88b6435ba2c6500133e5b)
|
|\ \ \ \
| | | | |
| | | | |
| | | | | |
into stable/ussuri
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
libguestfs >= v1.41.1 and commit 0ee02e0117527 changed the return type
of read_file from string to bytes.
https://github.com/libguestfs/libguestfs/commit/0ee02e0117527b86a31b2a88a14994ce7f15571f
As we don't check the version of libguestfs installed this change
handles both the original behaviour where a string is returned and the
newer behaviour by decoding any returned bytes to a string.
Closes-Bug: #1882421
Change-Id: I1c12b2903c1e5bf3a88394493456ad33233f3cd8
(cherry picked from commit 606d588e3eca1d88ad26b4c2cfa3f2e1d5ed553e)
(cherry picked from commit e98935f705a931e3ae666820387a419be1622b64)
(cherry picked from commit 210abc09b857880aa7665fb540f46cb53662a600)
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Nova and QEMU[1] supports PCI devices with a PCI address that has 16 bit
domain. However there are hypervisors that reports PCI addresses with
32 bit domain. While today we cannot assign these to guests this should
not prevent the nova-compute service to start.
This patch changes the PCI manager to ignore such PCI devices.
Please note that this patch does not change fact that nova does not
allow specifying PCI addresses with 32bit domain in the
[pci]/passthrough_whitelist configuration. Such configuration is still
rejected at nova-compute service startup.
Changes:
nova/pci/manager.py
NOTE(stephenfin): We need to replace a use of 'str(exc)' with
'six.text_type(exc)' to keep pep8/Python 2.7 happy.
Closes-Bug: #1897528
[1] https://github.com/qemu/qemu/blob/f2a1cf9180f63e88bb38ff21c169da97c3f2bad5/hw/core/qdev-properties.c#L993
Change-Id: I59a0746b864610b6a314078cf5661d3d2b84b1d4
(cherry picked from commit 8c9d6fc8f073cde78b79ae259c9915216f5d59b0)
(cherry picked from commit 90ffc553d7f4152a6a4a8708787150d3c3c40b03)
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | |
| | | | | | |
stable/ussuri
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
During the VM booting process Nova asks Neutron for the security groups
of the project. If there are no any fields specified, Neutron will
prepare list of security groups with all fields, including rules.
In case if project got many SGs, it may take long time as rules needs to
be loaded separately for each SG on Neutron's side.
During booting of the VM, Nova really needs only "id" and "name" of the
security groups so this patch limits request to only those 2 fields.
This lazy loading of the SG rules was introduced in Neutron in [1] and
[2].
[1] https://review.opendev.org/#/c/630401/
[2] https://review.opendev.org/#/c/637407/
Related-Bug: #1865223
Change-Id: I15c3119857970c38541f4de270bd561166334548
(cherry picked from commit 388498ac5fa15ed8deef06ec061ea47e4a1b7377)
(cherry picked from commit 4f49545afaf3cd453796d48ba96b9a82d11c01bf)
(cherry picked from commit f7d84db5876b30d6849877799c08ebc65ac077ca)
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Error-out the migrations (cold and live) whenever the
anti-affinity policy is violated. This addresses
violations when multiple concurrent migrations are
requested.
Added detection on:
- prep_resize
- check_can_live_migration_destination
- pre_live_migration
The improved method of detection now locks based on group_id
and considers other migrations in-progress as well.
Closes-bug: #1821755
Change-Id: I32e6214568bb57f7613ddeba2c2c46da0320fabc
(cherry picked from commit 33c8af1f8c46c9c37fcc28fb3409fbd3a78ae39f)
(cherry picked from commit 8b62a4ec9bf617dfb2da046c25a9f76b33516508)
(cherry picked from commit 6ede6df7f41db809de19e124d3d4994180598f19)
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The nova-compute fails to start if the hypervisor has PCI addresses
32bit domain.
Change-Id: I48dcb7faa17fe9f8346445a1746cff5845baf358
Related-Bug: #1897528
(cherry picked from commit 976ac722d36439d16ea4ec1bf5037c482c89ef55)
(cherry picked from commit 0354d4d9f47354e2b4fc0b2343c27e734fe2e494)
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In different location we assume system_metadata.image_base_image_ref
exists, because it is set during instance creation in method
_populate_instance_for_create
But once instance is rebuild, all system_metadata image property a dropped
and replace by new image property and without setting back
image_base_image_ref.
This change propose to set image_base_image_ref during rebuild.
In specific case of shelve/unshelve in Qcow2 backend, image_base_image_ref is
used to rebase disk image, so we ensure this property is set as instance may
have been rebuild before the fix was apply.
NOTE(lyarwood): An additional change is required within the
ShelvePolicyTestV21 test on stable/ussuri to avoid the system_metadata
of the fake instance being lazy loaded during the test.
Related-Bug: #1732428
Closes-Bug: #1893618
Change-Id: Ia3031ea1f7db8b398f02d2080ca603ded8970200
(cherry picked from commit fe52b6c25bebdd1b459c7a59fbb8d9f6de200c9d)
|
|\ \ \ \
| |/ / / |
|