Currently it is not possible to override an existing image block device
by supplying the device with the same name at boot (see also
Ib1ba130042aabbbe7bb8d60fc212c66e446c1d73). Even though we want to
discourage usage of device names as much as possible in the Nova API (as
not all hypervisors can honour them), EC2 API requires that this is possible.
While we want to make sure we document that supplying device names at
boot is only really desirable if you want to override some of the ones
contained in the image, introducing a different labeling system just so
that we don't use the device names seems like an overkill for a feature
that does not seem to be very used.
This patch adds a method that will do this deterministically when
compiling all the block device information for the request.
It is also worth noting that The EC2 API allows only subset of block
device attributes to be overridden in this way (see [1]). This limitation
did not exist previously in Nova, and there seems to be no reason why we
would need that complexity, so it would be up to the EC2 compatibility
code to deal with this.
[1] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html#Using_OverridingAMIBDM
Doc-Impact
Closes-bug: #1370250
Change-Id: I60ecdcae81ff5dec34f0fa0a39e0739759a6fa59
This documents what we consider the contract in Nova, and what kinds
of things trigger needing a new microversion. It also includes a flow
chart for folks that are more visually inclined.
Change-Id: I6dbadbf7cb23e27b96a0ae191419c8adf6ffe006
This patch is a code reduction cleanup fix. Exec calls to openssl
can mostly be replaced with a proper python library called
cryptography.
Changed the following:
* Removed convert_from_sshrsa_to_pkcs8 and _to_sequence since
cryptography already has a method to do this conversion.
* Replaced openssl rsautl call in ssh_encrypt_text and decrypt_text
with cryptography's public key encrypt and decrypt methods.
* Replaced call to openssl x509 with cryptography's
load_pem_x509_certificate which also includes a way to retrieve
the fingerprint.
* generate_fingerprint's calls to paramiko were replaced with
cryptography's serialization module. Cryptography supports all
key sizes of elliptic curve keys whereas paramiko did not.
* Removed the requirement on pyasn1
Change-Id: I750b49e6a73cd18af8199c1c859c9f6047252387
The monolithic nova.virt.libvirt.volume module is going to be split out
for a refactor of the file system type volume drivers and those will go
into a nova/virt/libvirt/volume/ directory.
As a prelude to moving the volume module, we are moving the related lvm
dmcrypt, and rbd_utils modules into the new storage subdirectory. These
are not moved into the volume directory since they are also used for image
management so put them in the more generic storage subdirectory.
Part of blueprint consolidate-libvirt-fs-volume-drivers
Change-Id: Ib5471e99ad9ab63bddfa75c96b4ee7590eb3c867
This fixes the Instance object fakery in the test_extended_ips family
of test modules. This is needed for removal of Instance object flavor
compatibility in a later patch.
Change-Id: I2b10f97b92b36425fd7e746fc7767626e1b3812b
This fixes the test_extended_server_attributes module to use proper
Instance object fakery for its compute_api mocks. This is needed for
removal of Instance flavor compatibility code in a later patch.
Change-Id: I5c8ec7430eb5c89e6e8f956d06f546b758719e27
This cleans up the usage of Instance objects in test_security_groups to
not depend on db object representation. This is needed for dropping flavor
compatibility code in a later patch.
Change-Id: I2676b2cad47af00f343c095f24c082d7e9cc2155
This does a major refactor of code in test_servers to use instance
objects and generally mock things at the compute/api layer instead
of all the way down in the database layer.
It removes a few tests and conditions that were just testing DB
semantics from the highest levels.
This will be needed when we drop the flavor compatibility code from
the instance object, as these tests were mocking out the DB layer
with old-style instance structures.
Change-Id: I42ffac6b323a809ee80a1e8dedf729de46106b47
This patch changes the internals of some
of the libvirt volume drivers to use the
os-brick Connector objects. Cinder already
uses os-brick for volume discovery and removal
for copy volume to image and image to volume
operations.
This patch changes the following libvirt volume drivers:
LibvirtISCSIVolumeDriver
LibvirtISERVolumeDriver
LibvirtAOEVolumeDriver
LibvirtFibreChannelVolumeDriver
This patch also removes the need to have the
nova/storage module that was used by the above listed
libvirt volume drivers.
This patch also fetches the initiator side information
from os-brick. This replaces the internals of the
libvirt driver's get_volume_connector
Also updated the rootwrap filters to consolidate them under
a single comment, and added a new os-brick needed command.
blueprint use-os-brick-library
Change-Id: I400db60fcc29c2d5e2d3b9dabc055649138468eb
Depends-On: Id36f9665c8ff2a720713ceaaa5b05f9b03706681
block_device_info_get_mapping will return [] or
a list of block devices. There is no need to check the size
of the array.
Change-Id: Id07c9a79e5144f8199b4092febb0e1e5f41096d2
There is no task state change when attaching or detaching
a volume, so there is no need to have reverts_task_state on them.
Change-Id: I0962532832b1bfebf41fd887f9d1ee332eaa028b
This patch implements get_mks_console in the VMware driver.
Implements: blueprint vmware-webmks-console
Change-Id: Icecc3f69e01bb8799a7d2364f0cc7a81cb2ac36b
MKS is the native protocol for VMware consoles and this patch is adding
API support for it. For now there is only one console type for this
protocol and this is 'webmks'. A new microversion is introduced which
adds protocol 'mks' and type 'webmks' for requesting a remote console.
Example request:
POST /servers/<uuid>/remote-consoles
{
"remote_console": {
"protocol": "mks",
"type": "webmks"
}
}
Example response:
{
"remote_console": {
"protocol": "mks",
"type": "webmks",
"url": "http://example.com:6090/mks.html?token=XYZ"
}
}
APIImpact
Implements: blueprint vmware-webmks-console
Change-Id: I7217b999fb8d64a5646d8f20d7426c26553871d7
MKS is the native protocol for VMware consoles.
DocImpact: two config properties are added in group 'mks':
'mksproxy_base_url' - specifies that base URL for the MKS proxy
'enabled' - enables MKS console
Implements: blueprint vmware-webmks-console
Change-Id: Ia494ce050bd4dc58e5947e7f07cc3c815a257004
Nikola Dipanov