This change integrates support of the Cinder 3.44
volume attachment API.
The patch bumps the compute service version to
check whether all the compute nodes are upgraded to the
version that can handle attach and detach with the new
flow.
To enable the new flow we also need the 3.44 or higher
microversion from Cinder. We check that in the API and
if it's not available we fall back to the old
attach/detach flow.
Co-Authored-By: Ildiko Vancsa <ildiko.vancsa@gmail.com>
Partially Implements: blueprint cinder-new-attach-apis
Change-Id: Ifc01dbf98545104c998ab96f65ff8623a6db0f28
A regression was introduced in the 2.36 API microversion where the
'force' parameter was missing from the 'PUT /os-quota-sets/{tenant_id}'
API request schema so users could not force quota updates with
microversion 2.36 or later. The bug is now fixed so that the 'force'
parameter can once again be specified during quota updates. There is
no new microversion for this change since it is an admin-only API.
Change-Id: I947e927802f755ccb25a91efd82cac895779d19e
Closes-Bug: #1733886
This commit deprecates the config option and policy
for hide server address. They are marked for removal.
Implement blueprint remove-configurable-hide-server-address-feature
Depends-On: I6aed4909b0e7efe9c95d1f7398db613eca05e5ce
Change-Id: I6040e8c2b3e132b0dfd09f82ae041b4786a63483
Nova API extension concept is removed in Pike. These extensions
have their own policies enforcement which are not needed any more.
All the below policies which were added mainly for extensions are
deprecated for removal-
- 'os_compute_api:os-config-drive'
- 'os_compute_api:os-extended-availability-zone'
- 'os_compute_api:os-extended-status'
- 'os_compute_api:os-extended-volumes'
- 'os_compute_api:os-keypairs'
- 'os_compute_api:os-server-usage'
- 'os_compute_api:os-security-groups' (only from /servers APIs)
- 'os_compute_api:os-flavor-rxtx'
- 'os_compute_api:os-flavor-access' (only from /flavors APIs)
- 'os_compute_api:image-size'
Implement blueprint api-extensions-policy-removal
Depends-On: I6aed4909b0e7efe9c95d1f7398db613eca05e5ce
Change-Id: Ie05f4e84519f8a00ffb66ea5ee920d5c7722a66b
Adds a new microversion (1.14) to the placement REST API for supporting
nested resource providers.
For POST /resource_providers and PUT /resource_providers/{uuid}, a new
optional 'parent_provider_uuid' field is added to the request payload.
For GET /resource_providers/{uuid} responses, the
'parent_provider_uuid' field and a convenience field called
'root_provider_uuid' are provided.
For GET /resource_providers, a new '?in_tree=<rp_uuid>' parameter is
supported. This parameter accepts a UUID of a resource provider. This
will cause the resulting list of resource providers to be only the
providers within the same "provider tree" as the provider identified by
<rp_uuid>
Clients for the placement REST API can specify either
'OpenStack-API-Version: placement 1.14' or 'placement latest' to handle
the new 'parent_provider_uuid' attribute and to query for resource
providers in a provider tree.
Change-Id: I4db74e4dc682bc03df6ec94cd1c3a5f5dc927a7b
blueprint: nested-resource-providers
APIImpact
When using neutron polling mode, booting a VM will timeout because
nova-compute cannot receive network-vif-plugged event. This is
because we set vif['id'](i.e. neutron port uuid) to two different
OVS ports. One is Xenserver VIF, the other is tap device qvo-XXXX
which neutron ovs agent will monitor and deal with.
My previous patch https://review.openstack.org/#/c/463246/ has
deprecated the setting of 'nicira-iface-id' to XenServer. This
patch is to remove the setting of 'nicira-iface-id'.
Closes-Bug: #1732624
Change-Id: I221e89686c8e9041651f5affc4e3542d75ff55bc
We currently don't record shelve_offload instance
actions. This is useful for auditing and debugging.
This patch adds instance shelve_offload actions.
Change-Id: I195082e82b092a9694a20111de50b12b60b4a58a
partial-implements: blueprint fill-the-gap-for-instance-action-records
Commit 984dd8ad6add4523d93c7ce5a666a32233e02e34 makes a rebuild
with a new image go through the scheduler again to validate the
image against the instance.host (we rebuild to the same host that
the instance already lives on). This fixes the subsequent doubling
of allocations that will occur by skipping the claim process if
a policy-only scheduler check is being performed.
Closes-Bug: #1732976
Related-CVE: CVE-2017-17051
Related-OSSA: OSSA-2017-006
Change-Id: I8a9157bc76ba1068ab966c4abdbb147c500604a8
In
https://blueprints.launchpad.net/nova/+spec/cells-count-resources-to-check-quota-in-api
we introduced a new workflow of Quota checks. It is possible that
concurrent requests can pass API layer checks, but blocked by
conductor layer checks.
This can actually trigger user-noticeable API behavior changes:
As an user, previously, If my request is blocked by quota checks, I will
get HTTP 403 response, and no instance records will be left.
After the above mentioned change, it is possible that when my requests
failed at conductor layer Quota check and I got an instance in ERROR
state. And in an busy cloud, users may got a lot of ERROR instances
according to this and the instance number may beyond the limit.
We should at least mention this behavior change in the release note.
Change-Id: I05606fffab4e24fc55465067b66c6a035a787d1e
Related-Bug: #1716706
We don't support changing the image in the root disk of a volume-backed
server during a rebuild. The API will change the instance.image_ref
attribute to the newly supplied image_href to the rebuild API but the
actual image used by the server after the rebuild will be the original
image, which is wrong.
We need to just fail fast in this case in the API since the compute
service doesn't support it. We also need to ensure that instance.image_ref
doesn't get modified since a missing value here is used by novaclient and
probably other HTTP API users as an indication of a volume-backed server.
See the related mailing list discussion for more details:
http://lists.openstack.org/pipermail/openstack-dev/2017-October/123255.html
Co-Authored-By: Chris Friesen <chris.friesen@windriver.com>
Change-Id: If4c5fb782bb7e7714fb44f8ca9875121e066bc10
Closes-Bug: #1482040
This function enables users to specify a target host
when cold migrating a VM instance.
This patch modifies the migration API.
APIImpact
Add an optional parameter 'host' in cold migration action.
Change-Id: Iee356c4dd097c846b6ca8617ead6a061300c83f8
Implements: blueprint cold-migration-with-target-queens
The use_baremetal_filters and baremetal_enabled_filters options
along with the ExactRamFilter, ExactCoreFilter and ExactDiskFilter
filters were all deprecated in Pike:
I843353427c90142a366ae9ca63ee4298b4f3ecd4
The IronicHostManager is configurable and relies on those options,
so if those options are deprecated then the IronicHostManager should
also be deprecated.
The sticky part with this is going to be filters that don't work with
ironic nodes today, like the NUMATopologyFilter, so a note is left
in the use_baremetal_filters option code to remind us that we can't
likely remove any of this until all filters work with ironic nodes.
Change-Id: Iebc74a09990dcda8cf0ee2a41f9ae1058d2a182a
The TrustedFilter and the related trusted_computing config options
were deprecated in Pike:
If6e53feeb97e6050c1eb7962110ed89504c952fc
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Change-Id: I0a7ab3a4fb2cfad567a8644bed4de574393ee11a
In the review of I49f5680c15413bce27f2abba68b699f3ea95dcdc, a few
non-blocking nits were identified. This change addresses some of
those nits, fixing some typos, clarifying method names and what
microversion is in use at particular times.
Change-Id: Iff15340502ce43eba3b98db26aa0652b1da24504
This provides microversion 1.13 of the placement API, giving the
ability to POST to /allocations to set (or clear) allocations for
more than one consumer uuid.
It builds on the recent work to support a dict-based JSON format
when doing a PUT to /allocations/{consumer_uuid}.
Being able to set allocations for multiple consumers in one request
helps to address race conditions when cleaning up allocations during
move operations in nova.
Clearing allocations is done by setting the 'allocations' key for a
specific consumer to an empty dict.
Updates to placement-api-ref, rest version history and a reno are
included.
Change-Id: I239f33841bb9fcd92b406f979674ae8c5f8d57e3
Implements: bp post-allocations
We currently don't record lock/unlock instance
actions. This is useful for auditing and debugging.
This patch adds instance lock/unlock actions.
Change-Id: I09fadf79aac1a74465af48015ef97d9e9d4ac580
partial-implements: blueprint fill-the-gap-for-instance-action-records
We currently don't record volume attach/detach/swap instance
actions. This is useful for auditing and debugging.
This patch adds volume attach/detach/swap actions.
Change-Id: I0a3d15f3e3d0d8d920a79b519e17e3228e99f293
partial-implements: blueprint fill-the-gap-for-instance-action-records
This aims to fix the issue described in bug 1664931 where a rebuild
fails to validate the existing host with the scheduler when a new
image is provided. The previous attempt to do this could cause rebuilds
to fail unnecessarily because we ran _all_ of the filters during a
rebuild, which could cause usage/resource filters to prevent an otherwise
valid rebuild from succeeding.
This aims to classify filters as useful for rebuild or not, and only apply
the former during a rebuild scheduler check. We do this by using an internal
scheduler hint, indicating our intent. This should (a) filter out
all hosts other than the one we're running on and (b) be detectable by
the filtering infrastructure as an internally-generated scheduling request
in order to trigger the correct filtering behavior.
Closes-Bug: #1664931
Change-Id: I1a46ef1503be2febcd20f4594f44344d05525446
New notifications service.create and service.delete are introduced
with INFO priority and the payload of the notification is the serialized
form of the already existing Service versioned object. Service.create
notification will be emitted after the service is created (so the uuid
is available) and also send the service.delete notification after the
service is deleted.
Implement blueprint: service-create-destroy-notification
Change-Id: I955d98f9fd4b121f98e172e5ab30eb668a24006d
Previously, the configdrive could only be set when setting
the node's provisioning state to "active". When rebuilding,
the old configdrive was used and therefore was never updated
with latest content.
Since Ironic API microversion 1.35, it is now allowed to provide
a configdrive when setting the node's provisioning state to "rebuild".
Blueprint: rebuild-ironic-config-drive
Related-bug: #1575935
Depends-On: I9a5529f9fa796c75621e9f4354886bf3032cc248
Change-Id: I1f9056f66519b9ca2f4e23143559735f2bff8943
In a new microversion, 1.12, include project_id and user_id in the
output of GET /allocations/{consumer_uuid} and add JSON schema
to enable PUT to /allocations/{consumer_uuid} using the same dict-based
format for request body that is used in the GET response. In later
commits a similar format will be used in POST /allocations. This
symmetry is general good form and also will make client code a little
easier.
Since GET /allocation_candiates includes objects which are capable
of being PUT to /allocations/{consumer_uuid}, its response body has
been updated as well, to change the 'allocation_requests' object
to use the dict-based format.
Internally to handlers/allocation.py the same method (_set_allocations)
is used for every microversion. Any previous data structure is
transformed into the dict-ish form. This means that pre-existing tests
(like allocation-bad-class.yaml) continue to exercise the problems it
was made for, but needs to be pinned to an older microversion, rather than
being latest.
Info about these changes is added to placement-api-ref,
rest_api_version_history and a reno.
Change-Id: I49f5680c15413bce27f2abba68b699f3ea95dcdc
Implements: bp symmetric-allocations
Closes-Bug: #1708204
nova.network.neutronv2.api.get_client now uses the common
get_ksa_adapter utility to create an Adapter from common keystoneauth1
configuration options if the legacy [neutron] config option ``url`` is
not specified.
As part of blueprint use-ksa-adapter-for-endpoints, this provides a
consistent mechanism for endpoint communication from Nova.
Change-Id: I41724a612a5f3eabd504f3eaa9d2f9d141ca3f69
Partial-Implements: bp use-ksa-adapter-for-endpoints
Change the Adapter loading for glance to use the auth from the user
context instead of exposing and requiring it in the conf. With this
change, it is possible to leave the [glance] conf section empty and
still be able to discover the image API endpoint from the service
catalog.
Note that, when we do this, we often end up with the user auth being a
_ContextAuthPlugin, which doesn't conform to the characteristics of
keystoneauth1.identity.base.BaseIdentityPlugin as augmented in
keystoneauth1 3.1.0. This requires a series of workarounds until bug
1709118 is fixed. These, along with workarounds for bugs 1707993 and
1707995, are subsumed with this change set in a (hopefully temporary)
helper method nova.utils.get_endpoint.
This lays the foundation for other services that should use user
context for authentication - those via which Nova is acting on behalf
of the user, i.e. cinder, keystone, and (sometimes) neutron[1].
(Services such as placement and ironic (and sometimes neutron) should
continue to use admin auth context loaded from the conf.)
[1] bb4faf40df/nova/network/neutronv2/api.py (L149-L160)
Co-Authored-By: Eric Fried <efried@us.ibm.com>
Partial-Implements: bp use-ksa-adapter-for-endpoints
Change-Id: I4e755b9c66ec8bc3af0393e81cffd91c56064717
We currently don't record attach/detach interface instance
actions. This is useful for auditing and debuging.
This patch adds attach/detach interface actions.
Change-Id: I0874f52ca7c5e29d9cd619679e1e121b25b6b41e
partial-implements: blueprint fill-the-gap-for-instance-action-records
Commit ace11d3 adds a serial port device to instances, so the serial
console output can be sent to a virtual serial port concentrator (VSPC).
This patch finishes the implementation by returning the output saved by
VSPC to the end user. The config option 'serial_log_dir' should have the
same value as in the VSPC configuration (i.e. it must point to the same
directory).
The VSPC implementation is available at
https://github.com/openstack/vmware-vspc
blueprint vmware-console-log-complete
Change-Id: I7e40dc41b0354d414bc8eae331f8257959e1d123
Releasenotes are version independent, so remove version/release display.
This also allows to build the document without nova installed.
Change-Id: Iadb57089a866ef4b334670456a4116c245dbd968
This adds the new microversion to allow providing
a description when creating a flavor, returning a
flavor description when showing flavor details, and
updating the description on an existing flavor.
Implements blueprint flavor-description
Change-Id: Ib16b0de82f9f9492f5cacf646dc3165a0849d75e
This patch adds `key_name` param to instance rebuild
API. Then the user could reset the instance keypair
when rebuilding. If set key_name to None, the API
will unset the keypair of the instance.
APIImpact
Implements blueprint: rebuild-keypair-reset
Change-Id: I23886a89c25f811cfbe7e2500ce7ff52f9162966