Drop support for the os-floating-ip-dns API which has been deprecated
since Newton:
Idca478c566f9a7b5b30a3172453ce7c66d9fd8f0
This API now returns a 410 response for all routes.
Unit tests are removed and the functional API sample tests are just
asserting the 410 response now.
The API sample docs are left intact since the API reference still builds
from those and can be considered more or less branchless, so people
looking at the API reference can apply it to older deployments of nova
before os-floating-ip-dns was removed.
The release note added for previous nova-network API removals is
amended to note this additional change.
Part of blueprint remove-nova-network
Change-Id: I0c4b586292814b8483226aee315f41cbefc86a1e
Drop support for the os-floating-ips-bulk API which has been deprecated
since Newton:
Idca478c566f9a7b5b30a3172453ce7c66d9fd8f0
This API now returns a 410 response for all routes.
Unit tests are removed and the functional API sample tests are just
asserting the 410 response now.
The API sample docs are left intact since the API reference still builds
from those and can be considered more or less branchless, so people
looking at the API reference can apply it to older deployments of nova
before os-floating-ips-bulk was removed.
The release note added for previous nova-network API removals is
amended to note this additional change.
Part of blueprint remove-nova-network
Change-Id: I89d081108b398d8efba9636279088c61349b21e6
Depends-On: https://review.openstack.org/582945
This patch bumped API microversion to 2.65 to add support for
abort live migrations in ``queued`` and ``preparing`` status.
Part of blueprint abort-live-migration-in-queued-status
Change-Id: I4636a8d270ce01c1831bc951c4497ad472bc9aa8
Enable users to define the policy rules on server group policy
to meet more advanced policy requirement. This microversion
brings the following changes in server group APIs:
* Add ``policy`` and ``rules`` fields in the request of POST
``/os-server-groups``.
* The ``policy`` and ``rules`` fields will be
returned in response body of POST, GET ``/os-server-groups``
API and GET ``/os-server-groups/{server_group_id}`` API.
* The ``policies`` and ``metadata`` fields have been removed
from the response body of POST, GET ``/os-server-groups`` API
and GET ``/os-server-groups/{server_group_id}`` API.
Part of blueprint: complex-anti-affinity-policies
Change-Id: I6911e97bd7f8df92511e90518dba21c127e106a5
Add description about server status in active, shutoff,
error can accept a rebuild action.
Closes-Bug: 1775665
Change-Id: Id52acb9fdb264b337a6a9748049aeecd22901bf4
The os-floating-ip-pools API is implemented for both
nova-network and neutron. When using neutron, it justs
lists external network names.
Since it's a deprecated proxy to neutron we won't remove
it as part of blueprint remove-nova-network, but we can
update the API reference to explain how to achieve the
equivalent functionality in the networking service API,
so that's done here.
Change-Id: Ieb4c7a0657929f66ed5b642c5941e65aee24372d
The generic warning in here about being a proxy to
neutron is incorrect since these APIs don't proxy
anything to neutron and won't work if you're using
neutron, so the warning is updated.
Part of blueprint remove-nova-network
Change-Id: I8b7638bb0835711ef174d6caf1b53e4a1808ef53
The generic warning in here about being a proxy to
neutron is incorrect since these APIs don't proxy
anything to neutron and won't work if you're using
neutron, so the warning is updated.
Part of blueprint remove-nova-network
Change-Id: I6f88108ba81dfb8f47fb56a35aa6abc2bad0d710
This drops support for the os-fixed-ips compute REST API which has been
deprecated since
Newton: I1a8a44530be29292561e90d6f7bd7ed512a88ee3
Now it returns 410 response. Unit tests are removed and the functional API
sample test is just asserting the 410 response now. The API sample docs are
left intact since the API reference still builds from those and can be
considered more or less branchless, so people looking at the API reference
can apply it to older deployments of nova before os-fixed-ips was removed.
Part of blueprint remove-nova-network
Change-Id: I61f758ff9285448d431b45f67c70286082b4ee90
The API reference for the server 'migrate' (cold migrate) action
doesn't mention any asynchronous post conditions. We should have
something similar to what's in the 'resize' action API reference.
Change-Id: I596b95cbd276e8d16a1cc8ce20d77f0ff6985317
Closes-bug: #1774234
Fix the location of the 'trusted_image_certificates'
parameter in the parameter list
of the request body in the "Create Server" API.
Add an additional description that explains
the value is null if the trusted certificate IDs are not set
in the description for the 'trusted_image_certificates' parameter
in the response body.
Change-Id: Ibd3763044068c64b88a28d6c541c569233e112f8
Closes-Bug: #1777394
Support for the 'multi_instance_display_name_template' option was
removed in commit 0e43002c9 and booting multiple instances now will
simply result in a simple numerical suffix (-1, -2, -3, ...) being added
to the instance's 'display_name' and 'hostname' attributes.
We're now in a position to greatly simplify how we do this, so do just
that, removing some comments and updating some documentation that
referenced the removed option in the process.
Change-Id: If5369bcf4a6f7fc36190e153776e60446eb14040
This adds a new policy rule which defaults to behave in a
backward compatible way, but will allow operators to enforce
that servers created with a zero disk flavor must also be
volume-backed servers.
Allowing users to upload their own images and create image-backed
servers on local disk with zero root disk size flavors can be
potentially hazardous if the size of the image is unexpectedly
large, since it can consume the local disk (or shared storage pool).
It should be noted that disabling the new policy rule will
result in a non-backward compatible API behavior change and no
microversion is being introduced for this because enforcement via
a new microversion would not close the security gap on any previous
microversions.
Related compute API reference and user documentation is updated
to mention the policy rule along with a release note since
this is tied to a security bug, which will be backported to stable
branches.
Change-Id: Id67e1285a0522474844de130c9263e11868f67fb
Closes-Bug: #1739646
This change adds support for the trusted_image_certificates parameter,
which is used to define a list of trusted certificate IDs that can be
used during image signature verification and certificate validation. The
parameter may contain a list of strings, each string representing the ID
of a trusted certificate. The list is restricted to a maximum of 50 IDs.
The list of certificate IDs will be stored in the trusted_certs field of
the instance InstanceExtra and will be used to verify the validity of
the signing certificate of a signed instance image.
The trusted_image_certificates request parameter can be passed to
the server create and rebuild APIs (if allowed by policy):
* POST /servers
* POST /servers/{server_id}/action (rebuild)
The following policy rules were added to restrict the usage of the
``trusted_image_certificates`` request parameter in the server create
and rebuild APIs:
* os_compute_api:servers:create:trusted_certs
* os_compute_api:servers:rebuild:trusted_certs
The trusted_image_certificates parameter will be in the response
body of the following APIs (not restricted by policy):
* GET /servers/detail
* GET /servers/{server_id}
* PUT /servers/{server_id}
* POST /servers/{server_id}/action (rebuild)
APIImpact
Implements blueprint: nova-validate-certificates
Change-Id: Iedd3fea0e86648fae364f075915555dcb2c4f199
Some of the block_device_mapping_v2 parameter descriptions
were lacking details on valid values, combinations, restrictions
and how things get linked together, for example, to get a swap
bdm. This fills in the details and re-words things in some
places for clarity.
The mention of the libvirt driver in the guest_format for
non-swap ephemeral block devices is removed since (1) it's
overly confusing and (2) API users shouldn't know or care
if the hypervisor running their server is libvirt or not.
The point is, if you want swap, ask for swap, and if you want
ephemeral, specify one of the other values. Then you get what
you get and you don't throw a fit.
Change-Id: Ia7e49f28e2f410ada5c2f4c2e3a13ffd97e54654
This drops support for the os-virtual-interfaces compute REST API
which has been deprecated since Newton:
I1a8a44530be29292561e90d6f7bd7ed512a88ee3
Now it returns 410 response.
Unit tests are removed and the functional API sample test is just
asserting the 410 response now. The API sample docs are left intact
since the API reference still builds from those and can be considered
more or less branchless, so people looking at the API reference can
apply it to older deployments of nova before os-virtual-interfaces was
removed.
Depends-On: https://review.openstack.org/571556/
Part of blueprint remove-nova-network
Change-Id: Id7f94a643e5d7b8a842c0f4a5c9f796d6566b365
Since I8ae8507a089df4d0a32be5fbc615e2166f44516e the config option
multi_instance_display_name_template has been removed.
So this patch removes the remaining of the option.
Change-Id: I81fa2588d85c803415aadf6150ed6cdd7a0fe6d1
In the following APIs, the 'volume_id' parameters are
'path' parameters. So fix them.
- GET /servers/{server_id}/os-volume_attachments/{volume_id}
- DELETE /servers/{server_id}/os-volume_attachments/{volume_id}
In addition, the descriptions of the parameters are amended.
Change-Id: Iab93acde31639b1471c83b06fb1a77474bb52c48
Closes-Bug: #1770560
This drops support for the fping compute REST API which
has been deprecated since Newton:
I1a8a44530be29292561e90d6f7bd7ed512a88ee3
To match the os-cloudpipe and os-certificates removals
the os-fping controller now returns a 410 response.
The related fping_path configuration option is removed
along with the related fping policy rules.
Unit tests are removed and the functional API sample
test is just asserting the 410 response now.
The API sample docs are left intact since the API reference
still builds from those and can be considered more or
less branchless, so people looking at the API reference
can apply it to older deployments of nova before os-fping
was removed.
A release note is started which we can build on for each
nova-network specific API that we remove in this series.
Part of blueprint remova-nova-network
Change-Id: Ia36aaa8f74adc2b540c49523db522cd85ab17ed2
soft_deleted is support in query but we didn't mention in the doc
bcb405e871/nova/db/sqlalchemy/api.py (L2127)
Change-Id: I1c5577a501144170e82c96c04cffbf32dcaa5cff
Closes-Bug: 1765575
This patch adds a new microversion to
``GET /servers/{server_id}/os-instance-actions/{req_id}`` API to
include the ``host`` field for admin and an ``hostId`` for all users
by default. And the display of newly added ``host`` field will be
controlled by the same policy as the ``traceback`` field.
The newly added fields can be used to determine on which host a
given action event occurred.
Part of blueprint: add-host-to-instance-action-events
Change-Id: I2f8b4a12a088b9ed96b428eafde2e0c478fb1db5
This was marked optional in change If57aa3e37 but it has
only been optional since Queens due to change I8a3e7e6c4,
before that you will get a 400 error if you do not provide
boot_index in the BDMs, e.g.:
2018-04-23 12:34:13,308 INFO [nova.api.openstack.wsgi] \
HTTP exception thrown: Block Device Mapping is Invalid: \
Boot sequence for the instance and image/block device \
mapping combination is not valid.
2018-04-23 12:34:13,310 INFO [nova.api.openstack.requestlog] \
127.0.0.1 "POST /v2.1/6f70656e737461636b20342065766572/servers"
status: 400 len: 164 microversion: 2.1 time: 0.129485
One could argue that I8a3e7e6c4b72eb1c3707d54049d18dc29f606fe5
is a behavior change that should have gone with a microversion,
which if people agree with that, could be reverted separately.
Change-Id: I14d44dbc0b6a8fb25932c333e695cad9edaefbed
Closes-Bug: #1766306
This change makes "DELETE /os-services/{service_id}" fail
with a 409 response when attempting to delete a nova-compute
service which is still hosting instances.
Deleting a compute service also results in deleting the
related compute_nodes table entry for that service host.
The compute node resource provider in placement is tied
to the compute node via the UUID, and if we allow deleting
the compute service and node then the resource provider for
that node is effectively orphaned in Placement, along with
the instances which have allocations against that resource
provider.
Furthermore, restarting the compute service will create a
new service and compute_nodes record, and the compute node
would have a new UUID and resource provider. This will
affect scheduling for that host since Placement will be
reporting it as having available capacity which in reality
is not accurate.
A release note is included for the (justified) behavior
change in the API. A new microversion should not be required
for this since admins should not have to opt out of broken
behavior. Since this API did not previously expect to return
a 409 response, the "expected_errors" decorator is updated
and again, should not require a microversion per the
guidelines:
https://docs.openstack.org/nova/latest/contributor/microversions.html#when-a-microversion-is-not-needed
Change-Id: I0bd63b655ad3d3d39af8d15c781ce0a45efc8e3a
Closes-Bug: #1763183
The docs had three things wrong:
1. The server status would be VERIFY_RESIZE, not VERIFY_RESIZED.
2. The RESIZED value is on the OS-EXT-STS:vm_state field, not
vm_status.
3. The migration record status must be "finished", which is what
gets set on the migration record in the _finish_resize() method
in ComputeManager and used in the comptue API.confirm_resize()
method. "confirming" status is what the API sets the migration
record to before casting to nova-compute to finish the
confirmation.
Stepping back, this is too many conditionals for what is really
needed. So rather than fix all three items individually, this
change simply fixes the first one and removes the other two since
the 'status' is based on the 'vm_state' internally, and a non-admin
user cannot list migrations anyway, and the _finish_resize()
method sets the migration status *before* the vm_state.
Closes-Bug: #1764878
Change-Id: Ib751686880ee824cf0693a649f47c828f515b471
Exposes flavor extra_specs in the flavor representation since
microversion 2.61. Now users can see the flavor extra-specs
in flavor APIs response only and do not need to call
``GET /flavors/{flavor_id}/extra_specs`` API.
Flavor extra_specs will be included in Response body of the
following APIs:
* ``GET /flavors/detail``
* ``GET /flavors/{flavor_id}``
* ``POST /flavors``
* ``PUT /flavors/{flavor_id}``
Part of blueprint add-extra-specs-to-flavor-list
Change-Id: I048747633babf690a63c6de9773bff5547872053
It is a follow-up for If01b2dcfa9df8c0e80ad1da65115204fe321891b.
The 'progress' parameter has been changed to an optional parameter
in If01b2dcfa9df8c0e80ad1da65115204fe321891b.
Optional parameters should be after required parameters.
So fix parameter order in rebuild action.
And fix 'adminPass' as well.
Change-Id: I38e0cdd73e9b81b5c4c8bd69c1139f99db3c7773
This patch verifies BDM, fault and scheduler hint parameters.
A subsequent patch will verify other parameters.
Change-Id: If57aa3e37ebaa6fa13718480bb216d10664aa5b1
Partial-Bug: #1738930
This adds the same note for volume-backed instances not being
supported for the server rescue action as exists for the createBackup
action.
Change-Id: If4ba24f2fe15f479c353d0ea69bf0f1454540ef0
This patch verifies query parameters.
Subsequent patches will verify other parameters.
Change-Id: I6078c0c8ebc888dc120f446f228a3b0433b89a76
Partial-Bug: #1738930
