diff options
| -rw-r--r-- | nova/tests/unit/virt/libvirt/test_driver.py | 3 | ||||
| -rw-r--r-- | nova/tests/unit/virt/test_hardware.py | 21 | ||||
| -rw-r--r-- | nova/virt/hardware.py | 18 | ||||
| -rw-r--r-- | releasenotes/notes/antelope-prelude-4a99907b00e739f8.yaml | 51 |
4 files changed, 87 insertions, 6 deletions
diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py index 04c80d662b..2b58c7df8b 100644 --- a/nova/tests/unit/virt/libvirt/test_driver.py +++ b/nova/tests/unit/virt/libvirt/test_driver.py @@ -3402,7 +3402,8 @@ class LibvirtConnTestCase(test.NoDBTestCase, self.assertEqual( "Memory encryption requested by hw:mem_encryption extra spec in " "m1.fake flavor but image fake_image doesn't have " - "'hw_firmware_type' property set to 'uefi'", str(exc)) + "'hw_firmware_type' property set to 'uefi' or volume-backed " + "instance was requested", str(exc)) def test_sev_enabled_host_extra_spec_no_machine_type(self): exc = self.assertRaises(exception.InvalidMachineType, diff --git a/nova/tests/unit/virt/test_hardware.py b/nova/tests/unit/virt/test_hardware.py index 016c478f8c..753ee41550 100644 --- a/nova/tests/unit/virt/test_hardware.py +++ b/nova/tests/unit/virt/test_hardware.py @@ -5364,7 +5364,7 @@ class MemEncryptionRequestedWithoutUEFITestCase( expected_error = ( "Memory encryption requested by %(requesters)s but image " "%(image_name)s doesn't have 'hw_firmware_type' property " - "set to 'uefi'" + "set to 'uefi' or volume-backed instance was requested" ) def _test_encrypted_memory_support_no_uefi(self, enc_extra_spec, @@ -5491,6 +5491,25 @@ class MemEncryptionRequiredTestCase(test.NoDBTestCase): (self.flavor_name, self.image_id) ) + def test_encrypted_memory_support_flavor_for_volume(self): + extra_specs = {'hw:mem_encryption': True} + + flavor = objects.Flavor(name=self.flavor_name, + extra_specs=extra_specs) + # Following image_meta is typical for root Cinder volume + image_meta = objects.ImageMeta.from_dict({ + 'min_disk': 0, + 'min_ram': 0, + 'properties': {}, + 'size': 0, + 'status': 'active'}) + # Confirm that exception.FlavorImageConflict is raised when + # flavor with hw:mem_encryption flag is used to create + # volume-backed instance + self.assertRaises(exception.FlavorImageConflict, + hw.get_mem_encryption_constraint, flavor, + image_meta) + class PCINUMAAffinityPolicyTest(test.NoDBTestCase): diff --git a/nova/virt/hardware.py b/nova/virt/hardware.py index 96a7198db2..c8f8bb2481 100644 --- a/nova/virt/hardware.py +++ b/nova/virt/hardware.py @@ -1213,10 +1213,13 @@ def _check_for_mem_encryption_requirement_conflicts( "image %(image_name)s which has hw_mem_encryption property " "explicitly set to %(image_val)s" ) + # image_meta.name is not set if image object represents root + # Cinder volume. + image_name = (image_meta.name if 'name' in image_meta else None) data = { 'flavor_name': flavor.name, 'flavor_val': flavor_mem_enc_str, - 'image_name': image_meta.name, + 'image_name': image_name, 'image_val': image_mem_enc, } raise exception.FlavorImageConflict(emsg % data) @@ -1228,10 +1231,15 @@ def _check_mem_encryption_uses_uefi_image(requesters, image_meta): emsg = _( "Memory encryption requested by %(requesters)s but image " - "%(image_name)s doesn't have 'hw_firmware_type' property set to 'uefi'" + "%(image_name)s doesn't have 'hw_firmware_type' property set to " + "'uefi' or volume-backed instance was requested" ) + # image_meta.name is not set if image object represents root Cinder + # volume, for this case FlavorImageConflict should be raised, but + # image_meta.name can't be extracted. + image_name = (image_meta.name if 'name' in image_meta else None) data = {'requesters': " and ".join(requesters), - 'image_name': image_meta.name} + 'image_name': image_name} raise exception.FlavorImageConflict(emsg % data) @@ -1260,12 +1268,14 @@ def _check_mem_encryption_machine_type(image_meta, machine_type=None): if mach_type is None: return + # image_meta.name is not set if image object represents root Cinder volume. + image_name = (image_meta.name if 'name' in image_meta else None) # Could be something like pc-q35-2.11 if a specific version of the # machine type is required, so do substring matching. if 'q35' not in mach_type: raise exception.InvalidMachineType( mtype=mach_type, - image_id=image_meta.id, image_name=image_meta.name, + image_id=image_meta.id, image_name=image_name, reason=_("q35 type is required for SEV to work")) diff --git a/releasenotes/notes/antelope-prelude-4a99907b00e739f8.yaml b/releasenotes/notes/antelope-prelude-4a99907b00e739f8.yaml new file mode 100644 index 0000000000..66890684af --- /dev/null +++ b/releasenotes/notes/antelope-prelude-4a99907b00e739f8.yaml @@ -0,0 +1,51 @@ +--- +prelude: | + The OpenStack 2023.1 (Nova 27.0.0) release includes many new features and + bug fixes. Please be sure to read the upgrade section which describes the + required actions to upgrade your cloud from 26.0.0 (Zed) to 27.0.0 (2023.1). + As a reminder, OpenStack 2023.1 is our first `Skip-Level-Upgrade Release`__ + (starting from now, we name it a `SLURP release`) where you can + rolling-upgrade your compute services from OpenStack Yoga as an experimental + feature. Next SLURP release will be 2024.1. + + .. __: https://governance.openstack.org/tc/resolutions/20220210-release-cadence-adjustment.html + + There are a few major changes worth mentioning. This is not an exhaustive + list: + + - The latest Compute API microversion supported for 2023.1 is `v2.95`__. + + .. __: https://docs.openstack.org/nova/latest/reference/api-microversion-history.html#maximum-in-2023.1 + + - `PCI devices can now be scheduled <https://docs.openstack.org/nova/latest/admin/pci-passthrough.html#pci-tracking-in-placement>`_ + by Nova using the Placement API on a opt-in basis. This will help the + nova-scheduler service to better schedule flavors that use PCI + (non-Neutron related) resources, will generate less reschedules if an + instance cannot be created on a candidate and will help the nova-scheduler + to not miss valid candidates if the list was too large. + + - Operators can now ask Nova to `manage the power consumption of dedicated + CPUs <https://docs.openstack.org/nova/latest/admin/cpu-topologies.html#configuring-cpu-power-management-for-dedicated-cores>`_ + so as to either offline them or change their governor if they're + currently not in use by any instance or if the instance is stopped. + + - Nova will prevent unexpected compute service renames by `persisting a unique + compute UUID on local disk <https://docs.openstack.org/nova/latest/admin/compute-node-identification.html>`_. + This stored UUID will be considered the source of truth for knowing whether + the compute service hostame has been modified or not. As a reminder, + changing a compute hostname is forbidden, particularly when this compute is + currently running instances on top of it. + + - `SPICE consoles <https://docs.openstack.org/nova/latest/admin/remote-console-access.html#spice-console>`_ + can now be configured with compression settings which include choices of the + compression algorithm and the compression mode. + + - Fully-Qualified Domain Names are now considered valid for an instance + hostname if you use the 2.94 API microversion. + + - By opting into 2.95 API microversion, evacuated instances will remain + stopped on the destination host until manually started. + + - Nova APIs now `by default support new RBAC policies <https://docs.openstack.org/nova/latest/configuration/policy.html>` + and scopes. See our `Policy Concepts documention <https://docs.openstack.org/nova/latest/configuration/policy-concepts.html>` + for further details. |