| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the RPC 6.0 bump, we re-ordered the data and instance parameters
in the client, without changing the order of the caller. This causes
us to pass the instance to the virt driver call instead of the
data structure, thus failing the check all the time (and barfing
a traceback).
This just fixes that re-ordering. Since all of our direct testing of
this is done using dispatch-by-name, we didn't see a unit test fail
because of it, but the error was visible in the logs of an integration
run. There is one evacuate test that asserts the ordering is as we
expect, which this fixes. Given the time constraints of RC1, I'm
considering that to be enough coverage, but we probably need a better
test that covers the seam between manager and rpcapi here.
Change-Id: Ie7e06776315e5e82e7d320919f1781fa2164398a
Closes-Bug: #1921399
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Even if we want to bump the compute rpc api to a new major version, we still
need to support 5.x for the rolling upgrade case.
Adding a proxy that will handle those old RPC calls/casts so we could easily
cut it in a later change in the next X release timeframe (as we won't longer
support Victoria 5.x calls)
On the client side, we're making sure that we can still support v5.x methods
until the next X release (as operators could pin on 5.0 version for Victoria
compute nodes)
NOTE(sbauza): Now that the compute service only supports the 6.0
version, we could remove all the unnecessary verifications in both the
manager but also the functional and unittests. That being said, given
the patch would be large, I think it's better to just amend the needed
modifications for supporting 6.0 and delete the above in later changes.
For example, the NUMA live migration functests verify a lot of RPC API
compatibities in betwen 5.2, 5.3 and later. We need to stop verifying
this but let's do this in later changes, please.
Change-Id: Id2e467c43d5b7c6bafd5dbbbf8d5d06be6dc7e30
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This was previously hidden in the hypervisor configuration guide. Make
it a top-level document.
Change-Id: If402522c859c1413f0d90912e357496a0a67c5cf
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
|
| |\ \ \
| |/ / |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There's also a PCI passthrough guide. Use that instead, allowing us to
remove the sections for various extra specs from the 'user/flavors'
guide:
- hw:pci_numa_affinity_policy
- pci_passthrough:alias
Change-Id: I5701d284c2cfdadf825f8e2f699651b3f8c0c9ab
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
|
| |\ \ \
| |/ / |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We have a perfectly good TPM guide. Enhance that, allowing us to remove
the special section dedicated to this from the generic flavor docs.
Change-Id: If484074c01595f747f9201b5ec12164779195b61
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
|
| |\ \ \
| |/ / |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This beefy patch closes a long-standing TODO and allows us to move yet
more information out of the flavors guide and into specific documents.
This, combined with existing documentation in place, means we can remove
the sections for various extra specs from the 'user/flavors' guide:
- hw:cpu_realtime -> doc/source/admin/real-time.rst
- hw:cpu_realtime_mask -> doc/source/admin/real-time.rst
- hw:emulator_threads_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_thread_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_sockets -> doc/source/admin/cpu-topologies.rst
- hw:cpu_cores -> doc/source/admin/cpu-topologies.rst
- hw:cpu_threads -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_sockets -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_cores -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_threads -> doc/source/admin/cpu-topologies.rst
- hw:numa_nodes -> doc/source/admin/cpu-topologies.rst
- hw:numa_cpus.N -> doc/source/admin/cpu-topologies.rst
- hw:numa_mem.N -> doc/source/admin/cpu-topologies.rst
- hw:mem_page_size -> doc/source/admin/huge-pages.rst
Multiple improvements to the libvirt extra spec docs are included here,
for want of a better place to include them.
Change-Id: I02b044f8246f4a42481bb5f00259842692b29b71
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Mostly based on cycle highlights.
Change-Id: I77d984f39e7c5473f54b7d6fe57c52187f894919
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This fix issue that we might get str stream from json files instead of bytes
and make sure we read bytes from json files under
QEMU_FIRMWARE_DESCRIPTOR_PATHS.
Add `rb` mode ([1]) to return contents as bytes objects.
[1] https://docs.python.org/3.8/library/functions.html#open
Closes-Bug: #1921075
Change-Id: I446be58f7f3e972d8e10cc5cbf83ebd42edb34e3
|
| |\ \ \ \ \
| | |_|/ /
| |/| | | |
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is mostly regurgitated information from the current flavors guide
but we take the opportunity to significantly expand upon what we've
already stated here.
Change-Id: I9ad798427bbc6451fd920d6c08357d6e1eaa5136
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Since I2bd360dcc6501feea7baf02d4510b282205fc061 there is a global state
set during the wsgi_app init making our unit test cases
non-deterministic based on the order of them. This patch makes sure
that the global state is reset for each test case.
Change-Id: Ie2ba746a7697a70fdbc6594f02257f78becfe962
Closes-Bug: #1921098
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This was somehow missed when we landed the stable rescue doc updates in
Iaa2f27ccb2a77102fde6b24b76c9d5ae54608cca.
Change-Id: Ib7b9f4fd7673525129c03dc2943deedd0c7ad81f
|
| |\ \ \ \ \ \
| |/ / / / /
| | / / / /
| |/ / / /
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These were missed in the original change but add some useful context to
readers of when things have been changed.
blueprint: libvirt-default-machine-type
Change-Id: I64ef0efc80a088385c9ac45a818cc807490d2de1
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We have discovered that if an exception is raised at any point during
the running of the init_application WSGI script in an apache/mod_wsgi
Daemon Mode environment, it will prompt apache/mod_wsgi to re-run the
script without starting a fresh python process. Because we initialize
global data structures during app init, subsequent runs of the script
blow up as some global data do *not* support re-initialization. It is
anyway not safe to assume that init of global data is safe to run
multiple times.
This mod_wsgi behavior appears to be a special situation that does not
behave the same as a normal reload in Daemon Mode as the script file is
being reloaded upon failure instead of the daemon process being
shutdown and restarted as described in the documentation [1].
In order to handle this situation, we can move the initialization of
global data structures to a helper method that is decorated to run only
once per python interpreter instance. This way, we will not attempt to
re-initialize global data that are not safe to init more than once.
Co-Authored-By: Michele Baldessari <michele@redhat.com>
Co-Authored-By: melanie witt <melwittt@gmail.com>
Closes-Bug: #1882094
[1] https://modwsgi.readthedocs.io/en/develop/user-guides/reloading-source-code.html#reloading-in-daemon-mode
Change-Id: I2bd360dcc6501feea7baf02d4510b282205fc061
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently, it is possible to "partially archive" the database by
running 'nova-manage db archive_deleted_rows' with --max_rows or by
interrupting the archive process in any way. When this happens, it is
possible to have archived a record with a foreign key relationship to a
parent record (example: 'instance_extra' table record is archived while
the 'instances' table record remains).
When an instance's records become "split" in this way, any API request
that can (1) access the deleted instance and (2) tries to access data
that should be in a child table (example: the embedded flavor for an
instance) will fail with an OrphanedObjectError and HTTP 500 to the
user. Examples of APIs that are affected by this are the tenant usage
APIs and listing of deleted instances as admin.
In the tenant usage example, the API looks at deleted instances to
calculate usage over a time period. It pulls deleted and non-deleted
instances and does instance.get_flavor() to calculate their usage. The
flavor data is expected to be present because
expecteds_attrs=['flavor'] is used to do a join with the
'instance_extra' table and populate the instance object's flavor data.
When get_flavor() is called, it tries to access the instance.flavor
attribute (which hasn't been populated because the 'instance_extra'
record is gone). That triggers a lazy-load of the flavor which loads
the instance from the database again with expected_attrs=['flavor']
again which doesn't populate instance.flavor (again) because the
'instance_extra' record is gone. Then the Instance._load_flavor code
intentionally orphans the instance record to avoid triggering
lazy-loads while it attempts to populate instance.flavor,
instance.new_flavor, and instance.old_flavor. Finally, another
lazy-load is triggered (because instance.flavor is still not populated)
and fails with OrphanedObjectError.
One way to solve this problem is to make it impossible for
archive_deleted_records to orphan records that are related by foreign
key relationships. The approach is to process parent tables first
(opposite of today where we process child tables first) and find all of
the tables that refer to it by foreign keys, create and collect
insert/delete statements for those child records, and then put them all
together in a single database transaction to archive all related
records "atomically". The idea is that if anything were to interrupt
the transaction (errors or other) it would roll back and keep all the
related records together. Either all or archived or none are archived.
This changes the logic of the per table archive to discover tables that
refer to the table by foreign keys and generates insert/delete query
statements to execute in the same database transaction as the table
archive itself. The extra records archived along with the table are
added to the rows_archived result. The existing code for "archiving
records if instance is deleted" also has to be removed along with this
because the new logic does the same thing dynamically and makes it
obsolete. Finally, some assertions in the unit tests need to be changed
or removed because they were assuming certain types of archiving
failures due to foreign key constraint violations that can no longer
occur with the new dynamic logic for archiving child records.
Closes-Bug: #1837995
Change-Id: Ie653e5ec69d16ae469f1f8171fee85aea754edff
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
In [1], we are supporting shelve/unshelve the instance with accelerators
bonded, but we missed to deal the interval for polling shelved instances
to offload periodic task, so we should add the 'accel_uuids' support
in _poll_shelved_instances() periodic task.
[1]https://review.opendev.org/c/openstack/nova/+/729563/
Co-Authored-By: Wenping Song <songwenping@inspur.com>
Closes-Bug: #1917592
Change-Id: I2ba69d0d727cc183f4a5dc52eaf4000962caeb4a
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: I8f44a622f8bb03ca936c7457658ba8e2951f5457
|
| |\ \ \ \ \ \ \
| |/ / / / / / |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add a simple test to validate behavior with vDPA devices. Most of this
is simply fleshing out the fixtures we use to fake out vDPA devices and
generally tweaking things to make them better.
Change-Id: I1423d8a9652751b667463f90c69eae1a054dd776
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Co-authored-by: Sean Mooney <work@seanmooney.info>
|
| |\ \ \ \ \ \ \
| |/ / / / / / |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
There are a number of operations that are known not to work with vDPA
interfaces and another few that may work but haven't been tested. Start
blocking these. In all cases where an operation is blocked a HTTP 409
(Conflict) is returned. This will allow lifecycle operations to be
enabled as they are tested or bugs are addressed.
Change-Id: I7f3cbc57a374b2f271018a2f6ef33ef579798db8
Blueprint: libvirt-vdpa-support
|
| |\ \ \ \ \ \ \ |
|
| | | |_|_|_|_|/
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Stephen asked nicely[1] on the review to fix this in a follow-up. (I
guess it's because release notes are public, and it's nice not to have
typos in them.)
[1] https://review.opendev.org/c/openstack/nova/+/780908/1/releasenotes/notes/deprecate-tunnelled-live-migration-81c06a04627724ec.yaml
Change-Id: Ifc80421c1bed4cf1619814b5c78c5c39d9f031b2
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
|
| |\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Just follows the pattern that we do every release.
Change-Id: I493895bfef4b957fe46d0da2974eac4d6bb36957
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | | |
tls guide"
|
| | | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This patch adds the config option 'live_migration_scheme = tls' to the
secure live migration guide.
To let the live migration use the qemu native tls, some configuration of
the compute nodes is needed. The guide describes this but misses the
'live_migration_scheme' config option.
It is necessary to set 'live_migration_scheme' to tls to use the
connection uri for encrypted traffic. Without this parameter everything
seems to work, but the unencrypted tcp-connection is still used for the
live migration.
Closes-Bug: #1919357
Change-Id: Ia5130d411706bf7e1c983156158011a3bc6d5cd6
|
| |\ \ \ \ \ \ \
| |/ / / / / /
|/| | / / / /
| | |/ / / /
| |/| | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This change extend the vnic type to PCI request dev type mapping to
support the vDPA vnic type.
This change extends the PCI stats module to filter out VDPA 'dev_type'
pools if its not explicitly requested.
This change explicitly filters out the vDPA dev_type from the pci alias
schema since that is not supported.
Blueprint: libvirt-vdpa-support
Change-Id: I91dd7993395f693c7d26c1caa44fa365f5cbec12
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We are well above the required MIN_LIBVIRT_VERSION and MIN_QEMU_VERSION
(4.4.0 and 2.11.0, respectively) to get QEMU-native TLS[1] support by
default.
So we can now deprecate (and later remove) the support for "tunnelled
live migration", which has two inherent limitations: (a) it cannot
handle live migration of disks in a non-shared storage setup (a.k.a.
"block migration"); and (b) it has a huge performance overhead and
latency, because it burns more CPU and memory bandwidth due to increased
number of data copies, on both source and destination hosts.
Both the above limitations are addressed by the QEMU-native TLS support
`live_migration_with_native_tls`, which is the recommended approach for
securing all live migration streams (guest RAM, device state, and
disks).
[1] https://docs.openstack.org/nova/latest/admin/secure-live-migration-with-qemu-native-tls.html
Change-Id: I34fd5a4788a2ad4380d9a57b84512fa94a6f9c37
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The fix Iac8496065c8b6212d7edac320659444ab341b513 removed the last user
of VFSLocalFS so this patch remove the class, the related tests and all
the privsep functions that become dead code after this cleanup.
Change-Id: Ia1eb1d93d1f9699a4027b7a07107109ab9a3a29a
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Introduce two new guides on UEFI and Secure Boot. In addition, update
the flavors guide to document the secure boot feature (though this doc
should really be removed in near term in favour of the auto-generated
docs, as noted inline).
Note that this change includes our first use of the ':nova:extra-spec:'
cross-reference role and highlights a small bug in that implementation.
This is resolved.
Blueprint: allow-secure-boot-for-qemu-kvm-guests
Change-Id: I4eb370b87ba8d0403c8c0ef038a909313a48d1d6
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
|
| |\ \ \ \ \ \ \
| |/ / / / / / |
|
