| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit afb0f774841d30dcae9c074d524e7fa9be840678.
Reason for revert:
We unfortunately leak the token in the logs which is considered a security flaw, even if only provided on DEBUG level.
Change-Id: I52b52e65b689dadbdb08122c94652c491f850de6
Closes-Bug: #2012993
|
| | |
| |
| |
| |
| |
| |
| | |
Just follows the pattern that we do every release.
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
Change-Id: Iaba463eedf8ec24303a18d5ba63087cd26ca16d3
|
| | |
| |
| |
| |
| |
| |
| | |
This fix minors comments that have been noticed.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: Iee6c224aa0f26d8550b38a8f69b28d8648b1da70
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Start to v2.95 any evacuated instances will be stopped a destination
Implements: bp/allowing-target-state-for-evacuate
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: I141b6f057cc4eb9c541c2bc6eddae27270ede08d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When instance task state is 'deleting' or 'migrating', then
get_vnc_console throws 500 error, as InstanceInvalidState
exception is not handled there.
This change handles InstanceInvalidState in api layer in
get_vnc_console call.
Closes-Bug: #1968618
Change-Id: Ia738a0972b050f549f446c85171d3f33e60ada4f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Extend microversion 2.90 to allow FQDNs in the hostname parameter.
Multi-create with --hostname continues to be refused, returning error
400 to the user. This simplifies the code by not needing to handle any
sort of suffix or prefix mangling of the FQDN to handle multiple
instances. No other changes are made - not Neutron integration,
metadata API changes (the FQDN will appear as-is in places where the
hostname currently appears), etc.
Change-Id: I47e397dc6da8263762479cc8ae4f8777a6d9d811
Implements: bp/fqdn-in-hostname
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously Nova was unable to remove deleted projects from flavor's
access lists. This patch lifts described limitation and improves
logic of nova/api/openstack/identity.py library by introducing two
separate kinds of exceptions:
- webob.exc.HTTPInternalServerError is raised when Keystone identity
service version 3.0 was not found.
- webob.exc.HTTPBadRequest is raised when specified project is not
found.
Closes-bug: #1980845
Change-Id: Icbf3bdd944f9a6c38f25ddea0b521ca48ee87a7f
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Correct name used everywhere in code is COMPUTE_RESCUE_BFV.
This should be fixed to not confuse users.
Change-Id: I233113283f54c04118689724e18ad29a644dec05
|
| |\ \ \ \ |
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Unlike uwsgi, apache mod_wsgi does not support passing
commandline arguments to the python wsgi script it invokes.
As a result while you can pass --config-file when hosting the
api and metadata wsgi applications with uwsgi there is no
way to use multiple config files with mod_wsgi.
This change mirrors how this is supported in keystone today
by intoducing a new OS_NOVA_CONFIG_FILES env var to allow
operators to optional pass a ';' delimited list of config
files to load.
This change also add docs for this env var and the existing
undocumented OS_NOVA_CONFIG_DIR.
Closes-Bug: 1994056
Change-Id: I8e3ccd75cbb7f2e132b403cb38022787c2c0a37b
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added check if quiesce fails because libvirt fails to connect with
qemu guest agent inside instance
Closes-Bug: #1980720
Change-Id: I134a4060ace2678f76ae3606bf117c07194a8d92
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Just follows the pattern that we do every release.
Change-Id: I6ce6d536290d0126006413aa4b15ba89162d5761
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Implementation for BP/libvirt-viommu-device.
With provide `hw:viommu_model` property to extra_specs or
`hw_viommu_model` to image property. will enable viommu to libvirt
guest.
[1] https://www.berrange.com/posts/2017/02/16/setting-up-a-nested-kvm-guest-for-developing-testing-pci-device-assignment-with-numa/
[2] https://review.opendev.org/c/openstack/nova-specs/+/840310
Implements: blueprint libvirt-viommu-device
Change-Id: Ief9c550292788160433a28a7a1c36ba38a6bc849
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a microversion and API support for triggering a rebuild
of volume-backed instances by leveraging cinder functionality to
do so.
Implements: blueprint volume-backed-server-rebuild
Closes-Bug: #1482040
Co-Authored-By: Rajat Dhasmana <rajatdhasmana@gmail.com>
Change-Id: I211ad6b8aa7856eb94bfd40e4fdb7376a7f5c358
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change adds a new hw:locked_memory extra spec and hw_locked_memory
image property to contol preventing guest memory from swapping.
This change adds docs and extend the flavor
validators for the new extra spec.
Also add new image property.
Blueprint: libvirt-viommu-device
Change-Id: Id3779594f0078a5045031aded2ed68ee4301abbd
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We have many places where we implement singleton behavior for the
placement client. This unifies them into a single place and
implementation. Not only does this DRY things up, but may cause us
to initialize it fewer times and also allows for emitting a common
set of error messages about expected failures for better
troubleshooting.
Change-Id: Iab8a791f64323f996e1d6e6d5a7e7a7c34eb4fb3
Related-Bug: #1846820
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change starts the process of wiring up the new ephemeral encryption
control mechanisims in the compute layer. This initial step being to
ensure the BlockDeviceMapping objects are correctly updated with the
required ephemeral encryption details when requested through the
instance flavor extra specs or image metadata properties.
Change-Id: Id49cb238f7bbf2b97f018ddbe090ebdc08d762dc
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The PowerVM driver was deprecated in November 2021 as part of change
Icdef0a03c3c6f56b08ec9685c6958d6917bc88cb. As noted there, all
indications suggest that this driver is no longer maintained and may be
abandonware. It's been some time and there's still no activity here so
it's time to abandon this for real.
This isn't as tied into the codebase as the old XenAPI driver was, so
removal is mostly a case of deleting large swathes of code. Lovely.
Change-Id: Ibf4f36136f2c65adad64f75d665c00cf2de4b400
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As agreed in the spec, we will both drop the generation support for a keypair
but we'll also accept @ (at) and . (dot) chars in the keyname, all of them in
the same API microversion.
Rebased the work from I5de15935e83823afa545a250cf84f6a7a37036b4
APIImpact
Implements: blueprint keypair-generation-removal
Co-Authored-By: Nicolas Parquet <nicolas.parquet@gandi.net>
Change-Id: I6a7c71fb4385348c87067543d0454f302907395e
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds support to the REST API, in a new microversion, for specifying
a destination host to unshelve server action when the server
is shelved offloaded.
This patch also supports the ability to unpin the availability_zone of an
instance that is bound to it.
Note that the functional test changes are due to those tests using the
"latest" microversion 2.91.
Implements: blueprint unshelve-to-host
Change-Id: I9e95428c208582741e6cd99bd3260d6742fcc6b7
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch introduce changes to the compute API that will allow
PROJECT_ADMIN to unshelve an shelved offloaded server to a specific host.
This patch also supports the ability to unpin the availability_zone of an
instance that is bound to it.
Implements: blueprint unshelve-to-host
Change-Id: Ieb4766fdd88c469574fad823e05fe401537cdc30
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| | |
This should help finding out cause of failures happening
when performing API requests by reading the log file
Change-Id: I02e531c2aaaccae99da9a21ee9268f6fdd0efb3e
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The webob.Request class does not have the remote_address attribute but
the remote_addr attribute. This change fixes usage of the non-existing
attribute accordingly.
Closes-Bug: #1967683
Change-Id: I874e97ac6ad84daa20997345082cb4d1135699c4
|
| | |
| |
| |
| |
| |
| |
| | |
Addresses a long-standing TODO.
Change-Id: I57a1c4ca2ab23ca991344e73fb4ab5fbb2922723
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Just follows the pattern that we do every release.
Change-Id: Ia6ea455e50307c515cbade467d32799baaec2d85
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Ensure the limit related APIs reflect the new reality of enforcing the
API and DB limits based on keystone only.
For now we skip all updates to the DB, as none mean anything to the new
code, as we only look at keystone now.
Note: this will need to be updated again once we add limits for
cores, ram, instances, etc.
blueprint unified-limits-nova
Change-Id: I5ef968395b4bdc6f190e239a19a723316b1d5baf
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Flavor extra specs index policy is used to show flavor
extra specs in flavor as well as server APIs response.
As per RBAC new guidelines, we are restricting project level
respurces APIs to project scoped only. To do that, we are
separating the flavor extra specs index policy for server
APIs and make them only for project scoped.
Partial implement blueprint policy-defaults-refresh-2
Change-Id: I9cfb61dabe6f98cb057aad9702f9d355c415fda6
|
| |\ \ \ \ \
| | |/ / /
| |/| | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Implement a unified limits specific version of get_class_quotas as used
by the quota_class API. This simply returns the limits defined in
keystone that are now enforced when you enable unified limits.
Note: this will need to be updated again once we add limits to things
that use things like resource_class, etc.
blueprint unified-limits-nova
Change-Id: If9901662d30d15da13303a3da051e1b9fded72c0
|
| |\ \ \ \ \
| |/ / / /
| | | / /
| |_|/ /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When using unified limits, we add enforcement of those limits on all
related API calls. Note: we do not yet correctly report the configured
limits to users via the quota APIs, that is in a future patch.
Note the unified limits calls are made alongside the existing legacy
quota calls. The old quota calls will be handed by the quota engine
driver, that is basically a no-op. This is to make it easier to remove
the legacy code paths in the future.
Note, over quota exceptions raised with unified limits use the standard
(improved) exception message as those raised by oslo.limit. They
however do use the existing exception code to ease integration. The
user of the API will see the same return codes, no matter which code is
enabled to enforce the limits.
Finally, this also adds test coverage where it was missing. Coverage
for "quota recheck" behavior in KeypairAPI is added where all other
KeypairAPI testing is located. Duplicate coverage is removed from
nova/api/openstack/compute/test_keypairs.py at the same time.
blueprint unified-limits-nova
Change-Id: I36e82a17579158063396d7e55b495ccff4959ceb
|
| |\ \ \ \
| | |/ /
| |/| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As per the RBAC new direction, we will allow
project resources operation to be performed by
the project scoped token only and system user will
be allowed to perform system level operation only
not project resources specific.
Details about new direction can be found in community-wide
goal
- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
This commit modify remaining APIs as per the new guidelines.
Also, allow all project admin to list the other project limits. This is
what we allowed in legacy policy and until we have domain admin or other
way to list other project resources/info, we will keep that behaviour.
Also modifying and adding tests for four cases:
1. enforce_scope=False + legacy rule (current default policies)
2. enforce_scope=False + No legacy rule
3. enforce_scope=True + legacy rule
4. enforce_scope=True + no legacy rule (end goal of new RBAC)
Partial implement blueprint policy-defaults-refresh-2
Change-Id: I006d47aa2f4678a06c78057bcf407302abbe4907
|
| |\ \ \ \
| |/ / / |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As per the RBAC new direction, we will allow
project resources operation to be performed by
the project scoped token only and system user will
be allowed to perform system level operation only
not project resources specific.
Details about new direction can be found in community-wide
goal
- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
This commit modify the server action APIs to be scoped
to project scope.
Fix the shelve-offload policy to pass the instance project
id as target.
Also modifying and adding tests for four cases:
1. enforce_scope=False + legacy rule (current default policies)
2. enforce_scope=False + No legacy rule
3. enforce_scope=True + legacy rule
4. enforce_scope=True + no legacy rule (end goal of new RBAC)
Partial implement blueprint policy-defaults-refresh-2
Change-Id: I5293e9aa9cb3b48f97a5a2cf272939ada1aea2db
|
| |\ \ \ \
| | |/ /
| |/| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The KeypairLimitExceeded exception has a message string which is never
used. We raise this exception and then return a different message to
the API user. For the unified limit work, we want to move to using
oslo.limit's better error messages when available, which means we
need to honor the message in the exception. This just moves the
legacy string into the exception and makes the API use that instead
of overriding it.
Related to bp/unified-limits-nova
Change-Id: I217b3d0551291498191b556f62d78abf159778c2
|
| |\ \ \ \
| |/ / /
|/| / /
| |/ / |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As per the RBAC new direction, we will allow
project resources operation to be performed by
the project scoped token only and system user will
be allowed to perform system level operation only
not project resources specific.
Details about new direction can be found in community-wide
goal
- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
This commit modify more projects level APIs to be scoped
to project only.
Also modifying and adding tests for four cases:
1. enforce_scope=False + legacy rule (current default policies)
2. enforce_scope=False + No legacy rule
3. enforce_scope=True + legacy rule
4. enforce_scope=True + no legacy rule (end goal of new RBAC)
Partial implement blueprint policy-defaults-refresh-2
Change-Id: I6731aa6edd0c6bed5edb9eaaaa98b5e43aaeeb74
|
| |\ \ \ |
|
