Commit Graph

34880 Commits

Author SHA1 Message Date
Zuul 6bd99eb2ea Merge "Correctly reset instance task state in rebooting hard" 2024-03-20 13:34:22 +00:00
Zuul 818f0cd4a3 Merge "Remove nova.wsgi module" 2024-03-19 19:42:00 +00:00
Zuul 3e358bc37c Merge "vgpu: Allow device_addresses to not be set" 2024-03-18 16:58:28 +00:00
Zuul e255323f46 Merge "libvirt: Cap with max_instances GPU types" 2024-03-18 12:31:30 +00:00
Zuul 45e5d213f8 Merge "Removed explicit call to delete attachment" 2024-03-14 10:47:58 +00:00
Zuul ef069d928a Merge "pwr mgmt: handle live migrations correctly" 2024-03-14 00:06:49 +00:00
Zuul b10cca0282 Merge "Reproducer test for live migration with power management" 2024-03-13 23:48:38 +00:00
Zuul 52a7d9cef9 Merge "pwr mgmt: make API into a per-driver object" 2024-03-13 23:48:29 +00:00
Zuul b59e1f8c00 Merge "Power on cores for isolated emulator threads" 2024-03-13 19:24:15 +00:00
Artom Lifshitz c1ccc1a316 pwr mgmt: handle live migrations correctly
Previously, live migrations completely ignored CPU power management.
This patch makes sure that we correctly:

* Power up the cores on the destination during pre_live_migration, as
  we need them powered up before the instance starts on the
  destination.
* If the live migration is successful, power down the vacated cores on
  the source.
* In case of a rollback, power down the cores previously powered up on
  pre_live_migration.

Closes-bug: 2056613
Change-Id: I787bd7807950370cd865f29b95989d489d4826d0
2024-03-11 14:21:27 -04:00
Artom Lifshitz 1f5e3421ec Reproducer test for live migration with power management
Building on the previous patch's refactor, we can now do functional
testing of live migration with CPU power management. We quickly notice
that it's mostly broken, leaving the CPUs powered up on the source,
and not powering them up on the dest.

Related-bug: 2056613
Change-Id: Ib4de77d68ceeffbc751bca3567ada72228b750af
2024-03-11 12:10:36 -04:00
Zuul 671c4e0313 Merge "Reproducer for not powering on isolated emulator threads cores" 2024-03-11 15:53:10 +00:00
Zuul 3cb7329ad2 Merge "Add cpuset_reserved helper to instance NUMA topology" 2024-03-11 15:53:03 +00:00
Zuul 336b815a30 Merge "Reproducers for bug 1869804" 2024-03-11 14:20:46 +00:00
Artom Lifshitz 29dc044a7a pwr mgmt: make API into a per-driver object
We want to test power management in our functional tests in multinode
scenarios (ex: live migration).

This was previously impossible because all the methods in
nova.virt.libvirt.cpu.api and were at the module level, meaning both
source and destination libvirt drivers would call the same method to
online and offline cores. This made it impossible to maintain distinct
core power state between source and destination.

This patch inserts a nova.virt.libvirt.cpu.api.API class, and gives
the libvirt driver a cpu_api attribute with an instance of that
class. Along with the tiny API.core() helper, this allows new
functional tests in the subsequent patches to stub out the core
"model" code with distinct objects on the source and destination
libvirt drivers, and enables a whole bunch of testing (and fixes!)
around live migration.

Related-bug: 2056613
Change-Id: I052535249b9a3e144bb68b8c588b5995eb345b97
2024-03-08 20:31:42 -05:00
Artom Lifshitz 0986d2bbe8 Power on cores for isolated emulator threads
Previously, with the `isolate` emulator threads policy and libvirt cpu
power management enabled, we did not power on the cores to which the
emulator threads were pin. Start doing that, and don't forget to power
them down when the instance is stopped.

Closes-bug: 2056612
Change-Id: I6e5383d8a0bf3f0ed8c870754cddae4e9163b4fd
2024-03-08 20:31:34 -05:00
Artom Lifshitz 521af26209 Reproducer for not powering on isolated emulator threads cores
Related-bug: 2056612
Change-Id: Icd586cdd015143b2e113fd14904f40410809d247
2024-03-08 20:31:30 -05:00
Artom Lifshitz 8dbfecd663 Add cpuset_reserved helper to instance NUMA topology
When we pin emulator threads with the `isolate` policy, those pins are
stored in the `cpuset_reserved` field in each NUMACell. In subsequent
patches we'll need those pins for the whole instance, so this patch
adds a helper property that does this for us, similar to how the
`cpu_pinning` property helper currently works.

Related-bug: 2056612
Change-Id: I8597f13e8089106434018b94e9bbc2091f95fee9
2024-03-08 20:31:19 -05:00
Zuul 13ccaf75f6 Merge "Implement add_consumer, remove_consumer KeyManager APIs" 2024-03-06 12:53:46 +00:00
Zuul 6230018d65 Merge "Disconnecting volume from the compute host" 2024-03-05 19:36:40 +00:00
Sylvain Bauza d445eaf9dd vgpu: Allow device_addresses to not be set
Sometimes, some GPU may have a long list of PCI addresses (say a SRIOV
GPU) or operators may have a long list of GPUs. In order to help their
lifes, let's allow device_addresses to be optional.

This means that a valid configuration could be :

    [devices]
    enabled_mdev_types = nvidia-35, nvidia-36

    [mdev_nvidia-35]

    [mdev_nvidia-36]

NOTE(sbauza): we have a slight coverage gap for testing what happens
if the groups aren't set, but I'll add it in a next patch

Related-Bug: #2041519
Change-Id: I73762a0295212ee003db2149d6a9cf701023464f
2024-03-05 11:48:25 +01:00
Sylvain Bauza 60851e4464 libvirt: Cap with max_instances GPU types
We want to cap a maximum mdevs we can create.
If some type has enough capacity, then other GPUs won't be used and
existing ResourceProviders would be deleted.

Closes-Bug: #2041519
Change-Id: I069879a333152bb849c248b3dcb56357a11d0324
2024-03-05 11:48:19 +01:00
Zuul 39de10777b Merge "Add support for showing requested az in output" 2024-03-01 20:39:00 +00:00
Zuul 9675f142b0 Merge "testing: Add ephemeral encryption support to fixtures" 2024-03-01 20:05:27 +00:00
Zuul dac8bd2493 Merge "libvirt: make <encryption> a sub element of <source>" 2024-03-01 20:05:16 +00:00
Zuul 91ec918ee7 Merge "Add hw_ephemeral_encryption_secret_uuid image property" 2024-03-01 20:05:01 +00:00
Rajesh Tailor c98c8d84ee Add support for showing requested az in output
As of now, the server show and server list --long output
shows the availability zone, that is, the AZ to which the
host of the instance belongs. There is no way to tell from
this information if the instance create request included an
AZ or not.

This change adds a new api microversion to add support for
including availability zone requested during instance create
in server show and server list --long responses.

Change-Id: If4cf09c1006a3f56d243b9c00712bb24d2a796d3
2024-03-01 21:39:04 +05:30
Zuul 1c903ccc8d Merge "Fix nova-metadata-api for ovn dhcp native networks" 2024-03-01 12:34:52 +00:00
Zuul 815fcbfa6b Merge "Add encryption support to convert_image" 2024-03-01 11:22:23 +00:00
Zuul 7275e6088e Merge "imagebackend: Add support to libvirt_info for LUKS based encryption" 2024-03-01 11:22:11 +00:00
Amit Uniyal dc6dac360c Removed explicit call to delete attachment
This was a TODO to remove delete attachment call from refresh after
remove_volume_connection call.
Remove volume connection process itself deletes attachment on passing
delete_attachment flag.

Bumps RPC API version.

Change-Id: I03ec3ee3ee1eeb6563a1dd6876094a7f4423d860
2024-03-01 06:26:48 +00:00
Amit Uniyal a8f81d5f08 Disconnecting volume from the compute host
cmd nova-manage volume_attachment refresh vm-id vol-id connetor

There were cases where the instance said to live in compute#1 but the
connection_info in the BDM record was for compute#2, and when the script
called `remote_volume_connection` then nova would call os-brick on
compute#1 (the wrong node) and try to detach it.

In some case os-brick would mistakenly think that the volume was
attached (because the target and lun matched an existing volume on the
host) and would try to disconnect, resulting in errors on the compute
logs.

- Added HostConflict exception
- Fixes dedent in cmd/manange.py
- Updates nova-mange doc

Closes-Bug: #2012365
Change-Id: I21109752ff1c56d3cefa58fcd36c68bf468e0a73
2024-03-01 05:17:42 +00:00
melanie witt 3a1c65a632 testing: Add ephemeral encryption support to fixtures
This adds encryption related methods and attributes to test fixtures to
enable functional testing for ephemeral encryption.

Related to blueprint ephemeral-encryption-libvirt

Change-Id: If65ec55d311ecf7fb3fe745ebbf116a430f60681
2024-02-29 22:20:21 +00:00
Zuul d29a9b64ee Merge "Make compute node rebalance safer" 2024-02-29 18:48:26 +00:00
Zuul b6dc431831 Merge "Add nova-manage ironic-compute-node-move" 2024-02-29 18:46:32 +00:00
Zuul 163f682362 Merge "Limit nodes by ironic shard key" 2024-02-29 18:46:22 +00:00
Zuul 9c6e593144 Merge "HyperV: Remove extra specs of HyperV driver" 2024-02-29 15:54:09 +00:00
Zuul a8d8e9a573 Merge "Separate OSError with ValueError" 2024-02-29 14:27:14 +00:00
Zuul 5272c20a58 Merge "Added context manager for instance lock" 2024-02-29 14:27:07 +00:00
Steven Blatzheim 135af5230e Fix nova-metadata-api for ovn dhcp native networks
With the change from ml2/ovs DHCP agents towards OVN implementation
in neutron there is no port with device_owner network:dhcp anymore.
Instead DHCP is provided by network:distributed port.

Closes-Bug: 2055245
Change-Id: Ibb569b9db1475b8bbd8f8722d49228182cd47f85
2024-02-29 13:12:41 +01:00
Zuul 149585bca1 Merge "libvirt: Configure and teardown ephemeral encryption secrets" 2024-02-29 11:56:10 +00:00
Zuul 060445aa2f Merge "Modify the mdevs in the migrate XML" 2024-02-29 06:58:40 +00:00
Zuul bb55200683 Merge "enforce remote console shutdown" 2024-02-28 16:33:27 +00:00
Sylvain Bauza 8abc7b47fd Modify the mdevs in the migrate XML
Now the destination returns the list of the needed mdevs for the
migration, we can change the XML.

Note: this is the last patch of the feature branch.
I'll work on adding mtty support in the next patches in the series
but that's not a feature usage.

Change-Id: Ib448444be09df50c3db5ccda8a49bfd882c18edf
Implements: blueprint libvirt-mdev-live-migrate
2024-02-28 15:53:49 +01:00
melanie witt e91aaaf551 libvirt: make <encryption> a sub element of <source>
For encryption of local ephemeral disks, the <encryption> XML should be
a sub element of the <source> XML element [1][2] in order for more
involved operations like live migration to work properly.

This adds generation of ephemeral <encryption> XML as a sub element of
the <source> XML.

This also renames the internal LibvirtConfigGuestDisk attribute for
volume encryption from "encryption" to "volume_encryption" in an effort
to clearly differentiate between volume encryption and ephemeral disk
encryption.

[1] https://libvirt.org/formatdomain.html#hard-drives-floppy-disks-cdroms
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1371022#c13

Related to blueprint ephemeral-encryption-libvirt

Change-Id: Ie4e5f2b27f7ef05f5c45b9adc1df2966e7f05e62
2024-02-28 08:46:20 +00:00
melanie witt 740d5bb531 Add hw_ephemeral_encryption_secret_uuid image property
If an image is encrypted, we will need to retrieve the passphrase from
the key manager service in order to create an instance from it.

This adds an image property to store the secret UUID that belongs to
the image. It will only be used to decrypt the image and will not be
used to encrypt or decrypt any other image. Nova will create a new
secret for each disk image it creates, including snapshots.

Related to blueprint ephemeral-storage-encryption

Change-Id: I01eef6adc2c8feb64e86b33392b8b4b483041e27
2024-02-28 08:46:01 +00:00
melanie witt 9f7a6732f9 Add encryption support to convert_image
This change enables ephemeral encryption support to convert:

  * encrypted source image to unencrypted destination image
  * unencrypted source image to encrypted destination image
  * encrypted source image to encrypted destination image

This also makes necessary changes for mypy checks to pass.

Related to blueprint ephemeral-storage-encryption

Change-Id: I9edc87006b1f7de69bc52f916f45c2cbb66abe23
2024-02-28 07:56:42 +00:00
Lee Yarwood 3391ac2656 imagebackend: Add support to libvirt_info for LUKS based encryption
Related to blueprint ephemeral-encryption-libvirt

Change-Id: I909c86ab722179efcb673b66f1f81121ab8b5f66
2024-02-28 07:56:42 +00:00
Lee Yarwood 177c184e40 libvirt: Configure and teardown ephemeral encryption secrets
This adds configuration of the default ephemeral encryption format and
sets default encryption attributes in the driver block device mapping
when needed. This includes generation of a secret passphrase when one
has not been provided.

Co-Authored-By: melanie witt <melwittt@gmail.com>

Related to blueprint ephemeral-encryption-libvirt

Change-Id: I052441076c677c0fe76a8d9421af70b0ffa1d400
2024-02-28 07:56:42 +00:00
Zuul 7fa1859576 Merge "libvirt: Support maxphysaddr." 2024-02-28 06:18:08 +00:00