Commit Graph

121 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov 5a533aae23 Improve Blazar integration with Nova
As of today we do not have any means of Blazar integration with Nova,
while we do provide roles for Blazar installation for a while now. This
patch aims to bring in more native integration and remove necessity
of overrides for such deployment.

Related-Bug: #2048048
Co-Authored-By: Alexey Rusetsky <fenuks@fenuks.ru>
Change-Id: Ica50a5504de1b1604f72123751cbb3f45c85ab46
2024-01-05 05:27:42 +00:00
Marc Gariepy 9d2924fa80 Config has changed for pci passthrough.
updating the config for pci devices since the old config is deprecated.
https://docs.openstack.org/nova/latest/configuration/config.html#pci.device_spec

Change-Id: Id2da29464359b4845c7d05e3bec53759341f4bad
2023-09-05 14:28:40 -04:00
Zuul bf6aaf7ab0 Merge "Enable multiple console proxies where requried in deployments" 2023-08-30 09:49:31 +00:00
Andrew Bonney d0877c6fd3 Enable multiple console proxies where requried in deployments
When Nova is deployed with a mix of x86 and arm systems
(for example), it may be necessary to deploy both 'novnc' and
'serialconsole' proxy services on the same host in order to
service the mixed compute estate.

This patch introduces a list which defines the required proxy
console types.

Change-Id: I93cece8babf35854e5a30938eeb9b25538fb37f6
2023-08-07 08:19:06 +01:00
Damian Dabrowski 7000bc3f3f Deprecate nova_ram_weight_multiplier
Long time ago a variable `nova_ram_weight_multiplier` was implemented
and its default value was set to 5.0.
There are 2 issues with this:
1. Default value in nova is 1.0 [1] so our value is much bigger than
nova's default without having a strong reason for that.
2. OSA does not provide similar variables for other multipliers like
`cpu_weight_multiplier`.

Because there are a couple of different multipliers and more of them
can be implemented in the future(for ex.
`hypervisor_version_weight_multiplier` was implemented in 2023.2) it
would be hard for the OSA project to maintain variables for all of them.
It is better to deprecate `nova_ram_weight_multiplier` and let users
define multipliers with `nova_nova_conf_overrides` if necessary.

[1] https://docs.openstack.org/nova/2023.1/configuration/config.html#filter_scheduler.ram_weight_multiplier

Change-Id: I4f82840e94312d38696e3ddd05ef494821233f4d
2023-07-11 21:35:41 +02:00
Dmitriy Rabotyagov 47007578b1 Install libvirt-deamon for RHEL systems
CentOS has upgraded their libivrt to version 9.3, where libvirt-daemon
is not installed as a dependency anymore. So we need to explicitly
isntall this package to restore functionality.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2209936

Change-Id: Ic6f2606b5a478c7a891c25bd131ad351a19699bc
2023-05-25 21:01:26 +00:00
Dmitriy Rabotyagov efe64725e1 Add way to periodically trim Nova DB
We're adding 2 services that are responsible for executing db purge and
archive_deleted_rows. Services will be deployed by default, but left
stopped/disabled. This way we allow deployers to enable/disable
feature by changing value of nova_archive/purge_deleted.

Otherwise, when variables set to true once, setting them to false won't
lead to stopoing of DB trimming and that would need to be done manualy.

Change-Id: I9f110f663fae71f5f3c01c6d09e6d1302d517466
2023-05-18 08:11:02 +00:00
Dmitriy Rabotyagov b6e904213e Remove nova_network_services mapping
At the moment we don't really utilize neutron_provider_networks
mapping except of 2 quite specific drivers, that are NSX and Nuage.
For these 2 usecases we suggest using overrides functionality instead.

Change-Id: I7d905a1dbda1ec722b161b96742247c806bed162
2023-04-04 13:17:03 +00:00
Jonathan Rosser b0fcbce66f Support configuration of resource providers with config files
Resource providers can be configured using the API or CLI, or they
can also be configured on a per-compute node basis using config
files stored in /etc/nova/provider_config.

This patch adds support for a user defined list of provider config
files to be created on the compute nodes. This can be specified in
user_variables or perhaps more usefully in group_vars/host_vars.
A typical use case would be describing the resources made available
as a result of GPU or other hardware installed in a compute node.

Change-Id: I13d70a1030b1173b1bc051f00323e6fb0781872b
2023-01-16 15:16:29 +00:00
OpenStack Release Bot a7061f3861 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: I877a352de30bdf9b461603e236d8ec0973640c45
2022-12-13 13:18:39 +00:00
Zuul ab92656a36 Merge "Add nova_ironic_serialconsole_type default setting" 2022-12-06 21:28:44 +00:00
Jonathan Rosser 91ef7e41d3 Add nova_ironic_serialconsole_type default setting
This variable determines if one of the nova console proxies is
deployed alongside the nova-compute service for ironic. Currently
the only supported values are "disabled" and "serialconsole"

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/860947
Change-Id: I8eae97f9c60956049072de8b04e557671a8cdcfa
2022-10-11 14:29:31 +01:00
Dmitriy Rabotyagov 242ebe2b54 Improve way of cache backend selection
At the moment we don't provide any option rather then use memcached
backend. With that we also hardocde list of packages that should be
installed inside virtualenv for selected backend.

Adding bmemcached requirement to oslo_cache.memcache_pool [1] gives us
opportunity to refactor this bit of deployment and allow to be more
flexible in backend selection and requirements installation for it.

[1] https://review.opendev.org/c/openstack/oslo.cache/+/854628

Change-Id: I48e193ef29e56aa8639511c5b5dcddc70f5e1198
2022-10-06 16:01:22 +00:00
Dmitriy Rabotyagov 3a68118d9b Implement nova direct RBD image retrieve
When nova don't use rbd images (ie local storage) it still might be good
idea to use direct connection to rbd to get images rather then
connect through HTTP.

Change-Id: I4f2d7cf54e07376c7a25d45093f5d83be5422234
2022-03-21 17:29:41 +00:00
Andrew Bonney b1e38084cc Add configuration option for heartbeat_in_pthread
This configuration option has been observed to result in file
descriptor leaks in certain circumstances. A variable is added
here so that it can be easily overridden.

Change-Id: I7de034307da9352e6f5d1f5f175a330fb8c86463
Related-Bug: #1961603
2022-03-15 10:53:42 +00:00
Zuul 559eb382b1 Merge "Drop nova_glance_api_servers variable" 2022-02-15 18:37:04 +00:00
Dmitriy Rabotyagov 5846e4d0b1 Remove secure_proxy_ssl_header logic
According to nova doc, secure_proxy_ssl_header has been deprecated and
has no effect [1]. Since these variables are not used for other purpose
we drop them.

[1] https://docs.openstack.org/nova/latest/configuration/config.html#oslo_middleware.secure_proxy_ssl_header

Change-Id: Ibc3ac4f0f3fb038463748f8c1608fa475374cf67
2022-02-09 09:41:55 +02:00
Dmitriy Rabotyagov 6775f57c75 Drop nova_glance_api_servers variable
Since api_servers from [glance] secton is deprecated and can be
silently ignored [1], we drop corresponsive OSA variable

[1] https://docs.openstack.org/nova/latest/configuration/config.html#glance.api_servers

Change-Id: I52de65a4629f23fd2c0c3735033a8e2d57a82024
2022-02-09 08:55:17 +02:00
Andrew Bonney 7a33271509 Revert "Disable shell for nova when tunneled migration not used"
This reverts commit ca352be75b.

Change-Id: I19e1cc491e2441ab8d1bd39d383dd2e09a5b7077
2022-01-07 11:20:04 +00:00
Dmitriy Rabotyagov ca352be75b Disable shell for nova when tunneled migration not used
Change-Id: If4d036794cf8edb14e6b0ed491cf0de78f425b2c
2021-12-23 16:37:44 +02:00
Damian Dabrowski fcd582731b Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.

Change-Id: Ibc876f2744c271e9c4ad797597c15af8d73867c1
2021-12-01 22:04:50 +01:00
Zuul db6e446bc7 Merge "Enable TLS for VNC from novncproxy to compute hosts" 2021-11-15 12:37:45 +00:00
Zuul d62950ac51 Merge "Enable TLS for live migrations" 2021-11-12 00:49:13 +00:00
James Gibson 2b8d5a0b88 Enable TLS for VNC from novncproxy to compute hosts
To secure communications from the proxy server to the compute
nodes using VeNCrypt authentication scheme.

In a previous patch a TLS server certificate was deployed to
compute nodes, this patch makes use of this same server cert for
securing VNC sessions on compute nodes. It is recommended that
this certificate be issued by a dedicated certificate authority
solely for the VNC service, as libvirt does not currently have a
mechanism to restrict what certificates can be presented by the
proxy server. This has not been implemented to reduce complexity.

In addition the noVNC proxy needs to present a client certificate
so only approved VNC proxy servers can connect to the Compute nodes.
The PKI role has been used to create a client certificate for the
nova console nodes.

Related Nova docs:
https://docs.openstack.org/nova/latest/admin/remote-console-access.html

To help with the transition from from unencrypted VNC to VeNCrypt,
initially compute nodes auth scheme allows for both encrypted and
unencrypted sessions using the variable `nova_vencrypt_auth_scheme`, this
will be removed in future releases.

Change-Id: Iafb788f80fd401c6ce6e4576bafd06c92431bd65
2021-11-11 14:23:27 +00:00
James Gibson ad8bda5f64 Enable TLS for live migrations
Instead of using SSH to live migrate VM's use TLS as this is more
secure and SSH migrations are deprecated.
https://docs.openstack.org/nova/xena/admin/secure-live-migration-with-qemu-native-tls.html
A pre-existing PKI (Public Key Infrastruture) setup is required.

TLS live migrations require that all compute hosts can communcate
with each other on port 16514 and port range 49152 to 49261.

To enable TLS live migrations, both libvirt and QEMU require server
and client certificates, the server certicicates is used to verify
servers and the client cert is used by servers to authenticate
clients. A single cert is created by the pki role, that can be
used by both libvirt and QEMU for both client and server auth.

The client, server and CA certifcates need to installed in a
number of locations on each compute host:
* For Libvirt https://libvirt.org/tlscerts.html
* For QEMU https://github.com/libvirt/libvirt/blob/master/src/qemu/qemu.conf

Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/815007
Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/815849
Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/816857

Change-Id: Iddbe8764bb6d3cd3eaee122b2d5ddc02fa3f7662
2021-11-09 09:11:24 +00:00
Dmitriy Rabotyagov af44f385d7 Rename nova_enabled_vgpu_types
In order to reflect upstream nova variable change [1] we rename
nova_enabled_vgpu_types to nova_enabled_mdev_types.

[1] https://docs.openstack.org/nova/latest/configuration/config.html#devices.enabled_mdev_types

Change-Id: I7fcc6f6fbfd8e6e358036e72a82348b9cefe74ef
2021-11-03 13:49:25 +02:00
Zuul 07715e344a Merge "Remove nova console variables" 2021-04-19 10:51:07 +00:00
Zuul c2688515a8 Merge "Re-add nova_dhcp_domain variable" 2021-04-19 10:36:44 +00:00
Dmitriy Rabotyagov c6d4c6207f Use template URLs in Cell Mappings
In Rocky Nova has implemented templating in Cell Mappings [1]
That means that instead of hardcoding connection details in database,
we can just put a template there. Variables are parsed from nova.conf
and substituted on the service load. Thus we don't need to update cells
every time we change passoword and we can use different credentials
across nodes since they will be just taken from config files.

We also perform upgrade of the cells to the templates when cell exist.

Task `Map instances to new Cell1` is removed, since it's required to
map instances to cellv2 only during upgrade from cellsv1 to cellsv2
which is not the case nowadays or when migrating instances between
cells [2].

[1] https://docs.openstack.org/nova/latest/user/cells.html#template-urls-in-cell-mappings
[2] https://docs.openstack.org/nova/rocky/cli/nova-manage.html#nova-cells-v2
Change-Id: Ia6bef7b902c0fb99a529c592172226bb16ed0d9d
2021-04-15 13:57:49 +00:00
Dmitriy Rabotyagov fe8d651eaf Remove nova console variables
Bunch of variables that were related to nova consoles were missused or
unneded at all.
Here we deprecate and remove them, along with
fixing behaviour to disable spice agent functionality.

Change-Id: I28f6d733db689eab879ae5939d1236e7c0d5f521
Closes-Bug: #1923184
2021-04-13 19:48:40 +03:00
Dmitriy Rabotyagov ffd2823327 Re-add nova_dhcp_domain variable
It still makes sense to carry a variable for defining dns_domain
since deployers will be able to control them with single variable
for all services.

Closes-Bug: #1922703
Change-Id: I2be47100ce701e71dda2fe4e8ca58a7b6cad529c
2021-04-06 13:11:54 +00:00
Logan V 4f993fdd8e Simplify scheduler filter additions
Add 'nova_scheduler_extra_filters' to allow operators to enable
additional scheduler filters without overriding the entire list of
filters as in [0].

This also reduces the burden on ops to maintain the list of overridden
default schedulers because of things like [1].

[0] 3886dbc40d/openstack_deploy/user_variables.yml (L51-L69)
[1] https://review.openstack.org/#/c/596502/

Change-Id: I9ab6bcbef2b496df7f6ecf11a7d8f5f7891aeeca
2020-10-12 19:29:35 +00:00
Andreas Jaeger dd2f2406d9 Use newer openstackdocstheme and reno versions
The sync from https://review.opendev.org/733244 updated to
openstackdocstheme 2.2.1 and reno 3.1.0 versions.

Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.

openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.

See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html

Change-Id: I0cc73a4e714f8b533b5c1381124141c3d07d47d1
2020-06-03 20:02:19 +02:00
OpenStack Release Bot 48c46247c2 Update master for stable/ussuri
Add file to the reno documentation build to show release notes for
stable/ussuri.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.

Change-Id: Ifdf38a2a6c9d96d45fd8c2370e49977c4cfc8700
Sem-Ver: feature
2020-06-01 13:17:03 +00:00
Andreas Jaeger 292beedfce Update docstheme for style
New version of openstackdocstheme (Victoria+) respects pygments_style.
Since this repo is using now Victoria (master) requirements but has
not branched for Ussuri yet, it uses the new version.

Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.

Change-Id: Ie089410c6ef26c6beb38179730afe641503c0eb9
2020-05-20 18:50:25 +02:00
Dmitriy Rabotyagov 72e0a52d53 Replace git.openstack.org with opendev.org
This patch replaces git.openstack.org with opendev.org as redirection
from old path was enabled.
Also we change upper constraints url due to [1]

[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/006478.html

Change-Id: I4f6fc9144bee0cf49326cc9df8b0f972d8bd5064
2019-11-14 17:19:40 +02:00
OpenStack Release Bot 9fb1cf90dc Update master for stable/train
Add file to the reno documentation build to show release notes for
stable/train.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.

Change-Id: Iabe34d319135236424b7f0c84ffad483a42e7290
Sem-Ver: feature
2019-10-22 19:00:46 +00:00
Mohammed Naser 3d99b2bd80 cleanup: reduce configuration vars
This patch reduces the number of configuration defaults that we
ship with no functional changes for users that were not overriding
them.

Change-Id: Iec7e7b0ca13e2503344d23095c0f1c30b46bb702
2019-08-14 21:43:12 -04:00
Jonathan Rosser 9376fd253d Remove support for the nova-lxd driver
This driver has been retired [1] and tests are now failing becasue the
nova-lxd repo master branch is now empty.

[1] https://review.opendev.org/#/c/672283/

Change-Id: I9906ede54f6b41972a03bfa1d39ba5f99c6235ed
2019-08-10 15:28:47 -04:00
Zuul 35e35da176 Merge "Switch default console to novnc" 2019-07-13 00:27:05 +00:00
Mohammed Naser 3341ce834f powervm: drop support
The PowerVM driver has been untested for a few years as well
as broken due to using the wrong driver as well.  It's not possible
to test it within our infrastructure neither has there been any
contributions to improve/fix it.

This patch drops the support for it.

Change-Id: Iea84648c7ff65b5a4d8b97957fb92716578f714d
2019-05-31 18:37:37 -04:00
Logan V 5cf640051b Switch default console to novnc
Change-Id: I5db87e14e86dc4aada19b2933773b50b865445ff
2019-05-30 14:22:44 -05:00
Logan V 5bffb86bbb Remove nova placement API
Placement is now a separate service and has been removed from nova[1]
and implemented as a separate service in OSA[2]. As such, the nova
in-tree placement API is now disabled and can be removed.

[1] https://review.opendev.org/#/c/618215/
[2] https://review.opendev.org/#/c/656891/

Depends-On: I01df855d8b9255d24efe16ab053ffa491fda351f
Depends-On: I25ce79b9e3492cb075c50beed90ea2b78055e474
Change-Id: I2f5d4c2f1fc1418bc4f4c4baa1ce3c90b88208fc
2019-05-14 17:29:23 +00:00
OpenStack Release Bot 0207a4c356 Update master for stable/stein
Add file to the reno documentation build to show release notes for
stable/stein.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.

Change-Id: I28c14cda5acf5c396dcd257abbf62f6d7641cdb8
Sem-Ver: feature
2019-04-08 09:20:25 +00:00
Jonathan Rosser 14572c3153 Fix nova-lxd tests for bionic.
This patch adjusts the nova-lxd deployment so that it works correctly
with LXD3 and bionic.

* Update the zuul job and project config to switch from xenial to bionic.

* Change the variable lxd_storage_pool to always have a defined value
  in the role defaults. This variable represents the name of the LXD
  storage pool which is distinct from any names associated with underlying
  storage. LXD storage pools created with 'lxd init' are always called 'default'.

* Switch the role test storage backend from dir to ZFS. nova-lxd is
  currently not working for the dir backend as it expects the storage
  subsystem to support quotas.

* Due to limitiations in nova-lxd it is necessary to ensure that the
  LXD storage pool name and ZFS pool names are both set to 'default'.

Closes-Bug: #1800837
Change-Id: If1e48bb2e789e13f20435da19907b5adb7c1ef1f
2018-11-20 20:55:52 +00:00
Guilherme Steinmüller 72389a6c71 Add support to kvm nested virt
This patch aims to provide the ability for the user
to enable nested kvm virtualization in a kvm compute node
through nova_nested_virt_enabled variable, which its defaults is False.

Change-Id: I64417221fb3d74453d979b7198a0e916e7f4dd23
2018-11-06 15:44:54 +00:00
Florian Haas 58bad8e6b1 Expose the Libvirt cpu_model and cpu_model_extra_flags options
Being able to set cpu_mode to "custom" is nice but doesn't do us
much good if users then have to resort to nova_nova_conf_overrides
to set cpu_model and/or cpu_model_extra_flags.

Instead, honor nova_cpu_model and nova_cpu_model_extra_flags variable.
Also add a release note saying that for those users who did previously
set these flags via nova_nova_conf_overrides, they should move
those bits to the newly understood variables.

Change-Id: I889e70826c5c631b86305b512b86fba2b89521b4
2018-11-06 10:17:33 +01:00
Mohammed Naser 3ff434a1f3 Add support for NFS
This support allows deployers to easily use NFS and automatically
have mountpoints during deployment.

Change-Id: Ifb15cb7815487f047c0249f340a79c67971f5411
2018-10-20 16:45:40 +02:00
Francois Deppierraz 18bc36cd84 releasenotes: oslo-messaging-separate-backends add project name
Without this patch, the release notes published at
https://docs.openstack.org/releasenotes/openstack-ansible/rocky.html contains
the same line multiple times which is not very clear.

[...]
    Support separate oslo.messaging services for RPC and Notifications
    to enable operation of separate and different messaging backend servers.

    Support separate oslo.messaging services for RPC and Notifications
    to enable operation of separate and different messaging backend servers.
[...]

Change-Id: I0ed1a43670d97f2e2215d04c641f7bd4cfbe4f44
2018-10-15 16:50:48 +02:00
OpenStack Release Bot 4ca6c5a803 Update reno for stable/rocky
Change-Id: Ie9b132d2244778ecf2c7aa292ee4ffaa47c32686
2018-08-10 16:47:51 +00:00