Add support for isolated idmaps to mitaka.

If lxd has support for the id_map api extension (2.0.8, 2.6.8), and the flavor's extra specs have lxd_isolated=True, the instances that are initiated will be idmap isolated. Change-Id: Ibc64a3dd22559261885f617d75cb1a3f3e57cc01
2016-12-05 04:22:37 +00:00 · 2016-12-05 04:22:37 +00:00 · de65e00341
parent 0355e1c22b
commit de65e00341
4 changed files with 35 additions and 1 deletions
--- a/nova_lxd/nova/virt/lxd/config.py
+++ b/nova_lxd/nova/virt/lxd/config.py
@ -174,6 +174,16 @@ class LXDContainerConfig(object):
        if lxd_privileged_allowed:
            config['security.privileged'] = 'True'

+        lxd_isolated = flavor.extra_specs.get(
+            'lxd_isolated', False)
+        if lxd_isolated:
+            extensions = self.session.get_host_extensions()
+            if 'id_map' in extensions:
+                config['security.idmap.isolated'] = 'True'
+            else:
+                msg = _('Host does not support isolated instances')
+                raise exception.NovaException(msg)
+
        return config

    def configure_container_root(self, instance):
--- a/nova_lxd/nova/virt/lxd/session.py
+++ b/nova_lxd/nova/virt/lxd/session.py
@ -830,6 +830,10 @@ class LXDAPISession(object):
                                      'ex': ex}
            LOG.error(msg)

+    def get_host_extensions(self):
+        client = self.get_session()
+        return client.host_config().get('api_extensions', [])
+
    #
    # Migrate methods
    #
--- a/nova_lxd/tests/test_config.py
+++ b/nova_lxd/tests/test_config.py
@ -16,6 +16,7 @@
 import ddt
 import mock

+from nova import exception
 from nova import test
 from nova.tests.unit import fake_network

@ -132,3 +133,22 @@ class LXDTestContainerConfig(test.NoDBTestCase):
        config = self.config.config_instance_options({}, instance)
        self.assertEqual({'security.privileged': 'True',
                          'boot.autostart': 'True'}, config)
+
+    @mock.patch.object(session.LXDAPISession, 'get_host_extensions',
+                       mock.Mock(return_value=['id_map']))
+    def test_container_isolated(self):
+        instance = stubs._fake_instance()
+        instance.flavor.extra_specs = {'lxd_isolated': True}
+        config = self.config.config_instance_options({}, instance)
+        self.assertEqual({'security.idmap.isolated': 'True',
+                          'boot.autostart': 'True'}, config)
+
+    @mock.patch.object(session.LXDAPISession, 'get_host_extensions',
+                       mock.Mock(return_value=[]))
+    def test_container_isolated_unsupported(self):
+        instance = stubs._fake_instance()
+        instance.flavor.extra_specs = {'lxd_isolated': True}
+
+        self.assertRaises(
+            exception.NovaException,
+            self.config.config_instance_options, {}, instance)
--- a/setup.cfg
+++ b/setup.cfg
@ -3,7 +3,7 @@ name = nova-lxd
 summary = native lxd driver for openstack
 description-file =
    README.md
-version = 13.0.0b3
+version = 13.2.0
 author = OpenStack
 author-email = openstack-dev@lists.openstack.org
 home-page = http://www.openstack.org/