Reviewed: https://review.opendev.org/c/openstack/nova/+/811396 Committed: https://opendev.org/openstack/nova/commit/49b481ec98087351ce1366d3afb9f4a79cd16ae3 Submitter: "Zuul (22348)" Branch: master
commit 49b481ec98087351ce1366d3afb9f4a79cd16ae3 Author: Balazs Gibizer <[email protected]> Date: Tue Sep 28 12:53:08 2021 +0200 Query ports with admin client to get resource_request The port.resource_request field is admin only. Nova depends on the value of this field to do a proper scheduling and resource allocation and deallocation for ports with resource request as well as to update the port.binding:profile.allocation field with the resource providers the requested resources are fulfilled from. However in some cases nova does not use a neutron admin client / elevated context to read the port. In this case neutron returns None for the port.resource_request field and nova thinks that the port has no resource request. This patch fixes all three places where previous testing showed that context elevation was missing. Change-Id: Icb35e20179572fb713a397b4605312cf3294b41b Closes-Bug: #1945310 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1945310 Title: Live migration and interface detach with non admin user is broken for Servers with port having resource request Status in OpenStack Compute (nova): Fix Released Bug description: The port.resource_request field is admin only. Nova depends on the value of this field to do a proper scheduling and resource allocation / deallocation for such ports as well as to update the port.binding:profile.allocation field with the resource providers the requested resources are fulfilled from. However in some cases[1][2][3] nova does not use a neutron admin client / elevated context to read the port. In this case neutron returns None for the port.resource_request field and nova thinks that the port has no resource request. This leads to the following bad behavior if the operation is called by a non admin user: * in case of live migration the resource allocation is correct but the port.binding:profile.allocation values still point to the resource providers on the old compute. This could leads to port binding failure * in case of interface detach operation the port is detached successfully but the resource allocation for the port is leaked in placement until the whole server is deleted. * in case of interface attach in a system where old (pre Xena) computes are present the interface attach is accepted even if the old compute cannot handle the attach of such port properly. I will push a set of reproduction tests soon. [1] https://github.com/openstack/nova/blob/e07bb310b674fb471a92edf3258e564f05534595/nova/network/neutron.py#L1049 [2] https://github.com/openstack/nova/blob/e07bb310b674fb471a92edf3258e564f05534595/nova/network/neutron.py#L1727 [3] https://github.com/openstack/nova/blob/e07bb310b674fb471a92edf3258e564f05534595/nova/compute/api.py#L5144 To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1945310/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
