Allow Project admin to list allowed hypervisors¶
https://blueprints.launchpad.net/nova/+spec/allow-project-admin-list-hypervisors
Allow Project admin to get the allowed hypervisors info so that
they can create a server to specify the host in POST /servers
API.
Problem description¶
Project admin can currently create a server on a specific hypervisor (via host in the availability_zone field). However, project admin is not allowed to list the hypervisors On the other hand, only system admins or system readers can list hypervisors, but they cannot create a server on the project’s behalf because there is no way to pass the project_id in POST /servers API. This way, we make ‘POST /servers with specific host’ unusable unless the user gives extra token permission to the project admin or system users.
Use Cases¶
As a user (project admin currently and project manager in new RBAC), I should be able to create the server on specific host which is assigned in that project.
Proposed change¶
Below are the three proposed changes:
GET /os-hypervisors
APIAllow project admin to list
uuid
,state
, and,status
of the hypervisors they are assigned to. That will be retrieved from aggregate metadata info (filter_tenant_id
).If the requested project is in
filter_tenant_id
then that host info will be listed for project admin. If no project is listed infilter_tenant_id
then return an empty list. Only below hypervisors’ fields will be returned for project admin, and the rest of the fields will be returned with value as None.uuid
state
status
A new API policy will be introduced to switch the above behaviour to return the complete list of hypervisors info to allowed users.
No change in returning the hypervisors list for System scoped users.
POST /servers
APIPOST /servers
API will start accepting hypervisor uuid in request field to boot the server on that hypervisor. The existing fieldhypervisor_hostname
is used to pass the hypervisor name and we will not change that for existing use case. We will add a new fieldhypervisor_uuid
in request so that user can pass hypervisor uuid. The hypervisor uuid will be used to boot the server for for host with scheduler run case.Remove the legacy hack of passing the host and node in
availability_zone
request field. This will be removed for newer microversion only and keep it same for older microversion.This is legacy hack to force the server boot on requested host and node. This one - https://github.com/openstack/nova/blob/e28afc564700a1a35e3bf0269687d5734251b88a/nova/compute/api.py#L555-L561 Removing this legacy hack will standaradize the ‘server boot on requested host’ request.
Alternatives¶
System users knowing the hypervisor info can switch to the project admin token and boot server on specific host.
Data model impact¶
None.
REST API impact¶
This change will be done with a microversion bump.
Below are the two APIs that will be changed:
GET /os-hypervisors
Allow policy ‘os_compute_api:os-hypervisors:list’ to project admin also (scope to system and project).
Check if the requester is system user or project admin (via request context’s system_scope). For system users no change in API from what we have currently. For project admin, return
uuid
,state
, andstatus
of those hosts which are assigned to that project, and the rest of the fields will be returned with value as None.{ "hypervisors": [ { "hypervisor_hostname": None, "id": "1bb62a04-c576-402c-8147-9e89757a09e3", "state": "up", "status": "enabled" } ], "hypervisors_links": None }
POST /servers
POST /servers
API will start accepting hypervisor uuid in request field to boot the server on that hypervisor. We will add a new fieldhypervisor_uuid
in create server request so that user can pass uuid. The hypervisor uuid will be used to boot the server for host with scheduler run case.Remove the legacy hack of passing the host and node in
availability_zone
request field. For older microversions, it will keep working as it is working currently. With this new microversion, only a valid AZ will be accepted inavailability_zone
field otherwise 404. Basically removing this legacy hack - https://github.com/openstack/nova/blob/e28afc564700a1a35e3bf0269687d5734251b88a/nova/compute/api.py#L555-L561
Security impact¶
None. Already assigned host uuid name will be listed to project admin also.
Notifications impact¶
None.
Other end user impact¶
The nova api-ref will updated to reflect the changes.
Performance Impact¶
None.
Other deployer impact¶
None.
Developer impact¶
None.
Upgrade impact¶
Upgrade notes will be added for the new workflow of boot server on specific host.
Implementation¶
Assignee(s)¶
- Primary assignee:
gmann
- Other contributors:
None
Feature Liaison¶
- Feature liaison:
None
Work Items¶
API changes with microversion
Testing for the changes.
Dependencies¶
None.
Testing¶
Unit or functional testing for API change.
Tempest test to boot server with hypervisor uuid.
Documentation Impact¶
The api-ref will be updated to reflect the changes.
References¶
History¶
Release Name |
Description |
---|---|
Yoga |
Introduced |