)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"9747c5654aa78c5ce7778076aa46dd8113a94b7a","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Use admin_client to allocate port for instance"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"On the neutron side, port creation will change to authorize admin only"},{"line_number":10,"context_line":"with the parameter device_id. So now it\u0027s required to use admin_client"},{"line_number":11,"context_line":"to create the port."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"2924940c_8c87bd60","line":9,"range":{"start_line":9,"start_character":21,"end_line":9,"end_character":47},"updated":"2023-03-13 08:54:09.000000000","message":"which Neutron change will change that ?","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"52941763b974fb138c971d07dd7c97433717ccc9","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Use admin_client to allocate port for instance"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"On the neutron side, port creation will change to authorize admin only"},{"line_number":10,"context_line":"with the parameter device_id. So now it\u0027s required to use admin_client"},{"line_number":11,"context_line":"to create the port."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"42457f98_122b5a9d","line":9,"range":{"start_line":9,"start_character":21,"end_line":9,"end_character":47},"in_reply_to":"0c864fd4_3e53f70b","updated":"2023-03-15 08:53:12.000000000","message":"Ack","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"61bfe483c7cdd7da49c6a756c5b9d718f5cd2a0c","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Use admin_client to allocate port for instance"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"On the neutron side, port creation will change to authorize admin only"},{"line_number":10,"context_line":"with the parameter device_id. So now it\u0027s required to use admin_client"},{"line_number":11,"context_line":"to create the port."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"0c864fd4_3e53f70b","line":9,"range":{"start_line":9,"start_character":21,"end_line":9,"end_character":47},"in_reply_to":"2924940c_8c87bd60","updated":"2023-03-13 13:02:24.000000000","message":"https://review.opendev.org/c/openstack/neutron/+/861169","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"9747c5654aa78c5ce7778076aa46dd8113a94b7a","unresolved":true,"context_lines":[{"line_number":10,"context_line":"with the parameter device_id. So now it\u0027s required to use admin_client"},{"line_number":11,"context_line":"to create the port."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"bug #1986969"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Change-Id: Iff49bb250924fea4d31edc16877947c03a295939"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"a94ab4ef_c73144e2","line":13,"updated":"2023-03-13 08:54:09.000000000","message":"looks to me not a bug report IMHO, rather a feature...","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"61bfe483c7cdd7da49c6a756c5b9d718f5cd2a0c","unresolved":true,"context_lines":[{"line_number":10,"context_line":"with the parameter device_id. So now it\u0027s required to use admin_client"},{"line_number":11,"context_line":"to create the port."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"bug #1986969"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Change-Id: Iff49bb250924fea4d31edc16877947c03a295939"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"b6628f1e_21a818d2","line":13,"in_reply_to":"a94ab4ef_c73144e2","updated":"2023-03-13 13:02:24.000000000","message":"The bug is open on neutron side. The issue is port creation with device_id don\u0027t generate port attach on nova side.\nhttps://bugs.launchpad.net/neutron/+bug/1986969","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"52941763b974fb138c971d07dd7c97433717ccc9","unresolved":false,"context_lines":[{"line_number":10,"context_line":"with the parameter device_id. So now it\u0027s required to use admin_client"},{"line_number":11,"context_line":"to create the port."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"bug #1986969"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Change-Id: Iff49bb250924fea4d31edc16877947c03a295939"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"a78ddd51_3889d4de","line":13,"in_reply_to":"b6628f1e_21a818d2","updated":"2023-03-15 08:53:12.000000000","message":"Ack","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d8f378a05153bab2435f3f5c72a1f6c01a01f27b","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Remove port creation with device_id"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"On the neutron side, port creation will change to authorize admin only"},{"line_number":10,"context_line":"or service role with the parameter device_id. So now port creation do"},{"line_number":11,"context_line":"without device_id and this parameter is updated during port binding with"},{"line_number":12,"context_line":"admin_client already need during this step."},{"line_number":13,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"ce389109_d830990f","line":10,"range":{"start_line":9,"start_character":0,"end_line":10,"end_character":45},"updated":"2025-03-12 16:31:43.000000000","message":"so that not an accurate characterisation of what is changing\n\nport createion will continue to be an operation someone with the member role can do\n\nwhat is changing is the device_id field will be changing to be service only\n\ndevice_id is used to track the attachment fo a port to a consume (whihch is encoded in device_owner)\n\nin the case of nova/comptue the consumer of a port is a vm\nso device_id  tracks what vm a port is attached too.\n\nthe current api policy allows normal user to make the neutron and nova db be out of sync as they can clear the device_id on a port which will imporperly detach the prot form a vm\n\nif they do it the other way aroudn \"set the device id to that of a vm\" it does not attach the port to the vm.\n\nseting the device_id should only be done by nova/zun/ironic and shoudl never have been allowed by a normal user with the member role so the policy change was intended to close that gap.\n\nwe need ot make that change in nova before the change can happen in neutron.","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"},{"author":{"_account_id":8313,"name":"Lajos Katona","display_name":"lajoskatona","email":"katonalala@gmail.com","username":"elajkat","status":"Ericsson Software Technology"},"change_message_id":"f7d489439d143ad092928d05030d70fc69eb5cb3","unresolved":true,"context_lines":[{"line_number":9,"context_line":"On the neutron side, port creation will change to authorize admin only"},{"line_number":10,"context_line":"or service role with the parameter device_id. So now port creation do"},{"line_number":11,"context_line":"without device_id and this parameter is updated during port binding with"},{"line_number":12,"context_line":"admin_client already need during this step."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"bug #1986969"},{"line_number":15,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"b6554f4b_5e17f95a","line":12,"updated":"2025-04-01 08:43:01.000000000","message":"I Agree with Sean, please clean this text, perhaps the last sentence should be (warning: I am not native speaker)\n\"So from now port creation will be done without the device_id and this field will be updated during port update when the port is binded. For this update operation admin or service client is necessary.\"\nI am not sure that I summarized well, but please consider.\nI think a release-note is also necessary in this case as this is really a user facing change.","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"},{"author":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"change_message_id":"55a16f5475f7b51edcdbd993850ca4d59bc8ae22","unresolved":true,"context_lines":[{"line_number":9,"context_line":"On the neutron side, port creation will change to authorize admin only"},{"line_number":10,"context_line":"or service role with the parameter device_id. So now port creation do"},{"line_number":11,"context_line":"without device_id and this parameter is updated during port binding with"},{"line_number":12,"context_line":"admin_client already need during this step."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"bug #1986969"},{"line_number":15,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":3,"id":"b9c4366b_45bb0e46","line":12,"in_reply_to":"b6554f4b_5e17f95a","updated":"2025-04-03 12:56:06.000000000","message":"I think the commit message is quite clear.\n\nBut perhaps a release note is warranted here, but not sure what to write there, any suggestions? this is simply remove populating device_id when Nova creates a port using the users token so there is nothing additive here.","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"38f411501aad8c6340ad1ece17b7f806b353679e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"68fa9614_9a76c2d3","updated":"2023-01-16 23:44:33.000000000","message":"-1 for now\n\nthis would work but it might be better to create the ports with the normal client then then bind them with the admin client instead.\n\nthat would more closely emulate what real endusers would do.\n\nthey would create it with an unpriveladge client and nova would bind it with the admin client.\n\n\n-1 is to get input from others.","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"f86dff7a05fc23801390edc5bea6cd8b8978a1e4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"f3b3f004_f634eb5b","in_reply_to":"68fa9614_9a76c2d3","updated":"2023-01-30 09:26:43.000000000","message":"in this port creation, we have device_id in the parameter so with my change in neutron it\u0027s not possible anymore without an admin client.","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"change_message_id":"b6ea68020b3939f80dd4ca5409c58638f3e78762","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"ce3ca8ca_56c96f5d","updated":"2025-04-11 09:23:42.000000000","message":"In Neutron PTO we agreed to just add service role to the existing policy and not remove anything from the policy, so I no longer endorse this change due to that even though I think the change makes sense either way.","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"},{"author":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"change_message_id":"a8722f9face7f9bb402f00d23c6c5eed0f8bdf0b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"492f99c6_5dd99752","updated":"2025-04-11 14:28:24.000000000","message":"https://review.opendev.org/c/openstack/neutron/+/947003/1","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"},{"author":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"change_message_id":"a46dd01c77d9f73dc1d238bfd7f04b0f4a0c3ba4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"cf52cbf3_ca975d2c","updated":"2025-03-12 14:37:57.000000000","message":"this field is used for lifecycle operations and thus new instance would probably be broken\n\ni\u0027m also testing around trying to get nova working without `admin` role as also hit this issue where neutron disallows the usage of device_id field – so something needs to be done","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"},{"author":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"change_message_id":"877b8c0d6049c144732e6da07debe12457515bda","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"d17f7186_20949882","in_reply_to":"81d0fc69_b4020196","updated":"2025-03-13 07:55:50.000000000","message":"I apologize I was probably missing enough context here. May I ask why you are carrying this patch downstream? I assume you\u0027ve been rolling out more of the Secure RBAC goal in your downstream than what is available upstream?\n\nI was under the impression that [1] was the correct resolution to this issue, I\u0027ve been experimenting with using the service role (dropping admin role entirely) for service users and found that [1] was required, or this patch here, but this patch was in a way more scary than just correcting the policy for device_id (even though that was also done in another context to protect the device_id field from cloud users). I then basically halted when I found Nova isn\u0027t supporting the service role to the same extent [2] that for example Neutron already does.\n\nIf this patch is correct, we should probably get it green and merged then, no?\n\n[1] https://review.opendev.org/c/openstack/neutron/+/861169\n[2] https://review.opendev.org/q/topic:%22bp/policy-service-and-manager-role-default%22","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"},{"author":{"_account_id":11583,"name":"Arnaud Morin","email":"arnaud.morin@gmail.com","username":"arnaudmorin"},"change_message_id":"1c779a7ba86d1fdad7cf3274f3d7f05a3151c220","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"81d0fc69_b4020196","in_reply_to":"8dbb792d_3992082f","updated":"2025-03-12 19:56:06.000000000","message":"exactly.\n\nTobias, can you expend why new instance would probably be broken?\nIIRC we run this code downstream and this works","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"},{"author":{"_account_id":16137,"name":"Tobias Urdin","email":"tobias.urdin@binero.com","username":"tobasco"},"change_message_id":"29e094d344ce87d69386583f0945d4c15e089e87","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"907cf893_5840814e","in_reply_to":"ce3ca8ca_56c96f5d","updated":"2025-04-11 09:24:10.000000000","message":"s/PTO/PTG/g","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"d8f378a05153bab2435f3f5c72a1f6c01a01f27b","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"8dbb792d_3992082f","in_reply_to":"cf52cbf3_ca975d2c","updated":"2025-03-12 16:31:43.000000000","message":"i have lost context on this patch but if i recall\n\nsetting the device id should only happen when attachign the port to the instnace.\n\ncurrenntly i belive we do both operation sin one api call using the user token\n\ni have not looked at this in a long time but the intent awas to split the operation in two api calls. the first to create the port with the users token and then the attachment of the port to the vm woudl be done with the nova admin clinet  as that will result in a token with both the admin and service roles.\n\neventually the nova user will not have the admin role so the \"admin\" client would only use the service role.\n\n\nso if i recall the port will be create without a device owner and then attached to the instance when its bound by setting both the device_id and binding:host.","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"},{"author":{"_account_id":11583,"name":"Arnaud Morin","email":"arnaud.morin@gmail.com","username":"arnaudmorin"},"change_message_id":"a891242f7567f8181c3644787ba1f2ba9d8c4424","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"fa01f928_9b523657","in_reply_to":"d17f7186_20949882","updated":"2025-03-17 08:29:06.000000000","message":"To be honest, the patch we are running downstream is the patchset 1.\nWe are also running the 861169 change from neutron.\n\nI think you might be right, if nova is having the service role, then everything may work fine without that patch.\n\nThe best would be to double check that against a vanilla openstack installation.\nI wish I will find time to check that in a near future 😊","commit_id":"146c629afccb553af8c0e07c48ac0e7b5109fab4"}],"nova/network/neutron.py":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"9c40ce31e54648def429df5290035112faefd6a7","unresolved":true,"context_lines":[{"line_number":503,"context_line":"        :raises NetworksWithQoSPolicyNotSupported: if the created port has"},{"line_number":504,"context_line":"                resource request."},{"line_number":505,"context_line":"        \"\"\""},{"line_number":506,"context_line":"        # Set the device_id so it\u0027s clear who this port was created for,"},{"line_number":507,"context_line":"        # and to stop other instances trying to use it"},{"line_number":508,"context_line":"        port_req_body \u003d {\u0027port\u0027: {\u0027device_id\u0027: instance.uuid}}"},{"line_number":509,"context_line":"        try:"},{"line_number":510,"context_line":"            if fixed_ip:"},{"line_number":511,"context_line":"                port_req_body[\u0027port\u0027][\u0027fixed_ips\u0027] \u003d ["}],"source_content_type":"text/x-python","patch_set":1,"id":"da47f7b7_32c0e884","line":508,"range":{"start_line":506,"start_character":6,"end_line":508,"end_character":62},"updated":"2023-06-09 16:58:26.000000000","message":"setting the device id is what will need admin/service role in the future\nthat is part of attachign a prot to a vm not part of creating a port so this shoudl really be done spereatly perhaps when the port is bound.\n\nthis is the only thing that shoudl be doen with the admin client.","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"ffd9a681a9b22b759ad6b125c88064720147b862","unresolved":false,"context_lines":[{"line_number":503,"context_line":"        :raises NetworksWithQoSPolicyNotSupported: if the created port has"},{"line_number":504,"context_line":"                resource request."},{"line_number":505,"context_line":"        \"\"\""},{"line_number":506,"context_line":"        # Set the device_id so it\u0027s clear who this port was created for,"},{"line_number":507,"context_line":"        # and to stop other instances trying to use it"},{"line_number":508,"context_line":"        port_req_body \u003d {\u0027port\u0027: {\u0027device_id\u0027: instance.uuid}}"},{"line_number":509,"context_line":"        try:"},{"line_number":510,"context_line":"            if fixed_ip:"},{"line_number":511,"context_line":"                port_req_body[\u0027port\u0027][\u0027fixed_ips\u0027] \u003d ["}],"source_content_type":"text/x-python","patch_set":1,"id":"80deec41_d8969a0f","line":508,"range":{"start_line":506,"start_character":6,"end_line":508,"end_character":62},"in_reply_to":"da47f7b7_32c0e884","updated":"2023-06-28 09:21:00.000000000","message":"good idea, I have removed this parameter during port creation and it\u0027s updated during the binding of the port.","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"9c40ce31e54648def429df5290035112faefd6a7","unresolved":true,"context_lines":[{"line_number":507,"context_line":"        # and to stop other instances trying to use it"},{"line_number":508,"context_line":"        port_req_body \u003d {\u0027port\u0027: {\u0027device_id\u0027: instance.uuid}}"},{"line_number":509,"context_line":"        try:"},{"line_number":510,"context_line":"            if fixed_ip:"},{"line_number":511,"context_line":"                port_req_body[\u0027port\u0027][\u0027fixed_ips\u0027] \u003d ["},{"line_number":512,"context_line":"                    {\u0027ip_address\u0027: str(fixed_ip)}]"},{"line_number":513,"context_line":"            port_req_body[\u0027port\u0027][\u0027network_id\u0027] \u003d network_id"},{"line_number":514,"context_line":"            port_req_body[\u0027port\u0027][\u0027admin_state_up\u0027] \u003d True"},{"line_number":515,"context_line":"            port_req_body[\u0027port\u0027][\u0027tenant_id\u0027] \u003d instance.project_id"},{"line_number":516,"context_line":"            if security_group_ids:"},{"line_number":517,"context_line":"                port_req_body[\u0027port\u0027][\u0027security_groups\u0027] \u003d security_group_ids"},{"line_number":518,"context_line":""},{"line_number":519,"context_line":"            port_response \u003d port_client.create_port(port_req_body)"},{"line_number":520,"context_line":""},{"line_number":521,"context_line":"            port \u003d port_response[\u0027port\u0027]"},{"line_number":522,"context_line":"            port_id \u003d port[\u0027id\u0027]"},{"line_number":523,"context_line":""},{"line_number":524,"context_line":"            # NOTE(gibi): Checking if the created port has resource request as"},{"line_number":525,"context_line":"            # such ports are currently not supported as they would at least"},{"line_number":526,"context_line":"            # need resource allocation manipulation in placement but might also"},{"line_number":527,"context_line":"            # need a new scheduling if resource on this host is not available."},{"line_number":528,"context_line":"            if self._has_resource_request(context, port, port_client):"},{"line_number":529,"context_line":"                msg \u003d ("},{"line_number":530,"context_line":"                    \"The auto-created port %(port_id)s is being deleted due \""},{"line_number":531,"context_line":"                    \"to its network having QoS policy.\")"},{"line_number":532,"context_line":"                LOG.info(msg, {\u0027port_id\u0027: port_id})"},{"line_number":533,"context_line":"                self._cleanup_created_port(port_client, port_id, instance)"},{"line_number":534,"context_line":"                # NOTE(gibi): This limitation regarding server create can be"},{"line_number":535,"context_line":"                # removed when the port creation is moved to the conductor. But"},{"line_number":536,"context_line":"                # this code also limits attaching a network that has QoS"},{"line_number":537,"context_line":"                # minimum bandwidth rule."},{"line_number":538,"context_line":"                raise exception.NetworksWithQoSPolicyNotSupported("},{"line_number":539,"context_line":"                    instance_uuid\u003dinstance.uuid, network_id\u003dnetwork_id)"},{"line_number":540,"context_line":"            try:"},{"line_number":541,"context_line":"                _ensure_no_port_binding_failure(port)"},{"line_number":542,"context_line":"            except exception.PortBindingFailed:"},{"line_number":543,"context_line":"                with excutils.save_and_reraise_exception():"},{"line_number":544,"context_line":"                    port_client.delete_port(port_id)"},{"line_number":545,"context_line":""},{"line_number":546,"context_line":"            LOG.debug(\u0027Successfully created port: %s\u0027, port_id,"},{"line_number":547,"context_line":"                      instance\u003dinstance)"}],"source_content_type":"text/x-python","patch_set":1,"id":"2bd2e6a0_88e969b3","line":544,"range":{"start_line":510,"start_character":10,"end_line":544,"end_character":52},"updated":"2023-06-09 16:58:26.000000000","message":"i should also point out that at no point is the port binding host set so this port is not bound here yet. \n\nso at this poitn the vnic type is not decied and we have not boudn the port to a given host so we will neeed at least one more request to neutron per port anyway.\n\nwe shoudl either move the port bidnign here or move the port attafchment later to when we are doing the binding. i woudl prefer to move the attachment to the bidning phase be either would be more correct.","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"ffd9a681a9b22b759ad6b125c88064720147b862","unresolved":false,"context_lines":[{"line_number":507,"context_line":"        # and to stop other instances trying to use it"},{"line_number":508,"context_line":"        port_req_body \u003d {\u0027port\u0027: {\u0027device_id\u0027: instance.uuid}}"},{"line_number":509,"context_line":"        try:"},{"line_number":510,"context_line":"            if fixed_ip:"},{"line_number":511,"context_line":"                port_req_body[\u0027port\u0027][\u0027fixed_ips\u0027] \u003d ["},{"line_number":512,"context_line":"                    {\u0027ip_address\u0027: str(fixed_ip)}]"},{"line_number":513,"context_line":"            port_req_body[\u0027port\u0027][\u0027network_id\u0027] \u003d network_id"},{"line_number":514,"context_line":"            port_req_body[\u0027port\u0027][\u0027admin_state_up\u0027] \u003d True"},{"line_number":515,"context_line":"            port_req_body[\u0027port\u0027][\u0027tenant_id\u0027] \u003d instance.project_id"},{"line_number":516,"context_line":"            if security_group_ids:"},{"line_number":517,"context_line":"                port_req_body[\u0027port\u0027][\u0027security_groups\u0027] \u003d security_group_ids"},{"line_number":518,"context_line":""},{"line_number":519,"context_line":"            port_response \u003d port_client.create_port(port_req_body)"},{"line_number":520,"context_line":""},{"line_number":521,"context_line":"            port \u003d port_response[\u0027port\u0027]"},{"line_number":522,"context_line":"            port_id \u003d port[\u0027id\u0027]"},{"line_number":523,"context_line":""},{"line_number":524,"context_line":"            # NOTE(gibi): Checking if the created port has resource request as"},{"line_number":525,"context_line":"            # such ports are currently not supported as they would at least"},{"line_number":526,"context_line":"            # need resource allocation manipulation in placement but might also"},{"line_number":527,"context_line":"            # need a new scheduling if resource on this host is not available."},{"line_number":528,"context_line":"            if self._has_resource_request(context, port, port_client):"},{"line_number":529,"context_line":"                msg \u003d ("},{"line_number":530,"context_line":"                    \"The auto-created port %(port_id)s is being deleted due \""},{"line_number":531,"context_line":"                    \"to its network having QoS policy.\")"},{"line_number":532,"context_line":"                LOG.info(msg, {\u0027port_id\u0027: port_id})"},{"line_number":533,"context_line":"                self._cleanup_created_port(port_client, port_id, instance)"},{"line_number":534,"context_line":"                # NOTE(gibi): This limitation regarding server create can be"},{"line_number":535,"context_line":"                # removed when the port creation is moved to the conductor. But"},{"line_number":536,"context_line":"                # this code also limits attaching a network that has QoS"},{"line_number":537,"context_line":"                # minimum bandwidth rule."},{"line_number":538,"context_line":"                raise exception.NetworksWithQoSPolicyNotSupported("},{"line_number":539,"context_line":"                    instance_uuid\u003dinstance.uuid, network_id\u003dnetwork_id)"},{"line_number":540,"context_line":"            try:"},{"line_number":541,"context_line":"                _ensure_no_port_binding_failure(port)"},{"line_number":542,"context_line":"            except exception.PortBindingFailed:"},{"line_number":543,"context_line":"                with excutils.save_and_reraise_exception():"},{"line_number":544,"context_line":"                    port_client.delete_port(port_id)"},{"line_number":545,"context_line":""},{"line_number":546,"context_line":"            LOG.debug(\u0027Successfully created port: %s\u0027, port_id,"},{"line_number":547,"context_line":"                      instance\u003dinstance)"}],"source_content_type":"text/x-python","patch_set":1,"id":"f49c585f_123a100d","line":544,"range":{"start_line":510,"start_character":10,"end_line":544,"end_character":52},"in_reply_to":"2bd2e6a0_88e969b3","updated":"2023-06-28 09:21:00.000000000","message":"Ack","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"9747c5654aa78c5ce7778076aa46dd8113a94b7a","unresolved":true,"context_lines":[{"line_number":1203,"context_line":"        # updated later in _update_ports_for_instance to be bound to the"},{"line_number":1204,"context_line":"        # instance and compute host."},{"line_number":1205,"context_line":"        requests_and_created_ports \u003d self._create_ports_for_instance("},{"line_number":1206,"context_line":"            context, instance, ordered_networks, nets, admin_client,"},{"line_number":1207,"context_line":"            security_group_ids)"},{"line_number":1208,"context_line":""},{"line_number":1209,"context_line":"        #"}],"source_content_type":"text/x-python","patch_set":1,"id":"e846d412_4c330ab0","line":1206,"updated":"2023-03-13 08:54:09.000000000","message":"I\u0027m afraid this would set the user for the ports to be the admin, nope ?","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"ffd9a681a9b22b759ad6b125c88064720147b862","unresolved":false,"context_lines":[{"line_number":1203,"context_line":"        # updated later in _update_ports_for_instance to be bound to the"},{"line_number":1204,"context_line":"        # instance and compute host."},{"line_number":1205,"context_line":"        requests_and_created_ports \u003d self._create_ports_for_instance("},{"line_number":1206,"context_line":"            context, instance, ordered_networks, nets, admin_client,"},{"line_number":1207,"context_line":"            security_group_ids)"},{"line_number":1208,"context_line":""},{"line_number":1209,"context_line":"        #"}],"source_content_type":"text/x-python","patch_set":1,"id":"75ddde52_b65553ab","line":1206,"in_reply_to":"211c98b4_f006fa24","updated":"2023-06-28 09:21:00.000000000","message":"I have follow your recommendation. Thx for your help.","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"9c40ce31e54648def429df5290035112faefd6a7","unresolved":true,"context_lines":[{"line_number":1203,"context_line":"        # updated later in _update_ports_for_instance to be bound to the"},{"line_number":1204,"context_line":"        # instance and compute host."},{"line_number":1205,"context_line":"        requests_and_created_ports \u003d self._create_ports_for_instance("},{"line_number":1206,"context_line":"            context, instance, ordered_networks, nets, admin_client,"},{"line_number":1207,"context_line":"            security_group_ids)"},{"line_number":1208,"context_line":""},{"line_number":1209,"context_line":"        #"}],"source_content_type":"text/x-python","patch_set":1,"id":"211c98b4_f006fa24","line":1206,"in_reply_to":"47361b02_5f406466","updated":"2023-06-09 16:58:26.000000000","message":"port creation should not be using the admin client.\n\nits port binding that will require this and even then we should perfer the service role over usign admin.","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"52941763b974fb138c971d07dd7c97433717ccc9","unresolved":false,"context_lines":[{"line_number":1203,"context_line":"        # updated later in _update_ports_for_instance to be bound to the"},{"line_number":1204,"context_line":"        # instance and compute host."},{"line_number":1205,"context_line":"        requests_and_created_ports \u003d self._create_ports_for_instance("},{"line_number":1206,"context_line":"            context, instance, ordered_networks, nets, admin_client,"},{"line_number":1207,"context_line":"            security_group_ids)"},{"line_number":1208,"context_line":""},{"line_number":1209,"context_line":"        #"}],"source_content_type":"text/x-python","patch_set":1,"id":"8d4237d3_72e36715","line":1206,"in_reply_to":"7cd4abb6_704390b8","updated":"2023-03-15 08:53:12.000000000","message":"Ack","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"b4f605ca2a51e13f345706b6bc01dfe3b46a550a","unresolved":false,"context_lines":[{"line_number":1203,"context_line":"        # updated later in _update_ports_for_instance to be bound to the"},{"line_number":1204,"context_line":"        # instance and compute host."},{"line_number":1205,"context_line":"        requests_and_created_ports \u003d self._create_ports_for_instance("},{"line_number":1206,"context_line":"            context, instance, ordered_networks, nets, admin_client,"},{"line_number":1207,"context_line":"            security_group_ids)"},{"line_number":1208,"context_line":""},{"line_number":1209,"context_line":"        #"}],"source_content_type":"text/x-python","patch_set":1,"id":"47361b02_5f406466","line":1206,"in_reply_to":"8d4237d3_72e36715","updated":"2023-06-09 08:53:31.000000000","message":"we do the same with an update port. \n\nhttps://opendev.org/openstack/nova/src/commit/308633f93aef5823ba0e03cb5284ed8f647af7e8/nova/network/neutron.py#L1167\n    # We always need admin_client to build nw_info,\n    # we sometimes need it when updating ports\n    admin_client \u003d get_client(context, admin\u003dTrue)","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"61bfe483c7cdd7da49c6a756c5b9d718f5cd2a0c","unresolved":true,"context_lines":[{"line_number":1203,"context_line":"        # updated later in _update_ports_for_instance to be bound to the"},{"line_number":1204,"context_line":"        # instance and compute host."},{"line_number":1205,"context_line":"        requests_and_created_ports \u003d self._create_ports_for_instance("},{"line_number":1206,"context_line":"            context, instance, ordered_networks, nets, admin_client,"},{"line_number":1207,"context_line":"            security_group_ids)"},{"line_number":1208,"context_line":""},{"line_number":1209,"context_line":"        #"}],"source_content_type":"text/x-python","patch_set":1,"id":"7cd4abb6_704390b8","line":1206,"in_reply_to":"e846d412_4c330ab0","updated":"2023-03-13 13:02:24.000000000","message":"No, admin_client is come from allocate_for_instance and it contain context + admin\u003dTrue\nhttps://opendev.org/openstack/nova/src/branch/master/nova/network/neutron.py#L1152","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"9c40ce31e54648def429df5290035112faefd6a7","unresolved":true,"context_lines":[{"line_number":1290,"context_line":""},{"line_number":1291,"context_line":"            nets_in_requested_order.append(network)"},{"line_number":1292,"context_line":""},{"line_number":1293,"context_line":"            zone \u003d \u0027compute:%s\u0027 % instance.availability_zone"},{"line_number":1294,"context_line":"            port_req_body \u003d {\u0027port\u0027: {\u0027device_id\u0027: instance.uuid,"},{"line_number":1295,"context_line":"                                      \u0027device_owner\u0027: zone}}"},{"line_number":1296,"context_line":"            if (requested_ports_dict and"},{"line_number":1297,"context_line":"                request.port_id in requested_ports_dict and"},{"line_number":1298,"context_line":"                get_binding_profile(requested_ports_dict[request.port_id])):"},{"line_number":1299,"context_line":"                port_req_body[\u0027port\u0027][constants.BINDING_PROFILE] \u003d \\"},{"line_number":1300,"context_line":"                    get_binding_profile(requested_ports_dict[request.port_id])"},{"line_number":1301,"context_line":"            try:"},{"line_number":1302,"context_line":"                port_arq \u003d None"},{"line_number":1303,"context_line":"                if network_arqs:"},{"line_number":1304,"context_line":"                    port_arq \u003d network_arqs.get(request.arq_uuid, None)"},{"line_number":1305,"context_line":"                self._populate_neutron_extension_values("},{"line_number":1306,"context_line":"                    context, instance, request.pci_request_id, port_req_body,"},{"line_number":1307,"context_line":"                    network\u003dnetwork, neutron\u003dneutron,"},{"line_number":1308,"context_line":"                    bind_host_id\u003dbind_host_id,"},{"line_number":1309,"context_line":"                    port_arq\u003dport_arq)"},{"line_number":1310,"context_line":"                # NOTE(gibi): Remove this once we are sure that the fix for"},{"line_number":1311,"context_line":"                # bug 1942329 is always present in the deployed neutron. The"},{"line_number":1312,"context_line":"                # _populate_neutron_extension_values() call above already"}],"source_content_type":"text/x-python","patch_set":1,"id":"78cd5fe3_86699741","line":1309,"range":{"start_line":1293,"start_character":2,"end_line":1309,"end_character":38},"updated":"2023-06-09 16:58:26.000000000","message":"the port are already updtead with the device id owner and binding host here","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"},{"author":{"_account_id":33607,"name":"Pierre Libeau","email":"pierre.libeau@ovhcloud.com","username":"plibeau"},"change_message_id":"ffd9a681a9b22b759ad6b125c88064720147b862","unresolved":false,"context_lines":[{"line_number":1290,"context_line":""},{"line_number":1291,"context_line":"            nets_in_requested_order.append(network)"},{"line_number":1292,"context_line":""},{"line_number":1293,"context_line":"            zone \u003d \u0027compute:%s\u0027 % instance.availability_zone"},{"line_number":1294,"context_line":"            port_req_body \u003d {\u0027port\u0027: {\u0027device_id\u0027: instance.uuid,"},{"line_number":1295,"context_line":"                                      \u0027device_owner\u0027: zone}}"},{"line_number":1296,"context_line":"            if (requested_ports_dict and"},{"line_number":1297,"context_line":"                request.port_id in requested_ports_dict and"},{"line_number":1298,"context_line":"                get_binding_profile(requested_ports_dict[request.port_id])):"},{"line_number":1299,"context_line":"                port_req_body[\u0027port\u0027][constants.BINDING_PROFILE] \u003d \\"},{"line_number":1300,"context_line":"                    get_binding_profile(requested_ports_dict[request.port_id])"},{"line_number":1301,"context_line":"            try:"},{"line_number":1302,"context_line":"                port_arq \u003d None"},{"line_number":1303,"context_line":"                if network_arqs:"},{"line_number":1304,"context_line":"                    port_arq \u003d network_arqs.get(request.arq_uuid, None)"},{"line_number":1305,"context_line":"                self._populate_neutron_extension_values("},{"line_number":1306,"context_line":"                    context, instance, request.pci_request_id, port_req_body,"},{"line_number":1307,"context_line":"                    network\u003dnetwork, neutron\u003dneutron,"},{"line_number":1308,"context_line":"                    bind_host_id\u003dbind_host_id,"},{"line_number":1309,"context_line":"                    port_arq\u003dport_arq)"},{"line_number":1310,"context_line":"                # NOTE(gibi): Remove this once we are sure that the fix for"},{"line_number":1311,"context_line":"                # bug 1942329 is always present in the deployed neutron. The"},{"line_number":1312,"context_line":"                # _populate_neutron_extension_values() call above already"}],"source_content_type":"text/x-python","patch_set":1,"id":"bbe516b2_bb6c85d5","line":1309,"range":{"start_line":1293,"start_character":2,"end_line":1309,"end_character":38},"in_reply_to":"78cd5fe3_86699741","updated":"2023-06-28 09:21:00.000000000","message":"Ack","commit_id":"9e58bc981098d01e3a68a699f738442abe7c72d0"}]}