Add SEV-related extra spec and image properties

The AMD SEV support recently introduced to nova[0] depends on certain metadata properties for flavors and images which were either missing or only partially covered by existing glance metadata, so fill the missing gaps: - Add the hw:mem_encryption flavor extra spec and corresponding hw_mem_encryption image property. - hw_firmware_type has been supported by nova for quite a while, so register it as an official metadata property. - Add hw_cdrom_bus which was missing as per https://bugs.launchpad.net/glance/+bug/1808868. This shares values with hw_disk_bus, so document that too. [0] https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization Closes-Bug: 1808868 Change-Id: I8116565ad0326d0125b320d840d787edcb086aa9
2019-09-12 12:02:50 +01:00 · 2019-09-12 12:02:50 +01:00 · 3a281b9bc6
commit 3a281b9bc6
parent 73fefddd96
4 changed files with 65 additions and 3 deletions
--- a/doc/source/admin/useful-image-properties.rst
+++ b/doc/source/admin/useful-image-properties.rst
@ -332,10 +332,34 @@ Here is a list of useful image properties and the values they expect.
         architecture, then it is not used. If the host has an SMT
         architecture, but not enough cores with free thread siblings are
         available, then scheduling fails.
+   * - libvirt API driver
+     - ``hw_cdrom_bus``
+     - Specifies the type of disk controller to attach CD-ROM devices to.
+     - As for ``hw_disk_bus``.
   * - libvirt API driver
     - ``hw_disk_bus``
     - Specifies the type of disk controller to attach disk devices to.
-     - One of ``scsi``, ``virtio``, ``uml``, ``xen``, ``ide``, or ``usb``.
+     - Options depend on the value of `nova's virt_type config option
+       <https://docs.openstack.org/nova/latest/configuration/config.html#libvirt.virt_type>`_:
+
+       * For ``qemu`` and ``kvm``: one of ``scsi``, ``virtio``,
+         ``uml``, ``xen``, ``ide``, ``usb``, or ``lxc``.
+       * For ``xen``: one of ``xen`` or ``ide``.
+       * For ``uml``: must be ``uml``.
+       * For ``lxc``: must be ``lxc``.
+       * For ``parallels``: one of ``ide`` or ``scsi``.
+   * - libvirt API driver
+     - ``hw_firmware_type``
+     - Specifies the type of firmware with which to boot the guest.
+     - One of ``bios`` or ``uefi``.
+   * - libvirt API driver
+     - ``hw_mem_encryption``
+     - Enables encryption of guest memory at the hardware level, if
+       there are compute hosts available which support this. See
+       `nova's documentation on configuration of the KVM hypervisor
+       <https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization>`_
+       for more details.
+     - ``true`` or ``false`` (default).
   * - libvirt API driver
     - ``hw_pointer_model``
     - Input devices that allow interaction with a graphical framebuffer,
--- a/etc/metadefs/compute-libvirt-image.json
+++ b/etc/metadefs/compute-libvirt-image.json
@ -10,6 +10,22 @@
        }
    ],
    "properties": {
+        "hw_cdrom_bus": {
+            "title": "CD-ROM Bus",
+            "description": "Specifies the type of disk controller to attach CD-ROM devices to.",
+            "type": "string",
+            "enum": [
+                "scsi",
+                "virtio",
+                "uml",
+                "xen",
+                "ide",
+                "usb",
+                "fdc",
+                "sata",
+                "lxc"
+            ]
+        },
        "hw_disk_bus": {
            "title": "Disk Bus",
            "description": "Specifies the type of disk controller to attach disk devices to.",
@ -22,7 +38,17 @@
                "ide",
                "usb",
                "fdc",
-                "sata"
+                "sata",
+                "lxc"
+            ]
+        },
+        "hw_firmware_type": {
+            "title": "Firmware Type",
+            "description": "Specifies whether the image should be booted with a legacy BIOS or with UEFI.",
+            "type": "string",
+            "enum": [
+                "bios",
+                "uefi"
            ]
        },
        "hw_rng_model": {
--- a/etc/metadefs/compute-libvirt.json
+++ b/etc/metadefs/compute-libvirt.json
@ -26,6 +26,12 @@
            "description": "If true, enables the BIOS bootmenu. In cases where both the image metadata and Extra Spec are set, the Extra Spec setting is used. This allows for flexibility in setting/overriding the default behavior as needed.",
            "type": "string",
            "enum": ["true", "false"]
+        },
+        "mem_encryption": {
+            "title": "Hardware Memory Encryption",
+            "description": "Enables encryption of guest memory at the hardware level, if there are compute hosts available which support this. See https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization for details.",
+            "type": "string",
+            "enum": ["true", "false"]
        }
    },
    "objects": []
--- a/releasenotes/notes/train-metadefs-changes-c4380754cdd13a19.yaml
+++ b/releasenotes/notes/train-metadefs-changes-c4380754cdd13a19.yaml
@ -4,7 +4,13 @@ upgrade:
    The following metadata definitions have been modified in the Train
    release:

-    * Added ``hw_pmu`` boolean in the ``OS::Compute::LibvirtImage`` namespace.
+    * Added ``hw:mem_encryption`` boolean in the ``OS::Nova::Flavor``
+      namespace, and ``hw_mem_encryption`` boolean in the
+      ``OS::Glance::Image`` namespace.
+
+    * Added ``hw_pmu`` boolean, and ``hw_cdrom_bus`` and
+      ``hw_firmware_type`` enumerations in the
+      ``OS::Compute::LibvirtImage`` namespace.

    * Added ``powervm`` to the ``hypervisor_type`` enumeration in the
      ``OS:::Compute::Hypervisor`` namespace.