From 3a281b9bc62a1b8b0f1468bc641105a5662f8ecd Mon Sep 17 00:00:00 2001 From: Adam Spiers Date: Thu, 12 Sep 2019 12:02:50 +0100 Subject: [PATCH] Add SEV-related extra spec and image properties The AMD SEV support recently introduced to nova[0] depends on certain metadata properties for flavors and images which were either missing or only partially covered by existing glance metadata, so fill the missing gaps: - Add the hw:mem_encryption flavor extra spec and corresponding hw_mem_encryption image property. - hw_firmware_type has been supported by nova for quite a while, so register it as an official metadata property. - Add hw_cdrom_bus which was missing as per https://bugs.launchpad.net/glance/+bug/1808868. This shares values with hw_disk_bus, so document that too. [0] https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization Closes-Bug: 1808868 Change-Id: I8116565ad0326d0125b320d840d787edcb086aa9 --- doc/source/admin/useful-image-properties.rst | 26 ++++++++++++++++- etc/metadefs/compute-libvirt-image.json | 28 ++++++++++++++++++- etc/metadefs/compute-libvirt.json | 6 ++++ ...ain-metadefs-changes-c4380754cdd13a19.yaml | 8 +++++- 4 files changed, 65 insertions(+), 3 deletions(-) diff --git a/doc/source/admin/useful-image-properties.rst b/doc/source/admin/useful-image-properties.rst index fae894e591..56b26ff181 100644 --- a/doc/source/admin/useful-image-properties.rst +++ b/doc/source/admin/useful-image-properties.rst @@ -332,10 +332,34 @@ Here is a list of useful image properties and the values they expect. architecture, then it is not used. If the host has an SMT architecture, but not enough cores with free thread siblings are available, then scheduling fails. + * - libvirt API driver + - ``hw_cdrom_bus`` + - Specifies the type of disk controller to attach CD-ROM devices to. + - As for ``hw_disk_bus``. * - libvirt API driver - ``hw_disk_bus`` - Specifies the type of disk controller to attach disk devices to. - - One of ``scsi``, ``virtio``, ``uml``, ``xen``, ``ide``, or ``usb``. + - Options depend on the value of `nova's virt_type config option + `_: + + * For ``qemu`` and ``kvm``: one of ``scsi``, ``virtio``, + ``uml``, ``xen``, ``ide``, ``usb``, or ``lxc``. + * For ``xen``: one of ``xen`` or ``ide``. + * For ``uml``: must be ``uml``. + * For ``lxc``: must be ``lxc``. + * For ``parallels``: one of ``ide`` or ``scsi``. + * - libvirt API driver + - ``hw_firmware_type`` + - Specifies the type of firmware with which to boot the guest. + - One of ``bios`` or ``uefi``. + * - libvirt API driver + - ``hw_mem_encryption`` + - Enables encryption of guest memory at the hardware level, if + there are compute hosts available which support this. See + `nova's documentation on configuration of the KVM hypervisor + `_ + for more details. + - ``true`` or ``false`` (default). * - libvirt API driver - ``hw_pointer_model`` - Input devices that allow interaction with a graphical framebuffer, diff --git a/etc/metadefs/compute-libvirt-image.json b/etc/metadefs/compute-libvirt-image.json index 3eedf41535..eeb4d92fac 100644 --- a/etc/metadefs/compute-libvirt-image.json +++ b/etc/metadefs/compute-libvirt-image.json @@ -10,6 +10,22 @@ } ], "properties": { + "hw_cdrom_bus": { + "title": "CD-ROM Bus", + "description": "Specifies the type of disk controller to attach CD-ROM devices to.", + "type": "string", + "enum": [ + "scsi", + "virtio", + "uml", + "xen", + "ide", + "usb", + "fdc", + "sata", + "lxc" + ] + }, "hw_disk_bus": { "title": "Disk Bus", "description": "Specifies the type of disk controller to attach disk devices to.", @@ -22,7 +38,17 @@ "ide", "usb", "fdc", - "sata" + "sata", + "lxc" + ] + }, + "hw_firmware_type": { + "title": "Firmware Type", + "description": "Specifies whether the image should be booted with a legacy BIOS or with UEFI.", + "type": "string", + "enum": [ + "bios", + "uefi" ] }, "hw_rng_model": { diff --git a/etc/metadefs/compute-libvirt.json b/etc/metadefs/compute-libvirt.json index 08fd99292a..a9a28a6f1a 100644 --- a/etc/metadefs/compute-libvirt.json +++ b/etc/metadefs/compute-libvirt.json @@ -26,6 +26,12 @@ "description": "If true, enables the BIOS bootmenu. In cases where both the image metadata and Extra Spec are set, the Extra Spec setting is used. This allows for flexibility in setting/overriding the default behavior as needed.", "type": "string", "enum": ["true", "false"] + }, + "mem_encryption": { + "title": "Hardware Memory Encryption", + "description": "Enables encryption of guest memory at the hardware level, if there are compute hosts available which support this. See https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization for details.", + "type": "string", + "enum": ["true", "false"] } }, "objects": [] diff --git a/releasenotes/notes/train-metadefs-changes-c4380754cdd13a19.yaml b/releasenotes/notes/train-metadefs-changes-c4380754cdd13a19.yaml index 1b2959f53b..c3544c1151 100644 --- a/releasenotes/notes/train-metadefs-changes-c4380754cdd13a19.yaml +++ b/releasenotes/notes/train-metadefs-changes-c4380754cdd13a19.yaml @@ -4,7 +4,13 @@ upgrade: The following metadata definitions have been modified in the Train release: - * Added ``hw_pmu`` boolean in the ``OS::Compute::LibvirtImage`` namespace. + * Added ``hw:mem_encryption`` boolean in the ``OS::Nova::Flavor`` + namespace, and ``hw_mem_encryption`` boolean in the + ``OS::Glance::Image`` namespace. + + * Added ``hw_pmu`` boolean, and ``hw_cdrom_bus`` and + ``hw_firmware_type`` enumerations in the + ``OS::Compute::LibvirtImage`` namespace. * Added ``powervm`` to the ``hypervisor_type`` enumeration in the ``OS:::Compute::Hypervisor`` namespace.