Add SEV-related extra spec and image properties

The AMD SEV support recently introduced to nova[0] depends on certain
metadata properties for flavors and images which were either missing
or only partially covered by existing glance metadata, so fill the
missing gaps:

- Add the hw:mem_encryption flavor extra spec and corresponding
  hw_mem_encryption image property.

- hw_firmware_type has been supported by nova for quite a while,
  so register it as an official metadata property.

- Add hw_cdrom_bus which was missing as per
  https://bugs.launchpad.net/glance/+bug/1808868.  This shares
  values with hw_disk_bus, so document that too.

[0] https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization

Closes-Bug: 1808868
Change-Id: I8116565ad0326d0125b320d840d787edcb086aa9

doc/source/admin/useful-image-properties.rst

@@ -332,10 +332,34 @@ Here is a list of useful image properties and the values they expect.
          architecture, then it is not used. If the host has an SMT
          architecture, but not enough cores with free thread siblings are
          available, then scheduling fails.
+   * - libvirt API driver
+     - ``hw_cdrom_bus``
+     - Specifies the type of disk controller to attach CD-ROM devices to.
+     - As for ``hw_disk_bus``.
    * - libvirt API driver
      - ``hw_disk_bus``
      - Specifies the type of disk controller to attach disk devices to.
-     - One of ``scsi``, ``virtio``, ``uml``, ``xen``, ``ide``, or ``usb``.
+     - Options depend on the value of `nova's virt_type config option
+       <https://docs.openstack.org/nova/latest/configuration/config.html#libvirt.virt_type>`_:
+
+       * For ``qemu`` and ``kvm``: one of ``scsi``, ``virtio``,
+         ``uml``, ``xen``, ``ide``, ``usb``, or ``lxc``.
+       * For ``xen``: one of ``xen`` or ``ide``.
+       * For ``uml``: must be ``uml``.
+       * For ``lxc``: must be ``lxc``.
+       * For ``parallels``: one of ``ide`` or ``scsi``.
+   * - libvirt API driver
+     - ``hw_firmware_type``
+     - Specifies the type of firmware with which to boot the guest.
+     - One of ``bios`` or ``uefi``.
+   * - libvirt API driver
+     - ``hw_mem_encryption``
+     - Enables encryption of guest memory at the hardware level, if
+       there are compute hosts available which support this. See
+       `nova's documentation on configuration of the KVM hypervisor
+       <https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization>`_
+       for more details.
+     - ``true`` or ``false`` (default).
    * - libvirt API driver
      - ``hw_pointer_model``
      - Input devices that allow interaction with a graphical framebuffer,

etc/metadefs/compute-libvirt-image.json

@@ -10,6 +10,22 @@
         }
     ],
     "properties": {
+        "hw_cdrom_bus": {
+            "title": "CD-ROM Bus",
+            "description": "Specifies the type of disk controller to attach CD-ROM devices to.",
+            "type": "string",
+            "enum": [
+                "scsi",
+                "virtio",
+                "uml",
+                "xen",
+                "ide",
+                "usb",
+                "fdc",
+                "sata",
+                "lxc"
+            ]
+        },
         "hw_disk_bus": {
             "title": "Disk Bus",
             "description": "Specifies the type of disk controller to attach disk devices to.",
@@ -22,7 +38,17 @@
                 "ide",
                 "usb",
                 "fdc",
-                "sata"
+                "sata",
+                "lxc"
+            ]
+        },
+        "hw_firmware_type": {
+            "title": "Firmware Type",
+            "description": "Specifies whether the image should be booted with a legacy BIOS or with UEFI.",
+            "type": "string",
+            "enum": [
+                "bios",
+                "uefi"
             ]
         },
         "hw_rng_model": {

etc/metadefs/compute-libvirt.json

@@ -26,6 +26,12 @@
             "description": "If true, enables the BIOS bootmenu. In cases where both the image metadata and Extra Spec are set, the Extra Spec setting is used. This allows for flexibility in setting/overriding the default behavior as needed.",
             "type": "string",
             "enum": ["true", "false"]
+        },
+        "mem_encryption": {
+            "title": "Hardware Memory Encryption",
+            "description": "Enables encryption of guest memory at the hardware level, if there are compute hosts available which support this. See https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization for details.",
+            "type": "string",
+            "enum": ["true", "false"]
         }
     },
     "objects": []

releasenotes/notes/train-metadefs-changes-c4380754cdd13a19.yaml

@@ -4,7 +4,13 @@ upgrade:
     The following metadata definitions have been modified in the Train
     release:
 
-    * Added ``hw_pmu`` boolean in the ``OS::Compute::LibvirtImage`` namespace.
+    * Added ``hw:mem_encryption`` boolean in the ``OS::Nova::Flavor``
+      namespace, and ``hw_mem_encryption`` boolean in the
+      ``OS::Glance::Image`` namespace.
+
+    * Added ``hw_pmu`` boolean, and ``hw_cdrom_bus`` and
+      ``hw_firmware_type`` enumerations in the
+      ``OS::Compute::LibvirtImage`` namespace.
 
     * Added ``powervm`` to the ``hypervisor_type`` enumeration in the
       ``OS:::Compute::Hypervisor`` namespace.