Merge "libvirt: configure trust mode for vfs"

2018-06-01 04:19:16 +00:00 · 2018-06-01 04:19:16 +00:00 · 92c8a614c2
parent a7994ec355 3f5594cf40
commit 92c8a614c2
2 changed files with 36 additions and 1 deletions
--- a/nova/tests/unit/virt/libvirt/test_vif.py
+++ b/nova/tests/unit/virt/libvirt/test_vif.py
@ -198,6 +198,19 @@ class LibvirtVifTestCase(test.NoDBTestCase):
                 'pci_slot': '0000:0a:00.1',
                 'physical_network': 'phynet1'})

+    vif_hw_veb_trusted = network_model.VIF(id=uuids.vif,
+        address='ca:fe:de:ad:be:ef',
+        network=network_8021,
+        type=network_model.VIF_TYPE_HW_VEB,
+        vnic_type=network_model.VNIC_TYPE_DIRECT,
+        ovs_interfaceid=None,
+        details={
+            network_model.VIF_DETAILS_VLAN: 100},
+        profile={'pci_vendor_info': '1137:0043',
+                 'pci_slot': '0000:0a:00.1',
+                 'physical_network': 'phynet1',
+                 'trusted': 'True'})
+
    vif_hostdev_physical = network_model.VIF(id=uuids.vif,
        address='ca:fe:de:ad:be:ef',
        network=network_8021,
@ -932,6 +945,18 @@ class LibvirtVifTestCase(test.NoDBTestCase):
        d = vif.LibvirtGenericVIFDriver()
        self._test_hw_veb_op(d.unplug, 0)

+    @mock.patch('nova.network.linux_net.set_vf_trusted')
+    def test_plug_hw_veb_trusted(self, mset_vf_trusted):
+        d = vif.LibvirtGenericVIFDriver()
+        d.plug(self.instance, self.vif_hw_veb_trusted)
+        mset_vf_trusted.assert_called_once_with('0000:0a:00.1', True)
+
+    @mock.patch('nova.network.linux_net.set_vf_trusted')
+    def test_unplug_hw_veb_trusted(self, mset_vf_trusted):
+        d = vif.LibvirtGenericVIFDriver()
+        d.unplug(self.instance, self.vif_hw_veb_trusted)
+        mset_vf_trusted.assert_called_once_with('0000:0a:00.1', False)
+
    @mock.patch('nova.privsep.libvirt.unplug_plumgrid_vif',
                side_effect=processutils.ProcessExecutionError)
    def test_unplug_iovisor(self, mock_unplug):
--- a/nova/virt/libvirt/vif.py
+++ b/nova/virt/libvirt/vif.py
@ -25,6 +25,7 @@ from os_vif import exception as osv_exception
 from os_vif.objects import fields as osv_fields
 from oslo_concurrency import processutils
 from oslo_log import log as logging
+from oslo_utils import strutils

 import nova.conf
 from nova import exception
@ -623,6 +624,12 @@ class LibvirtGenericVIFDriver(object):
                mac_addr=vif['address'],
                vlan=vif['details'][network_model.VIF_DETAILS_VLAN])

+        elif vif['vnic_type'] == network_model.VNIC_TYPE_DIRECT:
+            trusted = strutils.bool_from_string(
+                vif['profile'].get('trusted', "False"))
+            if trusted:
+                linux_net.set_vf_trusted(vif['profile']['pci_slot'], True)
+
    def plug_hostdev_physical(self, instance, vif):
        pass

@ -789,7 +796,10 @@ class LibvirtGenericVIFDriver(object):
            # Therefore, keep the MAC unchanged.  Later operations on
            # the same VF will not be affected by the existing MAC.
            linux_net_utils.set_vf_interface_vlan(vif['profile']['pci_slot'],
-                                                  mac_addr=vif['address'])
+                                            mac_addr=vif['address'])
+        elif vif['vnic_type'] == network_model.VNIC_TYPE_DIRECT:
+            if "trusted" in vif['profile']:
+                linux_net.set_vf_trusted(vif['profile']['pci_slot'], False)

    def unplug_hostdev_physical(self, instance, vif):
        pass