Commit Graph

15 Commits (49767beaa92fabf17d546e7345a0a1776f51bd6b)

Author SHA1 Message Date
Stephen Finucane 49767beaa9 docs: Add SEV guide
This was previously hidden in the hypervisor configuration guide. Make
it a top-level document.

Change-Id: If402522c859c1413f0d90912e357496a0a67c5cf
Signed-off-by: Stephen Finucane <>
2021-03-23 11:13:34 +00:00
Zuul e20f6f412e Merge "docs: Remove references to XenAPI driver" 2020-09-10 12:19:28 +00:00
Jiří Suchomel a33f455ec7 Adapt the admin guide to describe the direct RBD export
This documents how to set up nova and glance so the feature
for direct download from Ceph can be used.

Change-Id: I07509c67c65e988fe5149b625007e90e68488cfd
2020-09-03 11:30:34 +01:00
Stephen Finucane 58f7582c63 docs: Remove references to XenAPI driver
Not as many of these as I thought there would be. Also, yes, the change
to 'nova.conf.compute' is a doc change :)

Change-Id: I27626984ce94544bd81d998c5fdf141875faec92
Signed-off-by: Stephen Finucane <>
2020-08-31 15:53:31 +01:00
Boris Bobrov 1a88d35cb1 Also enable iommu for virtio controllers and video in libvirt
Ie54fca066f33 added logic to libvirt/ for enabling iommu
for certain devices where virtio is used.  This is required for AMD
SEV[0].  However it missed two cases.

Firstly, a SCSI controller can have the model as 'virtio-scsi', e.g.:

    <controller type='scsi' index='0' model='virtio-scsi'>

As with other virtio devices, here a child element needs to be added
to the config when SEV is enabled:

    <driver iommu="on" />

We do not need to cover the case of a controller with type
'virtio-serial' now, since even though it is supported by libvirt, it
is not currently used anywhere in Nova.

Secondly, a video device can be virtio, e.g. when vgpus are in use:

        <model type='virtio'/>

Also take this opportunity to clarify the corresponding documentation
around disk bus options.


Partial-Bug: #1845986
Change-Id: I626c35d1653e6a25125320032d0a4a0c67ab8bcf
2019-12-10 11:01:08 +00:00
Zuul 22a440e0ed Merge "vCPU model selection" 2019-09-11 22:59:42 +00:00
Adam Spiers 922d8bf811 Improve SEV documentation and other minor tweaks
This is a follow-up to the previous SEV commit which enables booting
SEV guests (I659cb77f12a3), making some minor improvements based on
nits highlighted during review:

- Clarify in the hypervisor-kvm.rst documentation that the
  num_memory_encrypted_guests option is optional, by rewording and
  moving it to the list of optional steps.

- Make things a bit more concise and avoid duplication of information
  between the above page and the documentation for the option
  num_memory_encrypted_guests, instead relying on appropriate
  hyperlinking between them.

- Clarify that virtio-blk can be used for boot disks in newer kernels.

- Hyperlink to a page explaining vhost-user

- Remove an unneeded mocking of a LOG object.

- A few other grammar / spelling tweaks.

blueprint: amd-sev-libvirt-support
Change-Id: I75b7ec3a45cac25f6ebf77c6ed013de86c6ac947
2019-09-10 14:48:32 +01:00
Adam Spiers 8e5d6767bb Enable booting of libvirt guests with AMD SEV memory encryption
Track compute node inventory for the new MEM_ENCRYPTION_CONTEXT
resource class (added in os-resource-classes 0.4.0) which represents
the number of guests a compute node can host concurrently with memory
encrypted at the hardware level.

This serves as a "master switch" for enabling SEV functionality, since
all the code which takes advantage of the presence of this inventory
in order to boot SEV-enabled guests is already in place, but none of
it gets used until the inventory is non-zero.

A discrete inventory is required because on AMD SEV-capable hardware,
the memory controller has a fixed number of slots for holding
encryption keys, one per guest.  Typical early hardware only has 15
slots, thereby limiting the number of SEV guests which can be run
concurrently to 15.  nova needs to track how many slots are available
and used in order to avoid attempting to exceed that limit in the

Work is in progress to allow QEMU and libvirt to expose the number of
slots available on SEV hardware; however until this is finished and
released, it will not be possible for nova to programatically detect
the correct value with which to populate the MEM_ENCRYPTION_CONTEXT
inventory.  So as a stop-gap, populate the inventory using the value
manually provided by the cloud operator in a new configuration option

Since this commit effectively enables SEV, also add all the relevant
documentation as planned in the AMD SEV spec[0]:

- Add operation.boot-encrypted-vm to the KVM hypervisor feature matrix.

- Update the KVM section of the Configuration Guide.

- Update the flavors section of the User Guide.

- Add a release note.


blueprint: amd-sev-libvirt-support
Change-Id: I659cb77f12a38a4d2fb118530ebb9de88d2ed30d
2019-09-10 13:59:02 +01:00 f80e5f989d vCPU model selection
Rename the exist config attribute: [libvirt]/cpu_model to
[libvirt]/cpu_models, which is an orderded list of CPU models the host
supports. The value in the list can be made case-insensitive.

Change logic of method: '_get_guest_cpu_model_config', if cpu_mode is
custom and cpu_models set. It will parse the required traits
associated with the CPU flags from flavor extra_specs and select the
most appropriate CPU model.

Add new method 'get_cpu_model_names' to It will return a list
of the cpu models that the CPU arch can support.

Update the docs of hypervisor-kvm.

Change-Id: I06e1f7429c056c4ce8506b10359762e457dbb2a0
Implements: blueprint cpu-model-selection
2019-09-06 14:01:35 +08:00
Wang Huaqiang 4945e6dbd4 doc: correct the information of 'cpu_map'
libvirt has split the CPU feature flags file 'cpu_map.xml' into
a bunch of flag files for each CPU model, which are stored under
directory 'src/cpu_map/'.

Update this change accordingly.

Change-Id: Id45587adb6ecd8e0bdef344c90979eaea61e61b8
2019-08-02 20:19:18 +08:00
Eric Fried 31508ddc71 Use :oslo-config: role in hypervisor-kvm doc
Convert ``option`` to the shiny :oslo.config:option:`section.option`
format in admin/configuration/hypervisore-kvm.

Recognizing this could be done to a lot more files; I just happened to
be looking at this one today.

Change-Id: If1b02ce99152ffd00d4f461dc4539606db1bb13b
2019-02-06 16:41:57 -06:00
Matt Riedemann d3251c3f9f doc: link Kashyap's cpu model talk to the libvirt driver config docs
Change-Id: If9b72290d3e7faa486dc0d3a7b2e4a6928705011
2019-02-04 11:09:13 -05:00
Florian Haas e304ad7f4d Explain cpu_model_extra_flags and nested guest support
In the Configuration Guide's section on KVM:

* expand on the implications of selecting a CPU mode and model
  for live migration,
* explain the cpu_model_extra_flags option,
* discuss how to enable nested guests, and the implications and
  limitations of doing so,
* bump the heading level of "Guest agent support".

Closes-Bug: 1791678
Change-Id: I671acd16c7e5eca01b0bd633caf8e58287d0a913
2018-10-30 17:03:48 +01:00
Takashi NATSUME 2fce8a1396 Fix the ocata config-reference URLs
Replace the ocata config-reference URLs with
URLs in each project repo.

Change-Id: I48d7c77a6e0eaaf0efe66f848f45ae99007577e1
Closes-Bug: #1715545
2017-09-19 06:38:15 +00:00
Stephen Finucane da224b3a05 doc: Import configuration reference
Import the following files from the former config-reference [1]:


The below files are skipped as they're already included, in slightly
different forms, in the nova documentation.


Part of bp: doc-migration

Change-Id: I145e38149bf20a5e068f8cfe913f90c7ebeaad36
2017-08-09 11:20:12 -04:00