Just follows the pattern that we do every release.
Change-Id: I493895bfef4b957fe46d0da2974eac4d6bb36957
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
This patch adds the config option 'live_migration_scheme = tls' to the
secure live migration guide.
To let the live migration use the qemu native tls, some configuration of
the compute nodes is needed. The guide describes this but misses the
'live_migration_scheme' config option.
It is necessary to set 'live_migration_scheme' to tls to use the
connection uri for encrypted traffic. Without this parameter everything
seems to work, but the unencrypted tcp-connection is still used for the
live migration.
Closes-Bug: #1919357
Change-Id: Ia5130d411706bf7e1c983156158011a3bc6d5cd6
In [1], we are supporting shelve/unshelve the instance with accelerators
bonded, but we missed to deal the interval for polling shelved instances
to offload periodic task, so we should add the 'accel_uuids' support
in _poll_shelved_instances() periodic task.
[1]https://review.opendev.org/c/openstack/nova/+/729563/
Co-Authored-By: Wenping Song <songwenping@inspur.com>
Closes-Bug: #1917592
Change-Id: I2ba69d0d727cc183f4a5dc52eaf4000962caeb4a
Add a simple test to validate behavior with vDPA devices. Most of this
is simply fleshing out the fixtures we use to fake out vDPA devices and
generally tweaking things to make them better.
Change-Id: I1423d8a9652751b667463f90c69eae1a054dd776
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Co-authored-by: Sean Mooney <work@seanmooney.info>
There are a number of operations that are known not to work with vDPA
interfaces and another few that may work but haven't been tested. Start
blocking these. In all cases where an operation is blocked a HTTP 409
(Conflict) is returned. This will allow lifecycle operations to be
enabled as they are tested or bugs are addressed.
Change-Id: I7f3cbc57a374b2f271018a2f6ef33ef579798db8
Blueprint: libvirt-vdpa-support
This change extend the vnic type to PCI request dev type mapping to
support the vDPA vnic type.
This change extends the PCI stats module to filter out VDPA 'dev_type'
pools if its not explicitly requested.
This change explicitly filters out the vDPA dev_type from the pci alias
schema since that is not supported.
Blueprint: libvirt-vdpa-support
Change-Id: I91dd7993395f693c7d26c1caa44fa365f5cbec12
We are well above the required MIN_LIBVIRT_VERSION and MIN_QEMU_VERSION
(4.4.0 and 2.11.0, respectively) to get QEMU-native TLS[1] support by
default.
So we can now deprecate (and later remove) the support for "tunnelled
live migration", which has two inherent limitations: (a) it cannot
handle live migration of disks in a non-shared storage setup (a.k.a.
"block migration"); and (b) it has a huge performance overhead and
latency, because it burns more CPU and memory bandwidth due to increased
number of data copies, on both source and destination hosts.
Both the above limitations are addressed by the QEMU-native TLS support
`live_migration_with_native_tls`, which is the recommended approach for
securing all live migration streams (guest RAM, device state, and
disks).
[1] https://docs.openstack.org/nova/latest/admin/secure-live-migration-with-qemu-native-tls.html
Change-Id: I34fd5a4788a2ad4380d9a57b84512fa94a6f9c37
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
Introduce two new guides on UEFI and Secure Boot. In addition, update
the flavors guide to document the secure boot feature (though this doc
should really be removed in near term in favour of the auto-generated
docs, as noted inline).
Note that this change includes our first use of the ':nova:extra-spec:'
cross-reference role and highlights a small bug in that implementation.
This is resolved.
Blueprint: allow-secure-boot-for-qemu-kvm-guests
Change-Id: I4eb370b87ba8d0403c8c0ef038a909313a48d1d6
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Add the ability to generate the libvirt interface XML for a neutron port
with a vnic_type of vdpa.
Blueprint: libvirt-vdpa-support
Change-Id: I2c7b183fcb01f3cb67cb1c8b8bea7aaf5ce424f3
Add the ability to look up vDPA nodedevs via their parent VF and
marshal the result into a nodedev object. This requires a new version of
libvirt and QEMU so we must add constants to protect that.
Blueprint: libvirt-vdpa-support
Change-Id: I043880cb81b02488d13c3387d696142545c13395
This had a TODO to move it into the base class. This actually happened
in change I79a16a0a62c6060cd3062174ce68fd8cbde9f3fc which means we can
now drop this duplicated efforts.
Change-Id: I553e96b9a90cf29b54ce276476d64900356e70b8
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
