openstack
/
os-resource-classes
Code Issues Proposed changes

Add MEM_ENCRYPTION_CONTEXT resource class 

Add a resource class representing the number of guests a compute node
can host concurrently with memory encrypted at the hardware level.

Initially this is required because on AMD SEV-capable hardware, the
memory controller has a fixed number of slots for holding encryption
keys, one per guest.  Typical hardware only has 15 slots, thereby
limiting the number of SEV guests which can be run concurrently to 15.
nova needs to track how many slots are available and used in order to
avoid attempting to exceeding that limit in the hardware.

In the future support may be added for equivalent functionality from
other vendors, such as Intel MKTME; however it is not yet known
whether MKTME would have a similar limit.

See

  http://specs.openstack.org/openstack/nova-specs/specs/train/approved/amd-sev-libvirt-support.html

for more details, and

  http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2019-04-23.log.html#t2019-04-23T20:35:19
  https://review.opendev.org/#/c/641994/

for the bike-shedding discussion over the name.

Change-Id: I97a015d4070db947e4b96fb35021da01d61016cc
blueprint: amd-sev-libvirt-support
This commit is contained in:
Adam Spiers 2019-04-25 11:22:46 +01:00 committed by Eric Fried
parent 610afeb9c2
commit 3c8a66a1c9
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
os_resource_classes/__init__.py
View File

@ -64,6 +64,10 @@ STANDARDS = [
# guest. A dedicated CPU is a physical processor that has been marked
# to be used for a single guest only
'PCPU',
# Resource class representing the number of guests a compute node can
# host with memory encrypted at the hardware level. See
# http://specs.openstack.org/openstack/nova-specs/specs/train/approved/amd-sev-libvirt-support.html
'MEM_ENCRYPTION_CONTEXT',
]
# Namespace used for custom resource classes

4
os_resource_classes/tests/test_os_resource_classes.py
View File

@ -44,8 +44,8 @@ class TestOs_resource_classes(base.TestCase):
of the STANDARDS list, otherwise database ids will get confused
in the placement service.
"""
expected_last_class = rc.PCPU
expected_length = 15
expected_last_class = rc.MEM_ENCRYPTION_CONTEXT
expected_length = 16
self.assertEqual(expected_last_class, rc.STANDARDS[-1])
self.assertEqual(expected_length, len(rc.STANDARDS))