From 20e2f4c1dd0060c4e6383ba63ae931910b75b51a Mon Sep 17 00:00:00 2001
From: David Ames <david.ames@canonical.com>
Date: Wed, 16 May 2018 10:12:33 -0700
Subject: [PATCH] Update PCI passthrough template for >= Pike

The [pci] header is necessary since pike [0]. This change updates the
pike template to add the [pci] header, rename pci_passthrough_whitelist
to passthrough_whitelist and add the config option pci-alias.

[0] https://docs.openstack.org/nova/pike/admin/pci-passthrough.html

Change-Id: I7a8c76f5989edb5b4a0b30036ce722ffb0ecb7ab
---
 config.yaml                   |  17 +++
 hooks/nova_compute_context.py |   3 +
 templates/pike/nova.conf      | 243 ++++++++++++++++++++++++++++++++++
 3 files changed, 263 insertions(+)
 create mode 100644 templates/pike/nova.conf

diff --git a/config.yaml b/config.yaml
index a764fdc4..a66fbe1d 100644
--- a/config.yaml
+++ b/config.yaml
@@ -158,6 +158,23 @@ options:
       deployed to. This can be accomplished by setting kernel parameters on
       capable machines in MAAS, tagging them and using these tags as
       constraints in the model.
+  pci-alias:
+    type: string
+    default:
+    description: |
+      The pci-passthrough-whitelist option of nova-compute charm is used for
+      specifying which PCI devices are allowed passthrough. pci-alias is more
+      a convenience that can be used in conjunction with Nova flavor properties
+      to automatically assign required PCI devices to new instances. You could,
+      for example, have a GPU flavor or a SR-IOV flavor:
+      .
+        pci-alias='{"vendor_id":"8086","product_id":"10ca","name":"a1"}'
+      .
+      This configures a new PCI alias 'a1' which will request a PCI device with
+      a vendor id of 0x8086 and a product id of 10ca.
+      .
+      For more information about the syntax of pci_alias, refer to
+      https://docs.openstack.org/ocata/config-reference/compute/config-options.html
   reserved-host-memory:
     type: int
     default: 512
diff --git a/hooks/nova_compute_context.py b/hooks/nova_compute_context.py
index 019a63c6..4bab6adc 100644
--- a/hooks/nova_compute_context.py
+++ b/hooks/nova_compute_context.py
@@ -230,6 +230,9 @@ class NovaComputeLibvirtContext(context.OSContextGenerator):
             ctxt['pci_passthrough_whitelist'] = \
                 config('pci-passthrough-whitelist')
 
+        if config('pci-alias'):
+            ctxt['pci_alias'] = config('pci-alias')
+
         if config('vcpu-pin-set'):
             ctxt['vcpu_pin_set'] = config('vcpu-pin-set')
 
diff --git a/templates/pike/nova.conf b/templates/pike/nova.conf
new file mode 100644
index 00000000..140947ac
--- /dev/null
+++ b/templates/pike/nova.conf
@@ -0,0 +1,243 @@
+# pike
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+{% if restart_trigger -%}
+# restart trigger: {{ restart_trigger }}
+{% endif -%}
+###############################################################################
+[DEFAULT]
+verbose={{ verbose }}
+debug={{ debug }}
+dhcpbridge_flagfile=/etc/nova/nova.conf
+dhcpbridge=/usr/bin/nova-dhcpbridge
+logdir=/var/log/nova
+state_path=/var/lib/nova
+force_dhcp_release=True
+use_syslog = {{ use_syslog }}
+ec2_private_dns_show_ip=True
+api_paste_config=/etc/nova/api-paste.ini
+enabled_apis=osapi_compute,metadata
+auth_strategy=keystone
+my_ip = {{ host_ip }}
+force_raw_images = {{ force_raw_images }}
+
+{% if arch == 'aarch64' -%}
+libvirt_use_virtio_for_bridges=False
+libvirt_disk_prefix=vd
+{% endif -%}
+
+{% if console_vnc_type -%}
+vnc_enabled = True
+novnc_enabled = True
+vnc_keymap = {{ console_keymap }}
+vncserver_listen = 0.0.0.0
+vncserver_proxyclient_address = {{ console_listen_addr }}
+{% if console_access_protocol == 'novnc' or console_access_protocol == 'vnc' -%}
+novncproxy_base_url = {{ novnc_proxy_address }}
+{% endif -%}
+{% if console_access_protocol == 'xvpvnc' or console_access_protocol == 'vnc' -%}
+xvpvncproxy_port = {{ xvpvnc_proxy_port }}
+xvpvncproxy_host = {{ xvpvnc_proxy_host }}
+xvpvncproxy_base_url = {{ xvpvnc_proxy_address }}
+{% endif -%}
+{% else -%}
+vnc_enabled = False
+novnc_enabled = False
+{% endif -%}
+
+{% if neutron_plugin and neutron_plugin in ('ovs', 'midonet') -%}
+libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtGenericVIFDriver
+{% if neutron_security_groups -%}
+security_group_api = neutron
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+{% endif -%}
+{% endif -%}
+
+{% if neutron_plugin and neutron_plugin == 'vsp' -%}
+network_api_class=nova.network.neutronv2.api.API
+libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver
+neutron_ovs_bridge=alubr0
+security_group_api=neutron
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+{% endif -%}
+
+{% if neutron_plugin and (neutron_plugin == 'nvp' or neutron_plugin == 'nsx') -%}
+libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtOpenVswitchVirtualPortDriver
+security_group_api = neutron
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+{% endif -%}
+
+{% if neutron_plugin and neutron_plugin == 'Calico' -%}
+security_group_api = neutron
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+{% endif -%}
+
+{% if neutron_plugin and neutron_plugin == 'plumgrid' -%}
+security_group_api=neutron
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+{% endif -%}
+
+{% if network_manager != 'neutron' and network_manager_config -%}
+{% for key, value in network_manager_config.items() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
+{% if network_manager == 'neutron' -%}
+network_api_class = nova.network.neutronv2.api.API
+use_neutron = True
+{% else -%}
+network_manager = nova.network.manager.FlatDHCPManager
+{% endif -%}
+
+{% if network_device_mtu -%}
+network_device_mtu = {{ network_device_mtu }}
+{% endif -%}
+
+{% if volume_service -%}
+volume_api_class = nova.volume.cinder.API
+{% endif -%}
+
+{% if user_config_flags -%}
+{% for key, value in user_config_flags.items() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
+{% if instances_path -%}
+instances_path = {{ instances_path }}
+{% endif -%}
+
+{% if sections and 'DEFAULT' in sections -%}
+{% for key, value in sections['DEFAULT'] -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
+{% if vcpu_pin_set -%}
+vcpu_pin_set = {{ vcpu_pin_set }}
+{% endif -%}
+reserved_host_memory_mb = {{ reserved_host_memory }}
+
+{% include "section-zeromq" %}
+
+{% if default_availability_zone -%}
+default_availability_zone = {{ default_availability_zone }}
+{% endif -%}
+
+{% if resume_guests_state_on_host_boot -%}
+resume_guests_state_on_host_boot = {{ resume_guests_state_on_host_boot }}
+{% endif -%}
+
+[pci]
+{% if pci_passthrough_whitelist -%}
+passthrough_whitelist = {{ pci_passthrough_whitelist }}
+{% endif -%}
+{% if pci_alias %}
+alias = {{ pci_alias }}
+{% endif %}
+
+{% if network_manager == 'neutron' and network_manager_config -%}
+[neutron]
+url = {{ network_manager_config.neutron_url }}
+{% if network_manager_config.keystone_host -%}
+{% if neutron_plugin and neutron_plugin == 'vsp' -%}
+ovs_bridge = alubr0
+{% endif -%}
+{% if auth_host -%}
+auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = {{ admin_tenant_name }}
+username = {{ admin_user }}
+password = {{ admin_password }}
+signing_dir = {{ signing_dir }}
+{% endif -%}
+{% if metadata_shared_secret -%}
+metadata_proxy_shared_secret = {{ metadata_shared_secret }}
+service_metadata_proxy=True
+{% endif -%}
+{% endif -%}
+metadata_workers = {{ workers }}
+{% endif -%}
+
+{% include "section-keystone-authtoken-mitaka" %}
+
+{% if glance_api_servers -%}
+[glance]
+api_servers = {{ glance_api_servers }}
+{% endif -%}
+
+{% if console_access_protocol == 'spice' -%}
+[spice]
+agent_enabled = True
+enabled = True
+html5proxy_base_url = {{ spice_proxy_address }}
+keymap = {{ console_keymap }}
+server_listen = 0.0.0.0
+server_proxyclient_address = {{ console_listen_addr }}
+{% endif -%}
+
+[libvirt]
+{% if cpu_mode -%}
+cpu_mode = {{ cpu_mode }}
+{% endif -%}
+{% if cpu_model -%}
+cpu_model = {{ cpu_model }}
+{% endif -%}
+{% if libvirt_images_type -%}
+images_type = {{ libvirt_images_type }}
+{% endif -%}
+{% if libvirt_images_type and rbd_pool -%}
+images_rbd_pool = {{ rbd_pool }}
+images_rbd_ceph_conf = {{ libvirt_rbd_images_ceph_conf }}
+inject_password = false
+inject_key = false
+inject_partition = -2
+{% endif -%}
+rbd_user = {{ rbd_user }}
+rbd_secret_uuid = {{ rbd_secret_uuid }}
+{% if live_migration_uri -%}
+live_migration_uri = {{ live_migration_uri }}
+{% endif -%}
+{% if disk_cachemodes -%}
+disk_cachemodes = {{ disk_cachemodes }}
+{% endif %}
+# Disable tunnelled migration so that selective
+# live block migration can be supported.
+live_migration_tunnelled = False
+{% if use_multipath -%}
+volume_use_multipath = {{ use_multipath }}
+{% endif %}
+
+{% if virt_type == 'lxd' -%}
+[lxd]
+{% if enable_live_migration -%}
+allow_live_migration = True
+{% endif -%}
+{% if storage_pool -%}
+pool = {{ storage_pool }}
+{% endif -%}
+{% endif -%}
+
+{% include "parts/section-database" %}
+
+{% include "section-rabbitmq-oslo" %}
+
+{% include "section-oslo-notifications" %}
+
+{% include "parts/section-cinder" %}
+
+[oslo_concurrency]
+lock_path=/var/lock/nova
+
+[workarounds]
+disable_libvirt_livesnapshot = False
+
+{% include "parts/section-ephemeral" %}
+
+{% include "parts/section-serial-console" %}
+
+{% include "parts/section-placement" %}