This change mainly fixes incorrect use of backticks
but also adress some other minor issues like unbalanced
backticks, incorrect spacing or missing _ in links.
This change add a tox target to run sphinx-lint
as well as adding it to the relevent tox envs to enforce
it in ci. pre-commit is leveraged to install and execute
sphinx-lint but it does not reqiure you to install the
hooks locally into your working dir.
Change-Id: Ib97b35c9014bc31876003cef4362c47a8a3a4e0e
Take the opportunity to clean up the docs quite a bit, ultimately
combining two disparate guides on the scheduler into one.
Change-Id: Ia72d39b4774d93793b381359b554c717dc9a6994
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
A new dumping ground for libvirt'y things that can't easily be
categorized or placed elsewhere.
Change-Id: I6999b9d66e12e1df7970aff6ce63e5323de6be45
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-Bug: #1843542
This was previously hidden in the hypervisor configuration guide. Make
it a top-level document.
Change-Id: If402522c859c1413f0d90912e357496a0a67c5cf
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
There's also a PCI passthrough guide. Use that instead, allowing us to
remove the sections for various extra specs from the 'user/flavors'
guide:
- hw:pci_numa_affinity_policy
- pci_passthrough:alias
Change-Id: I5701d284c2cfdadf825f8e2f699651b3f8c0c9ab
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We have a perfectly good TPM guide. Enhance that, allowing us to remove
the special section dedicated to this from the generic flavor docs.
Change-Id: If484074c01595f747f9201b5ec12164779195b61
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This beefy patch closes a long-standing TODO and allows us to move yet
more information out of the flavors guide and into specific documents.
This, combined with existing documentation in place, means we can remove
the sections for various extra specs from the 'user/flavors' guide:
- hw:cpu_realtime -> doc/source/admin/real-time.rst
- hw:cpu_realtime_mask -> doc/source/admin/real-time.rst
- hw:emulator_threads_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_thread_policy -> doc/source/admin/cpu-topologies.rst
- hw:cpu_sockets -> doc/source/admin/cpu-topologies.rst
- hw:cpu_cores -> doc/source/admin/cpu-topologies.rst
- hw:cpu_threads -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_sockets -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_cores -> doc/source/admin/cpu-topologies.rst
- hw:cpu_max_threads -> doc/source/admin/cpu-topologies.rst
- hw:numa_nodes -> doc/source/admin/cpu-topologies.rst
- hw:numa_cpus.N -> doc/source/admin/cpu-topologies.rst
- hw:numa_mem.N -> doc/source/admin/cpu-topologies.rst
- hw:mem_page_size -> doc/source/admin/huge-pages.rst
Multiple improvements to the libvirt extra spec docs are included here,
for want of a better place to include them.
Change-Id: I02b044f8246f4a42481bb5f00259842692b29b71
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is mostly regurgitated information from the current flavors guide
but we take the opportunity to significantly expand upon what we've
already stated here.
Change-Id: I9ad798427bbc6451fd920d6c08357d6e1eaa5136
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Introduce two new guides on UEFI and Secure Boot. In addition, update
the flavors guide to document the secure boot feature (though this doc
should really be removed in near term in favour of the auto-generated
docs, as noted inline).
Note that this change includes our first use of the ':nova:extra-spec:'
cross-reference role and highlights a small bug in that implementation.
This is resolved.
Blueprint: allow-secure-boot-for-qemu-kvm-guests
Change-Id: I4eb370b87ba8d0403c8c0ef038a909313a48d1d6
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This patch enables the 'socket' PCI NUMA affinity policy. The PCI
manager gets a new method to implement it, and the libvirt driver
starts reporting the necessary trait, enabling it to receive
instances with the 'socket' policy.
Implements: blueprint pci-socket-affinity
Change-Id: Ia875c9c3542ef4138d0d7a2c26c0cf49dcca0761
With the landing of the cpu-resources series in train [1], the
hw:cpu_thread_policy extra spec has a different effect than before.
Correct our documentation.
[1] https://review.opendev.org/q/topic:bp/cpu-resources
Change-Id: I338408b01b1d2328035dd92d2588710a20aba323
What it is, why you'd want it and how you can configure it.
Part of blueprint add-emulated-virtual-tpm
Change-Id: I8e52a397bca8f09e6aaa6cab44eee7dded529c55
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Before, realtime CPUs could only be combined with dedicated CPUs
in a 'dedicated' policy instance. This patch supports to create
a type of instance that makes realtime CPUs be mixed with shared
CPUs under the 'mixed' CPU allocation policy.
Part of blueprint use-pcpu-and-vcpu-in-one-instance
Change-Id: Iad7864bf375341ef065bfec229a059e444c910e2
Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
Enable the 'hw:cpu_dedicated_mask' flavor extra spec interface, user
can create CPU mixing instance through a flavor with following
extra spec settings:
openstack flavor set <flavor_id> \
--property hw:cpu_policy=mixed \
--property hw:cpu_dedicated_mask=0-3,7
In a topic coming later, we'll introduce another way to create a
mixed instance through the real-time interface.
Part of blueprint use-pcpu-and-vcpu-in-one-instance
Change-Id: I2a3311c08a52eb11859c68ef940a0bd755a94c6b
Signed-off-by: Wang Huaqiang <huaqiang.wang@intel.com>
If the end-user specifies a cpu_realtime_mask that does not begin
with a carat (i.e. it is not a purely-exclusion mask) it's likely
that they're expecting us to use the exact mask that they have
specified, not realizing that we default to all-vCPUs-are-RT.
Let's make nova's behaviour a bit more friendly by correctly
handling this scenario.
Note that the end-user impact of this is minimal/non-existent. As
discussed in bug #1884231, the only way a user could have used this
before would be if they'd configured an emulator thread and purposefully
set an invalid 'hw:cpu_realtime_mask' set. In fact, they wouldn't have
been able to use this value at all if they used API microversion 2.86
(extra spec validation).
Part of blueprint use-pcpu-and-vcpu-in-one-instance
Change-Id: Id81859186de6fb6b728ad566a532244008fe77d0
Closes-Bug: #1688673
By offloading emulator threads to other host cores (via the
'hw:emulator_threads_policy' extra spec), it's possible to allocate all
guest cores to realtime. Enable this.
Part of blueprint use-pcpu-and-vcpu-in-one-instance
Change-Id: I00805cf9cca9657955c7e1ef3a76e384adaa78f1
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
When we use the flavor extra_specs "hide_hypervisor_id" in
AggregateInstanceExtraSpecsFilter, then will retrun False.
So we need correct the extra_specs.
Change-Id: I9d8d8c3a30cf6da7e8fb48374347e069ab075df2
Closes-Bug: 1841932
This addresses bug #1795920 by adding support for
defining a pci numa affinity policy via the flavor
extra specs or image metadata properties enabling
the policies to be applied to neutron sriov port
including hardware offloaded ovs.
Closes-Bug: #1795920
Related-Bug: #1805891
Implements: blueprint vm-scoped-sriov-numa-affinity
Change-Id: Ibd62b24c2bd2dd208d0f804378d4e4f2bbfdaed6
The only ones remaining are some real crufty SVGs and references to
things that still exist because nova-network was once a thing.
Change-Id: I1aebf86c05c7b8c1562d0071d45de2fe53f4588b
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We don't need to do a whole lot here. The key things to note are that
some host level configuration is now necessary, that the 'isolate' CPU
thread policy behaves slightly differently, and that you can request
'PCPU' inventory explicitly instead of using 'hw:cpu_policy=dedicated'
or the image metadata equivalent.
Part of blueprint cpu-resources
Change-Id: Ic1f98ea8a7f6bdc86f2d6b4734774fa380f8cc10
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Track compute node inventory for the new MEM_ENCRYPTION_CONTEXT
resource class (added in os-resource-classes 0.4.0) which represents
the number of guests a compute node can host concurrently with memory
encrypted at the hardware level.
This serves as a "master switch" for enabling SEV functionality, since
all the code which takes advantage of the presence of this inventory
in order to boot SEV-enabled guests is already in place, but none of
it gets used until the inventory is non-zero.
A discrete inventory is required because on AMD SEV-capable hardware,
the memory controller has a fixed number of slots for holding
encryption keys, one per guest. Typical early hardware only has 15
slots, thereby limiting the number of SEV guests which can be run
concurrently to 15. nova needs to track how many slots are available
and used in order to avoid attempting to exceed that limit in the
hardware.
Work is in progress to allow QEMU and libvirt to expose the number of
slots available on SEV hardware; however until this is finished and
released, it will not be possible for nova to programatically detect
the correct value with which to populate the MEM_ENCRYPTION_CONTEXT
inventory. So as a stop-gap, populate the inventory using the value
manually provided by the cloud operator in a new configuration option
CONF.libvirt.num_memory_encrypted_guests.
Since this commit effectively enables SEV, also add all the relevant
documentation as planned in the AMD SEV spec[0]:
- Add operation.boot-encrypted-vm to the KVM hypervisor feature matrix.
- Update the KVM section of the Configuration Guide.
- Update the flavors section of the User Guide.
- Add a release note.
[0] http://specs.openstack.org/openstack/nova-specs/specs/train/approved/amd-sev-libvirt-support.html#documentation-impact
blueprint: amd-sev-libvirt-support
Change-Id: I659cb77f12a38a4d2fb118530ebb9de88d2ed30d
This change adds the ablity for a user or operator to contol
the virtualisation of a performance monitoring unit within a vm.
This change introduces a new "hw:pmu" extra spec and a corresponding
image metadata property "hw_pmu".
The glance image metadata doc will be updated seperately by:
https://review.opendev.org/#/c/675182
Change-Id: I5576fa2a67d2771614266022428b4a95487ab6d5
Implements: blueprint libvirt-pmu-configuration
The api documentation is now published on docs.openstack.org instead
of developer.openstack.org. Update all links that are changed to the
new location.
Note that Neutron publishes to api-ref/network, not networking anymore.
Note that redirects will be set up as well but let's point now to the
new location.
For details, see:
http://lists.openstack.org/pipermail/openstack-discuss/2019-July/007828.html
Change-Id: Id2cf3aa252df6db46575b5988e4937ecfc6792bb
If more than one numbered request group is in the placement a_c query
then the group_policy is mandatory. Based on the PTG discussion [1]
'none' seems to be a good default policy from nova perspective. So this
patch makes sure that if the group_policy is not provided in the flavor
extra_spec and there are more than one numbered group in the request and
the flavor only provide one or zero groups (so groups are coming from
other sources like neutron ports) then the group_policy is defaulted to
'none'.
The reasoning behind this change: If more than one numbered request
group is coming from the flavor extra_spec then the creator of the
flavor is responsible to add a group_policy to the flavor. So in this
nova only warns but let the request fail in placement to force the
fixing of the flavor. However when numbered groups are coming from
other sources (like neutron ports) then the creator of the flavor
cannot know if additional group will be included so we don't want to
force the flavor creator but simply default the group_policy.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-May/005807.html
Change-Id: I0681de217ed9f5d77dae0d9555632b8d160bb179
The flavors section of the user guide is comprehensive with many
sub-sections, but only some of them had anchor ids. Add anchors for
the rest so that deep-linking to any of these sub-sections is
possible.
Change-Id: I84984d7534c9c92b51fb4e1797cf6a9db3c28755
This patch adds a table of possible extra-spec/cpu_shared_set
combinations, and lists the expected behavior of instance emulator
threads for each case. This is an improvement over the previous doc,
which incorrectly implied that `share` was the default policy value,
and only covered what happens if cpu_shared_set is set.
Change-Id: Ia56607d0b70d5f46159b57ee1092ba0e37a02270
Add descriptions about numbered resource classes and traits
in the Flavor doc.
Change-Id: I4878df606037ca95441bdefd748f4fc9eabedf97
Closes-Bug: #1800661
The admin and user flavor docs on pci.alias were not super
helpful by just throwing the user to the config docs or
flavor docs and letting them figure it out. This change
helps the reader by linking directly to the things being
referenced.
Also cleans up a pci.passthrough config option reference
while in here.
Change-Id: Ie2e28a14ff4655e38a5db3925adcd605ac773843
The first section in the doc mentions the properties of
a flavor but didn't mention description which was added
in 2.55 so this adds it.
Change-Id: Id73a2665e7fa914e00dc60a085a7cd9f47655a73
Added create of a video card config spec and validation check
if the image meta video ram("hw_video_ram") is bigger than the
maximum allowed "hw_video:ram_max_mb" from the flavor.
Change-Id: I944d7e9235790cb2a4a21318c029d51012d157b0
Add the description about custom resource classes and
overriding standard resource classes in the "Flavors" document.
Change-Id: I5b804db70d229696e7b7c5b5db16946cf1f1c49f
Closes-Bug: #1800663
This cleans up formatting and grammar for the cpu_shared_set
config option docs and related flavor extra spec docs, and
updates the flavor extra spec docs to link to the config
option.
Change-Id: Ief013224b5f6c541ea8900653d35057837f740eb
Add a method for libvirt driver to get cpu traits.
This is used for compute nodes to report cpu traits to Placement.
Change-Id: I9bd80adc244c64277d2d00e7d79c3002c8f9d57e
blueprint: report-cpu-features-as-traits
This just links to the osc-placement plugin docs
for managing required and forbidden traits in the
flavor extra specs docs.
Change-Id: I8549dc404a62a05d327a2c7a4813e7cc505d6b06
This adds a new policy rule which defaults to behave in a
backward compatible way, but will allow operators to enforce
that servers created with a zero disk flavor must also be
volume-backed servers.
Allowing users to upload their own images and create image-backed
servers on local disk with zero root disk size flavors can be
potentially hazardous if the size of the image is unexpectedly
large, since it can consume the local disk (or shared storage pool).
It should be noted that disabling the new policy rule will
result in a non-backward compatible API behavior change and no
microversion is being introduced for this because enforcement via
a new microversion would not close the security gap on any previous
microversions.
Related compute API reference and user documentation is updated
to mention the policy rule along with a release note since
this is tied to a security bug, which will be backported to stable
branches.
Change-Id: Id67e1285a0522474844de130c9263e11868f67fb
Closes-Bug: #1739646
Some workloads run best when the hypervisor overhead processes
(emulator threads in libvirt/QEMU) can be placed on different physical
host CPUs than other guest CPU resources. This allows those workloads
to prevent latency spikes for guest vCPU threads.
To ensure emulator threads are placed on a different set of physical
CPUs than those running guest dedicated vCPUs, set the
``CONF.compute.cpu_shared_set`` configuration option to the set of host
CPUs that should be used for best-effort CPU resources. Then set a
flavor extra spec to ``hw:emulator_threads_policy=share`` to instruct
nova to place that workload's emulator threads on that set of host CPUs.
implement: bp/overhead-pin-set
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@redhat.com>
Change-Id: I0e63ab37d584ee3d7fde6553efaa61bfc866e67d
This ensures we have version-specific references to other projects [1].
Note that this doesn't mean the URLs are actually valid - we need to do
more work (linkcheck?) here, but it's an improvement nonetheless.
[1] https://docs.openstack.org/openstackdocstheme/latest/#external-link-helper
Change-Id: Ifb99e727110c4904a85bc4a13366c2cae300b8df
Sean Mooney