[libvirt PATCH 0/6] Add ability to create mediated devices in libvirt
Erik Skultety
eskultet at redhat.com
Wed May 20 09:15:13 UTC 2020
On Wed, May 20, 2020 at 10:09:54AM +0100, Daniel P. Berrangé wrote:
> On Wed, May 20, 2020 at 10:32:05AM +0200, Erik Skultety wrote:
> > On Mon, May 11, 2020 at 05:51:13PM +0100, Daniel P. Berrangé wrote:
> > > On Mon, May 11, 2020 at 03:28:02PM +0200, Michal Privoznik wrote:
> > > > On 4/30/20 11:42 PM, Jonathon Jongsma wrote:
> > > > > This is the first portion of an effort to support persistent mediated devices
> > > > > with libvirt. This first series simply enables creating and destroying
> > > > > non-persistent mediated devices via the virNodeDeviceCreateXML() and
> > > > > virNodeDeviceDestroy() functions. The 'mdevctl' utility[1] provides the backend
> > > > > implementation.
> > > > >
> > > > > [1] https://github.com/mdevctl/mdevctl
> > > > >
> > > > > Jonathon Jongsma (6):
> > > > > nodedev: factor out nodeDeviceHasCapability()
> > > > > nodedev: add support for mdev attributes
> > > > > nodedev: refactor nodeDeviceFindNewDevice()
> > > > > nodedev: store mdev UUID in mdev caps
> > > > > nodedev: add mdev support to virNodeDeviceCreateXML()
> > > > > nodedev: add mdev support to virNodeDeviceDestroy()
> > > > >
> > > > > docs/schemas/nodedev.rng | 6 +
> > >
> > > docs/formatnode.html.in needs some documentation and examples
> > >
> > > > > libvirt.spec.in | 3 +
> > > > > m4/virt-external-programs.m4 | 3 +
> > > > > src/conf/node_device_conf.c | 59 ++++-
> > > > > src/conf/node_device_conf.h | 3 +
> > > > > src/conf/virnodedeviceobj.c | 34 +++
> > > > > src/conf/virnodedeviceobj.h | 3 +
> > > > > src/libvirt_private.syms | 3 +
> > > > > src/node_device/node_device_driver.c | 326 ++++++++++++++++++++++++---
> > > > > src/node_device/node_device_udev.c | 5 +-
> > > > > src/util/virmdev.c | 12 +
> > > > > src/util/virmdev.h | 11 +
> > > > > 12 files changed, 425 insertions(+), 43 deletions(-)
> > > > >
> > > >
> > > >
> > > > Codewise, this looks good. I will let Erik review the semantics of creating
> > > > mdevs.
> > > >
> > > > Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
> > >
> > > This is notably lacking any unit test coverage, so is not validating the
> > > RNG schema or the XML parser or conversion of XML to mdevctl args. I think
> > > that needs fixing before we accept it.
> >
> > Agreed.
> >
> > So I played with the series and found a want to make a few points.
> >
> > Apparently, this is the minimalistic XML that would work:
> > <device>
> > <parent>pci_0000_06_00_0</parent>
> > <capability type='mdev'>
> > <type id='nvidia-11'/>
> > <iommuGroup number='71'/>
> > </capability>
> > </device>
> >
> > Which means we should make iommuGroup optional, because it's a readonly
> > element, users are not supposed to specify the iommu group and as a setting
> > it's also ignored, because it's figured out by the parent device driver (I
> > think) when the mdev is created.
> >
> > Like Daniel mentioned, some documentation would be nice, especially clarifying
> > that the <name> and <path> elements are also read only and any attempt to set
> > them would be ignored - well, simply because we're reusing the XML structure
> > we've been using for ages to only report results back, not consume them back
> > ourselves.
> >
> > It's good to think ahead to the future with the additional attributes, but I
> > don't know about any attributes that vGPUs would accept, so I can't comment on
> > that really even if I wanted to, have you tried with some other non-vGPU type of
> > mdev?
> >
> > I finally got to try the mdevctl utility directly and seeing what it can do and
> > how it does things, I have to re-iterate the question what benefit does libvirt
> > bring in terms of creating/defining the mdevs?
>
> Libvirt provides a consistent API to control the host, with authenticaton,
> acess control and separation. In OpenStack case, Nova runs as a non-root
> account and so anything where libvirt doesn't expose functionality would
> force them to resort to sudo rules which is not attractive. In the OpenShift
> demo installer, the libvirt client is running inside a container which is
> permitted to connect to libvirt. They don't ave ability to run mdevctl
> at all given the separate container image they're in. There's going to be
> similar benefits for other applications.
Okay, thanks for refreshing my memory, the OpenShift use case is new to me, but
it makes sense.
More information about the libvir-list
mailing list