[pve-devel] [PATCH many] add cluster-wide hardware device mapping
Dominik Csapak
d.csapak at proxmox.com
Tue Jul 19 13:46:16 CEST 2022
this series aims to add a cluster-wide device mapping for pci and usb devices.
so that an admin can configure a device to be availble for migration and
configuring for uses that are non-root
built-in are some additional safety checks in contrast to current
passthrough, e.g. if pci addresses shift, with the mapping
we can detect that and prevent a vm to boot with the wrong device
(in most cases, there are some edge cases when one has multiple
of the same device, e.g. the same gpu, that we cannot detect)
a few pain points that are probably worth discussing/thinking about:
(i did not really get feedback on my last RFC on this)
* the config format
i changed to a json backed config, since it makes handling it much
easier (since we have a id -> nodenames -> mapping relation that
we cannot easily represent with a section config). some
(small) parts are written from scratch (update/createSchema for
instance) but we would have to do that anyway
if wanted i can make the section config work, but it makes the
handling quite a big uglier (for example, we have name the usb/pci
properties differently because the section config cannnot have
different formats for different sections)
* getting the cluster wide info
the configuring of mappings is all done via node specific api paths,
but i created a cluster wide api path that returns the overall
structure for easy consumption from the gui. to get the remaining
data from the other nodes, i let the gui make an api call
for each node.
alternatively we could distribute the necessary info via pmxcfs,
but we'd have to broadcast basically the whole pci listing for all
nodes in a relatively short interval, only for it to be extremly
seldomly used (when looking at the cluster wide hardware
mappings...)
* some minor things that can be improved are how the gui looks/behaves:
- 'add new' and 'add mapping' are probably to similar, but i did
not come up with really better alternatives
- i find the tree of entry -> node-mappings nice, but there may be
an even better representation?
- position in cluster menu is probably not optimal
(but where to put it?)
changes from the rfc:
* new cluster wide gui instead of node-local one (removed that, since
it's not necessary when we have a cluster-wide one)
* uses json instead of a section config
* api is quite different overall, i split the type into its own level
for configuring, similar to what we do in pbs
(e.g. /nodes/NODENAME/hardware/mapping/usb/)
* fixed quite some bugs the rfc had
* added patch for handling the gui with limited permissions better
* added a 'comment' field for mappings
dependencies are ofc:
manager depends on qemu-server,pve-access-control,pve-common
qemu-server depends on pve-access-control,pve-common
pve-common depends on pve-cluster
pve-cluster:
Dominik Csapak (1):
add nodes/hardware-map.conf
data/PVE/Cluster.pm | 1 +
data/src/status.c | 1 +
2 files changed, 2 insertions(+)
pve-access-control:
Dominik Csapak (2):
PVE/AccessControl: add Hardware.* privileges and /hardware/ paths
PVE/RPCEnvironment: add helper for checking hw permissions
src/PVE/AccessControl.pm | 13 +++++++++++++
src/PVE/RPCEnvironment.pm | 9 +++++++++
2 files changed, 22 insertions(+)
pve-common:
Dominik Csapak (1):
add PVE/HardwareMap
src/Makefile | 1 +
src/PVE/HardwareMap.pm | 363 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 364 insertions(+)
create mode 100644 src/PVE/HardwareMap.pm
qemu-server:
Dominik Csapak (7):
PVE/QemuServer: allow mapped usb devices in config
PVE/QemuServer: allow mapped pci deviced in config
PVE/API2/Qemu: add permission checks for mapped usb devices
PVE/API2/Qemu: add permission checks for mapped pci devices
PVE/QemuServer: extend 'check_local_resources' for mapped resources
PVE/API2/Qemu: migrate preconditions: use new check_local_resources
info
PVE/QemuMigrate: check for mapped resources on migration
PVE/API2/Qemu.pm | 108 ++++++++++++++++++++++++++++++++++++++----
PVE/QemuMigrate.pm | 13 ++++-
PVE/QemuServer.pm | 38 ++++++++++++++-
PVE/QemuServer/PCI.pm | 20 +++++++-
PVE/QemuServer/USB.pm | 21 +++++++-
5 files changed, 185 insertions(+), 15 deletions(-)
pve-manager:
Dominik Csapak (12):
PVE/API2/Hardware: add Mapping.pm
PVE/API2/Cluster: add Hardware mapping list api call
ui: form/USBSelector: make it more flexible with nodename
ui: form: add PCIMapSelector
ui: form: add USBMapSelector
ui: qemu/PCIEdit: rework panel to add a mapped configuration
ui: qemu/USBEdit: add 'mapped' device case
ui: add window/PCIEdit: edit window for pci mappings
ui: add window/USBEdit: edit window for usb mappings
ui: add dc/HardwareView: a CRUD interface for hardware mapping
ui: window/Migrate: allow mapped devices
ui: improve permission handling for hardware
PVE/API2/Cluster.pm | 8 +
PVE/API2/Cluster/Hardware.pm | 117 +++++
PVE/API2/Cluster/Makefile | 1 +
PVE/API2/Hardware.pm | 6 +
PVE/API2/Hardware/Makefile | 1 +
PVE/API2/Hardware/Mapping.pm | 708 ++++++++++++++++++++++++++++
www/manager6/Makefile | 5 +
www/manager6/data/PermPathStore.js | 1 +
www/manager6/dc/Config.js | 18 +-
www/manager6/dc/HardwareView.js | 314 ++++++++++++
www/manager6/form/PCIMapSelector.js | 95 ++++
www/manager6/form/PCISelector.js | 18 +-
www/manager6/form/USBMapSelector.js | 73 +++
www/manager6/form/USBSelector.js | 33 +-
www/manager6/qemu/HardwareView.js | 17 +-
www/manager6/qemu/PCIEdit.js | 231 ++++++---
www/manager6/qemu/USBEdit.js | 34 +-
www/manager6/window/Migrate.js | 37 +-
www/manager6/window/PCIEdit.js | 323 +++++++++++++
www/manager6/window/USBEdit.js | 248 ++++++++++
20 files changed, 2185 insertions(+), 103 deletions(-)
create mode 100644 PVE/API2/Cluster/Hardware.pm
create mode 100644 PVE/API2/Hardware/Mapping.pm
create mode 100644 www/manager6/dc/HardwareView.js
create mode 100644 www/manager6/form/PCIMapSelector.js
create mode 100644 www/manager6/form/USBMapSelector.js
create mode 100644 www/manager6/window/PCIEdit.js
create mode 100644 www/manager6/window/USBEdit.js
--
2.30.2
More information about the pve-devel
mailing list