[pve-devel] [PATCH cluster/access-control/guest-common/qemu-server/manager v4] cluster mapping backend

DERUMIER, Alexandre alexandre.derumier at groupe-cyllene.com
Fri May 26 18:09:29 CEST 2023 

Thanks for sharing your progress Dominik.

It'll try to retest them with an nvidia mdev vgpu cluster in coming
weeks. 

Le jeudi 25 mai 2023 à 12:17 +0200, Dominik Csapak a écrit :
> this series aims to add a cluster-wide device mapping for pci and usb
> devices. so that an admin can configure a device to be availble for
> migration and configuring for uses that are non-root
> (the existing pattern can be copied easily for other types, e.g.
> markus upcoming folder sharing)
> 
> note that this series requires the array support in api/section
> config[0] but how the api is formed/where the data comes should not
> be
> hard to change
> 
> also since the api changed quite drastically, the gui must be
> adapted,
> and i'm not done with that yet, so sending the backend only for now
> 
> the series is a bigger change to the v3, so a closer look is probably
> warranted
> 
> changes from v3:
> * the configs are now split by type (for ease of use of the section
>   config) and live in pve-guest-common, to avoid a cyclic dependcy
> * the configs are section configs now (with mentioned array support)
> * the api is now only defined in /cluster/resource/{TYPE} and has
>   no nodespecific api anymore, besides a 'check-node' parameter
>   (see the pve-manager patch for more details on that)
> * the internal structure of the pci parsing changed completely,
> making
>   the structure more understandable
> * a single map entry now has the same semantic as the qemu-server
>   hostpci config entry, meaning if you want multiple mappings per
> host,
>   you have to add multiple map entries. this is a more flexible
>   approach, and the parsing code gets a bit simpler
> * combined some properties in the config (e.g. vendor/device) so that
>   we don't have too many
> * squashed some changes together, as they didn't make much sense
>   separately anyway (e.g. api/config patches) and it didn't make
>   reviewing easier
> * changed the ACL paths & privileges to be more general
> * surely some other changes i forgot..
> 
> changes from v2:
> * some bug fixes (e.g use of unitialized variable)
> * don't set mdev for multifunction devices
>   -> this should fix alexandres issue, since it's not possible
> anymore
>   to select a mediated device when having a multifunction device
>   selected
> 
> changes from v1:
> * dropped 'check_hw_perm' (just use 'check_full' now)
> * added some cleanups
> * renamed the buttons in the ui (hopefully better now)
> * added multi device mapping for each host
>   this includes a new 'multi pci' selector for that window, which
>   automatically adds entries for the whole slots which, when
> selected,
>   disabled the selection of the individual functions
> * fixed some issues (e.g. missing entries in the 'caps' object, wrong
>   usb config parsing, etc.)
> 
> changes from the rfc:
> * new cluster wide gui instead of node-local one (removed that, since
>   it's not necessary when we have a cluster-wide one)
> * uses json instead of a section config
> * api is quite different overall, i split the type into its own level
>   for configuring, similar to what we do in pbs
>   (e.g. /nodes/NODENAME/hardware/mapping/usb/)
> * fixed quite some bugs the rfc had
> * added patch for handling the gui with limited permissions better
> * added a 'comment' field for mappings
> 
> dependencies are pretty straight forward this time around (if i'm not
> overlooking something):
> 
> qemu-server/pve-manager -> new access-control/pve-guest-common -> new
> pve-cluster
> 
> 0:
> https://antiphishing.cetsi.fr/proxy/v3?i=SHV0Y1JZQjNyckJFa3dUQiblhF5YcUqtiWCaK_ri0kk&r=T0hnMlUyVEgwNmlmdHc1NSqeTQ1pLQVNn4UvDLnWe4fCxNuytxXrtkvXRfHgEH29SgNUOJTfU-F2je9BBTq-sg&f=V3p0eFlQOUZ4czh2enpJS6vlBYwhEUcOwTmUN-Hu71ZWogcUGH-slS7gYzVrVVB6_wb2zNaC4g2GRLF4nWvKLw&u=https%3A//lists.proxmox.com/pipermail/pve-devel/2023-May/056739.html&k=ZVd0
> 
> pve-cluster:
> 
> Dominik Csapak (1):
>   add cfg files for resource mapping
> 
>  src/PVE/Cluster.pm  | 2 ++
>  src/pmxcfs/status.c | 2 ++
>  2 files changed, 4 insertions(+)
> 
> pve-access-control:
> 
> Dominik Csapak (1):
>   add privileges and paths for cluster resource mapping
> 
>  src/PVE/AccessControl.pm  | 20 +++++++++++++++++++-
>  src/PVE/RPCEnvironment.pm |  7 +++++--
>  2 files changed, 24 insertions(+), 3 deletions(-)
> 
> pve-guest-common:
> 
> Dominik Csapak (1):
>   add PCI/USB Resource configs
> 
>  src/Makefile            |   3 +
>  src/PVE/Resource/PCI.pm | 226
> ++++++++++++++++++++++++++++++++++++++++
>  src/PVE/Resource/USB.pm | 183 ++++++++++++++++++++++++++++++++
>  3 files changed, 412 insertions(+)
>  create mode 100644 src/PVE/Resource/PCI.pm
>  create mode 100644 src/PVE/Resource/USB.pm
> 
> qemu-server:
> 
> Dominik Csapak (6):
>   enable cluster mapped USB devices for guests
>   enable cluster mapped PCI devices for guests
>   check_local_resources: extend for mapped resources
>   api: migrate preconditions: use new check_local_resources info
>   migration: check for mapped resources
>   add test for mapped pci devices
> 
>  PVE/API2/Qemu.pm                              | 110 +++++++-
>  PVE/QemuMigrate.pm                            |  23 +-
>  PVE/QemuServer.pm                             | 111 +++++---
>  PVE/QemuServer/PCI.pm                         | 243 +++++++++++++++-
> --
>  PVE/QemuServer/USB.pm                         |  22 +-
>  test/MigrationTest/Shared.pm                  |  14 +
>  test/cfg2cmd/q35-linux-hostpci-mapping.conf   |  17 ++
>  .../q35-linux-hostpci-mapping.conf.cmd        |  36 +++
>  test/cfg2cmd/q35-linux-hostpci.conf           |   2 +-
>  test/cfg2cmd/q35-linux-hostpci.conf.cmd       |   2 +-
>  test/run_config2command_tests.pl              |  83 ++++++
>  11 files changed, 575 insertions(+), 88 deletions(-)
>  create mode 100644 test/cfg2cmd/q35-linux-hostpci-mapping.conf
>  create mode 100644 test/cfg2cmd/q35-linux-hostpci-mapping.conf.cmd
> 
> pve-manager:
> 
> Dominik Csapak (2):
>   pvesh: fix parameters for proxyto_callback
>   api: add resource map api endpoints for PCI and USB
> 
>  PVE/API2/Cluster.pm                |   8 +
>  PVE/API2/Cluster/Makefile          |   5 +
>  PVE/API2/Cluster/Resource.pm       |  53 +++++
>  PVE/API2/Cluster/Resource/Makefile |  18 ++
>  PVE/API2/Cluster/Resource/PCI.pm   | 297
> +++++++++++++++++++++++++++++
>  PVE/API2/Cluster/Resource/USB.pm   | 262 +++++++++++++++++++++++++
>  PVE/API2/Hardware.pm               |   1 -
>  PVE/API2/Nodes.pm                  |   1 +
>  PVE/CLI/pvesh.pm                   |  10 +-
>  9 files changed, 650 insertions(+), 5 deletions(-)
>  create mode 100644 PVE/API2/Cluster/Resource.pm
>  create mode 100644 PVE/API2/Cluster/Resource/Makefile
>  create mode 100644 PVE/API2/Cluster/Resource/PCI.pm
>  create mode 100644 PVE/API2/Cluster/Resource/USB.pm
>

More information about the pve-devel mailing list