yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #80659
[Bug 1852437] [NEW] Allow ability to disable individual CPU features via `cpu_model_extra_flags`
Public bug reported:
What?
-----
When using a custom CPU model, Nova currently allows enabling
individual CPU flags/features via the config attribute,
`cpu_model_extra_flags`:
[libvirt]
cpu_mode=custom
cpu_model=IvyBridge
cpu_model_extra_flags="pcid,ssbd, md-clear"
The above only lets you enable the CPU features. This RFE is to also
allow _disabling_ individual CPU features.
Why?
---
A couple of reasons:
- An Operator wants to generate a baseline CPU config (that facilates
live migration) across his Compute node pool. However, a certain
CPU flag is causing an inteolerable performance issue for their
guest workloads. If the Operator isolated the problem to _that_
specific CPU flag, then she would like to disable the flag.
- More importantly, a specific CPU flag might trigger a CPU
vulnerability. In such a case, the mitigation for it could be to
simply _disable_ the offending CPU flag.
Allowing disabling of individual CPU flags via Nova would enable the
above use cases.
How?
----
By allowing the notion of '+' / '-' to indicate whether to enable to
disable a given CPU flag.
E.g. if you specify the below in 'nova.conf' (on the Compute nodes):
[libvirt]
cpu_mode=custom
cpu_model=IvyBridge
cpu_model_extra_flags="+pcid,-mtrr,ssbd"
Then, when you start an instance, Nova should generate the below XML:
<cpu match='exact'>
<model fallback='forbid'>IvyBridge</model>
<vendor>Intel</vendor>
<feature policy='require' name='pcid'/>
<feature policy='disable' name='mtrr'/>
<feature policy='require' name='ssbd'/>
</cpu>
Note that the requirement to specify '+' / '-' for individual flags
should be optional. If neither is specified, then we should assume '+',
and enable the feature (as shown above for the 'ssbd' flag).
** Affects: nova
Importance: Wishlist
Status: New
** Tags: libvirt
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1852437
Title:
Allow ability to disable individual CPU features via
`cpu_model_extra_flags`
Status in OpenStack Compute (nova):
New
Bug description:
What?
-----
When using a custom CPU model, Nova currently allows enabling
individual CPU flags/features via the config attribute,
`cpu_model_extra_flags`:
[libvirt]
cpu_mode=custom
cpu_model=IvyBridge
cpu_model_extra_flags="pcid,ssbd, md-clear"
The above only lets you enable the CPU features. This RFE is to also
allow _disabling_ individual CPU features.
Why?
---
A couple of reasons:
- An Operator wants to generate a baseline CPU config (that facilates
live migration) across his Compute node pool. However, a certain
CPU flag is causing an inteolerable performance issue for their
guest workloads. If the Operator isolated the problem to _that_
specific CPU flag, then she would like to disable the flag.
- More importantly, a specific CPU flag might trigger a CPU
vulnerability. In such a case, the mitigation for it could be to
simply _disable_ the offending CPU flag.
Allowing disabling of individual CPU flags via Nova would enable the
above use cases.
How?
----
By allowing the notion of '+' / '-' to indicate whether to enable to
disable a given CPU flag.
E.g. if you specify the below in 'nova.conf' (on the Compute nodes):
[libvirt]
cpu_mode=custom
cpu_model=IvyBridge
cpu_model_extra_flags="+pcid,-mtrr,ssbd"
Then, when you start an instance, Nova should generate the below XML:
<cpu match='exact'>
<model fallback='forbid'>IvyBridge</model>
<vendor>Intel</vendor>
<feature policy='require' name='pcid'/>
<feature policy='disable' name='mtrr'/>
<feature policy='require' name='ssbd'/>
</cpu>
Note that the requirement to specify '+' / '-' for individual flags
should be optional. If neither is specified, then we should assume '+',
and enable the feature (as shown above for the 'ssbd' flag).
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1852437/+subscriptions
Follow ups
