yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2020813] Re: OVS hardware offload for non admin users requires custom Neutron API policy

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <2020813@xxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Oct 2023 14:36:58 -0000
Reply-to: Bug 2020813 <2020813@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/nova/+/884439
Committed: https://opendev.org/openstack/nova/commit/cef3b5ef2cc1fe983578e4966208cf95fdea5880
Submitter: "Zuul (22348)"
Branch:    master

commit cef3b5ef2cc1fe983578e4966208cf95fdea5880
Author: Alexey Stupnikov <aleksey.stupnikov@xxxxxxxxx>
Date:   Thu May 25 21:23:32 2023 +0200

    Translate VF network capabilities to port binding
    
    Libvirt's node device driver accumulates and reports information
    about host devices. Network capabilities reported by node device
    driver for NIC contain information about HW offloads supported
    by this NIC.
    
    One of possible features reported by node device driver is
    switchdev: a NIC capability to implement VFs similar to actual
    HW switch ports (also referred to as SR-IOV OVS hardware offload).
    From Neutron perspective, vnic-type should be set to "direct" and
    "switchdev" capability should be added to port binding profile to
    enable HW offload (there are also configuration steps on compute
    hosts to tune NIC config).
    
    This patch was written to automatically translate "switchdev" from
    VF network capabilities reported by node device driver to Neutron
    port binding profile and allow user to skip manual step that
    requires admin privileges.
    
    Other capabilities are also translated: they are not used right
    now, but provide visibility and can be utilized later.
    
    Closes-bug: #2020813
    Closes-bug: #2008238
    Change-Id: I3b17f386325b8f42c0c374f766fb21c520161a59


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2020813

Title:
  OVS hardware offload for non admin users requires custom Neutron API
  policy

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  OVS hardware offload was originally intended to be a feature used by
  normal users. But bugfix
  https://review.opendev.org/c/openstack/neutron/+/499203 for bug
  #1713590 removed the ability for non-admins to use OVS hardware
  offload without changing neutron default policy in a non-secure
  manner: "switchdev" capability must be added to port binding profile
  after port is created.

  At the same time, libvirt node device driver reports "switchdev"
  capability and we can translate it from NIC PCI device object to port
  binding profile when port is attached.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2020813/+subscriptions

References

[Bug 2020813] [NEW] OVS hardware offload for non admin users requires custom Neutron API policy
From: Alexey Stupnikov, 2023-05-25