From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <d.csapak@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id D08919B811
for <pve-devel@lists.proxmox.com>; Thu, 25 May 2023 12:18:01 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 5C99529699
for <pve-devel@lists.proxmox.com>; Thu, 25 May 2023 12:18:01 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[94.136.29.106])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS
for <pve-devel@lists.proxmox.com>; Thu, 25 May 2023 12:17:57 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 525E1470CE
for <pve-devel@lists.proxmox.com>; Thu, 25 May 2023 12:17:57 +0200 (CEST)
From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 25 May 2023 12:17:42 +0200
Message-Id: <20230525101753.2078811-1-d.csapak@proxmox.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 0
AWL -0.135 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
POISEN_SPAM_PILL 0.1 Meta: its spam
POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes
POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
T_SCC_BODY_TEXT_LINE -0.01 -
Subject: [pve-devel] [PATCH
cluster/access-control/guest-common/qemu-server/manager v4] cluster mapping
backend
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2023 10:18:01 -0000
this series aims to add a cluster-wide device mapping for pci and usb
devices. so that an admin can configure a device to be availble for
migration and configuring for uses that are non-root
(the existing pattern can be copied easily for other types, e.g.
markus upcoming folder sharing)
note that this series requires the array support in api/section
config[0] but how the api is formed/where the data comes should not be
hard to change
also since the api changed quite drastically, the gui must be adapted,
and i'm not done with that yet, so sending the backend only for now
the series is a bigger change to the v3, so a closer look is probably
warranted
changes from v3:
* the configs are now split by type (for ease of use of the section
config) and live in pve-guest-common, to avoid a cyclic dependcy
* the configs are section configs now (with mentioned array support)
* the api is now only defined in /cluster/resource/{TYPE} and has
no nodespecific api anymore, besides a 'check-node' parameter
(see the pve-manager patch for more details on that)
* the internal structure of the pci parsing changed completely, making
the structure more understandable
* a single map entry now has the same semantic as the qemu-server
hostpci config entry, meaning if you want multiple mappings per host,
you have to add multiple map entries. this is a more flexible
approach, and the parsing code gets a bit simpler
* combined some properties in the config (e.g. vendor/device) so that
we don't have too many
* squashed some changes together, as they didn't make much sense
separately anyway (e.g. api/config patches) and it didn't make
reviewing easier
* changed the ACL paths & privileges to be more general
* surely some other changes i forgot..
changes from v2:
* some bug fixes (e.g use of unitialized variable)
* don't set mdev for multifunction devices
-> this should fix alexandres issue, since it's not possible anymore
to select a mediated device when having a multifunction device
selected
changes from v1:
* dropped 'check_hw_perm' (just use 'check_full' now)
* added some cleanups
* renamed the buttons in the ui (hopefully better now)
* added multi device mapping for each host
this includes a new 'multi pci' selector for that window, which
automatically adds entries for the whole slots which, when selected,
disabled the selection of the individual functions
* fixed some issues (e.g. missing entries in the 'caps' object, wrong
usb config parsing, etc.)
changes from the rfc:
* new cluster wide gui instead of node-local one (removed that, since
it's not necessary when we have a cluster-wide one)
* uses json instead of a section config
* api is quite different overall, i split the type into its own level
for configuring, similar to what we do in pbs
(e.g. /nodes/NODENAME/hardware/mapping/usb/)
* fixed quite some bugs the rfc had
* added patch for handling the gui with limited permissions better
* added a 'comment' field for mappings
dependencies are pretty straight forward this time around (if i'm not
overlooking something):
qemu-server/pve-manager -> new access-control/pve-guest-common -> new pve-cluster
0: https://lists.proxmox.com/pipermail/pve-devel/2023-May/056739.html
pve-cluster:
Dominik Csapak (1):
add cfg files for resource mapping
src/PVE/Cluster.pm | 2 ++
src/pmxcfs/status.c | 2 ++
2 files changed, 4 insertions(+)
pve-access-control:
Dominik Csapak (1):
add privileges and paths for cluster resource mapping
src/PVE/AccessControl.pm | 20 +++++++++++++++++++-
src/PVE/RPCEnvironment.pm | 7 +++++--
2 files changed, 24 insertions(+), 3 deletions(-)
pve-guest-common:
Dominik Csapak (1):
add PCI/USB Resource configs
src/Makefile | 3 +
src/PVE/Resource/PCI.pm | 226 ++++++++++++++++++++++++++++++++++++++++
src/PVE/Resource/USB.pm | 183 ++++++++++++++++++++++++++++++++
3 files changed, 412 insertions(+)
create mode 100644 src/PVE/Resource/PCI.pm
create mode 100644 src/PVE/Resource/USB.pm
qemu-server:
Dominik Csapak (6):
enable cluster mapped USB devices for guests
enable cluster mapped PCI devices for guests
check_local_resources: extend for mapped resources
api: migrate preconditions: use new check_local_resources info
migration: check for mapped resources
add test for mapped pci devices
PVE/API2/Qemu.pm | 110 +++++++-
PVE/QemuMigrate.pm | 23 +-
PVE/QemuServer.pm | 111 +++++---
PVE/QemuServer/PCI.pm | 243 +++++++++++++++---
PVE/QemuServer/USB.pm | 22 +-
test/MigrationTest/Shared.pm | 14 +
test/cfg2cmd/q35-linux-hostpci-mapping.conf | 17 ++
.../q35-linux-hostpci-mapping.conf.cmd | 36 +++
test/cfg2cmd/q35-linux-hostpci.conf | 2 +-
test/cfg2cmd/q35-linux-hostpci.conf.cmd | 2 +-
test/run_config2command_tests.pl | 83 ++++++
11 files changed, 575 insertions(+), 88 deletions(-)
create mode 100644 test/cfg2cmd/q35-linux-hostpci-mapping.conf
create mode 100644 test/cfg2cmd/q35-linux-hostpci-mapping.conf.cmd
pve-manager:
Dominik Csapak (2):
pvesh: fix parameters for proxyto_callback
api: add resource map api endpoints for PCI and USB
PVE/API2/Cluster.pm | 8 +
PVE/API2/Cluster/Makefile | 5 +
PVE/API2/Cluster/Resource.pm | 53 +++++
PVE/API2/Cluster/Resource/Makefile | 18 ++
PVE/API2/Cluster/Resource/PCI.pm | 297 +++++++++++++++++++++++++++++
PVE/API2/Cluster/Resource/USB.pm | 262 +++++++++++++++++++++++++
PVE/API2/Hardware.pm | 1 -
PVE/API2/Nodes.pm | 1 +
PVE/CLI/pvesh.pm | 10 +-
9 files changed, 650 insertions(+), 5 deletions(-)
create mode 100644 PVE/API2/Cluster/Resource.pm
create mode 100644 PVE/API2/Cluster/Resource/Makefile
create mode 100644 PVE/API2/Cluster/Resource/PCI.pm
create mode 100644 PVE/API2/Cluster/Resource/USB.pm
--
2.30.2