From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id ECB1C7CCB8 for ; Tue, 19 Jul 2022 13:47:21 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7D13C28F34 for ; Tue, 19 Jul 2022 13:46:49 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 19 Jul 2022 13:46:40 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8D47C4301A for ; Tue, 19 Jul 2022 13:46:40 +0200 (CEST) From: Dominik Csapak To: pve-devel@lists.proxmox.com Date: Tue, 19 Jul 2022 13:46:16 +0200 Message-Id: <20220719114639.3035048-1-d.csapak@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.058 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [accesscontrol.pm, qemumigrate.pm, qemu.pm, hardwaremap.pm, rpcenvironment.pm, hardware.pm, cluster.pm, pci.pm, usb.pm, qemuserver.pm, mapping.pm] Subject: [pve-devel] [PATCH many] add cluster-wide hardware device mapping X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2022 11:47:22 -0000 this series aims to add a cluster-wide device mapping for pci and usb devices. so that an admin can configure a device to be availble for migration and configuring for uses that are non-root built-in are some additional safety checks in contrast to current passthrough, e.g. if pci addresses shift, with the mapping we can detect that and prevent a vm to boot with the wrong device (in most cases, there are some edge cases when one has multiple of the same device, e.g. the same gpu, that we cannot detect) a few pain points that are probably worth discussing/thinking about: (i did not really get feedback on my last RFC on this) * the config format i changed to a json backed config, since it makes handling it much easier (since we have a id -> nodenames -> mapping relation that we cannot easily represent with a section config). some (small) parts are written from scratch (update/createSchema for instance) but we would have to do that anyway if wanted i can make the section config work, but it makes the handling quite a big uglier (for example, we have name the usb/pci properties differently because the section config cannnot have different formats for different sections) * getting the cluster wide info the configuring of mappings is all done via node specific api paths, but i created a cluster wide api path that returns the overall structure for easy consumption from the gui. to get the remaining data from the other nodes, i let the gui make an api call for each node. alternatively we could distribute the necessary info via pmxcfs, but we'd have to broadcast basically the whole pci listing for all nodes in a relatively short interval, only for it to be extremly seldomly used (when looking at the cluster wide hardware mappings...) * some minor things that can be improved are how the gui looks/behaves: - 'add new' and 'add mapping' are probably to similar, but i did not come up with really better alternatives - i find the tree of entry -> node-mappings nice, but there may be an even better representation? - position in cluster menu is probably not optimal (but where to put it?) changes from the rfc: * new cluster wide gui instead of node-local one (removed that, since it's not necessary when we have a cluster-wide one) * uses json instead of a section config * api is quite different overall, i split the type into its own level for configuring, similar to what we do in pbs (e.g. /nodes/NODENAME/hardware/mapping/usb/) * fixed quite some bugs the rfc had * added patch for handling the gui with limited permissions better * added a 'comment' field for mappings dependencies are ofc: manager depends on qemu-server,pve-access-control,pve-common qemu-server depends on pve-access-control,pve-common pve-common depends on pve-cluster pve-cluster: Dominik Csapak (1): add nodes/hardware-map.conf data/PVE/Cluster.pm | 1 + data/src/status.c | 1 + 2 files changed, 2 insertions(+) pve-access-control: Dominik Csapak (2): PVE/AccessControl: add Hardware.* privileges and /hardware/ paths PVE/RPCEnvironment: add helper for checking hw permissions src/PVE/AccessControl.pm | 13 +++++++++++++ src/PVE/RPCEnvironment.pm | 9 +++++++++ 2 files changed, 22 insertions(+) pve-common: Dominik Csapak (1): add PVE/HardwareMap src/Makefile | 1 + src/PVE/HardwareMap.pm | 363 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 364 insertions(+) create mode 100644 src/PVE/HardwareMap.pm qemu-server: Dominik Csapak (7): PVE/QemuServer: allow mapped usb devices in config PVE/QemuServer: allow mapped pci deviced in config PVE/API2/Qemu: add permission checks for mapped usb devices PVE/API2/Qemu: add permission checks for mapped pci devices PVE/QemuServer: extend 'check_local_resources' for mapped resources PVE/API2/Qemu: migrate preconditions: use new check_local_resources info PVE/QemuMigrate: check for mapped resources on migration PVE/API2/Qemu.pm | 108 ++++++++++++++++++++++++++++++++++++++---- PVE/QemuMigrate.pm | 13 ++++- PVE/QemuServer.pm | 38 ++++++++++++++- PVE/QemuServer/PCI.pm | 20 +++++++- PVE/QemuServer/USB.pm | 21 +++++++- 5 files changed, 185 insertions(+), 15 deletions(-) pve-manager: Dominik Csapak (12): PVE/API2/Hardware: add Mapping.pm PVE/API2/Cluster: add Hardware mapping list api call ui: form/USBSelector: make it more flexible with nodename ui: form: add PCIMapSelector ui: form: add USBMapSelector ui: qemu/PCIEdit: rework panel to add a mapped configuration ui: qemu/USBEdit: add 'mapped' device case ui: add window/PCIEdit: edit window for pci mappings ui: add window/USBEdit: edit window for usb mappings ui: add dc/HardwareView: a CRUD interface for hardware mapping ui: window/Migrate: allow mapped devices ui: improve permission handling for hardware PVE/API2/Cluster.pm | 8 + PVE/API2/Cluster/Hardware.pm | 117 +++++ PVE/API2/Cluster/Makefile | 1 + PVE/API2/Hardware.pm | 6 + PVE/API2/Hardware/Makefile | 1 + PVE/API2/Hardware/Mapping.pm | 708 ++++++++++++++++++++++++++++ www/manager6/Makefile | 5 + www/manager6/data/PermPathStore.js | 1 + www/manager6/dc/Config.js | 18 +- www/manager6/dc/HardwareView.js | 314 ++++++++++++ www/manager6/form/PCIMapSelector.js | 95 ++++ www/manager6/form/PCISelector.js | 18 +- www/manager6/form/USBMapSelector.js | 73 +++ www/manager6/form/USBSelector.js | 33 +- www/manager6/qemu/HardwareView.js | 17 +- www/manager6/qemu/PCIEdit.js | 231 ++++++--- www/manager6/qemu/USBEdit.js | 34 +- www/manager6/window/Migrate.js | 37 +- www/manager6/window/PCIEdit.js | 323 +++++++++++++ www/manager6/window/USBEdit.js | 248 ++++++++++ 20 files changed, 2185 insertions(+), 103 deletions(-) create mode 100644 PVE/API2/Cluster/Hardware.pm create mode 100644 PVE/API2/Hardware/Mapping.pm create mode 100644 www/manager6/dc/HardwareView.js create mode 100644 www/manager6/form/PCIMapSelector.js create mode 100644 www/manager6/form/USBMapSelector.js create mode 100644 www/manager6/window/PCIEdit.js create mode 100644 www/manager6/window/USBEdit.js -- 2.30.2