[pve-devel] [PATCH cluster/access-control/guest-common/qemu-server/manager v4] cluster mapping backend

[Dominik Csapak <d.csapak@proxmox.com>]

this series aims to add a cluster-wide device mapping for pci and usb
devices. so that an admin can configure a device to be availble for
migration and configuring for uses that are non-root
(the existing pattern can be copied easily for other types, e.g.
markus upcoming folder sharing)

note that this series requires the array support in api/section
config[0] but how the api is formed/where the data comes should not be
hard to change

also since the api changed quite drastically, the gui must be adapted,
and i'm not done with that yet, so sending the backend only for now

the series is a bigger change to the v3, so a closer look is probably
warranted

changes from v3:
* the configs are now split by type (for ease of use of the section
  config) and live in pve-guest-common, to avoid a cyclic dependcy
* the configs are section configs now (with mentioned array support)
* the api is now only defined in /cluster/resource/{TYPE} and has
  no nodespecific api anymore, besides a 'check-node' parameter
  (see the pve-manager patch for more details on that)
* the internal structure of the pci parsing changed completely, making
  the structure more understandable
* a single map entry now has the same semantic as the qemu-server
  hostpci config entry, meaning if you want multiple mappings per host,
  you have to add multiple map entries. this is a more flexible
  approach, and the parsing code gets a bit simpler
* combined some properties in the config (e.g. vendor/device) so that
  we don't have too many
* squashed some changes together, as they didn't make much sense
  separately anyway (e.g. api/config patches) and it didn't make
  reviewing easier
* changed the ACL paths & privileges to be more general
* surely some other changes i forgot..

changes from v2:
* some bug fixes (e.g use of unitialized variable)
* don't set mdev for multifunction devices
  -> this should fix alexandres issue, since it's not possible anymore
  to select a mediated device when having a multifunction device
  selected

changes from v1:
* dropped 'check_hw_perm' (just use 'check_full' now)
* added some cleanups
* renamed the buttons in the ui (hopefully better now)
* added multi device mapping for each host
  this includes a new 'multi pci' selector for that window, which
  automatically adds entries for the whole slots which, when selected,
  disabled the selection of the individual functions
* fixed some issues (e.g. missing entries in the 'caps' object, wrong
  usb config parsing, etc.)

changes from the rfc:
* new cluster wide gui instead of node-local one (removed that, since
  it's not necessary when we have a cluster-wide one)
* uses json instead of a section config
* api is quite different overall, i split the type into its own level
  for configuring, similar to what we do in pbs
  (e.g. /nodes/NODENAME/hardware/mapping/usb/)
* fixed quite some bugs the rfc had
* added patch for handling the gui with limited permissions better
* added a 'comment' field for mappings

dependencies are pretty straight forward this time around (if i'm not
overlooking something):

qemu-server/pve-manager -> new access-control/pve-guest-common -> new pve-cluster

0: https://lists.proxmox.com/pipermail/pve-devel/2023-May/056739.html

pve-cluster:

Dominik Csapak (1):
  add cfg files for resource mapping

 src/PVE/Cluster.pm  | 2 ++
 src/pmxcfs/status.c | 2 ++
 2 files changed, 4 insertions(+)

pve-access-control:

Dominik Csapak (1):
  add privileges and paths for cluster resource mapping

 src/PVE/AccessControl.pm  | 20 +++++++++++++++++++-
 src/PVE/RPCEnvironment.pm |  7 +++++--
 2 files changed, 24 insertions(+), 3 deletions(-)

pve-guest-common:

Dominik Csapak (1):
  add PCI/USB Resource configs

 src/Makefile            |   3 +
 src/PVE/Resource/PCI.pm | 226 ++++++++++++++++++++++++++++++++++++++++
 src/PVE/Resource/USB.pm | 183 ++++++++++++++++++++++++++++++++
 3 files changed, 412 insertions(+)
 create mode 100644 src/PVE/Resource/PCI.pm
 create mode 100644 src/PVE/Resource/USB.pm

qemu-server:

Dominik Csapak (6):
  enable cluster mapped USB devices for guests
  enable cluster mapped PCI devices for guests
  check_local_resources: extend for mapped resources
  api: migrate preconditions: use new check_local_resources info
  migration: check for mapped resources
  add test for mapped pci devices

 PVE/API2/Qemu.pm                              | 110 +++++++-
 PVE/QemuMigrate.pm                            |  23 +-
 PVE/QemuServer.pm                             | 111 +++++---
 PVE/QemuServer/PCI.pm                         | 243 +++++++++++++++---
 PVE/QemuServer/USB.pm                         |  22 +-
 test/MigrationTest/Shared.pm                  |  14 +
 test/cfg2cmd/q35-linux-hostpci-mapping.conf   |  17 ++
 .../q35-linux-hostpci-mapping.conf.cmd        |  36 +++
 test/cfg2cmd/q35-linux-hostpci.conf           |   2 +-
 test/cfg2cmd/q35-linux-hostpci.conf.cmd       |   2 +-
 test/run_config2command_tests.pl              |  83 ++++++
 11 files changed, 575 insertions(+), 88 deletions(-)
 create mode 100644 test/cfg2cmd/q35-linux-hostpci-mapping.conf
 create mode 100644 test/cfg2cmd/q35-linux-hostpci-mapping.conf.cmd

pve-manager:

Dominik Csapak (2):
  pvesh: fix parameters for proxyto_callback
  api: add resource map api endpoints for PCI and USB

 PVE/API2/Cluster.pm                |   8 +
 PVE/API2/Cluster/Makefile          |   5 +
 PVE/API2/Cluster/Resource.pm       |  53 +++++
 PVE/API2/Cluster/Resource/Makefile |  18 ++
 PVE/API2/Cluster/Resource/PCI.pm   | 297 +++++++++++++++++++++++++++++
 PVE/API2/Cluster/Resource/USB.pm   | 262 +++++++++++++++++++++++++
 PVE/API2/Hardware.pm               |   1 -
 PVE/API2/Nodes.pm                  |   1 +
 PVE/CLI/pvesh.pm                   |  10 +-
 9 files changed, 650 insertions(+), 5 deletions(-)
 create mode 100644 PVE/API2/Cluster/Resource.pm
 create mode 100644 PVE/API2/Cluster/Resource/Makefile
 create mode 100644 PVE/API2/Cluster/Resource/PCI.pm
 create mode 100644 PVE/API2/Cluster/Resource/USB.pm

-- 
2.30.2