Allow ability to disable individual CPU flags

Registered by Kashyap Chamarthy on 2019-11-13

What?
---------

When using a custom CPU model, Nova currently allows enabling
individual CPU flags/features via the config attribute,
`cpu_model_extra_flags`:

    [libvirt]
    cpu_mode=custom
    cpu_models=IvyBridge
    cpu_model_extra_flags="pcid,ssbd, md-clear"

The above only lets you enable the CPU features. This RFE is to also
allow _disabling_ individual CPU features.

Why?
--------

A couple of reasons:

  - An Operator wants to generate a baseline CPU config (that facilates
    live migration) across his Compute node pool. However, a certain
    CPU flag is causing an inteolerable performance issue for their
    guest workloads. If the Operator isolated the problem to _that_
    specific CPU flag, then she would like to disable the flag.

  - More importantly, a specific CPU flag might trigger a CPU
    vulnerability. In such a case, the mitigation for it could be to
    simply _disable_ the offending CPU flag.

Allowing disabling of individual CPU flags via Nova would enable the
above use cases.

How?
--------

By allowing the notion of '+' / '-' to indicate whether to enable to
disable a given CPU flag.

E.g. if you specify the below in 'nova.conf' (on the Compute nodes):

    [libvirt]
    cpu_mode=custom
    cpu_models=IvyBridge
    cpu_model_extra_flags=+pcid,-mtrr,ssbd

Then, when you start an instance, Nova should generate the below XML:

    <cpu match='exact'>
      <model fallback='forbid'>IvyBridge</model>
      <vendor>Intel</vendor>
      <feature policy='require' name='pcid'/>
      <feature policy='disable' name='mtrr'/>
      <feature policy='require' name='ssbd'/>
    </cpu>

Note that the requirement to specify '+' / '-' for individual flags
should be optional. If neither is specified, then we should assume '+',
and enable the feature (as shown above for the 'ssbd' flag).

Blueprint information

Status:
Complete
Approver:
Balazs Gibizer
Priority:
Undefined
Drafter:
Kashyap Chamarthy
Direction:
Approved
Assignee:
Kashyap Chamarthy
Definition:
Approved
Series goal:
Accepted for wallaby
Implementation:
Implemented
Milestone target:
milestone icon wallaby-3
Started by
Balazs Gibizer
Completed by
Balazs Gibizer

Whiteboard

[20210211 gibi]: Granted late approval on the nova meeting.

Implementation: https://review.opendev.org/c/openstack/nova/+/774240

[20210305 gibi]: the implementation has been merged to Wallaby

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.