Detect maximum guests with AMD-SEV by libvirt API

Registered by Takashi Kajinami

AMD SEV-capable hardware has a fixed number of slots for holing encryption keys, thus supports limited number of guests with SEV enabled.
The [libvirt] num_memory_encrypted_guests option was initially added to make nova ware of that limit, because there was no libvirt API to obtain that limit[1], and if the option is not set then nova imposes no limit.

However the limit is presented by libvirt since libvirt 8.0.0[2][3] as part of domain capabilities.

```
# virsh domcapabilities
<domainCapabilities>
  ...
  <features>
    ...
    <sev supported='yes'>
      <cbitpos>47</cbitpos>
      <reducedPhysBits>1</reducedPhysBits>
      <maxGuests>100</maxGuests>
      <maxESGuests>15</maxESGuests>
    </sev>
    ...
  </features>
</domainCapabilities>
```

So now we can use this information to determine maximum number of SEV guests (as planned earlier) and reduce the options operators have to set properly.

Note that libvirt provides maximum number of SEV guests as well as one for SEV-ES guests, but because Nova supports only SEV guests now, we ignore the SEV-ES part.

[1] https://review.opendev.org/c/openstack/nova/+/666616
[2] https://gitlab.com/libvirt/libvirt/-/commit/34cb8f6fcd6a56a7bbcef2f7402def1682509e16
[3] https://gitlab.com/libvirt/libvirt/-/commit/7826148a72c97367fc6aaa76397fe92d32169723

Blueprint information

Status:
Started
Approver:
Sylvain Bauza
Priority:
Undefined
Drafter:
Takashi Kajinami
Direction:
Approved
Assignee:
Takashi Kajinami
Definition:
Approved
Series goal:
Accepted for 2024.1
Implementation:
Needs Code Review
Milestone target:
None
Started by
Sylvain Bauza

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:bp/libvirt-detect-sev-max-guests

[20231123 bauzas] Approved as a specless bp during the previous nova weekly meeting
Addressed by: https://review.opendev.org/c/openstack/nova/+/899381
    Detect maximum number of SEV guests automatically

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.