Added the ability to configuring white list of PCI devices
Change-Id: I94e72ad9fe2aa6a9a687e916fea6314521b87002
Related-Prod: PROD-23161 (PROD:23161)
diff --git a/.gitreview b/.gitreview
new file mode 100644
index 0000000..c3b59b4
--- /dev/null
+++ b/.gitreview
@@ -0,0 +1,4 @@
+[gerrit]
+host=gerrit.mcp.mirantis.com
+port=29418
+project=salt-formulas/nova.git
diff --git a/README.rst b/README.rst
index a290d34..e57665b 100644
--- a/README.rst
+++ b/README.rst
@@ -325,6 +325,9 @@
name: "a1"
product_id: "154d"
vendor_id: "8086"
+ passthrough_whitelist:
+ - vendor_id: "10de"
+ product_id: "1db4"
network:
engine: neutron
host: 127.0.0.1
@@ -481,7 +484,7 @@
barbican:
enabled: true
-Define aliases for PCI devices:
+Define aliases for a PCI passthrough devices:
.. code-block:: yaml
nova:
@@ -495,6 +498,17 @@
product_id: "154d"
vendor_id: "8086"
+Define white list of PCI devices available to VMs:
+.. code-block:: yaml
+
+ nova:
+ compute:
+ ...
+ pci:
+ passthrough_whitelist:
+ - vendor_id: "10de"
+ product_id: "1db4"
+
Nova metadata custom bindings:
.. code-block:: yaml
diff --git a/nova/files/ocata/nova-compute.conf.Debian b/nova/files/ocata/nova-compute.conf.Debian
index 3c069ed..3fbf86a 100644
--- a/nova/files/ocata/nova-compute.conf.Debian
+++ b/nova/files/ocata/nova-compute.conf.Debian
@@ -8343,6 +8343,13 @@
{%- endfor %}
{%- endif %}
+{%- if compute.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in compute.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
+
[placement]
#
diff --git a/nova/files/ocata/nova-controller.conf.Debian b/nova/files/ocata/nova-controller.conf.Debian
index 11cec7e..440a2cd 100644
--- a/nova/files/ocata/nova-controller.conf.Debian
+++ b/nova/files/ocata/nova-controller.conf.Debian
@@ -8315,6 +8315,11 @@
# (multi valued)
# Deprecated group/name - [DEFAULT]/pci_passthrough_whitelist
#passthrough_whitelist =
+{%- if controller.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in controller.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
[placement]
diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index a43729a..9bbd313 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian
@@ -8542,6 +8542,13 @@
{%- endfor %}
{%- endif %}
+{%- if compute.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in compute.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
+
[placement]
#
diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index 8b59db2..01c05d6 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian
@@ -8525,6 +8525,11 @@
# (multi valued)
# Deprecated group/name - [DEFAULT]/pci_passthrough_whitelist
#passthrough_whitelist =
+{%- if controller.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in controller.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
[placement]
diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
index b8bb59e..ba5e9ed 100644
--- a/nova/files/queens/nova-compute.conf.Debian
+++ b/nova/files/queens/nova-compute.conf.Debian
@@ -8234,6 +8234,13 @@
{%- endfor %}
{%- endif %}
+{%- if compute.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in compute.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
+
[placement]
#
diff --git a/nova/files/queens/nova-controller.conf.Debian b/nova/files/queens/nova-controller.conf.Debian
index 757353f..7218677 100644
--- a/nova/files/queens/nova-controller.conf.Debian
+++ b/nova/files/queens/nova-controller.conf.Debian
@@ -8095,6 +8095,13 @@
{%- endfor %}
{%- endif %}
+{%- if controller.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in controller.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
+
[placement]
{%- set _data = controller.identity %}
diff --git a/nova/files/rocky/nova-compute.conf.Debian b/nova/files/rocky/nova-compute.conf.Debian
index 62d8503..0063e6f 100644
--- a/nova/files/rocky/nova-compute.conf.Debian
+++ b/nova/files/rocky/nova-compute.conf.Debian
@@ -7442,6 +7442,12 @@
{%- endfor %}
{%- endif %}
+{%- if compute.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in compute.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
[placement]
diff --git a/nova/files/rocky/nova-controller.conf.Debian b/nova/files/rocky/nova-controller.conf.Debian
index bf72a10..6e04826 100644
--- a/nova/files/rocky/nova-controller.conf.Debian
+++ b/nova/files/rocky/nova-controller.conf.Debian
@@ -7263,6 +7263,12 @@
{%- endfor %}
{%- endif %}
+{%- if controller.get('pci', {}).get('passthrough_whitelist', false) %}
+ {%- for item in controller.pci.passthrough_whitelist %}
+passthrough_whitelist = {{ item | json }}
+ {%- endfor %}
+{%- endif %}
+
[placement]