Friday, 2017-08-25

edmondswefried it seems the biggest problem with using these fake PCI addresses is that an operator filling out the conf won't know how to get that...13:47
edmondswwhy does nova care about the format of those addresses?13:47
efriedThe operator doesn't need to know about the fake PCI addresses as yet.13:47
edmondswthey will to fill out a conf that adds address= to the whitelist13:48
efriedbecause they assume they can access /sys/bus/.../<pci_address>/blah/blah13:48
efriedYeah, so if we need to do that, and we get to a point where we *can* do that, we're going to need to provide access to the spoofed PCI addresses via pvmctl.13:48
efriedWe're going to need to doc how to get the vendor & product ID from pvmctl anyway.13:49
efriedCause they're called pci_vendor_id and pci_dev_id, respectively, right now.13:49
efriedWe could add @property aliases for them to allow them to be gotten by a more expected name.13:49
edmondswsure, but that makes sense, vendor/product IDs are real things, and they're already there13:50
efriedAnd we could add a @property for pci_address too - though I would want to name it carefully so as not to imply that it's a *real* PCI address.13:50
efriedCould do it via pvmctl, or via some other CLI utility we ship with nova-powervm.13:50
edmondswI get that nova assumes they can access /sys/bus... but they don't need to here, so they shouldn't care in this flow... i.e. we should be able to propose nova changes to no longer care about this format, right?13:50
efriedI'm still on the fence about whether to do the PCI address spoofing in pypowervm or in nova.13:51
edmondswI'd rather go down the "fix nova" road until we hit a roadblock there, before going down the "hack pvm" road13:51
efriedYou mean so we can use something arbitrary (like the DRC index) as the address?13:51
edmondswyeah, whatever makes sense... I thought there was something more user friendly than drc13:52
efriedThe location code.  But same point.13:52
efriedRight now the whitelist code is heavily invested in storing and validating PCI addresses as domain:bus:slot.func.13:53
efriedAnd doing the whitelist x alias filtering based on that format13:53
efriedincluding the ability to wildcard any of those components.13:53
edmondswright... that rings a bell... so that's what would have to change13:53
efriedSo if you whitelisted *:12:ab.*, you would match a device with address abcd:12:ab.7 but not abcd:13:ab.713:54
efriedYeah, I would expect a LOT of resistance getting that setup overhauled.13:54
efriedThat said, it *may* be the case that the new resource provider work would lend itself to bypassing that entire shenanigans.13:56
edmondswwe can try, at least :) I thought talking to Jay in Boston he agreed that this was a mess and really shouldn't be PCI address-specific13:57
edmondswbut of course that's just one person we'd need to win over13:57
efriededmondsw I'm talking about it in -nova.  Don't yet have the attention of the right people, but stephenfin and cdent are listening.14:07
edmondswefried cool... I'm on a call, but I'll try to keep up as I can14:08
