| opendevreview | Merged openstack/nova master: [doc] Improve description for nova-manage db purge https://review.opendev.org/c/openstack/nova/+/919746 | 02:44 |
|---|---|---|
| opendevreview | Rajesh Tailor proposed openstack/nova master: Handle neutron-client conflict https://review.opendev.org/c/openstack/nova/+/918048 | 07:06 |
| zigo | Hi. Is it still the case that VMs with SEV cannot be live-migrated? | 12:36 |
| sean-k-mooney | im pretty sure we supprote sev live migration in the inital release | 12:46 |
| sean-k-mooney | oh apprently not https://docs.openstack.org/nova/latest/admin/sev.html#impermanent-limitations | 12:46 |
| zigo | That's not what the doc says indeed. | 12:46 |
| sean-k-mooney | we have not modifyied it but the only reason we woudl not have supported it orginally is if qemu did not supprot it | 12:47 |
| sean-k-mooney | https://lore.kernel.org/all/20190809185434.GH2840@work-vm/T/ there was a patch to enabel it | 12:48 |
| sean-k-mooney | but i dont know if that ever merged | 12:48 |
| sean-k-mooney | still listed as todo https://www.qemu.org/docs/master/system/i386/amd-memory-encryption.html#live-migration | 12:48 |
| tkajinam | zigo, as you said the patch has never been merged. sev_mig_blocker is still present in the latest qemu. | 12:58 |
| tkajinam | I'm not aware of any work to implement live migration for SEV instances recently. I guess AMD put more focus on SEV-SNP now | 12:59 |
| tkajinam | Intel is working to implement live migration support in Intel TDX 1.5 . I don't know how long it would take until it reaches upstream (tdx 1.0 is not yet merged upstream afaik) but that's explained explicitly as an upcoming feature | 13:01 |
| sean-k-mooney | tkajinam: well SEV-SNP would depend on live migration supprot for sev in general right | 13:54 |
| sean-k-mooney | i.e. if amd wanted to supprot live-migration for SEV-SNP i doubt they coudl do that without first closing the general sev gap | 13:54 |
| zigo | Ok, thanks for the details. | 13:55 |
| sean-k-mooney | zigo: on a related not live migration is not currently supproted with vTPM either that is more upsetting as i expect it will be more widely used becasue of microsfot requiring it for windows server | 13:56 |
| sean-k-mooney | as far as we can tell qemu currently only supprot live migration if you put the vtpm dir on nfs or another shared file system where they do not require the tpm data ot be copied... | 13:57 |
| zigo | sean-k-mooney: But the vTPM files are somewhere in /etc/libvirt, no? | 13:58 |
| sean-k-mooney | by default i think so yes | 13:59 |
| sean-k-mooney | i woudl have to check the code | 13:59 |
| sean-k-mooney | but they are not in /var/lib/nova/** as far as i recal | 13:59 |
| tkajinam | sean-k-mooney, yeah I guess so, because SEV-SNP uses SEV as its core with additional protection features > lm support for SEV-SNP would depend on one for SEV | 14:19 |
| -opendevstatus- NOTICE: There will be a short Gerrit outage while we update to the latest 3.8 release in preparation for next weeks 3.9 upgrade. | 17:01 | |
| opendevreview | sean mooney proposed openstack/nova master: [WIP] retry write_sys call on device busy https://review.opendev.org/c/openstack/nova/+/920203 | 17:59 |
| opendevreview | Merged openstack/nova-specs master: Remove template files from non-empty directories https://review.opendev.org/c/openstack/nova-specs/+/919597 | 18:34 |
| opendevreview | Merged openstack/nova master: Stop using split UEC image (mostly) https://review.opendev.org/c/openstack/nova/+/919739 | 19:03 |
| opendevreview | melanie witt proposed openstack/nova-specs master: Re-propose specs for ephemeral encryption https://review.opendev.org/c/openstack/nova-specs/+/907654 | 19:29 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!