Difference between revisions of "Main Page/cobbler"
Line 5: | Line 5: | ||
http://creativecommons.org/licenses/by/3.0/legalcode | http://creativecommons.org/licenses/by/3.0/legalcode | ||
− | + | =================================== | |
− | Support | + | Support function of USB-redirection |
− | + | =================================== | |
− | We provide VDI(Virtual Desktop) | + | We provide VDI(Virtual Desktop)solution for customers, our customers have strong |
− | our customers have strong requirements for using USB devices. | + | requirements for using USB devices. |
The typical use cases and our solutions are described as below: | The typical use cases and our solutions are described as below: | ||
− | + | Customers want to use local USB printers or USB scanners with | |
− | TC(Thin-Client), because remote desktop protocol like ICA have already | + | TC(Thin-Client), because remote desktop protocol like ICA have already supported |
USB-redirection, so customers only need to attach USB device to TC, the protocol | USB-redirection, so customers only need to attach USB device to TC, the protocol | ||
can map USB device to VM. | can map USB device to VM. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Problem description | |
− | + | =================== | |
− | |||
− | |||
− | + | Use cases: | |
− | + | A end user wants to print some documents in cloud environments, him perform the | |
+ | following steps: | ||
− | + | 1. Create a VM with virtual USB-redirection devices. | |
− | + | 2. Use TC with spice client to connect to VM, insert USB printer to TC, select | |
− | to | + | printer to redirect to VM in GUI of spice client. |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | 3. User can see printer in VM and use printer to print documents. | |
− | + | A end user wants to take a video chat with friends in cloud environments, him | |
− | |||
perform the following steps: | perform the following steps: | ||
− | 1. | + | 1. Create a VM with virtual USB-redirection devices. |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | 2. Use TC with spice client to connect to VM, insert USB camera to TC, select | |
+ | camera to redirect to VM in GUI of spice client. | ||
− | + | 3. User can see camera in VM and take video chat with friends. | |
− | |||
Proposed change | Proposed change | ||
=============== | =============== | ||
− | + | 1. Add function of create USB-redirection device in libvirt driver. | |
− | + | 2. Support specify USB-redirection device in flavor and create VM with this kind | |
− | + | of flavor. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Alternatives | Alternatives | ||
Line 90: | Line 60: | ||
----------------- | ----------------- | ||
− | + | 1. Add USB-redirection device data object in libvirt driver, the libvirt xml may | |
− | + | like: | |
− | 1. | + | <redirdev bus='usb' type='spicevmc'> |
− | + | <alias name='redir0'/> | |
− | + | </redirdev> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | 2. Use key-value to specify USB-redirection device in flavor, the schema may like: | ||
+ | {"usb_redirection_devices":{["bus": usb, "type": "spicevmc"]}} | ||
REST API impact | REST API impact | ||
Line 123: | Line 87: | ||
--------------------- | --------------------- | ||
− | + | None | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Line 162: | Line 105: | ||
---------------- | ---------------- | ||
− | + | None | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Implementation | Implementation | ||
Line 204: | Line 119: | ||
Work Items | Work Items | ||
---------- | ---------- | ||
− | Step 1: | + | Step 1: Add object of USB-redirection device in libvirt driver. |
− | |||
− | |||
− | |||
− | |||
− | |||
− | Step | + | Step 2: Create VM with flvor which contains USB-redirection device. |
Dependencies | Dependencies | ||
Line 222: | Line 132: | ||
======= | ======= | ||
− | + | None | |
Line 236: | Line 146: | ||
None | None | ||
− | + | ||
.. | .. | ||
This work is licensed under a Creative Commons Attribution 3.0 Unported | This work is licensed under a Creative Commons Attribution 3.0 Unported | ||
Line 243: | Line 153: | ||
http://creativecommons.org/licenses/by/3.0/legalcode | http://creativecommons.org/licenses/by/3.0/legalcode | ||
− | + | ============================== | |
− | + | Support hot-plug of USB device | |
− | ============================== | + | ============================== |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Users have requirements of using USB device, the detailed information can refer | |
− | + | to BP https://blueprints.launchpad.net/nova/+spec/usb-passthrough. | |
+ | There maybe some VMs which need to use USB device, so I think it is | ||
+ | necessary to provide function of hot-plug USB device. | ||
Problem description | Problem description | ||
Line 268: | Line 168: | ||
Use cases: | Use cases: | ||
− | 1. The administrator | + | A user wants to install ERP software which needs USB-KEY for authentication in a |
− | and | + | running VM. he proposes request to system administrator and they perform the |
+ | following steps: | ||
+ | |||
+ | 1. The administrator goes to the machine room and insert USB-KEY to host where | ||
+ | the VM is running in. | ||
+ | |||
+ | 2. The administrator adds some configuration(like white-list with USB-KEY's product | ||
+ | and vendor information) to nova-compute, restart nova-compute to trigger it to | ||
+ | discovery new devices and save them to DB. | ||
− | + | 3. The end user queries USB-KEY information from API or portal. | |
− | |||
+ | 4. The end user attaches USB-KEY to VM. | ||
Proposed change | Proposed change | ||
=============== | =============== | ||
+ | |||
+ | The idea of how to implement this function can refer to pci-passthrough. | ||
We should add the following functions to nova: | We should add the following functions to nova: | ||
− | |||
− | |||
− | 2. | + | 1. Add API to query USB device information of a hypervisor. |
− | VM. | + | |
+ | 2. Add API to attach USB device to a VM. | ||
+ | |||
+ | 3. Add API to detach USB device from a VM. | ||
Alternatives | Alternatives | ||
Line 293: | Line 204: | ||
----------------- | ----------------- | ||
− | + | It can refer to https://review.openstack.org/#/c/86118/ | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Line 316: | Line 210: | ||
--------------- | --------------- | ||
− | + | * API for attach USB device to VM | |
+ | V2 API specification: | ||
+ | Post v2/{tenant_id}/servers/{server_id}/action | ||
+ | { | ||
+ | "attach_usb_devices": {"usb_devices_requests":[{"id": 1}]} | ||
+ | } | ||
+ | V3 API specification: | ||
+ | Post v3/servers/{server_id}/action | ||
+ | |||
+ | * API for attach USB device to VM | ||
+ | V2 API specification: | ||
+ | Post v2/{tenant_id}/servers/{server_id}/action | ||
+ | { | ||
+ | "detach_usb_devices": {"usb_devices_requests":[{"id": 1}]} | ||
+ | } | ||
+ | V3 API specification: | ||
+ | Post v3/servers/{server_id}/action | ||
Security impact | Security impact | ||
Line 331: | Line 241: | ||
--------------------- | --------------------- | ||
− | + | It can refer to https://review.openstack.org/#/c/86118/ | |
+ | |||
Performance Impact | Performance Impact | ||
Line 337: | Line 248: | ||
None | None | ||
+ | |||
Other deployer impact | Other deployer impact | ||
Line 342: | Line 254: | ||
None | None | ||
+ | |||
Developer impact | Developer impact | ||
---------------- | ---------------- | ||
− | + | It can refer to https://review.openstack.org/#/c/86118/ | |
Implementation | Implementation | ||
Line 360: | Line 273: | ||
Work Items | Work Items | ||
---------- | ---------- | ||
− | Step 1: | + | Step 1: |
− | |||
Dependencies | Dependencies | ||
============ | ============ | ||
− | + | None | |
Line 374: | Line 286: | ||
It is necessary to add tempest for this new function. | It is necessary to add tempest for this new function. | ||
+ | |||
Documentation Impact | Documentation Impact | ||
Line 384: | Line 297: | ||
========== | ========== | ||
− | + | None | |
− | |||
− | |||
.. | .. | ||
This work is licensed under a Creative Commons Attribution 3.0 Unported | This work is licensed under a Creative Commons Attribution 3.0 Unported | ||
Line 395: | Line 306: | ||
http://creativecommons.org/licenses/by/3.0/legalcode | http://creativecommons.org/licenses/by/3.0/legalcode | ||
− | + | ================================= | |
− | + | Support passthrough of USB device | |
− | + | ================================= | |
− | + | We provide VDI(Virtual Desktop) and server virtualization solutions for customers, | |
− | + | our customers have strong requirements for using USB devices. | |
− | + | The typical use cases and our solutions are described as below: | |
− | + | 1.In VDI solution, customers want to use local USB printers or USB scanners with | |
− | + | TC(Thin-Client), because remote desktop protocol like ICA have already support | |
+ | USB-redirection, so customers only need to attach USB device to TC, the protocol | ||
+ | can map USB device to VM. | ||
− | 1. | + | 2. In virtualization solution, when starting or restarting some business-critical |
+ | applications, a connected USB-KEY is needed for authentication, some applications | ||
+ | even need a daily authentication by USB-KEY. we suggest the following solutions: | ||
+ | (1) Using physical 'USB-HUB' box and technology of USB-redirection over TCP/IP. | ||
+ | Customers need to buy USB-HUB and install software in guest os, the software helps | ||
+ | redirecting USB device to VM. | ||
− | 2. | + | (2) Using USB-Passthrough functions provided by our virtualization software. |
− | + | The end users(normally application or system administrators) insert USB devices | |
+ | to host that containing the VM, then can see USB device list in portal and choose | ||
+ | USB device to attach. | ||
− | As described above, I think USB | + | This solution has advantages that |
+ | |||
+ | 1. It doesn't need additional physical devices. | ||
+ | |||
+ | 2. It doesn't need a special server to run spice client for USB-Redirection. | ||
+ | |||
+ | 3. Business-critical applications commonly need stable and long-standing USB-KEY | ||
+ | to attach, USB-Passthrough maybe more stable than USB-Redirection over TCP/IP or | ||
+ | remote desktop protocol. | ||
+ | |||
+ | As described above, I think USB-Passthrough is valuable in Openstack. | ||
+ | |||
+ | This BP is focus on how to provide USB-Passthrough function in Openstack. | ||
Line 419: | Line 351: | ||
Use cases: | Use cases: | ||
− | 1. The administrator | + | In private cloud, a end user wants to create a VM to run ERP software which needs |
− | + | a USB-KEY for authentication, he proposes request to system administrator, they | |
+ | perform the following steps: | ||
+ | |||
+ | 1. The administrator goes to the machine room and chooses a host to insert USB-KEY | ||
+ | to. | ||
+ | |||
+ | 2. The administrator adds some configuration(like white-list with USB-KEY's product | ||
+ | and vendor information) to nova-compute, restart nova-compute to trigger it to | ||
+ | discovery new devices and save them to DB. | ||
− | + | 3. The administrator queries USB-KEY information from API or portal | |
− | USB | ||
+ | 4. The administrator creates a flavor with USB-KEY information queried by above. | ||
+ | |||
+ | 5. The end user creates a VM with above flavor, the system chooses the host which | ||
+ | contains the USB-KEY to run VM and attach USB-KEY to it. | ||
Proposed change | Proposed change | ||
=============== | =============== | ||
+ | |||
+ | The idea of how to implement this function can reference to pci-passthrough. | ||
We should add the following functions to nova: | We should add the following functions to nova: | ||
− | |||
− | |||
− | 2. Nova should support to create | + | 1. Nova should support to auto-discover usb devices and save them in DB. |
− | + | ||
+ | 2. Nova should support to create a flavor which contains usb device information. | ||
+ | |||
+ | 3. Nova should support to create VM with a flavor which contains usb device | ||
+ | information. | ||
Alternatives | Alternatives | ||
Line 444: | Line 391: | ||
----------------- | ----------------- | ||
− | + | The idea of how to implement this function can reference to pci-passthrough. | |
− | + | ||
+ | 1. In libvirt driver layer, add function to discover USB devices. A white-list | ||
+ | maybe needed here to filter proper devices. | ||
+ | |||
+ | 2. In DB layer, (1) add a new table 'usb_devices' to store USB device information. | ||
+ | (2) add a key-value pair to instance_system_metadata table to store USB device | ||
+ | information which have been assigned to the VM. | ||
+ | |||
+ | tag | ||
+ | The definition of usb_devices: | ||
+ | +-----------------+--------------+------+-----+---------+----------------+ | ||
+ | | Field | Type | Null | Key | Default | Extra | | ||
+ | +-----------------+--------------+------+-----+---------+----------------+ | ||
+ | | created_at | datetime | YES | | NULL | | | ||
+ | | updated_at | datetime | YES | | NULL | | | ||
+ | | deleted_at | datetime | YES | | NULL | | | ||
+ | | deleted | int(11) | NO | | NULL | | | ||
+ | | id | int(11) | NO | PRI | NULL | auto_increment | | ||
+ | | compute_node_id | int(11) | NO | MUL | NULL | | | ||
+ | | address | varchar(12) | NO | | NULL | | | ||
+ | | product_id | varchar(4) | YES | | NULL | | | ||
+ | | vendor_id | varchar(4) | YES | | NULL | | | ||
+ | | bus_id | int(10) | YES | | NULL | | | ||
+ | | device_id | int(10) | YES | | NULL | | | ||
+ | | port_id | int(10) | YES | | NULL | | | ||
+ | | status | varchar(36) | NO | | NULL | | | ||
+ | | extra_info | text | YES | | NULL | | | ||
+ | | instance_uuid | varchar(36) | YES | MUL | NULL | | | ||
+ | +-----------------+--------------+------+-----+---------+----------------+ | ||
+ | |||
+ | 3. In scheduler layer, add a filter to find host which contains the usb devices. | ||
+ | |||
+ | tag | ||
+ | 4. The schema of flavor which contains USB device information may like this: | ||
+ | {"usb_devices":[{"id": 5}]} | ||
Line 451: | Line 432: | ||
--------------- | --------------- | ||
− | + | tag | |
+ | * API for query USB device information of a hypervisor | ||
+ | V2 API specification: | ||
+ | GET v2/{tenant_id}/os-hypervisors/{hypervisor_hostname} | ||
+ | V3 API specification: | ||
+ | GET v3/os-hypervisors/{hypervisor_hostname} | ||
+ | |||
+ | The response JSON contains the variable "usb_device_stats" | ||
+ | {"hypervisor": | ||
+ | {"usb_device_stats": | ||
+ | [ | ||
+ | { | ||
+ | "id": 1, | ||
+ | "compute_node_id": 1, | ||
+ | "address": "usb_2_3", | ||
+ | "product_id": "1520", | ||
+ | "vendor_id": "8086", | ||
+ | "bus_id": "2", | ||
+ | "device_id": "3", | ||
+ | "port_id": "", | ||
+ | "status":"available", | ||
+ | "extra_info": "" | ||
+ | "instance_uuid":"" | ||
+ | } | ||
+ | ] | ||
+ | } | ||
+ | } | ||
Security impact | Security impact | ||
Line 466: | Line 473: | ||
--------------------- | --------------------- | ||
− | + | This new function may have restrictions and have impaction on other functions, | |
+ | I recognise the followings: | ||
+ | |||
+ | tag | ||
+ | 1. A VM with USB device doesn't support to do migration(live-migration, with shared | ||
+ | storage or not). | ||
+ | |||
+ | 2. When detach/re-attach USB device from/to host or restart host, the physical | ||
+ | identifier of USB device may change, then VM can not use USB device. To start VM | ||
+ | with wrong bus id may fail too. If this happen ser can detach wrong USB device, | ||
+ | re-attach the new USB device | ||
+ | |||
+ | 3. When delete a VM with USB device, system should detach USB device from VM and | ||
+ | update USB device information. | ||
+ | |||
+ | 4. Currently we plan to provide this function in KVM environment but not consider | ||
+ | too much for xen. | ||
+ | |||
Performance Impact | Performance Impact | ||
Line 472: | Line 496: | ||
None | None | ||
+ | |||
Other deployer impact | Other deployer impact | ||
Line 477: | Line 502: | ||
None | None | ||
+ | |||
Developer impact | Developer impact | ||
---------------- | ---------------- | ||
− | + | tag | |
+ | |||
+ | How to distinguish USB device is important because user wants to specify | ||
+ | which USB device to which VM. | ||
+ | |||
+ | I consider this issue as follows: | ||
+ | |||
+ | 1. The key information of USB device which are supported by libvirt are | ||
+ | vendor id, product id, bus and device. Bellow is a example: | ||
+ | |||
+ | <hostdev mode='subsystem' type='usb'> | ||
+ | <source> | ||
+ | <vendor id='0x136b'/> | ||
+ | <product id='0x0003'/> | ||
+ | <address bus='2' device='3'/> | ||
+ | </source> | ||
+ | </hostdev> | ||
+ | |||
+ | Different USB devices may have the same vendor id and product id, so they are not | ||
+ | appropriate for distinguish devices. | ||
+ | |||
+ | The bus+device maybe a good choice to distinguish devices, but device id may | ||
+ | change every time detach/reattach USB device from/to host. | ||
+ | |||
+ | The 'port id' by which USB device attach to physical USB controller can keep | ||
+ | constant but libvirt doesn't support it by now. | ||
+ | |||
+ | So I think bus+device maybe the best choice by now. Once 'port id' changes, USB | ||
+ | device will been recognized as new device, user can re-attach the new device. | ||
+ | |||
+ | 2. Add usb_white_list and usb_white_list_switch parameters to nova-compute | ||
+ | configuration file. | ||
+ | |||
+ | The usb_white_list_switch is used to control if open white-list function and the | ||
+ | default value is "off". | ||
+ | |||
+ | The usb_white_list is used to provide more specific control. The schema may like: | ||
+ | usb_passthrough_whitelist = [{"product": "0x0003", "vendor": "0x136b", "bus": "2", | ||
+ | "device": "2"}] | ||
Implementation | Implementation | ||
Line 495: | Line 559: | ||
Work Items | Work Items | ||
---------- | ---------- | ||
− | Step 1: Implement function of | + | Step 1: Implement function of discover usb device in libvirt driver. |
− | Step 2: Implement function of | + | Step 2: Implement function of periodically update USB device information from |
+ | nova-compute to DB. | ||
+ | |||
+ | Step 3: Implement function of create VM with USB device. | ||
+ | |||
+ | Step 4: Make changes to other functions which are affected by this new function. | ||
Dependencies | Dependencies | ||
Line 514: | Line 583: | ||
==================== | ==================== | ||
− | + | It is necessary to add doc for how to use this new function. | |
Line 520: | Line 589: | ||
========== | ========== | ||
− | + | None |
Revision as of 10:37, 23 April 2014
..
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
http://creativecommons.org/licenses/by/3.0/legalcode
=======================
Support function of USB-redirection
=======================
We provide VDI(Virtual Desktop)solution for customers, our customers have strong requirements for using USB devices.
The typical use cases and our solutions are described as below: Customers want to use local USB printers or USB scanners with TC(Thin-Client), because remote desktop protocol like ICA have already supported USB-redirection, so customers only need to attach USB device to TC, the protocol can map USB device to VM.
Problem description
=======
Use cases:
A end user wants to print some documents in cloud environments, him perform the following steps:
1. Create a VM with virtual USB-redirection devices.
2. Use TC with spice client to connect to VM, insert USB printer to TC, select printer to redirect to VM in GUI of spice client.
3. User can see printer in VM and use printer to print documents.
A end user wants to take a video chat with friends in cloud environments, him perform the following steps:
1. Create a VM with virtual USB-redirection devices.
2. Use TC with spice client to connect to VM, insert USB camera to TC, select camera to redirect to VM in GUI of spice client.
3. User can see camera in VM and take video chat with friends.
Proposed change
===
1. Add function of create USB-redirection device in libvirt driver.
2. Support specify USB-redirection device in flavor and create VM with this kind of flavor.
Alternatives
None
Data model impact
1. Add USB-redirection device data object in libvirt driver, the libvirt xml may like:
<redirdev bus='usb' type='spicevmc'> <alias name='redir0'/> </redirdev>
2. Use key-value to specify USB-redirection device in flavor, the schema may like: {"usb_redirection_devices":{["bus": usb, "type": "spicevmc"]}}
REST API impact
None
Security impact
None
Notifications impact
None
Other end user impact
None
Performance Impact
None
Other deployer impact
None
Developer impact
None
Implementation
==
Assignee(s)
Primary assignee:
<Jing Yuan>
Work Items
Step 1: Add object of USB-redirection device in libvirt driver.
Step 2: Create VM with flvor which contains USB-redirection device.
Dependencies
==
None
Testing
=
None
Documentation Impact
========
It is necessary to add doc for how to use this new function.
References
==
None
..
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
http://creativecommons.org/licenses/by/3.0/legalcode
==================
Support hot-plug of USB device
==================
Users have requirements of using USB device, the detailed information can refer to BP https://blueprints.launchpad.net/nova/+spec/usb-passthrough.
There maybe some VMs which need to use USB device, so I think it is necessary to provide function of hot-plug USB device.
Problem description
=======
Use cases:
A user wants to install ERP software which needs USB-KEY for authentication in a running VM. he proposes request to system administrator and they perform the following steps:
1. The administrator goes to the machine room and insert USB-KEY to host where the VM is running in.
2. The administrator adds some configuration(like white-list with USB-KEY's product and vendor information) to nova-compute, restart nova-compute to trigger it to discovery new devices and save them to DB.
3. The end user queries USB-KEY information from API or portal.
4. The end user attaches USB-KEY to VM.
Proposed change
===
The idea of how to implement this function can refer to pci-passthrough.
We should add the following functions to nova:
1. Add API to query USB device information of a hypervisor.
2. Add API to attach USB device to a VM.
3. Add API to detach USB device from a VM.
Alternatives
None
Data model impact
It can refer to https://review.openstack.org/#/c/86118/
REST API impact
- API for attach USB device to VM
V2 API specification: Post v2/{tenant_id}/servers/{server_id}/action {
"attach_usb_devices": {"usb_devices_requests":[{"id": 1}]}
} V3 API specification: Post v3/servers/{server_id}/action
- API for attach USB device to VM
V2 API specification: Post v2/{tenant_id}/servers/{server_id}/action {
"detach_usb_devices": {"usb_devices_requests":[{"id": 1}]}
} V3 API specification: Post v3/servers/{server_id}/action
Security impact
None
Notifications impact
None
Other end user impact
It can refer to https://review.openstack.org/#/c/86118/
Performance Impact
None
Other deployer impact
None
Developer impact
It can refer to https://review.openstack.org/#/c/86118/
Implementation
==
Assignee(s)
Primary assignee:
<Jing Yuan>
Work Items
Step 1:
Dependencies
==
None
Testing
=
It is necessary to add tempest for this new function.
Documentation Impact
========
It is necessary to add doc for how to use this new function.
References
==
None
..
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
http://creativecommons.org/licenses/by/3.0/legalcode
=====================
Support passthrough of USB device
=====================
We provide VDI(Virtual Desktop) and server virtualization solutions for customers, our customers have strong requirements for using USB devices.
The typical use cases and our solutions are described as below: 1.In VDI solution, customers want to use local USB printers or USB scanners with TC(Thin-Client), because remote desktop protocol like ICA have already support USB-redirection, so customers only need to attach USB device to TC, the protocol can map USB device to VM.
2. In virtualization solution, when starting or restarting some business-critical applications, a connected USB-KEY is needed for authentication, some applications even need a daily authentication by USB-KEY. we suggest the following solutions: (1) Using physical 'USB-HUB' box and technology of USB-redirection over TCP/IP. Customers need to buy USB-HUB and install software in guest os, the software helps redirecting USB device to VM.
(2) Using USB-Passthrough functions provided by our virtualization software. The end users(normally application or system administrators) insert USB devices to host that containing the VM, then can see USB device list in portal and choose USB device to attach.
This solution has advantages that
1. It doesn't need additional physical devices.
2. It doesn't need a special server to run spice client for USB-Redirection.
3. Business-critical applications commonly need stable and long-standing USB-KEY to attach, USB-Passthrough maybe more stable than USB-Redirection over TCP/IP or remote desktop protocol.
As described above, I think USB-Passthrough is valuable in Openstack.
This BP is focus on how to provide USB-Passthrough function in Openstack.
Problem description
=======
Use cases:
In private cloud, a end user wants to create a VM to run ERP software which needs a USB-KEY for authentication, he proposes request to system administrator, they perform the following steps:
1. The administrator goes to the machine room and chooses a host to insert USB-KEY to.
2. The administrator adds some configuration(like white-list with USB-KEY's product and vendor information) to nova-compute, restart nova-compute to trigger it to discovery new devices and save them to DB.
3. The administrator queries USB-KEY information from API or portal
4. The administrator creates a flavor with USB-KEY information queried by above.
5. The end user creates a VM with above flavor, the system chooses the host which contains the USB-KEY to run VM and attach USB-KEY to it.
Proposed change
===
The idea of how to implement this function can reference to pci-passthrough.
We should add the following functions to nova:
1. Nova should support to auto-discover usb devices and save them in DB.
2. Nova should support to create a flavor which contains usb device information.
3. Nova should support to create VM with a flavor which contains usb device information.
Alternatives
None
Data model impact
The idea of how to implement this function can reference to pci-passthrough.
1. In libvirt driver layer, add function to discover USB devices. A white-list maybe needed here to filter proper devices.
2. In DB layer, (1) add a new table 'usb_devices' to store USB device information. (2) add a key-value pair to instance_system_metadata table to store USB device information which have been assigned to the VM.
tag The definition of usb_devices: +-----------------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------------+--------------+------+-----+---------+----------------+ | created_at | datetime | YES | | NULL | | | updated_at | datetime | YES | | NULL | | | deleted_at | datetime | YES | | NULL | | | deleted | int(11) | NO | | NULL | | | id | int(11) | NO | PRI | NULL | auto_increment | | compute_node_id | int(11) | NO | MUL | NULL | | | address | varchar(12) | NO | | NULL | | | product_id | varchar(4) | YES | | NULL | | | vendor_id | varchar(4) | YES | | NULL | | | bus_id | int(10) | YES | | NULL | | | device_id | int(10) | YES | | NULL | | | port_id | int(10) | YES | | NULL | | | status | varchar(36) | NO | | NULL | | | extra_info | text | YES | | NULL | | | instance_uuid | varchar(36) | YES | MUL | NULL | | +-----------------+--------------+------+-----+---------+----------------+
3. In scheduler layer, add a filter to find host which contains the usb devices.
tag 4. The schema of flavor which contains USB device information may like this: {"usb_devices":[{"id": 5}]}
REST API impact
tag
- API for query USB device information of a hypervisor
V2 API specification: GET v2/{tenant_id}/os-hypervisors/{hypervisor_hostname} V3 API specification: GET v3/os-hypervisors/{hypervisor_hostname}
The response JSON contains the variable "usb_device_stats" {"hypervisor":
{"usb_device_stats": [ { "id": 1, "compute_node_id": 1, "address": "usb_2_3", "product_id": "1520", "vendor_id": "8086", "bus_id": "2", "device_id": "3", "port_id": "", "status":"available", "extra_info": "" "instance_uuid":"" } ] }
}
Security impact
None
Notifications impact
None
Other end user impact
This new function may have restrictions and have impaction on other functions, I recognise the followings:
tag 1. A VM with USB device doesn't support to do migration(live-migration, with shared storage or not).
2. When detach/re-attach USB device from/to host or restart host, the physical identifier of USB device may change, then VM can not use USB device. To start VM with wrong bus id may fail too. If this happen ser can detach wrong USB device, re-attach the new USB device
3. When delete a VM with USB device, system should detach USB device from VM and update USB device information.
4. Currently we plan to provide this function in KVM environment but not consider too much for xen.
Performance Impact
None
Other deployer impact
None
Developer impact
tag
How to distinguish USB device is important because user wants to specify which USB device to which VM.
I consider this issue as follows:
1. The key information of USB device which are supported by libvirt are vendor id, product id, bus and device. Bellow is a example:
<hostdev mode='subsystem' type='usb'>
<vendor id='0x136b'/>
<product id='0x0003'/>
<address bus='2' device='3'/>
</hostdev>
Different USB devices may have the same vendor id and product id, so they are not appropriate for distinguish devices.
The bus+device maybe a good choice to distinguish devices, but device id may change every time detach/reattach USB device from/to host.
The 'port id' by which USB device attach to physical USB controller can keep constant but libvirt doesn't support it by now.
So I think bus+device maybe the best choice by now. Once 'port id' changes, USB device will been recognized as new device, user can re-attach the new device.
2. Add usb_white_list and usb_white_list_switch parameters to nova-compute configuration file.
The usb_white_list_switch is used to control if open white-list function and the default value is "off".
The usb_white_list is used to provide more specific control. The schema may like: usb_passthrough_whitelist = [{"product": "0x0003", "vendor": "0x136b", "bus": "2", "device": "2"}]
Implementation
==
Assignee(s)
Primary assignee:
<Jing Yuan>
Work Items
Step 1: Implement function of discover usb device in libvirt driver.
Step 2: Implement function of periodically update USB device information from nova-compute to DB.
Step 3: Implement function of create VM with USB device.
Step 4: Make changes to other functions which are affected by this new function.
Dependencies
==
None
Testing
=
It is necessary to add tempest for this new function.
Documentation Impact
========
It is necessary to add doc for how to use this new function.
References
==
None