Add new metadata definition of memory encryption model

Nova recently introduced support of SEV-ES, to extend the existing
memory encryption support using SEV. Add the new metadef value to
explain the flavor extra spec and the image property to determine
the hardware/CPU feature for memory encryption.

Also fix the outdated link of nova documentation about AMD SEV support.

Depends-on: https://review.opendev.org/c/openstack/nova/+/926106
Change-Id: I9063663a3b14161a67da59a68f5f7c92fd5447f5
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>

doc/source/admin/useful-image-properties.rst

@@ -444,11 +444,27 @@ Here is a list of useful image properties and the values they expect.
 
   Enables encryption of guest memory at the hardware level, if
   there are compute hosts available which support this. See
-  `nova's documentation on configuration of the KVM hypervisor
-  <https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization>`_
+  `nova's documentation on configuration of AMD SEV
+  <https://docs.openstack.org/nova/latest/admin/sev.html>`_
   for more details.
 
-  Only supported by the libvirt driver.
+  Only supported by the libvirt driver with the KVM/QEMU hypervisor.
+
+``hw_mem_encryption_model``
+  :Type: str
+
+  The hardware feature name to encrypt guest memory, if there are compute hosts
+  available which support this. See
+  `nova's documentation on configuration of AMD SEV
+  <https://docs.openstack.org/nova/latest/admin/sev.html>`_
+  for more details.
+
+  Only supported by the libvirt driver with the KVM/QEMU hypervisor.
+
+  One of:
+
+  - ``amd-sev``
+  - ``amd-sev-es``
 
 ``hw_virtio_packed_ring``
   :Type: bool

etc/metadefs/compute-libvirt.json

@@ -29,11 +29,16 @@
         },
         "mem_encryption": {
             "title": "Hardware Memory Encryption",
-            "description": "Enables encryption of guest memory at the hardware level, if there are compute hosts available which support this. See https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization for details.",
+            "description": "Enables encryption of guest memory at the hardware level, if there are compute hosts available which support this. See https://docs.openstack.org/nova/latest/admin/sev.html for details.",
             "type": "string",
             "enum": ["true", "false"]
-        }
-        ,
+        },
+        "mem_encryption_model": {
+            "title": "Hardware Memory Encryption Model",
+            "description": "The hardware feature name to encrypt guest memory, if there are compute hosts available which support this. See https://docs.openstack.org/nova/latest/admin/sev.html for details.",
+            "type": "string",
+            "enum": ["amd-sev", "amd-sev-es"]
+        },
         "virtio_packed_ring": {
             "title": "Virtio Packed Ring",
             "description": "Enables Packed VIRT-IO Queue feature. When set to true, instance will bescheduled to hosts that support negotiating the packed virt queue format. This feature may or may not be enabled depending on the guest driver. When used it will improve the small packet performance of network io.",

glance/tests/functional/db/base_metadef.py

@@ -773,7 +773,7 @@ class MetadefLoadUnloadTests:
         'CIM::VirtualSystemSettingData': 17,
         'OS::Compute::XenAPI': 1,
         'OS::Compute::InstanceData': 2,
-        'OS::Compute::Libvirt': 4,
+        'OS::Compute::Libvirt': 5,
         'OS::Compute::VMwareQuotaFlavor': 2,
         'OS::Cinder::Volumetype': 1,
         'OS::Glance::Signatures': 4,

releasenotes/notes/flamingo-metadef-changes-413a952cf47927ce.yaml

@@ -0,0 +1,12 @@
+---
+upgrade:
+  - |
+    The following metadata definitions have been modified in the Flamingo
+    release:
+
+    * Added ``hw_memory_encryption_model`` enumerations in
+      the ``OS::Compute::Libvirt`` namespace.
+
+    You may upgrade these definitions using:
+
+    ``glance-manage db load_metadefs [--path <path>] [--merge] [--prefer_new]``