From 3c8a66a1c99a026aa135398ea6e4b9a6ee634367 Mon Sep 17 00:00:00 2001
From: Adam Spiers <aspiers@suse.com>
Date: Thu, 25 Apr 2019 11:22:46 +0100
Subject: [PATCH] Add MEM_ENCRYPTION_CONTEXT resource class

Add a resource class representing the number of guests a compute node
can host concurrently with memory encrypted at the hardware level.

Initially this is required because on AMD SEV-capable hardware, the
memory controller has a fixed number of slots for holding encryption
keys, one per guest.  Typical hardware only has 15 slots, thereby
limiting the number of SEV guests which can be run concurrently to 15.
nova needs to track how many slots are available and used in order to
avoid attempting to exceeding that limit in the hardware.

In the future support may be added for equivalent functionality from
other vendors, such as Intel MKTME; however it is not yet known
whether MKTME would have a similar limit.

See

  http://specs.openstack.org/openstack/nova-specs/specs/train/approved/amd-sev-libvirt-support.html

for more details, and

  http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2019-04-23.log.html#t2019-04-23T20:35:19
  https://review.opendev.org/#/c/641994/

for the bike-shedding discussion over the name.

Change-Id: I97a015d4070db947e4b96fb35021da01d61016cc
blueprint: amd-sev-libvirt-support
---
 os_resource_classes/__init__.py                       | 4 ++++
 os_resource_classes/tests/test_os_resource_classes.py | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/os_resource_classes/__init__.py b/os_resource_classes/__init__.py
index 07b3082..53ecc01 100644
--- a/os_resource_classes/__init__.py
+++ b/os_resource_classes/__init__.py
@@ -64,6 +64,10 @@ STANDARDS = [
     # guest. A dedicated CPU is a physical processor that has been marked
     # to be used for a single guest only
     'PCPU',
+    # Resource class representing the number of guests a compute node can
+    # host with memory encrypted at the hardware level.  See
+    # http://specs.openstack.org/openstack/nova-specs/specs/train/approved/amd-sev-libvirt-support.html
+    'MEM_ENCRYPTION_CONTEXT',
 ]
 
 # Namespace used for custom resource classes
diff --git a/os_resource_classes/tests/test_os_resource_classes.py b/os_resource_classes/tests/test_os_resource_classes.py
index dd3e4e5..2976ce7 100644
--- a/os_resource_classes/tests/test_os_resource_classes.py
+++ b/os_resource_classes/tests/test_os_resource_classes.py
@@ -44,8 +44,8 @@ class TestOs_resource_classes(base.TestCase):
         of the STANDARDS list, otherwise database ids will get confused
         in the placement service.
         """
-        expected_last_class = rc.PCPU
-        expected_length = 15
+        expected_last_class = rc.MEM_ENCRYPTION_CONTEXT
+        expected_length = 16
         self.assertEqual(expected_last_class, rc.STANDARDS[-1])
         self.assertEqual(expected_length, len(rc.STANDARDS))