[Openstack-operators] libvirt+qemu-kvm passthrough device prep/cleanup
Blair Bethwaite
blair.bethwaite at gmail.com
Fri Oct 17 05:49:13 UTC 2014
Hi all,
We have a few nodes with Dell ExpressFlash PCIe SSDs with which we are
using Nova pci passthrough associated with special flavors to handle
device assignment, but we need a way to clean up the device contents
for privacy/security. Wondering if anyone can provide
pointers/comments/experience on such things.
I see libvirt has the ability to add hooks, the closest of which seems
to be the qemu release hook (though not sure if this is right to match
instance terminate). I guess if that is appropriate we could hack
something together which:
1) parsed the domain xml to find the appropriate pci BDF of the
device/s in question
2) then we'd have to unbind them from the pci-stub module so the host
could access them
3) then I suppose dd zero the /dev/rssd* nodes
4) rebind the device with pci-stub
5) exit 0
Before we try that path, have others have been-there done-that?
--
Cheers,
~Blairo
More information about the OpenStack-operators
mailing list