On 4/29/20 3:25 PM, Daniel P. Berrangé wrote:
On Wed, Apr 29, 2020 at 10:19:20AM -0300, Daniel Henrique Barboza wrote:
On 4/28/20 12:58 PM, Boris Fiuczynski wrote:
From: Viktor Mihajlovski <mihajlov@xxxxxxxxxxxxx>
[...]
+
+If the check fails despite the host system actually supporting
+protected virtualization guests, this can be caused by a stale
+libvirt capabilities cache. To recover, run the following
+commands
+
+::
+
+ $ systemctl stop libvirtd
+ $ rm /var/cache/libvirt/qemu/capabilities/*.xml
+ $ systemctl start libvirtd
+
+
Why isn't Libvirt re-fetching the capabilities after host changes that affects
KVM capabilities? I see that we're following up QEMU timestamps to detect
if the binary changes, which is sensible, but what about /dev/kvm? Shouldn't
we refresh domain capabilities every time following a host reboot?
Caching of capabilities was done precisely to avoid refreshing on every boot
because it resulted in slow startup for apps using libvirt after boot.
We look for specific features that change as a way to indicate a refresh
is needed. If there's a need to delete the capabilities manually that
indicates we're missing some feature when deciding whether the cache is
stale.
Regards,
Daniel
Daniel's,
we will provide a patch serie proposing code for such caps cache
invalidation triggers for IBM Secure Execution as well as for AMD SEV.
Afterwards we can change the documentation as well.
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
