Chapter 11. Configuring CPU feature flags for instances

Procedure

1. Log in to the undercloud as the stack user.

2. Source the stackrc file:

   [stack@director ~]$ source ~/stackrc

   Copy to Clipboard Toggle word wrap
3. Open your Compute environment file.

4. Configure the instance CPU mode:

   parameter_defaults:
     ComputeParameters:
       NovaLibvirtCPUMode: <cpu_mode>

   Copy to Clipboard Toggle word wrap

   Replace <cpu_mode> with the CPU mode of each instance on the Compute node. Set to one of the following valid values:

   • host-model: (Default) Use the CPU model of the host Compute node. Use this CPU mode to automatically add critical CPU flags to the instance to provide mitigation from security flaws.

   • custom: Use to configure the specific CPU models each instance should use.

     Note

     You can also set the CPU mode to host-passthrough to use the same CPU model and feature flags as the Compute node for the instances hosted on that Compute node.

5. Optional: If you set NovaLibvirtCPUMode to custom, configure the instance CPU models that you want to customise:

   parameter_defaults:
     ComputeParameters:
       NovaLibvirtCPUMode: 'custom'
       NovaLibvirtCPUModels: <cpu_model>

   Copy to Clipboard Toggle word wrap

   Replace <cpu_model> with a comma-separated list of the CPU models that the host supports. List the CPU models in order, placing the more common and less advanced CPU models first in the list, and the more feature-rich CPU models last, for example, SandyBridge,IvyBridge,Haswell,Broadwell. For a list of model names, see /usr/share/libvirt/cpu_map.xml, or enter the following command on the host Compute node:

   $ sudo podman exec -it nova_libvirt virsh cpu-models <arch>

   Copy to Clipboard Toggle word wrap

   Replace <arch> with the name of the architecture of the Compute node, for example, x86_64.

6. Configure the CPU feature flags for instances with the specified CPU models:

   parameter_defaults:
     ComputeParameters:
       ...
       NovaLibvirtCPUModelExtraFlags: <cpu_feature_flags>

   Copy to Clipboard Toggle word wrap

   Replace <cpu_feature_flags> with a comma-separated list of feature flags to enable or disable. Prefix each flag with "+" to enable the flag, or "-" to disable it. If a prefix is not specified, the flag is enabled. For a list of the available feature flags for a given CPU model, see /usr/share/libvirt/cpu_map/*.xml.

   The following example enables the CPU feature flags pcid and ssbd for the IvyBridge and Cascadelake-Server models, and disables the feature flag mtrr.

   parameter_defaults:
     ComputeParameters:
       NovaLibvirtCPUMode: 'custom'
       NovaLibvirtCPUModels: 'IvyBridge','Cascadelake-Server'
       NovaLibvirtCPUModelExtraFlags: 'pcid,+ssbd,-mtrr'

   Copy to Clipboard Toggle word wrap

7. Add your Compute environment file to the stack with your other environment files and deploy the overcloud:

   (undercloud)$ openstack overcloud deploy --templates \
    -e [your environment files] \
    -e /home/stack/templates/<compute_environment_file>.yaml

   Copy to Clipboard Toggle word wrap