OpenStack虚拟化PCI设备直通

1、确定主板和CPU都支持虚拟化技术,在BIOS将VT-d(芯片组、IO)、VT-x(CPU)设置成启用。

2、确保BIOS中启用了SR-IOV。

3、内核启动参数设置,开启IOMMU。

# 检查系统是否启用iommu
cat /proc/cmdline | grep iommu

# 编辑/etc/default/grub文件
# X86架构设置为
GRUB_CMDLINE_LINUX_DEFAULT="intel_iommu=on iommu=pt"
# ARM架构设置为
GRUB_CMDLINE_LINUX_DEFAULT="iommu.passthrough=on iommu=pt"

更新grub2

rm -f /boot/grub2/grubenv

[ -d /sys/firmware/efi ] && echo UEFI || echo BIOS  # 判断启动方式

grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg  # UEFI模式启动
# grub2-mkconfig -o /boot/grub2/grub.cfg  # BIOS模式启动

shutdown -r now

重启后再次检查

cat /proc/cmdline | grep iommu  # 内核IO虚拟化启用确认
dmesg | grep -iE '(iommu|DMAR)'  # IO虚拟化确认
grep -cE '(vmx|svm)' /proc/cpuinfo  # CPU虚拟化确认

4、列出主机上的PCI设备及名称和ID

# 查询vendor_id和product_id,输出如[8086:8d10],8086为vendor_id,8d10为product_id
lspci -nn
00:1c.0 PCI bridge [0604]: Intel Corporation C610/X99 series chipset PCI Express Root Port #1 [8086:8d10] (rev d5)

5、确认驱动

lspci -vv -s 01:00.0 | grep driver
lspci -vv -s 01:00.1 | grep driver
lspci -vv -s 01:00.3 | grep driver
lspci -vv -s 06:00.2 | grep driver 
	Kernel driver in use: xhci_hcd

配置加载vfio-pci模块

# 配置加载vfio-pci模块,编辑/etc/modules,添加如下内容
vfio
vfio_pci
vfio_virqfd
vfio_iommu_type1

# 重启
shutdown -r now

配置设备vfio驱动

# 解绑定原有驱动
echo 0000:01:00.0 >>/sys/bus/pci/devices/0000\:01\:00.0/driver/unbind
echo 0000:01:00.1 >>/sys/bus/pci/devices/0000\:01\:00.1/driver/unbind
echo 0000:01:00.3 >>/sys/bus/pci/devices/0000\:01\:00.3/driver/unbind

# 绑定到vfio-pci
echo 125b 9100 > /sys/bus/pci/drivers/vfio-pci/new_id

# 获取设备所在的iommu group
readlink /sys/bus/pci/devices/0000\:01\:00.0/iommu_group
../../../../kernel/iommu_groups/31

# 查看设备使用的驱动,都显示vfio说明正确
# 注意,一定要看到设备使用vfio-pci作为驱动才能直通,否则无法直通
lspci -vv -s 01:00.0 | grep driver
	Kernel driver in use: vfio-pci
lspci -vv -s 01:00.1 | grep driver
	Kernel driver in use: vfio-pci
lspci -vv -s 01:00.3 | grep driver
	Kernel driver in use: vfio-pci

6、配置nova_scheduler

[filter_scheduler]
enabled_filters = AvailabilityZoneFilter, ComputeFilter, ComputeCapabilitiesFilter, ImagePropertiesFilter, ServerGroupAntiAffinityFilter, ServerGroupAffinityFilter, PciPassthroughFilter
available_filters = nova.scheduler.filters.all_filters

7、配置nova_api

[pci]
alias = { "vendor_id":"125b", "product_id":"9100", "device_type":"type-PCI", "name":"a1" }

# device_type网卡为type-PF,其他PCI设备为type-PCI。如果有多个设备,定义多个alias

8、配置nova_compute

[pci] 
alias = {"name":"a1", "product_id":"9100", "vendor_id":"125b", "device_type":"type-PCI"}
passthrough_whitelist = [{ "vendor_id": "125b", "product_id": "9100" }]

# alias配置与nova_api一致,passthrough_whitelist只需要vendor_id和product_id即可
# 如果有多个设备,定义多个alias,passthrough_whitelist写成json格式的列表形式

9、配置flavor

openstack flavor set m1.large --property "pci_passthrough:alias"="a1:3"

# 设置规格的属性可以在界面设置,键为pci_passthrough:alias,值为a1:3,其中a1为alias中定义的名称,3为需要映射的数量。多个pci设备设置用英文逗号分割

10、使用该规格创建虚拟机

官方文档:https://docs.openstack.org/nova/pike/admin/pci-passthrough.html

posted @ 2024-05-30 15:43  wanghongwei-dev  阅读(300)  评论(0编辑  收藏  举报