search

coreos / coreos-assembler

Tooling container to assemble CoreOS-like systems
https://coreos.github.io/coreos-assembler/
Apache License 2.0
333 stars 165 forks source link

gcloud: Enable SEV_LIVE_MIGRATABLE_V2 #3740

Closed a-crate closed 5 months ago

a-crate commented 5 months ago

FCOS kernels contain commit ac3f9c9f, needed for SEV live migration. An earlier SEV live migration implementation (without ac3f9c9f) was indicated with SEV_LIVE_MIGRATABLE, the _V2 guest os feature indicates that it contains the patch which resolves some issues with the first implementation.

openshift-ci[bot] commented 5 months ago

Hi @a-crate. Thanks for your PR.

I'm waiting for a coreos member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
a-crate commented 5 months ago

/assign @dustymabe Hey Dusty, can you take a look at this? Any kernel >= 6.6 that's sev snp capable is compatible with sev live migration on gce, which seems to be all of the fedora coreos images. Let me know if I missed any nuance, or if you need me to open an issue on a tracker somewhere.

jlebon commented 5 months ago

Do you know if the relevant patches were backported to the CentOS Stream 9 kernel (based on 5.14)? Otherwise, this needs to be made conditional on FCOS. Probably via e.g. an image.yaml knob.

a-crate commented 5 months ago

Yes, this is part of the centos stream 9 kernel. Images for it on gce have the feature bit set.

travier commented 5 months ago

Can you file a PR for https://github.com/osbuild/osbuild-composer/blob/main/internal/cloud/gcp/compute.go as well and cross-link it here? Thanks

a-crate commented 5 months ago

@jlebon Added a comment and commit message with a bit more context, let me know if there's something else you'd like to see included.

@travier osbuild/osbuild-composer#3970

jlebon commented 5 months ago

/ok-to-test

dustymabe commented 5 months ago

/retest

dustymabe commented 5 months ago

/retest