So I was able to figure out how to specify cpu model and capabilities, but I’m not seeing a clear way to specify threads, which I would assume would be in the Compute Offerings, but I see nothing to that looks obvious reguarding threads.
From the specific vm config through virt-manager, I see: <cpu mode="custom" match="exact" check="full"> <model fallback="forbid">kvm64</model> <topology sockets="1" dies="1" cores="4" threads="4"/> <feature policy="require" name="x2apic"/> <feature policy="require" name="hypervisor"/> <feature policy="require" name="lahf_lm"/> <feature policy="require" name="ibpb"/> <feature policy="require" name="spec-ctrl"/> <feature policy="require" name="ssbd"/> <feature policy="require" name="vme"/> </cpu> I tried: guest.cpu.mode=custom guest.cpu.model=kvm64 guest.cpu.topology.threads=4 guest.cpu.features=x2apic hypervisor lahf_lm ibpb spec-ctrl ssbd in agent.properties but the threads config does nothing. I don’t really want the threads definition to be host wide, which is why I assumed this would be part of the compute offerings. Thanks! -jeremy > On Wednesday, Jun 29, 2022 at 4:48 AM, Wei ZHOU <[email protected] > (mailto:[email protected])> wrote: > Hi Jeremy, > > As far as I know, it means the meltdown and spectre which have already been > solved. The issues do not exist with the recent cpu models. > > Anyway, you can specify the cpu model (xxxx-IBRS) and add cpu features > (e.g. ibrs) in the agent.properties on kvm hosts. > Please refer to > http://docs.cloudstack.apache.org/en/latest/installguide/hypervisor/kvm.html#configure-cpu-model-for-kvm-guest-optional > > -Wei > > > On Wed, 29 Jun 2022 at 11:27, Jeremy Hansen <[email protected]> > wrote: > > > Enable available CPU security flaw mitigations. > > > > I noticed this while digging around in virt-manager. How would I enable > > this as a default for all VMs in Cloudstack? > > > > Thanks > > -jeremy > > > > > > > > > >
signature.asc
Description: PGP signature
