Re: PCI-E Passthrough

JeanPaul van der Mijle Wed, 15 Feb 2023 01:06:24 -0800

Hi Wei, All,

I am currently stuck with the API call, I manage to sign requests as listUsers 
and plain updateVirtualMachine with id works, but as soon as I add the 
extraconfig parameter, it keeps complaining it is not correct. This is so far 
with GET request only, I have not yet tried POST, as I haven't taken a look if 
I should do every value with post (command, id, extraconfig, response and 
signature?) or just the extraconfig and how signing would go then.


I have tried to sign the request with: 
"command=updatevirtualmachine&id=xxxx&extraconfig=urlencodedconfig"
both fully lowercase, as well lowercase only the command.

I also tried without adding extraconfig to the signature generation but they 
all end up with:

    ["errorcode"]=>
    int(401)
    ["errortext"]=>
    string(58) "unable to verify user credentials and/or request signature"

Currently using PHP to do the signatures and it looks like as following:

<?php
$baseurl = "http://localhost:8080/client/api?";;

$response = "response=json";

$vmid = "id=6f695b14-71b4-4deb-bc4c-851580324f91";

$apikey = "apikey=<apikey>";
$secretkey = "<secret>";
$configxml = <<<EOD
<hostdev mode='subsystem' type='pci' managed='yes'>
      <source>
        <address domain='0x0000' bus='0x81' slot='0x00' function='0x2'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0' 
multifunction='on'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <source>
        <address domain='0x0000' bus='0xc1' slot='0x00' function='0x2'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x09' slot='0x00' function='0x0' 
multifunction='on'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <source>
        <address domain='0x0000' bus='0x81' slot='0x00' function='0x6'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x07' slot='0x00' 
function='0x1'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <source>
        <address domain='0x0000' bus='0xc1' slot='0x00' function='0x6'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x09' slot='0x00' 
function='0x1'/>
    </hostdev>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' 
function='0x0'/>
    </memballoon>
    <rng model='virtio'>
      <backend model='random'>/dev/urandom</backend>
      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' 
function='0x0'/>
    </rng>
EOD;

$extraconfig = "extraconfig=" . urlencode($configxml);

$command = "command=updateVirtualMachine&".$vmid;

$hash = hash_hmac("sha1",strtolower($apikey . "&" . $command) ."&" . 
$extraconfig .  "&" . $response,$secretkey, true);
$base64encoded = base64_encode($hash);
$signature = "signature=" . urlencode($base64encoded);

$link = $baseurl  . $apikey . "&" . $command . "&" . $extraconfig . "&" 
.$response . "&" . $signature;

$cURLConnection = curl_init();

curl_setopt($cURLConnection, CURLOPT_URL, $link);
curl_setopt($cURLConnection, CURLOPT_RETURNTRANSFER, true);

$json_output = curl_exec($cURLConnection);
curl_close($cURLConnection);

$jsonArrayResponse = json_decode($json_output,true);

var_dump($jsonArrayResponse);


The URL end up looking like this:

http://localhost:8080/client/api?apikey=<Apikey>&command=updateVirtualMachine&id=<vmid>&extraconfig=%3Chostdev+mode%3D%27subsystem%27+type%3D%27pci%27+managed%3D%27yes%27%3E%0A++++++%3Csource%3E%0A++++++++%3Caddress+domain%3D%270x0000%27+bus%3D%270x81%27+slot%3D%270x00%27+function%3D%270x2%27%2F%3E%0A++++++%3C%2Fsource%3E%0A++++++%3Caddress+type%3D%27pci%27+domain%3D%270x0000%27+bus%3D%270x07%27+slot%3D%270x00%27+function%3D%270x0%27+multifunction%3D%27on%27%2F%3E%0A++++%3C%2Fhostdev%3E%0A++++%3Chostdev+mode%3D%27subsystem%27+type%3D%27pci%27+managed%3D%27yes%27%3E%0A++++++%3Csource%3E%0A++++++++%3Caddress+domain%3D%270x0000%27+bus%3D%270xc1%27+slot%3D%270x00%27+function%3D%270x2%27%2F%3E%0A++++++%3C%2Fsource%3E%0A++++++%3Caddress+type%3D%27pci%27+domain%3D%270x0000%27+bus%3D%270x09%27+slot%3D%270x00%27+function%3D%270x0%27+multifunction%3D%27on%27%2F%3E%0A++++%3C%2Fhostdev%3E%0A++++%3Chostdev+mode%3D%27subsystem%27+type%3D%27pci%27+managed%3D%27yes%27%3E%0A++++++%3Csource%3E%0A++++++++%3Caddress+domain%3D%270x0000%27+bus%3D%270x81%27+slot%3D%270x00%27+function%3D%270x6%27%2F%3E%0A++++++%3C%2Fsource%3E%0A++++++%3Caddress+type%3D%27pci%27+domain%3D%270x0000%27+bus%3D%270x07%27+slot%3D%270x00%27+function%3D%270x1%27%2F%3E%0A++++%3C%2Fhostdev%3E%0A++++%3Chostdev+mode%3D%27subsystem%27+type%3D%27pci%27+managed%3D%27yes%27%3E%0A++++++%3Csource%3E%0A++++++++%3Caddress+domain%3D%270x0000%27+bus%3D%270xc1%27+slot%3D%270x00%27+function%3D%270x6%27%2F%3E%0A++++++%3C%2Fsource%3E%0A++++++%3Caddress+type%3D%27pci%27+domain%3D%270x0000%27+bus%3D%270x09%27+slot%3D%270x00%27+function%3D%270x1%27%2F%3E%0A++++%3C%2Fhostdev%3E%0A++++%3Cmemballoon+model%3D%27virtio%27%3E%0A++++++%3Caddress+type%3D%27pci%27+domain%3D%270x0000%27+bus%3D%270x04%27+slot%3D%270x00%27+function%3D%270x0%27%2F%3E%0A++++%3C%2Fmemballoon%3E%0A++++%3Crng+model%3D%27virtio%27%3E%0A++++++%3Cbackend+model%3D%27random%27%3E%2Fdev%2Furandom%3C%2Fbackend%3E%0A++++++%3Caddress+type%3D%27pci%27+domain%3D%270x0000%27+bus%3D%270x05%27+slot%3D%270x00%27+function%3D%270x0%27%2F%3E%0A++++%3C%2Frng%3E&response=json&signature=<signature>

Thanks,

JeanPaul
________________________________
From: JeanPaul van der Mijle <jp.vandermi...@hyperai.ai>
Sent: Sunday, February 12, 2023 6:41 PM
To: users@cloudstack.apache.org <users@cloudstack.apache.org>
Subject: Re: PCI-E Passthrough

Hi Wei,

Thanks, going to take a deeper look into this.

I assume I will have to add the list as following, to allow the XML below to be 
accepted by the API when I submit this encoded?

I set this to be allowed for KVM: 
domain,devices,hostdev,source,address,memballoon,rng,backend

It should reflect this XML part:

<domain>
  <device>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <source>
        <address domain='0x0000' bus='0x81' slot='0x00' function='0x2'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0' 
multifunction='on'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <source>
        <address domain='0x0000' bus='0xc1' slot='0x00' function='0x2'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x09' slot='0x00' function='0x0' 
multifunction='on'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <source>
        <address domain='0x0000' bus='0x81' slot='0x00' function='0x6'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x07' slot='0x00' 
function='0x1'/>
    </hostdev>
    <hostdev mode='subsystem' type='pci' managed='yes'>
      <source>
        <address domain='0x0000' bus='0xc1' slot='0x00' function='0x6'/>
      </source>
      <address type='pci' domain='0x0000' bus='0x09' slot='0x00' 
function='0x1'/>
    </hostdev>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' 
function='0x0'/>
    </memballoon>
    <rng model='virtio'>
      <backend model='random'>/dev/urandom</backend>
      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' 
function='0x0'/>
    </rng>
  </device>
</domain>

I only need to figure out if domain and device are required or not but I will 
see when I test it out.

Thanks so far!

JeanPaul
________________________________
From: Wei ZHOU <ustcweiz...@gmail.com>
Sent: Sunday, February 12, 2023 5:23 PM
To: users@cloudstack.apache.org <users@cloudstack.apache.org>
Subject: Re: PCI-E Passthrough

I think you need to add additional configuration to vm.
Refer to
https://www.shapeblue.com/cloudstack-feature-first-look-enable-sending-of-arbitrary-configuration-data-to-vms/

-Wei



On Sunday, 12 February 2023, JeanPaul van der Mijle <
jp.vandermi...@hyperai.ai> wrote:

> Hi all,
>
> Does anyone have a good guide on adding a PCI-E card (A Mellanox Connect-X
> 5 VF interface) to cloudstack?
> I had this all running before in stock Qemu, and all settings are still
> present for the card and VF's, I just need to know how the management sees
> that I have additional cards that I have available to assign to VMs.
>
> I tried adding:
> pci.devices=100GE,81:00.2|100GE,81:00.3|100GE,81:00.4|
> 100GE,81:00.5|100GE,81:00.6|100GE,81:00.7|100GE,81:01.0|
> 100GE,81:01.1|100GE,c1:00.2|100GE,c1:00.3|100GE,c1:00.4|
> 100GE,c1:00.5|100GE,c1:00.6|100GE,c1:00.7|100GE,c1:01.0|100GE,c1:01.1
>
> However, after restarting the agent, I noticed that it added escape
> characters:
> pci.devices=100GE,81\:00.2|100GE,81\:00.3|100GE,81\:00.4|
> 100GE,81\:00.5|100GE,81\:00.6|100GE,81\:00.7|100GE,81\:01.0|
> 100GE,81\:01.1|100GE,c1\:00.2|100GE,c1\:00.3|100GE,c1\:00.4|
> 100GE,c1\:00.5|100GE,c1\:00.6|100GE,c1\:00.7|100GE,c1\:01.0|100GE,c1\:01.1
>
> Not sure if this is fine, but so far it was the only thing I could find
> back on google, but this is 10 years ago. I suspect this is no longer
> sufficient.
> After restarting the agent, I do not see any changes unfortunately.
>
> Thanks!
>
> JeanPaul
>
>

Re: PCI-E Passthrough

Reply via email to