[KVM] CPU Features for System VMs #10964

bernardodemarco · 2025-06-05T15:23:21Z

Description

Currently, when defining the CPU configuration of VMs with KVM, the Apache CloudStack Agent executes the following workflow:

cloudstack/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java

Lines 2980 to 2993 in 41b4f0a

    
           private CpuModeDef createCpuModeDef(VirtualMachineTO vmTO, int vcpus) { 
        
               final CpuModeDef cmd = new CpuModeDef(); 
        
               Map<String, String> details = vmTO.getDetails(); 
        
               String cpuMode = MapUtils.isNotEmpty(details) && details.get(VmDetailConstants.GUEST_CPU_MODE) != null ? details.get(VmDetailConstants.GUEST_CPU_MODE) : guestCpuMode; 
        
               String cpuModel = MapUtils.isNotEmpty(details) && details.get(VmDetailConstants.GUEST_CPU_MODEL) != null ? details.get(VmDetailConstants.GUEST_CPU_MODEL) : guestCpuModel; 
        
               cmd.setMode(cpuMode); 
        
               cmd.setModel(cpuModel); 
        
               if (VirtualMachine.Type.User.equals(vmTO.getType())) { 
        
                   cmd.setFeatures(cpuFeatures); 
        
               } 
        
               int vCpusInDef = vmTO.getVcpuMaxLimit() == null ? vcpus : vmTO.getVcpuMaxLimit(); 
        
               setCpuTopology(cmd, vCpusInDef, vmTO.getDetails()); 
        
               return cmd; 
        
           }

As can be noticed, the CPU features are only considered for end-user VMs; they are completely ignored for system VMs. This can lead to system VMs deployment inconsistencies and errors. For instance, when it is required to disable CPU flags for a given CPU model, because the host CPU does not support such flags, an error similar to the following will be returned by Libvirt when trying to deploy system VMs:

Error while deploying VM. org.libvirt.LibvirtException: the CPU is incompatible with host CPU: Host CPU does not provide required features: hle, rtm, avx512-bf16, taa-no

~~Therefore, this PR proposes to add a new property, called systemvm.guest.cpu.features, to define CPU features for system VMs.~~

(Edit) Therefore, this PR proposes to consider the CPU features defined in the guest.cpu.features property when provisioning system VMs.

Types of changes

Breaking change (fix or feature that would cause existing functionality to change)
New feature (non-breaking change which adds functionality)
Bug fix (non-breaking change which fixes an issue)
Enhancement (improves an existing feature and functionality)
Cleanup (Code refactoring and cleanup, that may add test cases)
build/CI
test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

Major
Minor

Screenshots (if appropriate):

How Has This Been Tested?

Defined the following properties in the agent.properties of the KVM hosts:

guest.cpu.mode=custom
guest.cpu.model=Skylake-Client-IBRS
guest.cpu.features=-vmx-exit-clear-bndcfgs -vmx-entry-load-bndcfgs -hle -rtm -mpx

Restarted the Apache CloudStack Agent and verified that the deployment of system VMs was successfully accomplished.

virsh dumpxml --domain r-15-VM

<domain type='kvm' id='5'>
  <name>r-15-VM</name>
  <uuid>ff5816d4-4e10-4326-9d5a-778566b00770</uuid>
  <description>Debian GNU/Linux 12 (64-bit)</description>
  <memory unit='KiB'>524288</memory>
  <currentMemory unit='KiB'>524288</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <cputune>
    <shares>334</shares>
  </cputune>
  <resource>
    <partition>/machine</partition>
  </resource>
  <sysinfo type='smbios'>
    <system>
      <entry name='manufacturer'>Apache Software Foundation</entry>
      <entry name='product'>CloudStack KVM Hypervisor</entry>
      <entry name='serial'>ff5816d4-4e10-4326-9d5a-778566b00770</entry>
      <entry name='uuid'>ff5816d4-4e10-4326-9d5a-778566b00770</entry>
    </system>
  </sysinfo>
  <os>
    <type arch='x86_64' machine='pc-i440fx-8.2'>hvm</type>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Skylake-Client-IBRS</model>
    <topology sockets='1' dies='1' cores='1' threads='1'/>
    <feature policy='disable' name='vmx-exit-clear-bndcfgs'/>
    <feature policy='disable' name='vmx-entry-load-bndcfgs'/>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>
    <feature policy='require' name='hypervisor'/>
  </cpu>
  <clock offset='utc'>
    <timer name='kvmclock'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='none'/>
      <source file='/mnt/10d28cdf-71a7-33ad-802e-f4ec9042e4fd/3db54927-c05d-4af9-8619-ab7e0fe23733' index='2'/>
      <backingStore type='file' index='3'>
        <format type='qcow2'/>
        <source file='/mnt/10d28cdf-71a7-33ad-802e-f4ec9042e4fd/551def03-d35f-4f45-a584-6d0bc425c61c'/>
        <backingStore/>
      </backingStore>
      <target dev='vda' bus='virtio'/>
      <serial>3db54927c05d4af98619</serial>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu'/>
      <target dev='hdc' bus='ide'/>
      <readonly/>
      <alias name='ide0-1-0'/>
      <address type='drive' controller='0' bus='1' target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0' model='piix3-uhci'>
      <alias name='usb'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pci-root'>
      <alias name='pci.0'/>
    </controller>
    <controller type='ide' index='0'>
      <alias name='ide'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <alias name='virtio-serial0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </controller>
    <interface type='bridge'>
      <mac address='02:01:00:cd:00:02'/>
      <source bridge='brenp1s0-540'/>
      <bandwidth>
        <inbound average='25600' peak='25600'/>
        <outbound average='25600' peak='25600'/>
      </bandwidth>
      <target dev='vnet11'/>
      <model type='virtio'/>
      <link state='up'/>
      <alias name='net0'/>
      <rom bar='off' file=''/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='0e:00:a9:fe:59:98'/>
      <source bridge='cloud0'/>
      <target dev='vnet12'/>
      <model type='virtio'/>
      <link state='up'/>
      <alias name='net1'/>
      <rom bar='off' file=''/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='1e:00:9c:00:00:0e'/>
      <source bridge='cloudbr0'/>
      <bandwidth>
        <inbound average='25600' peak='25600'/>
        <outbound average='25600' peak='25600'/>
      </bandwidth>
      <target dev='vnet13'/>
      <model type='virtio'/>
      <link state='up'/>
      <alias name='net2'/>
      <rom bar='off' file=''/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/4'/>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/4'>
      <source path='/dev/pts/4'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/r-15-VM.org.qemu.guest_agent.0'/>
      <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>
      <alias name='channel0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'>
      <alias name='input1'/>
    </input>
    <input type='keyboard' bus='ps2'>
      <alias name='input2'/>
    </input>
    <graphics type='vnc' port='5902' autoport='yes' listen='192.168.122.200'>
      <listen type='address' address='192.168.122.200'/>
    </graphics>
    <audio id='1' type='none'/>
    <video>
      <model type='cirrus' vram='16384' heads='1' primary='yes'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <watchdog model='i6300esb' action='none'>
      <alias name='watchdog0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
    </watchdog>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' model='dac' relabel='yes'>
    <label>+0:+0</label>
    <imagelabel>+0:+0</imagelabel>
  </seclabel>
</domain>

Verified that the deployment of end user VMs was successfully accomplished.

virsh dumpxml --domain i-2-14-VM

<domain type='kvm' id='6'>
  <name>i-2-14-VM</name>
  <uuid>d7373e69-bfcd-4baa-bda5-e39ba0c1e122</uuid>
  <description>Ubuntu 18.04 LTS</description>
  <memory unit='KiB'>524288</memory>
  <currentMemory unit='KiB'>524288</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <cputune>
    <shares>334</shares>
  </cputune>
  <resource>
    <partition>/machine</partition>
  </resource>
  <sysinfo type='smbios'>
    <system>
      <entry name='manufacturer'>Apache Software Foundation</entry>
      <entry name='product'>CloudStack KVM Hypervisor</entry>
      <entry name='serial'>d7373e69-bfcd-4baa-bda5-e39ba0c1e122</entry>
      <entry name='uuid'>d7373e69-bfcd-4baa-bda5-e39ba0c1e122</entry>
    </system>
  </sysinfo>
  <os>
    <type arch='x86_64' machine='pc-i440fx-8.2'>hvm</type>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Skylake-Client-IBRS</model>
    <topology sockets='1' dies='1' cores='1' threads='1'/>
    <feature policy='disable' name='vmx-exit-clear-bndcfgs'/>
    <feature policy='disable' name='vmx-entry-load-bndcfgs'/>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>
    <feature policy='require' name='hypervisor'/>
  </cpu>
  <clock offset='utc'>
    <timer name='kvmclock'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='none'/>
      <source file='/mnt/10d28cdf-71a7-33ad-802e-f4ec9042e4fd/3aba3575-61b4-4247-8464-c08adafe9496' index='2'/>
      <backingStore type='file' index='3'>
        <format type='qcow2'/>
        <source file='/mnt/10d28cdf-71a7-33ad-802e-f4ec9042e4fd/e751bd6d-d4c0-486f-a61b-110876c1784d'/>
        <backingStore/>
      </backingStore>
      <target dev='vda' bus='virtio'/>
      <serial>3aba357561b442478464</serial>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu'/>
      <target dev='hdc' bus='ide'/>
      <readonly/>
      <alias name='ide0-1-0'/>
      <address type='drive' controller='0' bus='1' target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0' model='piix3-uhci'>
      <alias name='usb'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pci-root'>
      <alias name='pci.0'/>
    </controller>
    <controller type='ide' index='0'>
      <alias name='ide'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <alias name='virtio-serial0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </controller>
    <interface type='bridge'>
      <mac address='02:01:00:cd:00:01'/>
      <source bridge='brenp1s0-540'/>
      <bandwidth>
        <inbound average='25600' peak='25600'/>
        <outbound average='25600' peak='25600'/>
      </bandwidth>
      <target dev='vnet14'/>
      <model type='virtio'/>
      <link state='up'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/7'/>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/7'>
      <source path='/dev/pts/7'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/i-2-14-VM.org.qemu.guest_agent.0'/>
      <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>
      <alias name='channel0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'>
      <alias name='input1'/>
    </input>
    <input type='keyboard' bus='ps2'>
      <alias name='input2'/>
    </input>
    <graphics type='vnc' port='5904' autoport='yes' listen='192.168.122.200'>
      <listen type='address' address='192.168.122.200'/>
    </graphics>
    <audio id='1' type='none'/>
    <video>
      <model type='cirrus' vram='16384' heads='1' primary='yes'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <watchdog model='i6300esb' action='none'>
      <alias name='watchdog0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
    </watchdog>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' model='dac' relabel='yes'>
    <label>+0:+0</label>
    <imagelabel>+0:+0</imagelabel>
  </seclabel>
</domain>

bernardodemarco · 2025-06-05T15:23:44Z

@blueorangutan package

blueorangutan · 2025-06-05T15:26:04Z

@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

codecov · 2025-06-05T15:31:21Z

Codecov Report

❌ Patch coverage is 88.88889% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 17.17%. Comparing base (86827f8) to head (739c4e7).
⚠️ Report is 127 commits behind head on main.

Files with missing lines	Patch %	Lines
...ervisor/kvm/resource/LibvirtComputingResource.java	88.88%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##               main   #10964   +/-   ##
=========================================
  Coverage     17.17%   17.17%           
- Complexity    14985    14987    +2     
=========================================
  Files          5869     5869           
  Lines        521590   521591    +1     
  Branches      63485    63481    -4     
=========================================
+ Hits          89562    89566    +4     
+ Misses       421962   421959    -3     
  Partials      10066    10066

Flag	Coverage Δ
uitests	`3.75% <ø> (ø)`
unittests	`18.15% <88.88%> (+<0.01%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

blueorangutan · 2025-06-05T16:36:15Z

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13638

DaanHoogland · 2025-06-09T13:37:30Z

@blueorangutan test

blueorangutan · 2025-06-09T13:38:03Z

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

DaanHoogland · 2025-06-09T13:42:27Z

@bernardodemarco , as per your description, would it not make sense to always apply guest.cpu.features to systemvms as well? What is the backwards incompatibilty you fear? It feels to me like this is not user facing and shouldn’t be an issue, only a fix.

bernardodemarco · 2025-06-10T00:34:12Z

What is the backwards incompatibilty you fear?

@DaanHoogland, the backwards incompatibility lies in the fact that the guest.cpu.features property is currently used to define CPU flags only for end-user VMs. If we change it to also apply to system VMs, operators would lose the ability to set flags exclusively for end-user VMs.

@bernardodemarco , as per your description, would it not make sense to always apply guest.cpu.features to systemvms as well?

Yes, it would. I can update the PR tomorrow to reflect this. What are your thoughts?

blueorangutan · 2025-06-10T07:30:15Z

[SF] Trillian test result (tid-13482)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 61395 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10964-t13482-kvm-ol8.zip
Smoke tests completed. 140 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_01_redundant_vpc_site2site_vpn	`Failure`	483.00	test_vpc_vpn.py

DaanHoogland · 2025-06-11T17:54:59Z

What is the backwards incompatibilty you fear?

@DaanHoogland, the backwards incompatibility lies in the fact that the guest.cpu.features property is currently used to define CPU flags only for end-user VMs. If we change it to also apply to system VMs, operators would lose the ability to set flags exclusively for end-user VMs.

@bernardodemarco , as per your description, would it not make sense to always apply guest.cpu.features to systemvms as well?

Yes, it would. I can update the PR tomorrow to reflect this. What are your thoughts?

I do not know what would be wisdom here.

is a different set of settings needed for VMs and systemVMs?
would you ever want to not apply settings to systemVMs?

intiutively, I’d just apply the user VM settings to systemVMs as well.

weizhouapache · 2025-06-11T18:23:50Z

intiutively, I’d just apply the user VM settings to systemVMs as well.

+1

bernardodemarco · 2025-06-12T15:43:53Z

intiutively, I’d just apply the user VM settings to systemVMs as well.

+1

Ok, nice. ASAP I'll change the PR to address that

bernardodemarco · 2025-06-13T18:23:15Z

Ok, nice. ASAP I'll change the PR to address that

@DaanHoogland, @weizhouapache, done!

bernardodemarco · 2025-06-13T18:23:22Z

@blueorangutan package

blueorangutan · 2025-06-13T18:24:06Z

@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan · 2025-06-13T19:37:33Z

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13770

DaanHoogland · 2025-06-14T08:52:46Z

@blueorangutan test

blueorangutan · 2025-06-14T08:54:03Z

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

blueorangutan · 2025-06-15T10:48:20Z

[SF] Trillian test result (tid-13522)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 90080 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10964-t13522-kvm-ol8.zip
Smoke tests completed. 102 look OK, 39 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_nic_secondaryip_add_remove	`Error`	22.89	test_multipleips_per_nic.py
test_network_acl	`Error`	2.38	test_network_acl.py
test_01_verify_ipv6_network	`Error`	3.17	test_network_ipv6.py
test_01_verify_ipv6_network	`Error`	3.17	test_network_ipv6.py
test_03_network_operations_on_created_vm_of_otheruser	`Error`	2.67	test_network_permissions.py
test_03_network_operations_on_created_vm_of_otheruser	`Error`	2.67	test_network_permissions.py
test_04_deploy_vm_for_other_user_and_test_vm_operations	`Failure`	1.54	test_network_permissions.py
ContextSuite context=TestNetworkPermissions>:teardown	`Error`	1.62	test_network_permissions.py
test_delete_account	`Error`	22.70	test_network.py
test_delete_network_while_vm_on_it	`Error`	2.50	test_network.py
test_delete_network_while_vm_on_it	`Error`	2.50	test_network.py
test_deploy_vm_l2network	`Error`	2.54	test_network.py
test_deploy_vm_l2network	`Error`	2.54	test_network.py
test_l2network_restart	`Error`	3.58	test_network.py
test_l2network_restart	`Error`	3.58	test_network.py
ContextSuite context=TestL2Networks>:teardown	`Error`	4.70	test_network.py
ContextSuite context=TestPortForwarding>:setup	`Error`	11.72	test_network.py
ContextSuite context=TestPublicIP>:setup	`Error`	12.69	test_network.py
test_reboot_router	`Error`	7.47	test_network.py
test_releaseIP	`Error`	7.03	test_network.py
test_releaseIP_using_IP	`Error`	7.41	test_network.py
ContextSuite context=TestRouterRules>:setup	`Error`	14.36	test_network.py
test_01_deployVMInSharedNetwork	`Failure`	1.34	test_network.py
test_02_verifyRouterIpAfterNetworkRestart	`Failure`	1.11	test_network.py
test_03_destroySharedNetwork	`Failure`	1.10	test_network.py
ContextSuite context=TestSharedNetwork>:teardown	`Error`	2.24	test_network.py
test_01_deployVMInSharedNetwork	`Failure`	1.46	test_network.py
ContextSuite context=TestSharedNetworkWithConfigDrive>:teardown	`Error`	2.56	test_network.py
test_01_nic	`Error`	56.23	test_nic.py
test_01_non_strict_host_anti_affinity	`Error`	3.62	test_nonstrict_affinity_group.py
test_02_non_strict_host_affinity	`Error`	2.59	test_nonstrict_affinity_group.py
ContextSuite context=TestIsolatedNetworksPasswdServer>:setup	`Error`	0.00	test_password_server.py
test_01_isolated_persistent_network	`Error`	0.22	test_persistent_network.py
test_02_L2_persistent_network	`Error`	1.25	test_persistent_network.py
test_03_deploy_and_destroy_VM_and_verify_network_resources_persist	`Failure`	2.50	test_persistent_network.py
test_03_deploy_and_destroy_VM_and_verify_network_resources_persist	`Error`	2.50	test_persistent_network.py
ContextSuite context=TestL2PersistentNetworks>:teardown	`Error`	2.56	test_persistent_network.py
test_01_create_delete_portforwarding_fornonvpc	`Error`	7.02	test_portforwardingrules.py
test_01_add_primary_storage_disabled_host	`Error`	0.28	test_primary_storage.py
test_01_primary_storage_nfs	`Error`	0.23	test_primary_storage.py
ContextSuite context=TestStorageTags>:setup	`Error`	0.40	test_primary_storage.py
test_01_primary_storage_scope_change	`Error`	0.11	test_primary_storage_scope.py
test_01_vpc_privategw_acl	`Failure`	7.84	test_privategw_acl.py
test_02_vpc_privategw_static_routes	`Failure`	7.49	test_privategw_acl.py
test_03_vpc_privategw_restart_vpc_cleanup	`Failure`	8.99	test_privategw_acl.py
test_04_rvpc_privategw_static_routes	`Failure`	7.79	test_privategw_acl.py
test_09_project_suspend	`Error`	2.56	test_projects.py
test_10_project_activation	`Error`	2.43	test_projects.py
test_01_purge_expunged_api_vm_start_date	`Error`	3.59	test_purge_expunged_vms.py
test_02_purge_expunged_api_vm_end_date	`Error`	3.12	test_purge_expunged_vms.py
test_03_purge_expunged_api_vm_start_end_date	`Error`	1.86	test_purge_expunged_vms.py
test_04_purge_expunged_api_vm_no_date	`Error`	2.03	test_purge_expunged_vms.py
test_05_purge_expunged_vm_service_offering	`Error`	1.47	test_purge_expunged_vms.py
test_06_purge_expunged_vm_background_task	`Error`	356.88	test_purge_expunged_vms.py
test_CRUD_operations_userdata	`Error`	1523.11	test_register_userdata.py
test_deploy_vm_with_registered_userdata	`Error`	7.93	test_register_userdata.py
test_deploy_vm_with_registered_userdata_with_override_policy_allow	`Error`	7.91	test_register_userdata.py
test_deploy_vm_with_registered_userdata_with_override_policy_append	`Error`	7.48	test_register_userdata.py
test_deploy_vm_with_registered_userdata_with_override_policy_deny	`Error`	7.93	test_register_userdata.py
test_deploy_vm_with_registered_userdata_with_params	`Error`	7.49	test_register_userdata.py
test_link_and_unlink_userdata_to_template	`Error`	8.57	test_register_userdata.py
test_user_userdata_crud	`Error`	7.75	test_register_userdata.py
ContextSuite context=TestResetVmOnReboot>:setup	`Error`	0.00	test_reset_vm_on_reboot.py
ContextSuite context=TestRAMCPUResourceAccounting>:setup	`Error`	0.00	test_resource_accounting.py
ContextSuite context=TestResourceNames>:setup	`Error`	0.00	test_resource_names.py
ContextSuite context=TestRestoreVM>:setup	`Error`	0.00	test_restore_vm.py
ContextSuite context=TestRouterDHCPHosts>:setup	`Error`	0.00	test_router_dhcphosts.py
ContextSuite context=TestRouterDHCPOpts>:setup	`Error`	0.00	test_router_dhcphosts.py
ContextSuite context=TestRouterDns>:setup	`Error`	0.00	test_router_dns.py
ContextSuite context=TestRouterDnsService>:setup	`Error`	0.00	test_router_dnsservice.py
ContextSuite context=TestRouterIpTablesPolicies>:setup	`Error`	0.00	test_routers_iptables_default_policy.py
ContextSuite context=TestVPCIpTablesPolicies>:setup	`Error`	0.00	test_routers_iptables_default_policy.py
test_01_migrate_vm_strict_tags_success	`Error`	0.27	test_vm_strict_host_tags.py
test_02_migrate_vm_strict_tags_failure	`Error`	0.27	test_vm_strict_host_tags.py
test_01_restore_vm_strict_tags_success	`Error`	0.29	test_vm_strict_host_tags.py
test_02_restore_vm_strict_tags_failure	`Error`	0.29	test_vm_strict_host_tags.py
test_01_scale_vm_strict_tags_success	`Error`	0.26	test_vm_strict_host_tags.py
test_02_scale_vm_strict_tags_failure	`Error`	0.28	test_vm_strict_host_tags.py
test_01_deploy_vm_on_specific_host_without_strict_tags	`Error`	0.27	test_vm_strict_host_tags.py
test_02_deploy_vm_on_any_host_without_strict_tags	`Error`	2.73	test_vm_strict_host_tags.py
test_03_deploy_vm_on_specific_host_with_strict_tags_success	`Error`	0.27	test_vm_strict_host_tags.py
test_04_deploy_vm_on_any_host_with_strict_tags_success	`Error`	5.91	test_vm_strict_host_tags.py
test_05_deploy_vm_on_specific_host_with_strict_tags_failure	`Failure`	0.30	test_vm_strict_host_tags.py
ContextSuite context=TestIsolatedNetworks>:setup	`Error`	0.00	test_routers_network_ops.py
ContextSuite context=TestRedundantIsolateNetworks>:setup	`Error`	0.00	test_routers_network_ops.py
ContextSuite context=TestRouterServices>:setup	`Error`	0.00	test_routers.py
test_01_sys_vm_start	`Failure`	0.10	test_secondary_storage.py
ContextSuite context=TestCpuCapServiceOfferings>:setup	`Error`	0.00	test_service_offerings.py
ContextSuite context=TestServiceOfferings>:setup	`Error`	0.32	test_service_offerings.py
ContextSuite context=TestSetSourceNatIp>:setup	`Error`	0.00	test_set_sourcenat.py
ContextSuite context=TestSharedFSLifecycle>:setup	`Error`	0.00	test_sharedfs_lifecycle.py
ContextSuite context=TestSnapshotRootDisk>:setup	`Error`	0.00	test_snapshots.py
ContextSuite context=TestSnapshotStandaloneBackup>:setup	`Error`	0.00	test_snapshots.py
test_01_list_sec_storage_vm	`Failure`	0.05	test_ssvm.py
test_02_list_cpvm_vm	`Failure`	0.04	test_ssvm.py
test_03_ssvm_internals	`Failure`	0.04	test_ssvm.py
test_04_cpvm_internals	`Failure`	0.04	test_ssvm.py
test_05_stop_ssvm	`Failure`	0.04	test_ssvm.py
test_06_stop_cpvm	`Failure`	0.04	test_ssvm.py
test_07_reboot_ssvm	`Failure`	0.04	test_ssvm.py
test_08_reboot_cpvm	`Failure`	0.04	test_ssvm.py
test_09_reboot_ssvm_forced	`Failure`	0.04	test_ssvm.py
test_10_reboot_cpvm_forced	`Failure`	0.04	test_ssvm.py
test_11_destroy_ssvm	`Failure`	0.04	test_ssvm.py
test_12_destroy_cpvm	`Failure`	0.04	test_ssvm.py
ContextSuite context=TestVMWareStoragePolicies>:setup	`Error`	0.00	test_storage_policy.py
test_02_create_template_with_checksum_sha1	`Error`	65.69	test_templates.py
test_03_create_template_with_checksum_sha256	`Error`	65.70	test_templates.py
test_04_create_template_with_checksum_md5	`Error`	65.68	test_templates.py
test_05_create_template_with_no_checksum	`Error`	65.69	test_templates.py
test_01_register_template_direct_download_flag	`Error`	0.07	test_templates.py
test_02_deploy_vm_from_direct_download_template	`Error`	0.00	test_templates.py
test_03_deploy_vm_wrong_checksum	`Error`	0.06	test_templates.py
ContextSuite context=TestTemplates>:setup	`Error`	16.21	test_templates.py
ContextSuite context=TestISOUsage>:setup	`Error`	0.00	test_usage.py
ContextSuite context=TestLBRuleUsage>:setup	`Error`	0.00	test_usage.py
ContextSuite context=TestNatRuleUsage>:setup	`Error`	0.00	test_usage.py
ContextSuite context=TestPublicIPUsage>:setup	`Error`	0.00	test_usage.py
ContextSuite context=TestSnapshotUsage>:setup	`Error`	0.00	test_usage.py
ContextSuite context=TestVmUsage>:setup	`Error`	0.00	test_usage.py
ContextSuite context=TestVolumeUsage>:setup	`Error`	0.00	test_usage.py
ContextSuite context=TestVpnUsage>:setup	`Error`	0.00	test_usage.py
test_01_scale_up_verify	`Failure`	35.06	test_vm_autoscaling.py
test_02_update_vmprofile_and_vmgroup	`Failure`	245.82	test_vm_autoscaling.py
test_03_scale_down_verify	`Failure`	304.63	test_vm_autoscaling.py
test_04_stop_remove_vm_in_vmgroup	`Failure`	0.03	test_vm_autoscaling.py
test_06_autoscaling_vmgroup_on_project_network	`Failure`	43.63	test_vm_autoscaling.py
test_06_autoscaling_vmgroup_on_project_network	`Error`	43.63	test_vm_autoscaling.py
test_07_autoscaling_vmgroup_on_vpc_network	`Error`	1.24	test_vm_autoscaling.py
ContextSuite context=TestVmAutoScaling>:teardown	`Error`	10.44	test_vm_autoscaling.py
test_01_deploy_vm_on_specific_host	`Error`	0.10	test_vm_deployment_planner.py
test_02_deploy_vm_on_specific_cluster	`Error`	1.44	test_vm_deployment_planner.py
test_03_deploy_vm_on_specific_pod	`Error`	1.35	test_vm_deployment_planner.py
test_04_deploy_vm_on_host_override_pod_and_cluster	`Error`	0.14	test_vm_deployment_planner.py
test_05_deploy_vm_on_cluster_override_pod	`Error`	1.38	test_vm_deployment_planner.py
test_01_migrate_VM_and_root_volume	`Error`	100.06	test_vm_life_cycle.py
test_02_migrate_VM_with_two_data_disks	`Error`	56.19	test_vm_life_cycle.py
test_01_secure_vm_migration	`Error`	88.53	test_vm_life_cycle.py
test_02_unsecure_vm_migration	`Error`	227.35	test_vm_life_cycle.py
test_04_nonsecured_to_secured_vm_migration	`Error`	155.34	test_vm_life_cycle.py
test_08_migrate_vm	`Error`	0.07	test_vm_life_cycle.py

bernardodemarco · 2025-06-15T13:19:50Z

@DaanHoogland, thanks for running the integration tests!

I've taken a quick look at the errors and the Management Server logs. It seems that they are related to environment issues:

2025-06-15 01:57:28,101 DEBUG [c.c.d.FirstFitPlanner] (Work-Job-Executor-7:[ctx-e8c695d7, job-2667/job-2668, ctx-ba951d3c]) (logid:b7fc88c8) Searching all possible resources under this Zone: Zone {"id": "1", "name": "pr10964-t13522-kvm-ol8", "uuid": "cffaeffc-2a1d-4a2a-8ed6-27b88c41bbaf"}
2025-06-15 01:57:28,102 DEBUG [c.c.d.FirstFitPlanner] (Work-Job-Executor-7:[ctx-e8c695d7, job-2667/job-2668, ctx-ba951d3c]) (logid:b7fc88c8) Listing clusters in order of aggregate capacity, that have (at least one host with) enough CPU and RAM capacity under this Zone: 1
2025-06-15 01:57:28,106 DEBUG [c.c.d.FirstFitPlanner] (Work-Job-Executor-7:[ctx-e8c695d7, job-2667/job-2668, ctx-ba951d3c]) (logid:b7fc88c8) Removing from the clusterId list these clusters from avoid set: [1]
2025-06-15 01:57:28,107 DEBUG [c.c.d.FirstFitPlanner] (Work-Job-Executor-7:[ctx-e8c695d7, job-2667/job-2668, ctx-ba951d3c]) (logid:b7fc88c8) No clusters found after removing disabled clusters and clusters in avoid list, returning.
2025-06-15 01:57:28,131 DEBUG [c.c.c.CapacityManagerImpl] (Work-Job-Executor-7:[ctx-e8c695d7, job-2667/job-2668, ctx-ba951d3c]) (logid:b7fc88c8) VM instance {"id":242,"instanceName":"i-283-242-VM","state":"Stopped","type":"User","uuid":"8c2148d3-1e96-4d2a-b78d-633911a13e98"} state transited from [Starting] to [Stopped] with event [OperationFailed]. VM's original host: null, new host: null, host before state transition: null
2025-06-15 01:57:28,158 ERROR [c.c.v.VmWorkJobHandlerProxy] (Work-Job-Executor-7:[ctx-e8c695d7, job-2667/job-2668, ctx-ba951d3c]) (logid:b7fc88c8) Invocation exception, caused by: com.cloud.exception.InsufficientServerCapacityException: Unable to create a deployment for VM instance {"id":242,"instanceName":"i-283-242-VM","state":"Starting","type":"User","uuid":"8c2148d3-1e96-4d2a-b78d-633911a13e98"}Scope=interface com.cloud.dc.DataCenter; id=1
2025-06-15 01:57:28,158 INFO  [c.c.v.VmWorkJobHandlerProxy] (Work-Job-Executor-7:[ctx-e8c695d7, job-2667/job-2668, ctx-ba951d3c]) (logid:b7fc88c8) Rethrow exception com.cloud.exception.InsufficientServerCapacityException: Unable to create a deployment for VM instance {"id":242,"instanceName":"i-283-242-VM","state":"Starting","type":"User","uuid":"8c2148d3-1e96-4d2a-b78d-633911a13e98"}Scope=interface com.cloud.dc.DataCenter; id=1
2025-06-15 01:57:28,158 DEBUG [c.c.v.VmWorkJobDispatcher] (Work-Job-Executor-7:[ctx-e8c695d7, job-2667/job-2668]) (logid:b7fc88c8) Done with run of VM work job: com.cloud.vm.VmWorkStart for VM 242, job origin: 2667
2025-06-15 01:57:28,158 ERROR [c.c.v.VmWorkJobDispatcher] (Work-Job-Executor-7:[ctx-e8c695d7, job-2667/job-2668]) (logid:b7fc88c8) Unable to complete AsyncJob {"accountId":2,"cmd":"com.cloud.vm.VmWorkStart","cmdInfo":"rO0ABXNyABhjb20uY2xvdWQudm0uVm1Xb3JrU3RhcnR9cMGsvxz73gIAC0oABGRjSWRMAAZhdm9pZHN0ADBMY29tL2Nsb3VkL2RlcGxveS9EZXBsb3ltZW50UGxhbm5lciRFeGNsdWRlTGlzdDtMAAljbHVzdGVySWR0ABBMamF2YS9sYW5nL0xvbmc7TAAGaG9zdElkcQB-AAJMAAtqb3VybmFsTmFtZXQAEkxqYXZhL2xhbmcvU3RyaW5nO0wAEXBoeXNpY2FsTmV0d29ya0lkcQB-AAJMAAdwbGFubmVycQB-AANMAAVwb2RJZHEAfgACTAAGcG9vbElkcQB-AAJMAAlyYXdQYXJhbXN0AA9MamF2YS91dGlsL01hcDtMAA1yZXNlcnZhdGlvbklkcQB-AAN4cgATY29tLmNsb3VkLnZtLlZtV29ya5-ZtlbwJWdrAgAESgAJYWNjb3VudElkSgAGdXNlcklkSgAEdm1JZEwAC2hhbmRsZXJOYW1lcQB-AAN4cAAAAAAAAAACAAAAAAAAAAIAAAAAAAAA8nQAGVZpcnR1YWxNYWNoaW5lTWFuYWdlckltcGwAAAAAAAAAAHBwcHBwcHBwcHA","cmdVersion":0,"completeMsid":null,"created":"Sun Jun 15 01:57:27 UTC 2025","id":2668,"initMsid":32989224371150,"instanceId":null,"instanceType":null,"lastPolled":null,"lastUpdated":null,"processStatus":0,"removed":null,"result":null,"resultCode":0,"status":"IN_PROGRESS","userId":2,"uuid":"90bb3d64-5c02-4776-9903-a603297a576d"}, job origin: 2667 com.cloud.exception.InsufficientServerCapacityException: Unable to create a deployment for VM instance {"id":242,"instanceName":"i-283-242-VM","state":"Starting","type":"User","uuid":"8c2148d3-1e96-4d2a-b78d-633911a13e98"}Scope=interface com.cloud.dc.DataCenter; id=1
	at com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:1275)
	at com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:5582)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:569)
	at com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:102)
	at com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:5706)
	at com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:99)
	at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:689)
	at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
	at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
	at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
	at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
	at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
	at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:637)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:840)

Could we rerun the tests?

DaanHoogland · 2025-06-16T07:13:27Z

Could we rerun the tests?

Let’s first try the healtcheck PR.

JoaoJandre · 2025-07-04T18:42:02Z

@blueorangutan package

blueorangutan · 2025-07-04T18:44:03Z

@JoaoJandre a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan · 2025-07-04T20:22:19Z

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14046

DaanHoogland · 2025-07-05T13:23:51Z

@blueorangutan test

blueorangutan · 2025-07-05T13:26:03Z

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

blueorangutan · 2025-07-24T07:22:05Z

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan · 2025-07-24T09:37:52Z

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14339

github-actions · 2025-07-29T08:39:11Z

This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.

bernardodemarco · 2025-07-29T12:11:27Z

@blueorangutan package

blueorangutan · 2025-07-29T12:12:04Z

@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan · 2025-07-29T14:33:26Z

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14440

rosi-shapeblue

PR Status: Verification failed

Test 1: Agent Configuration Loading -> PASSED -> Agent correctly loads and parses custom CPU features

Configuration change:

[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm1 ~] echo "guest.cpu.features=vmx" >> /etc/cloudstack/agent/agent.properties
[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm1 ~] systemctl restart cloudstack-agent

Agent Logs:

[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm1 ~] grep -A5 -B5 "guest.cpu.features" /var/log/cloudstack/agent/agent.log
2025-08-13 10:46:01,288 DEBUG [agent.properties.AgentPropertiesFileHandler] (main:[]) (logid:) Property [guest.cpu.features] was altered. Now using the value [vmx].

Configuration Verification:

[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm2 ~]# cat /etc/cloudstack/agent/agent.properties | grep "guest.cpu.features"
guest.cpu.features=vmx

Test 2: System VM CPU Feature Application -> FAILED -> Result: Custom feature completely absent from system VM configuration despite being configured on host

Host Configuration:

[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm2 ~]# cat /etc/cloudstack/agent/agent.properties | grep "guest.cpu.features"
guest.cpu.features=vmx

[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm2 ~]# systemctl restart cloudstack-agent

Force System VM Recreation:

(localcloud) 🐱 > destroy systemvm id=8b39af83-0624-4adc-a8ca-0c1b362c256b 
{
  "systemvm": {
    "arch": "x86_64",
    "created": "2025-08-13T11:20:29+0000",
    "dns1": "10.0.32.1",
    "dns2": "8.8.8.8",
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "76a50ddc-1967-4360-b0b6-88e639ff549e",
    "hostname": "ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm2",
    "hypervisor": "KVM",
    "id": "8b39af83-0624-4adc-a8ca-0c1b362c256b",
    "isdynamicallyscalable": false,
    "name": "v-32-VM",
    "podid": "bfc2fb12-0a2f-4f7d-b5ad-842820702ce4",
    "podname": "Pod1",
    "serviceofferingid": "1e02d8ea-5e35-42b3-aaaa-11b3abc9cd12",
    "serviceofferingname": "System Offering For Console Proxy",
    "state": "Running",
    "systemvmtype": "consoleproxy",
    "templateid": "ba5be1e1-778a-11f0-886f-1e00b300019d",
    "templatename": "SystemVM Template (KVM)",
    "zoneid": "14c975d3-5239-4592-b010-8198d0fc884a",
    "zonename": "ref-trl-9225-k-Mol8-rositsa-kyuchukova"
  }
}

CloudStack auto-recreated as v-33-VM

System VM CPU Configuration Check:

[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm2 ~] virsh dumpxml v-33-VM | grep -A 15 "<cpu"
  <cputune>
    <shares>250</shares>
  </cputune>
  <resource>
    <partition>/machine</partition>
  </resource>
  <sysinfo type='smbios'>
    <system>
      <entry name='manufacturer'>Apache Software Foundation</entry>
      <entry name='product'>CloudStack KVM Hypervisor</entry>
      <entry name='serial'>8b39af83-0624-4adc-a8ca-0c1b362c256b</entry>
      <entry name='uuid'>8b39af83-0624-4adc-a8ca-0c1b362c256b</entry>
    </system>
  </sysinfo>
  <os>
    <type arch='x86_64' machine='pc-i440fx-rhel7.6.0'>hvm</type>
--
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>qemu64</model>
    <topology sockets='1' dies='1' cores='1' threads='1'/>
    <feature policy='require' name='x2apic'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='lahf_lm'/>
    <feature policy='disable' name='svm'/>
  </cpu>
  <clock offset='utc'>
    <timer name='kvmclock'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>

Explicit Search for Custom Feature:

bash[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml v-33-VM | grep vmx
[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm2 ~]#
[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml v-34-VM | grep -A 15 "<cpu"
  <cputune>
    <shares>250</shares>
  </cputune>
  <resource>
    <partition>/machine</partition>
  </resource>
  <sysinfo type='smbios'>
    <system>
      <entry name='manufacturer'>Apache Software Foundation</entry>
      <entry name='product'>CloudStack KVM Hypervisor</entry>
      <entry name='serial'>552ee123-3101-461f-9fc3-25fdeb901b8a</entry>
      <entry name='uuid'>552ee123-3101-461f-9fc3-25fdeb901b8a</entry>
    </system>
  </sysinfo>
  <os>
    <type arch='x86_64' machine='pc-i440fx-rhel7.6.0'>hvm</type>
--
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>qemu64</model>
    <topology sockets='1' dies='1' cores='1' threads='1'/>
    <feature policy='require' name='x2apic'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='lahf_lm'/>
    <feature policy='disable' name='svm'/>
  </cpu>
  <clock offset='utc'>
    <timer name='kvmclock'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>

Test 3: User VM Deployment -> FAILED -> Result: User VM deployment is broken due to malformed CPU XML

VM Deployment

(localcloud) 🐱 > deploy virtualmachine templateid=ba5ce9aa-778a-11f0-886f-1e00b300019d serviceofferingid=75260ae4-9971-4462-b1db-0254ef57bbee zoneid=14c975d3-5239-4592-b010-8198d0fc884a networkofferingid=07029b1d-d664-467d-8dd5-7c4351d70683
{
  "account": "admin",
  "accountid": "07b7b20e-778b-11f0-886f-1e00b300019d",
  "cmd": "org.apache.cloudstack.api.command.admin.vm.DeployVMCmdByAdmin",
  "completed": "2025-08-13T10:28:34+0000",
  "created": "2025-08-13T10:28:24+0000",
  "domainid": "ba55511d-778a-11f0-886f-1e00b300019d",
  "domainpath": "ROOT",
  "jobid": "12dd89bc-fc59-4bb5-a302-612d9400a745",
  "jobinstanceid": "d8273d41-1ac3-4273-9237-71d2c17283a3",
  "jobinstancetype": "VirtualMachine",
  "jobprocstatus": 0,
  "jobresult": {
    "errorcode": 530,
    "errortext": "Unable to start a VM [d8273d41-1ac3-4273-9237-71d2c17283a3] due to [Unable to create a deployment for VM instance {\"id\":28,\"instanceName\":\"i-2-28-VM\",\"state\":\"Starting\",\"type\":\"User\",\"uuid\":\"d8273d41-1ac3-4273-9237-71d2c17283a3\"}]."
  },
  "jobresultcode": 530,
  "jobresulttype": "object",
  "jobstatus": 2,
  "userid": "07b8fd70-778b-11f0-886f-1e00b300019d"
}
🙈 Error: async API failed for job 12dd89bc-fc59-4bb5-a302-612d9400a745

Management Server Logs Evidence:

[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-mgmt1 ~]# tail -n 100 /var/log/cloudstack/management/management-server.log | grep -i "cpu\|feature\|vmx"
2025-08-13 10:35:56,208 DEBUG [c.c.a.t.Request] (AgentManager-Handler-19:[]) (logid:) Seq 2-673569619268599828: Processing:  { Ans: , MgmtId: 32988351955357, via: 2, Ver: v1, Flags: 10, [{"com.cloud.agent.api.StartAnswer":{"vm":{"id":"31","name":"i-2-31-VM","state":"Starting","type":"User"},"result":"false","details":"XML error: Non-empty feature list specified without CPU model","wait":"0","bypassHostMaintenance":"false"}}] }

2025-08-13 10:35:56,211 INFO  [c.c.v.ClusteredVirtualMachineManagerImpl] (Work-Job-Executor-87:[ctx-328980d2, job-137/job-139, ctx-e9372b0d]) (logid:bfd1c45f) Unable to start VM on Host {"id":2,"name":"ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm2","type":"Routing","uuid":"76a50ddc-1967-4360-b0b6-88e639ff549e"} due to XML error: Non-empty feature list specified without CPU model

2025-08-13 10:35:56,940 INFO  [c.c.v.ClusteredVirtualMachineManagerImpl] (Work-Job-Executor-87:[ctx-328980d2, job-137/job-139, ctx-e9372b0d]) (logid:bfd1c45f) Unable to start VM on Host {"id":1,"name":"ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm1","type":"Routing","uuid":"21a79fcc-ce3c-483a-b72c-fee78e2ab1ab"} due to XML error: Non-empty feature list specified without CPU model

Agent Logs Evidence

[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm1 ~]# grep -i "configure\|cpu\|feature" /var/log/cloudstack/agent/agent.log | grep -v "Retrieved statistics\|Calculated metrics" | tail -20
2025-08-13 10:35:56,850 WARN  [resource.wrapper.LibvirtStartCommandWrapper] (AgentRequest-Handler-2:[]) (logid:bfd1c45f) LibvirtException org.libvirt.LibvirtException: XML error: Non-empty feature list specified without CPU model

Test 4: Host CPU Capability Verification -> PASSED -> Host supports vmx and other CPU features used in testing

[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh capabilities | grep -A 50 "<cpu>" | grep "feature name"
Output:
xml      <feature name='vme'/>
      <feature name='ss'/>
      <feature name='vmx'/>
      <feature name='osxsave'/>
      <feature name='f16c'/>
      <feature name='rdrand'/>
      <feature name='hypervisor'/>
      <feature name='arat'/>
      <feature name='tsc_adjust'/>
      <feature name='mpx'/>
      <feature name='avx512f'/>
      <feature name='avx512dq'/>
      <feature name='clflushopt'/>
      <feature name='clwb'/>
      <feature name='avx512cd'/>
      <feature name='avx512bw'/>
      <feature name='avx512vl'/>
      <feature name='pku'/>
      <feature name='ospke'/>
      <feature name='md-clear'/>
      <feature name='stibp'/>
      <feature name='arch-capabilities'/>
      <feature name='ssbd'/>
      <feature name='xsaveopt'/>
      <feature name='xsavec'/>
      <feature name='xsaves'/>
      <feature name='pdpe1gb'/>
      <feature name='abm'/>
      <feature name='invtsc'/>
      <feature name='rdctl-no'/>
      <feature name='ibrs-all'/>
      <feature name='skip-l1dfl-vmentry'/>
      <feature name='mds-no'/>

Test 5: CPU Feature Processing Debug -> NO EVIDENCE -> No debug logs showing CPU feature processing for any VM type

[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm1 ~]# grep -i "setFeatures\|createCpuModeDef" /var/log/cloudstack/agent/agent.log
[root@ref-trl-9225-k-Mol8-rositsa-kyuchukova-kvm1 ~]#

bernardodemarco · 2025-08-13T11:44:40Z

PR Status: Verification failed

@rosi-shapeblue, thanks for your review!

Could you further explain what verification failed?

rosi-shapeblue · 2025-08-13T12:19:11Z

PR Status: Verification failed

@rosi-shapeblue, thanks for your review!

Could you further explain what verification failed?

@bernardodemarco - I was still updating my comment; could you please check it #10964 (review) and let me know if any questions arise?

bernardodemarco · 2025-08-13T12:25:27Z

@rosi-shapeblue, thanks very much for testing!

Basically, Apache CloudStack allows operators to configure the CPU model that is exposed to VMs in KVM through three properties that can be defined in agent.properties: guest.cpu.mode, guest.cpu.model and guest.cpu.features.

The guest.cpu.mode property accepts three possible values:

custom: Allows the customization of the CPU model, which should be defined in the guest.cpu.model setting. For instance:
```
guest.cpu.mode=custom
guest.cpu.model=Skylake-Server
```
The available models for a given architecture can be listed through the following command:
```
virsh cpu-models <architecture>
```
host-model: Libvirt identifies which model is more similar to the host's CPU model and adds extra features to approximate the host model as closely as possible.
host-passthrough: Libvirt will communicate to KVM the exact characteristics of the host's CPU. The main difference from the host-model mode is that instead of pairing CPU flags, all the CPU details from the host are paired.

The guest.cpu.features setting can be used to add or remove individual CPU features, for instance:

guest.cpu.mode=custom
guest.cpu.model=Skylake-Server
guest.cpu.features=aes mmx avx

As can be noticed from the Agent logs that have been provided:

2025-08-13 10:35:56,850 WARN  [resource.wrapper.LibvirtStartCommandWrapper] (AgentRequest-Handler-2:[]) (logid:bfd1c45f) LibvirtException org.libvirt.LibvirtException: XML error: Non-empty feature list specified without CPU model

Libvirt complains about specifying a list of flags without a CPU model. Therefore, to apply CPU flags in KVM, it is required to meet one of the following requirements:

Define guest.cpu.mode=host-model and specify the flags;
Define guest.cpu.mode=host-passthrough and specify the flags; or,
Define guest.cpu.mode=custom, guest.cpu.model=<cpu-model> and specify the flags.

Otherwise, Libvirt will complain that a CPU model has not been specified.

rosi-shapeblue

LGTM - verification passed

Test Case 1: Baseline (Mode A: host-model + flags); Status: PASS

1. Setup

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo sed -i '/^guest\.cpu\.model/d' /etc/cloudstack/agent/agent.properties
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo sed -i '/^guest\.cpu\.mode=.*/d' /etc/cloudstack/agent/agent.properties
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# echo 'guest.cpu.mode=host-model'   | sudo tee -a /etc/cloudstack/agent/agent.properties
guest.cpu.mode=host-model
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# echo 'guest.cpu.features=-hle -rtm -mpx' | sudo tee -a /etc/cloudstack/agent/agent.properties
guest.cpu.features=-hle -rtm -mpx
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo systemctl restart cloudstack-agent
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]#

2. Recreate System VMs

(localcloud) 🐱 > list systemvms | jq -r '.systemvm[].id' | xargs -r -n1 -I{} cmk destroy systemvm id={}

{
  "systemvm": {
    "arch": "x86_64",
    "created": "2025-08-14T17:13:51+0000",
    "dns1": "10.0.32.1",
    "dns2": "8.8.8.8",
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "b6384882-f603-4425-bba1-0c5527e0c745",
    "hostname": "ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "db729706-6e27-4dbf-ba2f-3d4fd73f1477",
    "isdynamicallyscalable": false,
    "name": "v-12-VM",
    "podid": "20565719-3178-4595-8063-7d083de87802",
    "podname": "Pod1",
    "serviceofferingid": "714b8119-602d-4337-a85f-b77fb2b16629",
    "serviceofferingname": "System Offering For Console Proxy",
    "state": "Running",
    "systemvmtype": "consoleproxy",
    "templateid": "484370e0-7849-11f0-84c2-1e006c00031c",
    "templatename": "SystemVM Template (KVM)",
    "zoneid": "a4fb4f58-511f-4998-a7e2-a6604f8f1374",
    "zonename": "ref-trl-9239-k-Mol8-rositsa-kyuchukova"
  }
}
{
  "systemvm": {
    "arch": "x86_64",
    "created": "2025-08-14T17:14:21+0000",
    "dns1": "10.0.32.1",
    "dns2": "8.8.8.8",
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "b6384882-f603-4425-bba1-0c5527e0c745",
    "hostname": "ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "94d54534-f531-4e60-ac92-0a9ad02654d7",
    "isdynamicallyscalable": false,
    "name": "s-13-VM",
    "podid": "20565719-3178-4595-8063-7d083de87802",
    "podname": "Pod1",
    "serviceofferingid": "1ab28e97-a225-466c-9b3e-bb8c1d7a43f8",
    "serviceofferingname": "System Offering For Secondary Storage VM",
    "state": "Running",
    "systemvmtype": "secondarystoragevm",
    "templateid": "484370e0-7849-11f0-84c2-1e006c00031c",
    "templatename": "SystemVM Template (KVM)",
    "zoneid": "a4fb4f58-511f-4998-a7e2-a6604f8f1374",
    "zonename": "ref-trl-9239-k-Mol8-rositsa-kyuchukova"
  }
}

3. Verification

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# for n in $(virsh list --name | egrep '^(v-|s-)'); do
>   echo "== $n ==";
>   virsh dumpxml "$n" | sed -n '/<cpu /,/<\/cpu>/p' | egrep "cpu mode=|<model |feature.*(hle|rtm|mpx)";
>   echo;
> done
== v-14-VM ==
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Cascadelake-Server</model>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>

== s-15-VM ==
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Cascadelake-Server</model>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>

Status: Pass

mode='custom'
Cascadelake-Server present
Features hle, rtm, mpx = disabled

Test Case 2: Mode B (host-passthrough + flags); Status: PASS

1. Setup

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo sed -i 's/^guest\.cpu\.mode=.*/guest.cpu.mode=host-passthrough/' /etc/cloudstack/agent/agent.properties
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# grep "^guest.cpu.mode" /etc/cloudstack/agent/agent.properties
guest.cpu.mode=host-passthrough
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# systemctl restart cloudstack-agent

2. Recreate System VMs

(localcloud) 🐱 > list systemvms | jq -r '.systemvm[].id' | xargs -r -n1 -I{} cmk destroy systemvm id={}

{
  "systemvm": {
    "arch": "x86_64",
    "created": "2025-08-14T17:19:21+0000",
    "dns1": "10.0.32.1",
    "dns2": "8.8.8.8",
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "b6384882-f603-4425-bba1-0c5527e0c745",
    "hostname": "ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "9ab9f005-77da-48f7-a92a-29fc53745b1f",
    "isdynamicallyscalable": false,
    "name": "v-14-VM",
    "podid": "20565719-3178-4595-8063-7d083de87802",
    "podname": "Pod1",
    "serviceofferingid": "714b8119-602d-4337-a85f-b77fb2b16629",
    "serviceofferingname": "System Offering For Console Proxy",
    "state": "Running",
    "systemvmtype": "consoleproxy",
    "templateid": "484370e0-7849-11f0-84c2-1e006c00031c",
    "templatename": "SystemVM Template (KVM)",
    "zoneid": "a4fb4f58-511f-4998-a7e2-a6604f8f1374",
    "zonename": "ref-trl-9239-k-Mol8-rositsa-kyuchukova"
  }
}
{
  "systemvm": {
    "arch": "x86_64",
    "created": "2025-08-14T17:19:21+0000",
    "dns1": "10.0.32.1",
    "dns2": "8.8.8.8",
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "b6384882-f603-4425-bba1-0c5527e0c745",
    "hostname": "ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "627b53de-bbad-4cbd-a579-58289e638492",
    "isdynamicallyscalable": false,
    "name": "s-15-VM",
    "podid": "20565719-3178-4595-8063-7d083de87802",
    "podname": "Pod1",
    "serviceofferingid": "1ab28e97-a225-466c-9b3e-bb8c1d7a43f8",
    "serviceofferingname": "System Offering For Secondary Storage VM",
    "state": "Running",
    "systemvmtype": "secondarystoragevm",
    "templateid": "484370e0-7849-11f0-84c2-1e006c00031c",
    "templatename": "SystemVM Template (KVM)",
    "zoneid": "a4fb4f58-511f-4998-a7e2-a6604f8f1374",
    "zonename": "ref-trl-9239-k-Mol8-rositsa-kyuchukova"
  }
}

3. Verification

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# for n in $(virsh list --name | egrep '^(v-|s-)'); do
>   echo "== $n ==";
>   virsh dumpxml "$n" | sed -n '/<cpu /,/<\/cpu>/p' | egrep "cpu mode=|feature.*(hle|rtm|mpx)";
>   echo;
> done
== v-16-VM ==
  <cpu mode='host-passthrough' check='none' migratable='on'>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>

== s-17-VM ==
  <cpu mode='host-passthrough' check='none' migratable='on'>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]#

Test Result: Pass

mode='host-passthrough'
Features hle, rtm, mpx = disabled

Test Case 3: Mode C (custom + explicit model + flags); Status: PASS

1. Setup

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo sed -i '/^guest\.cpu\./d' /etc/cloudstack/agent/agent.properties
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo tee -a /etc/cloudstack/agent/agent.properties >/dev/null <<'EOF'
> guest.cpu.mode=custom
> guest.cpu.model=Westmere
> guest.cpu.features=-hle -rtm -mpx
> EOF
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo systemctl restart libvirtd
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo systemctl restart cloudstack-agent

2. Recreate System VMs

(localcloud) 🐱 > list systemvms | jq -r '.systemvm[].id' | xargs -r -n1 -I{} cmk destroy systemvm id={}

{
  "systemvm": {
    "arch": "x86_64",
    "created": "2025-08-14T17:52:51+0000",
    "dns1": "10.0.32.1",
    "dns2": "8.8.8.8",
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "b6384882-f603-4425-bba1-0c5527e0c745",
    "hostname": "ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "cd4fa119-0a75-4512-9a83-8921cf0bfc99",
    "isdynamicallyscalable": false,
    "name": "v-16-VM",
    "podid": "20565719-3178-4595-8063-7d083de87802",
    "podname": "Pod1",
    "serviceofferingid": "714b8119-602d-4337-a85f-b77fb2b16629",
    "serviceofferingname": "System Offering For Console Proxy",
    "state": "Running",
    "systemvmtype": "consoleproxy",
    "templateid": "484370e0-7849-11f0-84c2-1e006c00031c",
    "templatename": "SystemVM Template (KVM)",
    "zoneid": "a4fb4f58-511f-4998-a7e2-a6604f8f1374",
    "zonename": "ref-trl-9239-k-Mol8-rositsa-kyuchukova"
  }
}
{
  "systemvm": {
    "arch": "x86_64",
    "created": "2025-08-14T17:53:21+0000",
    "dns1": "10.0.32.1",
    "dns2": "8.8.8.8",
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "b6384882-f603-4425-bba1-0c5527e0c745",
    "hostname": "ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1",
    "hypervisor": "KVM",
    "id": "c52e61b1-94df-445b-a1bd-717ea4c591f4",
    "isdynamicallyscalable": false,
    "name": "s-17-VM",
    "podid": "20565719-3178-4595-8063-7d083de87802",
    "podname": "Pod1",
    "serviceofferingid": "1ab28e97-a225-466c-9b3e-bb8c1d7a43f8",
    "serviceofferingname": "System Offering For Secondary Storage VM",
    "state": "Running",
    "systemvmtype": "secondarystoragevm",
    "templateid": "484370e0-7849-11f0-84c2-1e006c00031c",
    "templatename": "SystemVM Template (KVM)",
    "zoneid": "a4fb4f58-511f-4998-a7e2-a6604f8f1374",
    "zonename": "ref-trl-9239-k-Mol8-rositsa-kyuchukova"
  }
}

3. Verification

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# for n in $(virsh list --name | egrep '^(v-|s-)'); do
>   echo "== $n ==";
>   virsh dumpxml "$n" | sed -n '/<cpu /,/<\/cpu>/p';
>   echo;
> done
== v-16-VM ==
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Westmere</model>
    <topology sockets='1' dies='1' cores='1' threads='1'/>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>
    <feature policy='require' name='vme'/>
    <feature policy='require' name='pclmuldq'/>
    <feature policy='require' name='x2apic'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='arat'/>
  </cpu>

== s-17-VM ==
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Westmere</model>
    <topology sockets='1' dies='1' cores='1' threads='1'/>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>
    <feature policy='require' name='vme'/>
    <feature policy='require' name='pclmuldq'/>
    <feature policy='require' name='x2apic'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='arat'/>
  </cpu>

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]#

Test Result: Pass

mode='host-passthrough'
<model>Westmere</model>
Disabled features: hle, rtm, mpx
Required features: vme, pclmuldq, x2apic, hypervisor, arat

Test Case 4: Negative Control (flags set without mode/model); Status: PASS

1. Setup (intentionally wrong)

# Remove any CPU mode/model, leave only features
sudo sed -i '/^guest\.cpu\./d' /etc/cloudstack/agent/agent.properties
echo 'guest.cpu.features=-hle -rtm -mpx' | sudo tee -a /etc/cloudstack/agent/agent.properties >/dev/null
sudo systemctl restart cloudstack-agent

2. Recreate System VMs

list systemvms | jq -r '.systemvm[]?.id' | xargs -r -n1 -I{} destroy systemvm id={}

Expected Result
Libvirt rejects the domain definition: flags are specified without a CPU model; System VMs fail to start and get removed.

Actual Result

Agent raised the model/flags validation error:

LibvirtException: XML error: Non-empty feature list specified without CPU model
System VMs enter create→stop→remove loop; agent can’t find a defined domain afterward:

2025-08-14 19:09:27,093 DEBUG ... Failed to get vm :Domain not found: no domain with matching name 'v-80-VM'
2025-08-14 19:09:27,094 DEBUG ... VM v-80-VM doesn't exist, no need to stop it
...
2025-08-14 19:09:27,308 DEBUG ... Failed to get dom xml: org.libvirt.LibvirtException: Domain not found: no domain with matching name 's-81-VM'
2025-08-14 19:09:27,447 DEBUG ... VM s-81-VM doesn't exist, no need to stop it

Test Result: Pass (negative control)

Libvirt refuses CPU flags without a model, as designed.
System VMs do not remain running and are removed.

Test Case 5: Unsupported feature (require a feature the host lacks); Status: PASS

1. Setup

Use a newer baseline (Cascade Lake) that implies features the host lacks (e.g., avx512vnni, xgetbv1).

The host advertises Cascade Lake models among supported CPU models:

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh cpu-models x86_64 | egrep -i 'westmere|sandy|ivy|haswell|broadwell|skylake|cascade|icelake|cooper|sapphirerapids'
Westmere
Westmere-IBRS
SandyBridge
SandyBridge-IBRS
IvyBridge
IvyBridge-IBRS
Haswell-noTSX
Haswell-noTSX-IBRS
Haswell
Haswell-IBRS
Broadwell-noTSX
Broadwell-noTSX-IBRS
Broadwell
Broadwell-IBRS
Skylake-Client
Skylake-Client-IBRS
Skylake-Client-noTSX-IBRS
Skylake-Server
Skylake-Server-IBRS
Skylake-Server-noTSX-IBRS
Cascadelake-Server
Cascadelake-Server-noTSX
Icelake-Client
Icelake-Client-noTSX
Icelake-Server
Icelake-Server-noTSX
Cooperlake

But capabilities query doesn't surface Cascade Lake details on this host (a hint of mismatch):

2. Recreate System VMs

While ACS was recreating, QEMU logs for new VMs show immediate failure:

== v-18-VM.log ==
2025-08-14 18:28:23.270+0000: shutting down, reason=failed
2025-08-14 18:28:53.611+0000: shutting down, reason=failed

== v-20-VM.log ==
2025-08-14 18:29:23.302+0000: shutting down, reason=failed
2025-08-14 18:29:53.191+0000: shutting down, reason=failed

... (and similarly for v-22, v-24, v-26, v-28, v-30)

Error surfaced by libvirt: Libvirt explicitly reports the host is missing required features for the requested model:

journalctl -u libvirtd | grep -i cpu
the CPU is incompatible with host CPU: Host CPU does not provide required features: avx512vnni, xgetbv1
# (repeated at 18:28, 18:29, 18:30, 18:31, 18:32, 18:33, 18:34 ...)

4. Cleanup/Removal behavior (ACS reaction)

Since the domains never actually start, ACS tears them down; agent can’t find the domain afterwards.

2025-08-14 19:09:27,093 DEBUG ... Failed to get vm :Domain not found: no domain with matching name 'v-80-VM'
2025-08-14 19:09:27,094 DEBUG ... VM v-80-VM doesn't exist, no need to stop it
...
2025-08-14 19:09:27,308 DEBUG ... Failed to get dom xml: org.libvirt.LibvirtException: Domain not found: no domain with matching name 's-81-VM'
2025-08-14 19:09:27,447 DEBUG ... VM s-81-VM doesn't exist, no need to stop it

Test Result: Pass (negative)

Platform correctly rejects a CPU configuration that requires unsupported features (avx512vnni, xgetbv1), VMs fail to boot, and ACS removes them as expected.

Test Case 6: Deploy VMs; Status: PASS

Option A: host-model + flags (safe default)

1. Setup

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo sed -i '/^guest\.cpu\./d' /etc/cloudstack/agent/agent.properties
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# echo 'guest.cpu.mode=host-model'            | sudo tee -a /etc/cloudstack/agent/agent.properties
guest.cpu.mode=host-model
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# echo 'guest.cpu.features=-hle -rtm -mpx'    | sudo tee -a /etc/cloudstack/agent/agent.properties
guest.cpu.features=-hle -rtm -mpx
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo systemctl restart cloudstack-agent

2. Deploy VM and check CPU xml

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# for n in $(virsh list --name | egrep '^(v-|s-|i-)'); do
>   echo "== $n ==";
>   virsh dumpxml "$n" | sed -n '/<cpu /,/<\/cpu>/p' | egrep "cpu mode=|<model |feature.*(hle|rtm|mpx)";
>   echo;
> done
== i-2-1504-VM ==
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Cascadelake-Server</model>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>

Test Result: Pass - host-model resolved to custom + Cascadelake-Server; hle/rtm/mpx disabled.

Option B: host-passthrough + flags (max perf)

1. Setup

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo sed -i '/^guest\.cpu\./d' /etc/cloudstack/agent/agent.properties
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# echo 'guest.cpu.mode=host-passthrough'      | sudo tee -a /etc/cloudstack/agent/agent.properties
guest.cpu.mode=host-passthrough
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# echo 'guest.cpu.features=-hle -rtm -mpx'    | sudo tee -a /etc/cloudstack/agent/agent.properties
guest.cpu.features=-hle -rtm -mpx
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo systemctl restart cloudstack-agent
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]#

2. Deploy VM and check CPU xml

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# for n in $(virsh list --name | egrep '^(v-|s-|i-)'); do
>   echo "== $n ==";
>   virsh dumpxml "$n" | sed -n '/<cpu /,/<\/cpu>/p' | egrep "cpu mode=|<model |feature.*(hle|rtm|mpx)";
>   echo;
> done
== i-2-1505-VM ==
  <cpu mode='host-passthrough' check='none' migratable='on'>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>

Test Result: Pass - host-passthrough; hle/rtm/mpx disabled.

Option C: custom baseline

1. Setup

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo sed -i '/^guest\.cpu\./d' /etc/cloudstack/agent/agent.properties
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# cat <<'EOF' | sudo tee -a /etc/cloudstack/agent/agent.properties >/dev/null
> guest.cpu.mode=custom
> guest.cpu.model=Westmere
> guest.cpu.features=-hle -rtm -mpx
> EOF
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo systemctl restart cloudstack-agent

2. Deploy VM and check CPU xml

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# for n in $(virsh list --name | egrep '^(v-|s-|i-)'); do
>   echo "== $n ==";
>   virsh dumpxml "$n" | sed -n '/<cpu /,/<\/cpu>/p' | egrep "cpu mode=|<model |feature.*(hle|rtm|mpx)";
>   echo;
> done
== i-2-1506-VM ==
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Westmere</model>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>

Test Result: Pass - custom + Westmere; hle/rtm/mpx disabled.

Test Case 7: Per-VM override sanity; Status PASS

1. Locate the target VM (capture current state & IDs)

(localcloud) 🐱 > list virtualmachines id=1ad45a2f-d96e-4dc9-be52-72fb8d033d5b

{
  "count": 1,
  "virtualmachine": [
    {
      "account": "admin",
      "affinitygroup": [],
      "arch": "x86_64",
      "cpunumber": 1,
      "cpuspeed": 500,
      "cpuused": "17.22%",
      "created": "2025-08-15T07:14:18+0000",
      "deleteprotection": false,
      "details": {
        "cpuOvercommitRatio": "2.0"
      },
      "diskioread": 0,
      "diskiowrite": 7,
      "diskkbsread": 0,
      "diskkbswrite": 40,
      "displayname": "VM-1ad45a2f-d96e-4dc9-be52-72fb8d033d5b",
      "displayvm": true,
      "domain": "ROOT",
      "domainid": "483d23ca-7849-11f0-84c2-1e006c00031c",
      "domainpath": "/",
      "guestosid": "486b98a6-7849-11f0-84c2-1e006c00031c",
      "haenable": false,
      "hasannotations": false,
      "hostcontrolstate": "Enabled",
      "hostid": "b6384882-f603-4425-bba1-0c5527e0c745",
      "hostname": "ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1",
      "hypervisor": "KVM",
      "id": "1ad45a2f-d96e-4dc9-be52-72fb8d033d5b",
      "instancename": "i-2-1506-VM",
      "isdynamicallyscalable": false,
      "lastupdated": "2025-08-15T07:14:22+0000",
      "memory": 512,
      "memoryintfreekbs": -1,
      "memorykbs": 524288,
      "memorytargetkbs": 524288,
      "name": "VM-1ad45a2f-d96e-4dc9-be52-72fb8d033d5b",
      "networkkbsread": 0,
      "networkkbswrite": 0,
      "nic": [
        {
          "broadcasturi": "vlan://2619",
          "deviceid": "0",
          "extradhcpoption": [],
          "id": "265a5f32-e248-4bb6-b030-9fdc9ec138df",
          "isdefault": true,
          "isolationuri": "vlan://2619",
          "macaddress": "02:01:00:cc:00:06",
          "networkid": "e79f511a-2178-4b50-b5e4-42ba1206af6c",
          "networkname": "test",
          "secondaryip": [],
          "traffictype": "Guest",
          "type": "L2"
        }
      ],
      "osdisplayname": "CentOS 5.5 (64-bit)",
      "ostypeid": "486b98a6-7849-11f0-84c2-1e006c00031c",
      "passwordenabled": false,
      "pooltype": "NetworkFilesystem",
      "receivedbytes": 0,
      "rootdeviceid": 0,
      "rootdevicetype": "ROOT",
      "securitygroup": [],
      "sentbytes": 0,
      "serviceofferingid": "a2da53cc-5df0-440e-9562-66ca15a1220c",
      "serviceofferingname": "Small Instance",
      "state": "Running",
      "tags": [],
      "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
      "templateformat": "QCOW2",
      "templateid": "48447311-7849-11f0-84c2-1e006c00031c",
      "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
      "templatetype": "BUILTIN",
      "userid": "9a5fe895-7849-11f0-84c2-1e006c00031c",
      "username": "admin",
      "zoneid": "a4fb4f58-511f-4998-a7e2-a6604f8f1374",
      "zonename": "ref-trl-9239-k-Mol8-rositsa-kyuchukova"
    }
  ]
}

Apply per-VM CPU override details

(localcloud) 🐱 > update virtualmachine id=1ad45a2f-d96e-4dc9-be52-72fb8d033d5b details[0].key=guest.cpu.mode details[0].value=custom details[1].key=guest.cpu.model details[1].value=Westmere details[2].key=guest.cpu.features details[2].value="-hle -rtm -mpx"

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "17.58%",
    "created": "2025-08-15T07:14:18+0000",
    "deleteprotection": false,
    "details": {
      "key": "guest.cpu.mode",
      "value": "custom"
    },
    "diskioread": 0,
    "diskiowrite": 4,
    "diskkbsread": 0,
    "diskkbswrite": 24,
    "displayname": "VM-1ad45a2f-d96e-4dc9-be52-72fb8d033d5b",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "483d23ca-7849-11f0-84c2-1e006c00031c",
    "domainpath": "/",
    "guestosid": "486b98a6-7849-11f0-84c2-1e006c00031c",
    "haenable": false,
    "hasannotations": false,
    "hypervisor": "KVM",
    "id": "1ad45a2f-d96e-4dc9-be52-72fb8d033d5b",
    "instancename": "i-2-1506-VM",
    "isdynamicallyscalable": false,
    "lastupdated": "2025-08-15T07:35:24+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "VM-1ad45a2f-d96e-4dc9-be52-72fb8d033d5b",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "deviceid": "0",
        "extradhcpoption": [],
        "id": "265a5f32-e248-4bb6-b030-9fdc9ec138df",
        "isdefault": true,
        "macaddress": "02:01:00:cc:00:06",
        "networkid": "e79f511a-2178-4b50-b5e4-42ba1206af6c",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "L2"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "486b98a6-7849-11f0-84c2-1e006c00031c",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "a2da53cc-5df0-440e-9562-66ca15a1220c",
    "serviceofferingname": "Small Instance",
    "state": "Stopped",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "48447311-7849-11f0-84c2-1e006c00031c",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "9a5fe895-7849-11f0-84c2-1e006c00031c",
    "username": "admin",
    "zoneid": "a4fb4f58-511f-4998-a7e2-a6604f8f1374",
    "zonename": "ref-trl-9239-k-Mol8-rositsa-kyuchukova"
  }
}

3. Start the VM (apply the override on boot)

4. Verify on the KVM host: VM CPU XML reflects the override

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# virsh dumpxml i-2-1506-VM | sed -n '/<cpu /,/<\/cpu>/p'
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Westmere</model>
    <topology sockets='1' dies='1' cores='1' threads='1'/>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>
    <feature policy='require' name='vme'/>
    <feature policy='require' name='pclmuldq'/>
    <feature policy='require' name='x2apic'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='arat'/>
  </cpu>
[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]#

Test Result Per-VM override took effect (mode=custom, model=Westmere, hle/rtm/mpx disabled) and is visible in the VM’s libvirt XML.

Test Case 8: Live migration between hosts in the same mode; Status: PASS

1. Hosts Setup

Make sure Host A has the same config as Host B
Host A (kvm1):

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm1 ~]# sudo egrep -n '^(guest\.cpu\.)' /etc/cloudstack/agent/agent.properties || echo "Host-A: no guest.cpu.* lines"
9:guest.cpu.mode=custom
11:guest.cpu.model=Westmere
25:guest.cpu.features=-hle -rtm -mpx

Host B (kvm2):

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm2 ~]# sudo egrep -n '^(guest\.cpu\.)' /etc/cloudstack/agent/agent.properties
9:guest.cpu.mode=custom
11:guest.cpu.model=Westmere
25:guest.cpu.features=-hle -rtm -mpx

2. Live-migrate Instance from Host A to Host B

(localcloud) 🐱 > migrateVirtualMachine virtualmachineid=1ad45a2f-d96e-4dc9-be52-72fb8d033d5b hostid=d63404e1-a054-41df-92fe-06a18cb1286e

{
  "virtualmachine": {
    "account": "admin",
    "affinitygroup": [],
    "arch": "x86_64",
    "cpunumber": 1,
    "cpuspeed": 500,
    "cpuused": "17.33%",
    "created": "2025-08-15T07:14:18+0000",
    "deleteprotection": false,
    "details": {
      "cpuOvercommitRatio": "2.0",
      "key": "guest.cpu.mode",
      "value": "custom"
    },
    "diskioread": 0,
    "diskiowrite": 4,
    "diskkbsread": 0,
    "diskkbswrite": 24,
    "displayname": "VM-1ad45a2f-d96e-4dc9-be52-72fb8d033d5b",
    "displayvm": true,
    "domain": "ROOT",
    "domainid": "483d23ca-7849-11f0-84c2-1e006c00031c",
    "domainpath": "/",
    "guestosid": "486b98a6-7849-11f0-84c2-1e006c00031c",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hostid": "d63404e1-a054-41df-92fe-06a18cb1286e",
    "hostname": "ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm2",
    "hypervisor": "KVM",
    "id": "1ad45a2f-d96e-4dc9-be52-72fb8d033d5b",
    "instancename": "i-2-1506-VM",
    "isdynamicallyscalable": false,
    "jobid": "8a9ec386-9cbb-467a-aaa4-f3454b4ae736",
    "jobstatus": 0,
    "lastupdated": "2025-08-15T08:07:01+0000",
    "memory": 512,
    "memoryintfreekbs": -1,
    "memorykbs": 524288,
    "memorytargetkbs": 524288,
    "name": "VM-1ad45a2f-d96e-4dc9-be52-72fb8d033d5b",
    "networkkbsread": 0,
    "networkkbswrite": 0,
    "nic": [
      {
        "broadcasturi": "vlan://2619",
        "deviceid": "0",
        "extradhcpoption": [],
        "id": "265a5f32-e248-4bb6-b030-9fdc9ec138df",
        "isdefault": true,
        "isolationuri": "vlan://2619",
        "macaddress": "02:01:00:cc:00:06",
        "networkid": "e79f511a-2178-4b50-b5e4-42ba1206af6c",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "L2"
      }
    ],
    "osdisplayname": "CentOS 5.5 (64-bit)",
    "ostypeid": "486b98a6-7849-11f0-84c2-1e006c00031c",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "a2da53cc-5df0-440e-9562-66ca15a1220c",
    "serviceofferingname": "Small Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templateformat": "QCOW2",
    "templateid": "48447311-7849-11f0-84c2-1e006c00031c",
    "templatename": "CentOS 5.5(64-bit) no GUI (KVM)",
    "templatetype": "BUILTIN",
    "userid": "9a5fe895-7849-11f0-84c2-1e006c00031c",
    "username": "admin",
    "zoneid": "a4fb4f58-511f-4998-a7e2-a6604f8f1374",
    "zonename": "ref-trl-9239-k-Mol8-rositsa-kyuchukova"
  }
}

Instance is migrated on Host B

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh list --all | grep -w i-2-1506-VM
 1    i-2-1506-VM   running

3. Confirm the CPU XML still matches (mode/model/flags)

[root@ref-trl-9239-k-Mol8-rositsa-kyuchukova-kvm2 ~]# virsh dumpxml i-2-1506-VM | sed -n '/<cpu[ >]/,/<\/cpu>/p'
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Westmere</model>
    <topology sockets='1' dies='1' cores='1' threads='1'/>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>
    <feature policy='require' name='vme'/>
    <feature policy='require' name='pclmuldq'/>
    <feature policy='require' name='x2apic'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='arat'/>
  </cpu>

sureshanaparti · 2025-08-15T11:01:52Z

Basically, Apache CloudStack allows operators to configure the CPU model that is exposed to VMs in KVM through three properties that can be defined in agent.properties: guest.cpu.mode, guest.cpu.model and guest.cpu.features.

The guest.cpu.mode property accepts three possible values:
custom: Allows the customization of the CPU model, which should be defined in the guest.cpu.model setting. For instance:
guest.cpu.mode=custom
guest.cpu.model=Skylake-Server
The available models for a given architecture can be listed through the following command:
virsh cpu-models <architecture>
host-model: Libvirt identifies which model is more similar to the host's CPU model and adds extra features to approximate the host model as closely as possible.

host-passthrough: Libvirt will communicate to KVM the exact characteristics of the host's CPU. The main difference from the host-model mode is that instead of pairing CPU flags, all the CPU details from the host are paired.
The guest.cpu.features setting can be used to add or remove individual CPU features, for instance:
guest.cpu.mode=custom
guest.cpu.model=Skylake-Server
guest.cpu.features=aes mmx avx
As can be noticed from the Agent logs that have been provided:
2025-08-13 10:35:56,850 WARN  [resource.wrapper.LibvirtStartCommandWrapper] (AgentRequest-Handler-2:[]) (logid:bfd1c45f) LibvirtException org.libvirt.LibvirtException: XML error: Non-empty feature list specified without CPU model
Libvirt complains about specifying a list of flags without a CPU model. Therefore, to apply CPU flags in KVM, it is required to meet one of the following requirements:

Define guest.cpu.mode=host-model and specify the flags;

Define guest.cpu.mode=host-passthrough and specify the flags; or,

Define guest.cpu.mode=custom, guest.cpu.model=<cpu-model> and specify the flags.

Otherwise, Libvirt will complain that a CPU model has not been specified.

@bernardodemarco have you raised any doc PR with these details? if not, can you create one. thanks.

bernardodemarco · 2025-08-15T11:47:06Z

@rosi-shapeblue, thanks for testing this one!

@bernardodemarco have you raised any doc PR with these details? if not, can you create one. thanks.

@sureshanaparti, sure, I'll try to open a doc PR ASAP

DaanHoogland · 2025-08-15T12:02:13Z

@sureshanaparti , this being a non-LTS release, should we merge anyway? (in spite of missing/while waiting on docs.)

sureshanaparti · 2025-08-15T12:05:48Z

@bernardodemarco have you raised any doc PR with these details? if not, can you create one. thanks.

@sureshanaparti, sure, I'll try to open a doc PR ASAP

thanks @bernardodemarco

* CPU features for System VMs * Apply guest.cpu.features for System VMs

boring-cyborg bot added component:agent component:kvm labels Jun 5, 2025

bernardodemarco added this to the 4.21.0 milestone Jun 5, 2025

bernardodemarco force-pushed the cpu-features-for-systemvms branch from e36ea22 to 84148e6 Compare June 13, 2025 18:20

github-actions bot added the status:has-conflicts label Jul 29, 2025

bernardodemarco added 2 commits July 29, 2025 09:05

CPU features for system VMs

bdc6f60

apply guest.cpu.features for system VMs

739c4e7

bernardodemarco force-pushed the cpu-features-for-systemvms branch from d664399 to 739c4e7 Compare July 29, 2025 12:09

github-actions bot removed the status:has-conflicts label Jul 29, 2025

rosi-shapeblue self-assigned this Aug 12, 2025

rosi-shapeblue suggested changes Aug 13, 2025

View reviewed changes

This comment was marked as duplicate.

Sign in to view

rosi-shapeblue added status:testing and removed status:needs-testing labels Aug 14, 2025

rosi-shapeblue approved these changes Aug 15, 2025

View reviewed changes

rosi-shapeblue removed the status:testing label Aug 15, 2025

sureshanaparti merged commit ba2d70a into apache:main Aug 15, 2025
25 of 26 checks passed

github-project-automation bot moved this from In Progress to Done in Apache CloudStack 4.21.0 Aug 15, 2025

bernardodemarco mentioned this pull request Aug 19, 2025

Improve section regarding KVM guest CPU configuration apache/cloudstack-documentation#543

Merged

sureshanaparti added the type:improvement label Aug 20, 2025

dhslove pushed a commit to ablecloud-team/ablestack-cloud that referenced this pull request Sep 4, 2025

[KVM] CPU Features for System VMs (apache#10964)

b94f914

* CPU features for System VMs * Apply guest.cpu.features for System VMs

	private CpuModeDef createCpuModeDef(VirtualMachineTO vmTO, int vcpus) {
	final CpuModeDef cmd = new CpuModeDef();
	Map<String, String> details = vmTO.getDetails();
	String cpuMode = MapUtils.isNotEmpty(details) && details.get(VmDetailConstants.GUEST_CPU_MODE) != null ? details.get(VmDetailConstants.GUEST_CPU_MODE) : guestCpuMode;
	String cpuModel = MapUtils.isNotEmpty(details) && details.get(VmDetailConstants.GUEST_CPU_MODEL) != null ? details.get(VmDetailConstants.GUEST_CPU_MODEL) : guestCpuModel;
	cmd.setMode(cpuMode);
	cmd.setModel(cpuModel);
	if (VirtualMachine.Type.User.equals(vmTO.getType())) {
	cmd.setFeatures(cpuFeatures);
	}
	int vCpusInDef = vmTO.getVcpuMaxLimit() == null ? vcpus : vmTO.getVcpuMaxLimit();
	setCpuTopology(cmd, vCpusInDef, vmTO.getDetails());
	return cmd;
	}

[KVM] CPU Features for System VMs #10964

[KVM] CPU Features for System VMs #10964

Uh oh!

Conversation

bernardodemarco commented Jun 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Types of changes

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

Screenshots (if appropriate):

How Has This Been Tested?

Uh oh!

bernardodemarco commented Jun 5, 2025

Uh oh!

blueorangutan commented Jun 5, 2025

Uh oh!

codecov bot commented Jun 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

blueorangutan commented Jun 5, 2025

Uh oh!

DaanHoogland commented Jun 9, 2025

Uh oh!

blueorangutan commented Jun 9, 2025

Uh oh!

DaanHoogland commented Jun 9, 2025

Uh oh!

bernardodemarco commented Jun 10, 2025

Uh oh!

blueorangutan commented Jun 10, 2025

Uh oh!

DaanHoogland commented Jun 11, 2025

Uh oh!

weizhouapache commented Jun 11, 2025

Uh oh!

bernardodemarco commented Jun 12, 2025

Uh oh!

bernardodemarco commented Jun 13, 2025

Uh oh!

bernardodemarco commented Jun 13, 2025

Uh oh!

blueorangutan commented Jun 13, 2025

Uh oh!

blueorangutan commented Jun 13, 2025

Uh oh!

DaanHoogland commented Jun 14, 2025

Uh oh!

blueorangutan commented Jun 14, 2025

Uh oh!

blueorangutan commented Jun 15, 2025

Uh oh!

bernardodemarco commented Jun 15, 2025

Uh oh!

DaanHoogland commented Jun 16, 2025

Uh oh!

JoaoJandre commented Jul 4, 2025

Uh oh!

blueorangutan commented Jul 4, 2025

Uh oh!

blueorangutan commented Jul 4, 2025

Uh oh!

DaanHoogland commented Jul 5, 2025

Uh oh!

blueorangutan commented Jul 5, 2025

Uh oh!

blueorangutan commented Jul 24, 2025

Uh oh!

blueorangutan commented Jul 24, 2025

Uh oh!

github-actions bot commented Jul 29, 2025

Uh oh!

bernardodemarco commented Jul 29, 2025

Uh oh!

blueorangutan commented Jul 29, 2025

Uh oh!

blueorangutan commented Jul 29, 2025

Uh oh!

rosi-shapeblue left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

bernardodemarco commented Jun 5, 2025 •

edited

Loading

codecov bot commented Jun 5, 2025 •

edited

Loading

rosi-shapeblue left a comment •

edited

Loading