Re: [PATCH] docs: Describe protected virtualization guest setup

On Wed, Apr 29, 2020 at 10:19:20AM -0300, Daniel Henrique Barboza wrote: > > > On 4/28/20 12:58 PM, Boris Fiuczynski wrote: >> From: Viktor Mihajlovski <mihajlov(a)linux.ibm.com&gt; >> > > [...] >> + >> +If the check fails despite the host system actually supporting >> +protected virtualization guests, this can be caused by a stale >> +libvirt capabilities cache. To recover, run the following >> +commands >> + >> +:: >> + >> + $ systemctl stop libvirtd >> + $ rm /var/cache/libvirt/qemu/capabilities/*.xml >> + $ systemctl start libvirtd >> + >> + > > > Why isn't Libvirt re-fetching the capabilities after host changes that affects > KVM capabilities? I see that we're following up QEMU timestamps to detect > if the binary changes, which is sensible, but what about /dev/kvm? Shouldn't > we refresh domain capabilities every time following a host reboot? Caching of capabilities was done precisely to avoid refreshing on every boot because it resulted in slow startup for apps using libvirt after boot. We look for specific features that change as a way to indicate a refresh is needed. If there's a need to delete the capabilities manually that indicates we're missing some feature when deciding whether the cache is stale. Regards, Daniel