#openstack-meeting-4 log

08:00:57 <oanson> #startmeeting Dragonflow
08:00:58 <openstack> Meeting started Mon Dec 25 08:00:57 2017 UTC and is due to finish in 60 minutes.  The chair is oanson. Information about MeetBot at http://wiki.debian.org/MeetBot.
08:00:59 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
08:01:01 <openstack> The meeting name has been set to 'dragonflow'
08:01:19 <irenab> hi
08:01:21 <dimak> hey
08:01:26 <oanson> Roll call! Lift your hands, say yeah!
08:01:26 <oanson> o/
08:01:35 <dimak> \o/
08:01:43 <leyal> HI
08:01:54 <oanson> Let's give lihi a second to join the party
08:02:21 <lihi> Hi
08:02:25 <oanson> All right!
08:02:35 <oanson> #info irenab dimak leyal lihi in the meeting
08:02:39 <oanson> #topic Roadmap
08:02:49 <oanson> LBaaS - no progress
08:02:52 <oanson> DNS - lihi ?
08:03:38 <lihi> I uploaded yesterday an update to the spec
08:03:55 <irenab> link?
08:04:03 <oanson> You must have a bug - it fails the gate :(
08:04:12 <oanson> #link DNS as a service spec https://review.openstack.org/#/c/527956/
08:04:35 <dimak> Must be too controversial
08:05:09 <irenab> maybe recheck will fix
08:05:26 <lihi> Christmas fails the gate :(
08:06:19 <oanson> Do we have a decision on how to implement? virtual port (like metadata) or hijack DNS packet?
08:07:20 <dimak> Is performance comparable?
08:07:30 <leyal> oanson , did we must to bind between the virtual-port and external-app ?
08:07:49 <lihi> Currently the virtual port is the prefered option
08:08:03 <oanson> dimak, theoretically, the service (metadata-like) option should be more performant. But for actual numbers, we need to run tests.
08:08:11 <oanson> leyal, sorry?
08:08:33 <oanson> irenab, I don't see your vote on the spec. Do you have an opinion?
08:08:59 <irenab> oanson, I missed the spec. Just added it to the queue, will rview and vote
08:09:00 <leyal> oanson, can we do virtual-port , but still run in context of the controller process ?
08:09:34 <oanson> leyal, yes. We can have the controller listen on the tap device.
08:09:38 <irenab> I wonder what are the benefits to have it as a separate service
08:10:37 <oanson> irenab, 1. if one process crashes, it doesn't take the other with it. 2. If one process hogs the CPU, the other can still do its thing (since we use cooperative threading)
08:11:02 <oanson> 3. separation of responsibilities: control (DF Controller) vs. data (DNS service)
08:11:35 <irenab> oanson, so why other Apps are not spearated?
08:11:42 <irenab> separated
08:12:19 <oanson> metadata is the only other app that has this behaviour (i.e. needing to parse the packets outside of OVS/OpenFlow). And metadata is separated.
08:12:39 <leyal> dhcp ..
08:12:42 <irenab> once we go for IGMP, it will be the third?
08:12:55 <oanson> LBaaS is also planned to be separated for anything stronger than OpenFlow can provide
08:13:05 <irenab> I just think we should have proper pattern to decide which way to go
08:13:13 <oanson> irenab, I think IGMP is a special case, since IGMP packets will control the installed flows.
08:13:44 <oanson> leyal, yes, dhcp is the odd one out. It was written before the metadata-like pattern was invented
08:15:08 <irenab> I am afraid we may end up with many services per compute node, need proper mechanisms to keep them alive and decide if compute is functional
08:15:25 <oanson> I'm willing to put DHCP as a special case too, since it's broadcast based (not unicast) and happens before the network is strictly set up
08:16:01 <oanson> irenab, true. But I'm not sure moving this instability into the DF controller is the correct solution
08:16:27 <oanson> We have systemd. We have service self-notification. We can leverage these to build something
08:16:37 <irenab> oanson, me too. We should see the whole picture. Lets continue discussion over the patch?
08:16:53 <oanson> Yes and no. I want to separate the two things
08:17:02 <oanson> I don't want this to block DNS
08:17:20 <oanson> If we agree that a separate service, regardless of this issue, is the correct way to go, let's run with that.
08:17:32 <oanson> In parallel, let's see how we construct a services framework
08:17:39 <irenab> I still need to review the spec, will vote asap
08:18:01 <oanson> Sure. I just meant that I don't want this issue to block DNS.
08:18:09 <irenab> sure, agreed
08:18:15 <oanson> Are we done for DNS?
08:18:55 <oanson> Upgrades
08:19:04 <oanson> #link Upgrades spec https://review.openstack.org/#/c/500647/14/doc/source/specs/database_migration_and_upgrade.rst
08:19:30 <oanson> This is another voting thing
08:19:30 <dimak> I still owe a comment there
08:19:38 <oanson> First of, lihi, dimak, you both have to vote
08:19:50 <oanson> (So does snapiri, but they're PTO)
08:20:32 <lihi> 👍🏿
08:20:43 <oanson> leyal, you want to take a minute to raise your concerns with two offline migration scripts?
08:21:09 <leyal> well not more that what i wrote in the patch.
08:21:57 <leyal> the main issue is that we use neutron for things like IPAM
08:22:01 <leyal> MAC allocation
08:22:31 <oanson> I agree this shouldn't happen offline
08:22:46 <leyal> segmentation allocation and maybe more - and if upgrade need to create a new port or new network it's can be an issue
08:22:50 <oanson> But is there a scenario for this? In e.g. DHCP, we remove ports, not create ports
08:23:27 <oanson> And if such a scenario exists, how do Neutron solve it?
08:23:41 <leyal> DHCP create new ports per lswitch .
08:24:25 <oanson> The upgrade script can reuse the first port (since now there are ports per subnet). If no such port exists, then there's no dhcp enabled subnet, and we don't need an lswitch dhcp lport
08:24:25 <leyal> if we delete and add the ports to neutron when neutron is alive it's will done all that for us ..'
08:25:15 <leyal> oanson , sure but that a workaround - maybe in future changes it will not fit ..
08:25:45 <oanson> That's why I'm looking for a scenario. I think the benefits of two offline scripts is worth one workaround.
08:25:52 <oanson> But maybe not four
08:27:27 <oanson> I suggest we try and understand how Neutron solves this issue. I'm sure they have. At the moment, I don't think DHCP is blocking the two offline migration scripts solution, and I stand by my preference to that option.
08:27:28 <leyal> oanson , i don't sure that we could predict if this issue will appear in future changes - but i think it defiantly possible ..
08:27:41 <leyal> definitely*
08:27:44 <oanson> True
08:28:37 <oanson> But there will always be a limit to what we can support. Is supporting this worth the trade-off?
08:29:10 <leyal> well, i vote for the online option :)
08:29:42 <dimak> I'll read the comments and vote
08:29:45 <oanson> All right. This looks like an impass :) Let's keep discussion on the spec. I'll look up how Neutron handles this in their upgrades. And we'll take it from there.
08:29:53 <oanson> Worse comes, we'll vote in two weeks time
08:30:07 <oanson> #action oanson look up how Neutron handles IPAM / port creation during upgrade
08:30:27 <oanson> Deployment - OSA - lihi, you're up
08:31:02 <lihi> It is not stable, but I managed to make the deployment work occasionally
08:31:20 <lihi> The main problem with it that each run takes ~4 hours, so it takes time
08:32:27 <oanson> All right
08:32:41 <oanson> RPM packaging -
08:32:49 <oanson> Gimme a sec to find the bug link
08:33:10 <oanson> Working on getting python-jsonmodels into RDO. ( https://bugzilla.redhat.com/show_bug.cgi?id=1525362 )
08:33:10 <openstack> bugzilla.redhat.com bug 1525362 in distribution "Review Request: python-jsonmodels - Models to make easier to deal with structures that are converted to, or read from JSON in python" [Unspecified,Post] - Assigned to lars
08:33:42 <oanson> It's built. I think we just need someone to push it in.
08:33:56 <oanson> But it's Christmas, so we may need to wait a week or two
08:34:56 <oanson> Dirk Mueller also said he'll look into the suse ci failure - I told him it's jsonmodels missing in suse. I doubt he'll volunteer to add it :)
08:35:04 <oanson> But I'm taking it one step at a time
08:35:16 <oanson> Unless there's a rush I should know about?
08:35:46 <irenab> oanson, is it mandatory for OSA?
08:35:53 <oanson> irenab, no
08:36:01 <oanson> OSA take it from pip or from the git repo
08:36:27 <irenab> good, thanks
08:36:52 <oanson> Migration to Dragonflow - As far as I know, there's no progress.
08:37:08 <oanson> Gates
08:37:13 <oanson> Grenade gate - pending on the spec
08:37:24 <irenab> oanson, is there someone who was interested in the migration?
08:37:40 <dimak> Shachar did some work to split gate configurations
08:37:43 <oanson> irenab, I don't recall that of the top of my head
08:38:02 <oanson> dimak, yes
08:38:09 <oanson> #link Split gate configurations https://review.openstack.org/#/c/529515/
08:38:41 <oanson> I want to add to it a small change - creating a common fullstack file too, so the difference between redis and etcd will only be the db services
08:39:00 <dimak> +1
08:39:05 <dimak> I had some comment as well
08:39:13 <dimak> adding -fullstack suffix to those files
08:39:14 <oanson> I hope I'll get to it... tomorrow.
08:39:25 <oanson> dimak, sure. Add it to the review (so I won't forget) and I'll do that too
08:39:41 <dimak> It's there
08:40:20 <oanson> Cool
08:40:42 <oanson> My understanding is that tempest now only fails on BGP
08:40:51 <oanson> I can't check that now since zuul is completely shot
08:41:10 <oanson> But if that's the case, I'll work with the neutron-dynamic-routing guys to see what we can do
08:41:23 <oanson> I understand it's mostly strange docker disappearing acts.
08:41:37 <oanson> Anything else for gates?
08:42:24 <oanson> Troubleshooting - anything for this?
08:42:49 <oanson> #topic bugs
08:43:30 <oanson> I'm still hacking at bug 1720734
08:43:31 <openstack> bug 1720734 in DragonFlow "Floating IP association to LBaaS VIP supported by Octavia does not work" [Critical,In progress] https://launchpad.net/bugs/1720734 - Assigned to Omer Anson (omer-anson)
08:43:45 <oanson> I have high hopes with https://review.openstack.org/#/c/529692/
08:44:09 <dimak> Will review
08:44:30 <oanson> I still have to test it with kuryr-kubernetes. But as I said, I have high hopes ;)
08:44:35 <irenab> oanson, we can verify in my env
08:44:43 <oanson> irenab, sure. Let's do that.
08:44:48 <oanson> Any other bugs to discuss?
08:46:31 <oanson> #topic Open Discussion
08:46:36 <oanson> Hey! We made it!
08:46:38 <oanson> Anything here?
08:47:00 <oanson> lihi, dimak, I recall you mentioned you have something?
08:47:51 <dimak> We're working on the application decoupling spec/code
08:47:55 <dimak> its out there
08:48:06 <dimak> kind-of starting to work
08:48:26 <dimak> https://review.openstack.org/#/q/status:open+project:openstack/dragonflow+branch:master+topic:bug/1738986
08:48:58 <oanson> Cool!
08:49:01 <leyal> dimak , lihi - it's really cool :)
08:49:31 <irenab> I had a question on the spec regarding the impact on the users (devs, operators)
08:49:59 <dimak> Looking
08:50:41 <dimak> Missed your review, will answer on gerrit
08:50:58 <dimak> But I don't think there should be much impact there
08:51:04 <irenab> please address in the spec, I am concerned if it may complicate day to day for the operators
08:51:21 <dimak> We'll still be shipping the datapath "assembled and ready for use"
08:51:34 <irenab> troubleshooting, debugging
08:51:41 <dimak> Will do
08:51:57 <irenab> thanks
08:52:12 <oanson> Anything else for this?
08:52:26 <leyal> yep -  I Uploaded a patch for POC for kubernetes support - it's still not working . but if anyone interested the patch is here https://review.openstack.org/#/c/529971/ . as we don't using neutron it's can give us good view of what neutron done for us -for DF-api
08:53:10 <oanson> leyal, could you also add a tutorial on how to setup a deployment like this (i.e. k8s without openstack)?
08:53:47 <oanson> It might be interesting in case we want to play around and get a better feel for what's missing
08:54:06 <irenab> oanson, better have something like DF without openstack
08:54:25 <oanson> irenab, I meant with DF :)
08:54:57 <leyal> oanson , I will do when it's work , it's also just POC we still have some missing parts in DF
08:55:42 <oanson> leyal, up to you. But it will help us to understand what's going on, and help if we can
08:56:30 <leyal> sure , thanks :)
08:56:48 <oanson> Anything else on this?
08:57:49 <oanson> Anything else for open discussion? We have two minutes left :)
08:58:46 <oanson> Well, thanks everyone for coming!
08:59:13 <oanson> #endmeeting