#openstack-meeting-3 log

13:02:22 <alexpilotti> #startmeeting hyper-v
13:02:24 <openstack> Meeting started Wed Mar 16 13:02:22 2016 UTC and is due to finish in 60 minutes.  The chair is alexpilotti. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:02:25 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:02:27 <atuvenie> hy all
13:02:28 <openstack> The meeting name has been set to 'hyper_v'
13:02:31 <abalutoiu> o/
13:02:34 <alexpilotti> hello folks
13:02:37 <sagar_nikam_> hi
13:02:46 <sonu> hi
13:03:03 <itoader> hi
13:03:10 <alexpilotti> let's start with the first item on the agenda
13:03:19 <alexpilotti> #topic Hyper-V cluster
13:03:44 <alexpilotti> atuvenie: would you like to give us a status update?
13:04:07 <alexpilotti> also if you could please add a link to the patches for review
13:04:10 <atuvenie> yeah. Well, the patch in os-win has 2 +2 and workflow, it's waiting patiently in the gate
13:04:26 <domi_> hi all!
13:04:29 <atuvenie> https://review.openstack.org/#/c/276190/
13:04:36 <atuvenie> this is for os-win
13:05:11 <atuvenie> and this is the patch on compute #link https://review.openstack.org/#/c/281115/
13:06:12 <alexpilotti> cool tx
13:06:26 <lpetrut> Hi guys
13:06:37 <atuvenie> the gate unfortunately is clogged atm and it's taking some time for things to merge
13:06:45 <alexpilotti> in short this is pretty close to be merged in compute-hyperv
13:06:56 <sagar_nikam_> nice
13:07:14 <sagar_nikam_> i hope we can get it merged in Newton upstream
13:08:10 <domi_> i'd like to mention in this rdp console bug, has anyone seen this?  http://paste.openstack.org/show/e1bCNzN2s6QUJvU5jZvb/
13:08:20 <alexpilotti> sagar_nikam_: we'll push the patches as usual, we'll resubmit the BPs as soon as window opens, etc
13:08:38 <sagar_nikam_> alexpilotti: thanks
13:08:54 <alexpilotti> domi got disconnected
13:09:19 <alexpilotti> rather interesting trace indeed
13:09:27 <alexpilotti> claudiub: ^
13:10:18 <claudiub> weird
13:10:24 <claudiub> seems like a wmi object got out
13:12:27 <alexpilotti> question is, how?
13:14:04 <claudiub> RDP console: 10.1.5.24:2179, <wmi._Method object at 0x05589BF0>
13:14:13 <claudiub> that wmi_Method is supported to be the vm_id
13:14:25 <lpetrut> if an attribute is not found, it is treated as a method by PyMI
13:14:56 <claudiub> executing that in my local env yields a proper vm_id
13:16:06 <alexpilotti> you sure it couldnt be the console port? https://github.com/openstack/compute-hyperv/blob/stable/liberty/hyperv/nova/rdpconsoleutilsv2.py#L31
13:16:58 <alexpilotti> lpetrut: we could always match it agains the class method tables, but that'd be an expensive lookup
13:17:21 <domi__> thanks for looking into this
13:17:34 <alexpilotti> domi__: thanks for reporting it
13:17:47 <claudiub> alexpilotti: the debug message matches this as a format: https://github.com/openstack/compute-hyperv/blob/stable/liberty/hyperv/nova/rdpconsoleops.py#L37
13:17:57 <claudiub> so, the port is 2179
13:18:06 <alexpilotti> domi__: as a general rule, we need to put it on the agenda, during the meeting
13:18:53 <domi__> that was my original intention, but I needed to switch to my phone's irc client which sucks :(
13:19:00 <alexpilotti> best thing would be if you could send an email in advance, but even during the meeting we can just schedule it as a topic
13:19:16 <alexpilotti> it this case I was waiting for you to reconnect, so we started looking at it
13:19:56 <alexpilotti> anyway, worth taking it offline and looking into it
13:20:17 <domi__> okay, thanks for describing the process, in the future we will email you an hour before the meeting latest with any agenda items we might have
13:20:52 <sagar_nikam_> alexpilotti: i have some questions for domi_ on freerdp, if you are fine, can ask it
13:21:28 <alexpilotti> sagar_nikam_: sure, I'm currently looking at some links for the next topic (Rally tests), so please go ahead
13:21:57 <domi__> hit me :)
13:22:07 <sagar_nikam_> domi_: where is freerdp running ? on hyperv host where nova-compute is running or on some other host ?
13:22:50 <domi__> the same host currently
13:23:09 <sagar_nikam_> ok.. and what are the networks on the hyperv host ?
13:24:06 <domi__> well it has a mgmt network, storage network (iscsi) multipath and an smb network interface if I remember correctly
13:24:37 <sagar_nikam_> ok
13:24:38 <domi__> currently freerdp goes through the mgmt network
13:24:55 <sagar_nikam_> and on which network is horizon access done ?
13:25:51 <domi__> on the mgmt network, although there is a haproxy first to balance between 2 horizon instances
13:26:16 <sagar_nikam_> ok
13:26:29 <sagar_nikam_> so tenant users access horizon on mgmt-network
13:26:38 <sagar_nikam_> and since the hyperv host has the mgmt network
13:26:46 <sagar_nikam_> freerdp works fine
13:26:48 <domi__> but it is possible that there is routing involved inbetween
13:27:34 <sagar_nikam_> routing is required ? since horizon access is done on mgmt network
13:28:06 <domi__> that's what was changed recently if I'm correct, I need to ask my colleague
13:28:23 <sagar_nikam_> sure, lets discuss this offline
13:28:31 <sagar_nikam_> or in the next meeting
13:28:51 <sagar_nikam_> you can let me know more details
13:29:41 <sagar_nikam_> alexpilloti: we can move to next topic
13:29:50 <alexpilotti> cool thanks
13:30:02 <domi__> ok thanks
13:30:05 <alexpilotti> #topic Mitaka Rally tests
13:30:38 <alexpilotti> So we just finished running a new batch of Rally tests on Mitaka, to see how we compare to LIberty
13:30:49 <alexpilotti> results are rather impressive, so far:
13:31:00 <alexpilotti> #link https://dl.dropboxusercontent.com/u/9060190/KVM_vs_PyMI_Mitaka.html
13:31:25 <alexpilotti> This is the spawn / destroy test
13:32:14 <sagar_nikam_> almost same as kvm... nice
13:32:19 <alexpilotti> Liberty ones, for comparison: #https://dl.dropboxusercontent.com/u/9060190/PyMI_KVM_ESXi_Liberty.html
13:32:46 <domi__> good news!
13:33:00 <sonu> would like to see similar results with Neutron
13:33:41 <alexpilotti> sonu: we're running now a run with ssh guest access
13:33:41 <domi__> sonu: in our tests neutron is fast but applying the security groups that takes a lot of time
13:33:54 <alexpilotti> and next a run with Hadoop workloads
13:34:02 <sonu> great.
13:34:23 <alexpilotti> this is very early results of course
13:34:31 <claudiub> domi__: the neutron-hyperv-agent is a lot faster in mitaka, btw. :)
13:34:50 <sagar_nikam_> alexpilotti: sonu : the patches which were merged for security groups.. does it not fix the issue ?
13:34:51 <alexpilotti> abalutoiu: sent them while we already started the meeting, so fresh :)
13:34:56 <domi__> glad to hear that :) although in the end we'd prefer ovs with vxlans :)
13:35:18 <sonu> domi__: security rules had always been hard to handle in hyper-v. But with many perf improvement patches from Claudiu and Me had yielded better results.
13:35:37 <domi__> that's excellent, thank you guys!
13:35:45 <sonu> wow. OVS is also my pick for HyperV
13:35:47 <alexpilotti> sagar_nikam_ sonu: yes those networking-hyperv patches have a big role in the performance improvements
13:36:26 <alexpilotti> so, we'll get more updates for the next meeting
13:36:28 <sagar_nikam_> alexpilotti: so why is SG not performing as well ... you mentioned it earlier... am i missing something ?
13:36:48 <sonu> alexpilotti:  Is there any chance we can get them back-ported to Liberty. We have few customers planning to using them with Liberty.
13:37:14 <domi__> +1 on that
13:37:21 <sonu> Just asking out of curiosity, since many are on Liberty/stable
13:37:40 <alexpilotti> sonu, we might most probably do that after release, but just remember that BPs cannot be backported upstream
13:37:56 <sonu> the native thread patch, and enhanced RPC patch
13:38:05 <sonu> sure. I understand that process.
13:38:38 <alexpilotti> we're focused now on getting Mitaka released, as soon as that is done we'll focus on backports
13:39:32 <alexpilotti> we still have lots of users and customers on Kilo or Liberty, so we try to backport as much as we can
13:39:37 <sonu> thanks. I feel relaxed :)
13:40:19 <alexpilotti> next topic!
13:40:31 <alexpilotti> #topic OVN
13:42:09 <alexpilotti> OVN, is the OVS' team attempt to have a controller that fixes some of the issues that Neutron has, especially when involving the OVS agent
13:42:48 <sonu> it was introduced in vancouver summit if I remember.
13:42:57 <alexpilotti> it reached a maturity status that allows us to evaluate it as a viable strategy for OVS networking (VXLAN, GRE, etc)
13:43:26 <alexpilotti> one of the advantages is that it's agentless, so no need to bother with the OVS agent on the hyper-v nodes :)
13:43:59 <alexpilotti> flos and configurations are applied via ovs-db over TCP
13:44:03 <alexpilotti> *flows
13:44:14 <domi__> sounds interesting, how would the flow look like with ovn? neutron-node talks to ovn or ovn plugs in directly to openstack?
13:44:17 <sonu> on windows 2016 I believe
13:45:00 <alexpilotti> OVS needs to run on the Hyper-V nodes, so Windows Server 2012+
13:45:41 <alexpilotti> 2016 has some ovsdb support, but it's more like a translation mapping to the new controller that comes with 2016
13:45:51 <sonu> but for that we must have conntrack on OVS for use in hyperv
13:46:12 <sonu> since security group rules will get into OVSDB
13:46:26 <alexpilotti> the general architecture is: Neutron -> OVN plugin -> ovsdb -> ovs-vswitchd on hyper-v nodes
13:46:49 <domi__> alexpilotti: thanks I understand now
13:47:01 <alexpilotti> sonu: for that, conntrack support is currently under development in OVS
13:47:32 <domi__> and then it will be ported by you for windows?
13:47:33 <alexpilotti> so with OVS 2.6, we should be able to say goodbye to the Hyper-V WMI ACL :)
13:47:43 <sonu> target is OVS 2.6 I would say.
13:47:46 <sonu> yeah
13:47:50 <alexpilotti> I mean, conntrack on hyper-V is planned for 2.6
13:48:05 <domi__> okay
13:48:10 <alexpilotti> on linux it's already supported
13:48:27 <domi__> oh I see :)
13:48:55 <alexpilotti> so reason to bring this up now is to show the direction that we are investigating
13:48:59 <sonu> And OVS firewall has made it to M3
13:49:38 <alexpilotti> we'll do more tests with OVN soon, and give you some updates
13:50:02 <alexpilotti> on a sligtly related topic, we are releasing OVS 2.5 for hyper-v this month / early next month
13:50:10 <domi__> can't wait to see this in action
13:50:25 <alexpilotti> any questions?
13:50:31 <sonu> releasing OVS2.5, I did not get it.
13:50:33 <domi__> is there an updated documentation as well?
13:50:42 <sonu> certification you meant?
13:51:28 <domi__> because we still couldn't figure out some stuff...like is the interface in ovs called ehternet1 or the full name etc.
13:51:32 <alexpilotti> we dont have a signed OVS 2.5 out yet
13:51:42 <alexpilotti> it just got released last month upstream
13:51:51 <alexpilotti> so wer'e currently packaging etc
13:52:02 <alexpilotti> documentation will also be updated
13:52:08 <domi__> thanks
13:52:09 <sonu> so we can use it with WMI firewall driver.
13:52:20 <sonu> or is it we use it w/o security groups
13:52:40 <alexpilotti> at the moment we dont have any choice: OVS for SDN and WMI ACL for SGs
13:53:06 <sonu> I did succeed in using WMI firewall driver with OVS implementation
13:53:12 <domi__> so the ovs agent handles currently sg using wmi?
13:53:20 <sonu> for VXLAN use case.
13:53:26 <alexpilotti> domi__: nop, we use both agents
13:53:27 <domi__> sonu: nice :) we failed on that road
13:53:37 <alexpilotti> sonu: glad to hear that!
13:53:59 <alexpilotti> we will surely provide better guidance on how to proceed on that
13:54:11 <domi__> great thanks
13:54:41 <alexpilotti> that was my last topic for today
13:54:49 <alexpilotti> #topic open discussion
13:54:57 <alexpilotti> 6' to go
13:55:00 <sagar_nikam_> alexpilotti: one topic from me
13:55:03 <sagar_nikam_> certs
13:55:04 <alexpilotti> sure
13:55:20 <alexpilotti> anything in particular?
13:55:27 <sagar_nikam_> http://paste.openstack.org/show/490711/
13:55:48 <alexpilotti> ok
13:56:03 <sagar_nikam_> the cert is the same from controller
13:56:06 <sagar_nikam_> no changes
13:56:11 <sagar_nikam_> just copied to desktop
13:56:17 <sagar_nikam_> and add these entries in nova.conf
13:56:19 <domi__> alexpilotti: sidenote - could you provide email addresses for sagar and sonu, so I can ask them about freerdp and ovs? then they don't need to post their addresses here publicly
13:56:29 <sagar_nikam_> it should all work correctly ?
13:56:58 <alexpilotti> does it work with verify = False?
13:57:23 <sagar_nikam_> not tried that
13:57:39 <sagar_nikam_> what entry in nova.conf for verify false ?
13:57:52 <sagar_nikam_> can check it and see if that also works
13:58:01 <alexpilotti> should still be cafile = False, need to check that
13:58:16 <alexpilotti> let me add ibalutoiu
13:58:22 <alexpilotti> he recently did exactly that
13:58:55 <sagar_nikam_> if both work Ie. false and actual cafile
13:59:04 <sagar_nikam_> then it is fine ?
13:59:28 <alexpilotti> we need to end the meeting unfortunately
13:59:28 <sagar_nikam_> we are almost done with the time
13:59:38 <alexpilotti> I'm starting n email thread
13:59:44 <sagar_nikam_> sure thanks
13:59:48 <sagar_nikam_> it helps
13:59:55 <alexpilotti> thank you all for joining!
13:59:59 <alexpilotti> #endmeeting