13:02:22 #startmeeting hyper-v 13:02:24 Meeting started Wed Mar 16 13:02:22 2016 UTC and is due to finish in 60 minutes. The chair is alexpilotti. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:02:25 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:02:27 hy all 13:02:28 The meeting name has been set to 'hyper_v' 13:02:31 o/ 13:02:34 hello folks 13:02:37 hi 13:02:46 hi 13:03:03 hi 13:03:10 let's start with the first item on the agenda 13:03:19 #topic Hyper-V cluster 13:03:44 atuvenie: would you like to give us a status update? 13:04:07 also if you could please add a link to the patches for review 13:04:10 yeah. Well, the patch in os-win has 2 +2 and workflow, it's waiting patiently in the gate 13:04:26 hi all! 13:04:29 https://review.openstack.org/#/c/276190/ 13:04:36 this is for os-win 13:05:11 and this is the patch on compute #link https://review.openstack.org/#/c/281115/ 13:06:12 cool tx 13:06:26 Hi guys 13:06:37 the gate unfortunately is clogged atm and it's taking some time for things to merge 13:06:45 in short this is pretty close to be merged in compute-hyperv 13:06:56 nice 13:07:14 i hope we can get it merged in Newton upstream 13:08:10 i'd like to mention in this rdp console bug, has anyone seen this? http://paste.openstack.org/show/e1bCNzN2s6QUJvU5jZvb/ 13:08:20 sagar_nikam_: we'll push the patches as usual, we'll resubmit the BPs as soon as window opens, etc 13:08:38 alexpilotti: thanks 13:08:54 domi got disconnected 13:09:19 rather interesting trace indeed 13:09:27 claudiub: ^ 13:10:18 weird 13:10:24 seems like a wmi object got out 13:12:27 question is, how? 13:14:04 RDP console: 10.1.5.24:2179, 13:14:13 that wmi_Method is supported to be the vm_id 13:14:25 if an attribute is not found, it is treated as a method by PyMI 13:14:56 executing that in my local env yields a proper vm_id 13:16:06 you sure it couldnt be the console port? https://github.com/openstack/compute-hyperv/blob/stable/liberty/hyperv/nova/rdpconsoleutilsv2.py#L31 13:16:58 lpetrut: we could always match it agains the class method tables, but that'd be an expensive lookup 13:17:21 thanks for looking into this 13:17:34 domi__: thanks for reporting it 13:17:47 alexpilotti: the debug message matches this as a format: https://github.com/openstack/compute-hyperv/blob/stable/liberty/hyperv/nova/rdpconsoleops.py#L37 13:17:57 so, the port is 2179 13:18:06 domi__: as a general rule, we need to put it on the agenda, during the meeting 13:18:53 that was my original intention, but I needed to switch to my phone's irc client which sucks :( 13:19:00 best thing would be if you could send an email in advance, but even during the meeting we can just schedule it as a topic 13:19:16 it this case I was waiting for you to reconnect, so we started looking at it 13:19:56 anyway, worth taking it offline and looking into it 13:20:17 okay, thanks for describing the process, in the future we will email you an hour before the meeting latest with any agenda items we might have 13:20:52 alexpilotti: i have some questions for domi_ on freerdp, if you are fine, can ask it 13:21:28 sagar_nikam_: sure, I'm currently looking at some links for the next topic (Rally tests), so please go ahead 13:21:57 hit me :) 13:22:07 domi_: where is freerdp running ? on hyperv host where nova-compute is running or on some other host ? 13:22:50 the same host currently 13:23:09 ok.. and what are the networks on the hyperv host ? 13:24:06 well it has a mgmt network, storage network (iscsi) multipath and an smb network interface if I remember correctly 13:24:37 ok 13:24:38 currently freerdp goes through the mgmt network 13:24:55 and on which network is horizon access done ? 13:25:51 on the mgmt network, although there is a haproxy first to balance between 2 horizon instances 13:26:16 ok 13:26:29 so tenant users access horizon on mgmt-network 13:26:38 and since the hyperv host has the mgmt network 13:26:46 freerdp works fine 13:26:48 but it is possible that there is routing involved inbetween 13:27:34 routing is required ? since horizon access is done on mgmt network 13:28:06 that's what was changed recently if I'm correct, I need to ask my colleague 13:28:23 sure, lets discuss this offline 13:28:31 or in the next meeting 13:28:51 you can let me know more details 13:29:41 alexpilloti: we can move to next topic 13:29:50 cool thanks 13:30:02 ok thanks 13:30:05 #topic Mitaka Rally tests 13:30:38 So we just finished running a new batch of Rally tests on Mitaka, to see how we compare to LIberty 13:30:49 results are rather impressive, so far: 13:31:00 #link https://dl.dropboxusercontent.com/u/9060190/KVM_vs_PyMI_Mitaka.html 13:31:25 This is the spawn / destroy test 13:32:14 almost same as kvm... nice 13:32:19 Liberty ones, for comparison: #https://dl.dropboxusercontent.com/u/9060190/PyMI_KVM_ESXi_Liberty.html 13:32:46 good news! 13:33:00 would like to see similar results with Neutron 13:33:41 sonu: we're running now a run with ssh guest access 13:33:41 sonu: in our tests neutron is fast but applying the security groups that takes a lot of time 13:33:54 and next a run with Hadoop workloads 13:34:02 great. 13:34:23 this is very early results of course 13:34:31 domi__: the neutron-hyperv-agent is a lot faster in mitaka, btw. :) 13:34:50 alexpilotti: sonu : the patches which were merged for security groups.. does it not fix the issue ? 13:34:51 abalutoiu: sent them while we already started the meeting, so fresh :) 13:34:56 glad to hear that :) although in the end we'd prefer ovs with vxlans :) 13:35:18 domi__: security rules had always been hard to handle in hyper-v. But with many perf improvement patches from Claudiu and Me had yielded better results. 13:35:37 that's excellent, thank you guys! 13:35:45 wow. OVS is also my pick for HyperV 13:35:47 sagar_nikam_ sonu: yes those networking-hyperv patches have a big role in the performance improvements 13:36:26 so, we'll get more updates for the next meeting 13:36:28 alexpilotti: so why is SG not performing as well ... you mentioned it earlier... am i missing something ? 13:36:48 alexpilotti: Is there any chance we can get them back-ported to Liberty. We have few customers planning to using them with Liberty. 13:37:14 +1 on that 13:37:21 Just asking out of curiosity, since many are on Liberty/stable 13:37:40 sonu, we might most probably do that after release, but just remember that BPs cannot be backported upstream 13:37:56 the native thread patch, and enhanced RPC patch 13:38:05 sure. I understand that process. 13:38:38 we're focused now on getting Mitaka released, as soon as that is done we'll focus on backports 13:39:32 we still have lots of users and customers on Kilo or Liberty, so we try to backport as much as we can 13:39:37 thanks. I feel relaxed :) 13:40:19 next topic! 13:40:31 #topic OVN 13:42:09 OVN, is the OVS' team attempt to have a controller that fixes some of the issues that Neutron has, especially when involving the OVS agent 13:42:48 it was introduced in vancouver summit if I remember. 13:42:57 it reached a maturity status that allows us to evaluate it as a viable strategy for OVS networking (VXLAN, GRE, etc) 13:43:26 one of the advantages is that it's agentless, so no need to bother with the OVS agent on the hyper-v nodes :) 13:43:59 flos and configurations are applied via ovs-db over TCP 13:44:03 *flows 13:44:14 sounds interesting, how would the flow look like with ovn? neutron-node talks to ovn or ovn plugs in directly to openstack? 13:44:17 on windows 2016 I believe 13:45:00 OVS needs to run on the Hyper-V nodes, so Windows Server 2012+ 13:45:41 2016 has some ovsdb support, but it's more like a translation mapping to the new controller that comes with 2016 13:45:51 but for that we must have conntrack on OVS for use in hyperv 13:46:12 since security group rules will get into OVSDB 13:46:26 the general architecture is: Neutron -> OVN plugin -> ovsdb -> ovs-vswitchd on hyper-v nodes 13:46:49 alexpilotti: thanks I understand now 13:47:01 sonu: for that, conntrack support is currently under development in OVS 13:47:32 and then it will be ported by you for windows? 13:47:33 so with OVS 2.6, we should be able to say goodbye to the Hyper-V WMI ACL :) 13:47:43 target is OVS 2.6 I would say. 13:47:46 yeah 13:47:50 I mean, conntrack on hyper-V is planned for 2.6 13:48:05 okay 13:48:10 on linux it's already supported 13:48:27 oh I see :) 13:48:55 so reason to bring this up now is to show the direction that we are investigating 13:48:59 And OVS firewall has made it to M3 13:49:38 we'll do more tests with OVN soon, and give you some updates 13:50:02 on a sligtly related topic, we are releasing OVS 2.5 for hyper-v this month / early next month 13:50:10 can't wait to see this in action 13:50:25 any questions? 13:50:31 releasing OVS2.5, I did not get it. 13:50:33 is there an updated documentation as well? 13:50:42 certification you meant? 13:51:28 because we still couldn't figure out some stuff...like is the interface in ovs called ehternet1 or the full name etc. 13:51:32 we dont have a signed OVS 2.5 out yet 13:51:42 it just got released last month upstream 13:51:51 so wer'e currently packaging etc 13:52:02 documentation will also be updated 13:52:08 thanks 13:52:09 so we can use it with WMI firewall driver. 13:52:20 or is it we use it w/o security groups 13:52:40 at the moment we dont have any choice: OVS for SDN and WMI ACL for SGs 13:53:06 I did succeed in using WMI firewall driver with OVS implementation 13:53:12 so the ovs agent handles currently sg using wmi? 13:53:20 for VXLAN use case. 13:53:26 domi__: nop, we use both agents 13:53:27 sonu: nice :) we failed on that road 13:53:37 sonu: glad to hear that! 13:53:59 we will surely provide better guidance on how to proceed on that 13:54:11 great thanks 13:54:41 that was my last topic for today 13:54:49 #topic open discussion 13:54:57 6' to go 13:55:00 alexpilotti: one topic from me 13:55:03 certs 13:55:04 sure 13:55:20 anything in particular? 13:55:27 http://paste.openstack.org/show/490711/ 13:55:48 ok 13:56:03 the cert is the same from controller 13:56:06 no changes 13:56:11 just copied to desktop 13:56:17 and add these entries in nova.conf 13:56:19 alexpilotti: sidenote - could you provide email addresses for sagar and sonu, so I can ask them about freerdp and ovs? then they don't need to post their addresses here publicly 13:56:29 it should all work correctly ? 13:56:58 does it work with verify = False? 13:57:23 not tried that 13:57:39 what entry in nova.conf for verify false ? 13:57:52 can check it and see if that also works 13:58:01 should still be cafile = False, need to check that 13:58:16 let me add ibalutoiu 13:58:22 he recently did exactly that 13:58:55 if both work Ie. false and actual cafile 13:59:04 then it is fine ? 13:59:28 we need to end the meeting unfortunately 13:59:28 we are almost done with the time 13:59:38 I'm starting n email thread 13:59:44 sure thanks 13:59:48 it helps 13:59:55 thank you all for joining! 13:59:59 #endmeeting