#openstack-meeting-3 log

13:02:49 <alexpilotti> #startmeeting hyper-v
13:02:50 <openstack> Meeting started Wed Apr 13 13:02:49 2016 UTC and is due to finish in 60 minutes.  The chair is alexpilotti. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:02:52 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:02:55 <openstack> The meeting name has been set to 'hyper_v'
13:04:29 <alexpilotti> howdy folks
13:04:35 <claudiub|2> o/
13:05:06 <alexpilotti> agenda is rather simple here: we worked on Mitaka release during last week, so not much to add
13:05:12 <alexpilotti> we
13:05:25 <alexpilotti> we're having an MSI ready for release this week
13:05:37 <alexpilotti> running tests on every possible supported platform, etc
13:05:38 <sagar_nikam_> Hi All, back again
13:07:00 <alexpilotti> sagar_nikam_: do you have topics you'd like to talk about?
13:07:35 <alexpilotti> in the meantime:
13:07:46 <alexpilotti> #topic Newton Nova patches under review
13:08:10 <sagar_nikam_> alexpilotti: just wanted some info on CI and tempests for HyperV
13:08:22 <sagar_nikam_> we are also planning to run tempest in our environment
13:08:32 <alexpilotti> like for the Mitaka cycle, the Nova team has a priorities etherpad: #link https://etherpad.openstack.org/p/newton-nova-priorities-tracking
13:09:04 <alexpilotti> our first set of patches is there
13:09:24 <alexpilotti> mostly ancient patches rebased for the 1.000.000th time :)
13:10:15 <alexpilotti> so as usual reviews are very welcome
13:11:11 <sagar_nikam_> alexpilotti: cluster and FC patch not ready yet for newton ?
13:11:19 <sagar_nikam_> i dont see it in the list
13:11:49 <alexpilotti> cluster is at the bottom of the list
13:12:17 <alexpilotti> last time we asked if you preferred cluster or FC first
13:12:38 <sagar_nikam_> ok saw it now
13:12:43 <lpetrut> for FC, we have to get the Windows connectors in os-brick first
13:12:49 <sagar_nikam_> cluster is preferred first
13:13:04 <alexpilotti> there are some pacthes above that are waiting since 2-3 releases
13:13:25 <sagar_nikam_> lpetrut: who needs to change in os-brick ?
13:13:33 <alexpilotti> sagar_nikam_: if you guys could review them as well, better, we might stand a chance to get them in faster
13:13:44 <sagar_nikam_> alexpilotti: sure
13:14:57 <alexpilotti> next topic, if there are no questions
13:14:58 <lpetrut> sagar_nikam: not sure I get what you mean, but this is the change that I depend on: https://review.openstack.org/#/c/275943/7
13:15:50 <sagar_nikam_> lpetrut: yes, i meant whether we need to do any change in os-brick
13:15:56 <sagar_nikam_> it looks like not us
13:16:04 <sagar_nikam_> from the patch you gave
13:16:38 <lpetrut> that's the patch that the one adding Windows support (https://review.openstack.org/#/c/272522/15) depends on
13:18:43 <sagar_nikam_> ok got it
13:19:51 <alexpilotti> next
13:20:02 <alexpilotti> #topic Hyper-V CI
13:20:28 <alexpilotti> sagar_nikam_: what info are you looking for in particular?
13:20:42 <sagar_nikam_> alexpilotti: can you share some docs or ppt on how hyperV CI runs
13:20:56 <sagar_nikam_> also how we need to run tempest for hyperv
13:22:03 <alexpilotti> sagar_nikam_: ociuhandu is running the CI team at Cloudbase
13:22:20 <ociuhandu> hi sagar_nikam_
13:23:09 <sagar_nikam_> hi ociuhandu:
13:23:14 <ociuhandu> the CIs we run are based on code available on our repositories: for Nova CI, the code is: https://github.com/cloudbase/nova-ci/
13:24:18 <ociuhandu> the “jobs” folder includes the scripts that are directly called by jenkins, while the devstack and hyper-v folders contain the code executed directly on devstack/hyper-v
13:24:53 <sagar_nikam_> ok
13:24:59 <ociuhandu> the code also ensures that the files are available on the node (i.e. on hyper-v we enforce git clone / pull of the scripts repo)
13:25:21 <sagar_nikam_> how many hyperv hosts are required ?
13:26:03 <ociuhandu> we are working on having a real how-to guide written but it’s just work in progress, not done yet
13:26:09 <ociuhandu> for any test we use 2 nodes
13:26:20 <ociuhandu> since we also tet live migration
13:26:43 <ociuhandu> for other tests one host can be enough
13:27:19 <ociuhandu> also, for live migration, hosts have to be part of a domain and all usual live-migration prerequisites have to be configured
13:27:57 <ociuhandu> the scripts automatically detect if the host is part of a domain or not and start the services using the correct user
13:28:03 <sagar_nikam_> does the tempest tests do live migration tests ?
13:28:16 <ociuhandu> yes, there are tempest live migration tests
13:28:23 <sagar_nikam_> ok
13:28:42 <sagar_nikam_> suppose i dont get 2 hosts for tests, can i ignore the live migration tests ?
13:29:11 <ociuhandu> yes, sure
13:29:43 <sagar_nikam_> ok
13:30:09 <sagar_nikam_> can you share the doc you are preparing on "how to", in current shape, we can review it
13:30:14 <ociuhandu> see https://github.com/cloudbase/nova-ci/blob/cambridge/devstack_vm/devstack/local.sh#L40
13:30:15 <sagar_nikam_> and provide any feedback
13:30:19 <sagar_nikam_> as well as use it
13:30:38 <ociuhandu> I’ll sync with the team and get back to you on that, sure
13:31:00 <sagar_nikam_> sure thanks
13:31:36 <sagar_nikam_> how much time does it take to run all tempest tests ?
13:31:46 <sagar_nikam_> for hyperv ?
13:32:28 <ociuhandu> the total execution time is around 40 minutes, it also depends on the hardware specs
13:32:37 <sagar_nikam_> ok
13:33:06 <sagar_nikam_> i would like to first run it in my dev environment, before i push it to my CI
13:33:18 <sagar_nikam_> how can i do that ?
13:33:44 <sagar_nikam_> controller + hyperv is fine, and from controller i can run tempests ?
13:34:00 <ociuhandu> yes
13:34:22 <ociuhandu> that’s what we do, we use devstack as controller and add 2 hyper-v nodes as compute
13:34:36 <ociuhandu> and we run the tests from the devstack node
13:34:46 <sagar_nikam_> ok col
13:34:48 <sagar_nikam_> cool
13:35:11 <sagar_nikam_> i hope your "how to" guide will have instructions on this as well
13:35:22 <sagar_nikam_> running tempest from devstack
13:36:45 <ociuhandu> if you go through the jobs section of the github folder, you can find all init, test, log-collection components there: https://github.com/cloudbase/nova-ci/blob/cambridge/jobs/run_tests.sh is running the tests
13:37:52 <sagar_nikam_> ok sure
13:38:08 <sagar_nikam_> i will try running it in my dev box first
13:38:09 <sagar_nikam_> soon
13:38:59 <ociuhandu> great, you also have my skype id, let me know how it goes and if you have issues
13:39:32 <sagar_nikam_> sure thanks
13:41:13 <alexpilotti> thanks ociuhandu!
13:41:21 <sagar_nikam_> alexpilotti: we can move to next topic
13:41:23 <ociuhandu> anytime
13:41:45 <alexpilotti> #topic OVS SSL/TLS
13:42:03 <alexpilotti> one are athat we are investigating is the SSL/ TLS support in the Neutron OVS agent
13:42:32 <alexpilotti> the main issue is a security concern related to the fact that OVSDB doesnt have per se an authentication scheme
13:42:38 <sagar_nikam_> alexpilotti: you mean if rabbitmq or db is SSL enabled ?
13:42:46 <alexpilotti> on Linux this is solved by using Unix sockets
13:42:57 <alexpilotti> sagar_nikam_: no, just OVSDB
13:43:05 <sagar_nikam_> ok
13:43:10 <alexpilotti> but on Windows, we use TCP/IP
13:43:27 <alexpilotti> OVS supports SSL/TLS with client side authentication
13:43:30 <sagar_nikam_> even rabbit and db SSL/TLS needs to be handled... if i am right
13:44:42 <alexpilotti> sagar_nikam_: rabbit does authentication by itslef
13:45:06 <alexpilotti> you an add SSL/TLS to include transport level encryption
13:45:16 <alexpilotti> but you dont need client side certificates
13:45:44 <alexpilotti> on OVSDB, if you dont use client side certs, EVERYBODY can issues ovsdb commands
13:45:47 <sagar_nikam_> i mean if the messages on nova-conductor (for example) are TLS/SSL enabled, we may need to handle from nova compute
13:45:59 <sagar_nikam_> i am still checking and will get back
13:46:30 <alexpilotti> this has nothing to do with this issue, I mean, even in plain text, if you dont know rabbit's username / password, you dont connect
13:46:46 <alexpilotti> on ovsdb, there's no username / password
13:47:03 <sagar_nikam_> ok
13:47:07 <alexpilotti> also, you are possibly confusing server side X509 certificates with client side
13:47:42 <alexpilotti> the Neutron OVS agent doesnt have ATM a way to pass X509 certificate options
13:47:49 <alexpilotti> so, they need to be added
13:47:58 <alexpilotti> we'll do that ASAP in Newton
13:49:09 <alexpilotti> for the record, the server side looks like this:
13:49:16 <alexpilotti> ovsdb-server.exe --remote=pssl:8888:0.0.0.0 --private-key=c:\openvswitch\var\lib\openvswitch\pki\controllerca\private\cakey.pem --certificate=c:\openvswitch\var\lib\openvswitch\pki\controllerca\cacert.pem --ca-cert=c:\openvswitch\var\lib\openvswitch\pki\controllerca\cacert.pem conf.db
13:49:22 <alexpilotti> and the client commands:
13:49:41 <alexpilotti> ovs-vsctl.exe --db=ssl:127.0.0.1:8888 --private-key=test-privkey.pem --certificate=test-cert.pem --ca-cert=cacert.pem show
13:50:18 <alexpilotti> ok, so wanted to make sure that this was on everybody's radar, we'll most probably add this in the MSI installer as well for 2.5
13:50:41 <alexpilotti> that was my last topic for today :)
13:50:47 <alexpilotti> #topic open discussion
13:51:00 <alexpilotti> anything to add in the last 10'?
13:51:16 <sagar_nikam_> alexpilotti: i have mailed you and introduced you to Monasca PTL and Freezer core reviewer
13:51:29 <alexpilotti> Otherwise, the espresso machine is invoking me!
13:51:31 <sagar_nikam_> we discussed about it in last week IRC
13:51:41 <sagar_nikam_> i hope you saw the mails
13:51:43 <alexpilotti> yes thanks!
13:51:55 <alexpilotti> going to reply and set up a meeting ASAP
13:52:06 <sagar_nikam_> since i am not at the summit, can you try to meet them
13:52:12 <sagar_nikam_> whenever possible
13:53:00 <sagar_nikam_> from my chats with Monasca PTL, there was some support for windows, which is broken today
13:53:19 <sagar_nikam_> and for freezer, there is already some support, dont know how much
13:53:40 <alexpilotti> for freezer there are the new RCT API which are worth being used
13:53:59 <sagar_nikam_> ok
13:54:15 <sagar_nikam_> monasca is used a lot in production for linux
13:54:19 <sagar_nikam_> i mean KVM
13:54:26 <alexpilotti> cool
13:54:33 <sagar_nikam_> hopefully we will have hyperv support soon
13:55:38 <sagar_nikam_> also sonu: sent a mail today to you. one of his team mate is coming to summit and he will attend your sessions
13:55:43 <alexpilotti> we are also very interested, as we're not satisfied with Nagios or other options
13:55:56 <alexpilotti> that's great
13:56:19 <sagar_nikam_> alexpilotti agree, that's the reason we would like hyperv support for monasca
13:57:07 <sagar_nikam_> alexpilotti: let me know if you need me to connect you to anybody from HPE
13:57:11 <sagar_nikam_> in summit
13:57:15 <sagar_nikam_> i can do that
13:57:32 <alexpilotti> do you have people on Designate as well?
13:57:37 <sagar_nikam_> can send a mail and request meetings
13:57:46 <alexpilotti> we need to add Windows DNS support there as well
13:57:50 <sagar_nikam_> i think yes, let me check and get back
13:58:00 <alexpilotti> ok thanks!
13:58:07 <sagar_nikam_> alexpilotti: cool... that's nice
13:58:18 <alexpilotti> we have 2' left, anything else you'd like to add?
13:58:47 <sagar_nikam_> no nothing from me, do we have IRC meetings during summit time, i guess no
13:59:00 <sagar_nikam_> just wanted a confirmation from you
13:59:29 <alexpilotti> correct, no IRC during summit unfortunately
13:59:36 <sagar_nikam_> got it
13:59:51 <alexpilotti> thanks y'all see you next week!
13:59:54 <sagar_nikam_> i hope you and your team have a nice summit sessions and meetings
14:00:16 <alexpilotti> hopefully we'll meet at one of the next ones!
14:00:19 <alexpilotti> #endmeeting