13:02:02 <irenab> #startmeeting pci_passthrough 13:02:03 <openstack> Meeting started Tue Jul 8 13:02:02 2014 UTC and is due to finish in 60 minutes. The chair is irenab. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:02:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:02:06 <openstack> The meeting name has been set to 'pci_passthrough' 13:02:39 <irenab> hi all 13:02:43 <rpothier> hi 13:02:59 <sadasu> hi 13:03:29 <sadasu> I think baoli would not be able to attend today 13:03:45 <irenab> Is there anything specific someone wants to discuss? 13:04:24 <irenab> sadasu: good progress on the spec 13:04:50 <sadasu> irenab: thanks! more minor comments trickling in... 13:05:08 <irenab> I have a question regarding nova side patches 13:05:18 <heyongli> intel nic.no interface to control per vf up down from host 13:05:31 <sadasu> while we are waiting, I wanted to discuss security groups in the Sr-IOV case 13:05:52 <irenab> heyongli: thanks, will keep in mind 13:05:57 <sadasu> irenab: go ahead...we'll take up my question next 13:06:38 <sadasu> heyongli: thanks...good to know 13:06:48 <irenab> we now use baoli POC to make a progress with neutron part 13:07:10 <irenab> is all nova patches are out for review to take them instead? 13:07:35 <irenab> POC is old and need to rebase 13:07:58 <irenab> sadasu: how do you integrate with nova for now? 13:08:46 <sadasu> I just started to use the patches posted for review 13:09:29 <sadasu> integrated with my changes yesterday...haven't tested yet 13:09:48 <irenab> sadasu: there are 2 patches as far as I know, one from rpothier and one from baoli. Is it all that needed? 13:09:53 <heyongli> sadasu what is the topic of.the patch set ? 13:10:33 <sadasu> rpothier or I would be able to give you the complete patches 13:10:41 <rpothier> no, the patches are not complete 13:11:15 <heyongli> how about the.progress? 13:11:28 <irenab> heyongli: #link https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:master+topic:bp/pci-passthrough-sriov,n,z 13:11:55 <irenab> rpothier: so there is no complete support out there for nova Sr-IOV part, right? 13:12:10 <rpothier> right, 13:12:11 <heyongli> thanks i kown this sets 13:12:39 <sadasu> heyongli: talking about the existing patches & if they are complete for neutron testing 13:13:15 <irenab> sadasu: please let me know if you will be able to use new patches for work or need minor additions 13:13:36 <irenab> rporthier: what is still missing? VIF Driver? 13:13:36 <sadasu> irenab: do you want us to pass along the complete set of patches so u can proceed? 13:13:52 <irenab> sadsu: yes, it will be great 13:14:28 <heyongli> i also want a copy 13:14:45 <irenab> sadasu: working with POC complicates a lot, also need for CI 13:15:16 <sadasu> irenab: exactly, thats why I grabbed these patches but haven't used them a lot 13:16:45 <irenab> sadasu: what ever waork for you, will be glad to get 13:17:27 <sadasu> irenab: ok 13:17:53 <sadasu> irenab: is your question answered? 13:18:46 <irenab> sadasu: yes :-). Once get all nova patches will be OK 13:18:59 <irenab> sadsu: what is your question? 13:19:52 <sadasu> how does your ML2 driver support security groups? 13:20:56 <irenab> sadasu: no 13:21:23 <irenab> sadsu: it declairs that it does not support and runs with Noop Driver on agent side 13:21:45 <sadasu> this seems to be a big sticking point in my BP spec review 13:22:51 <irenab> I saw the comment. I think it is expected to be mentionedin the spec that it does not support, and not fail for API calls 13:23:30 <sadasu> it is mentioned in the spec that sec grps are not supported...but they are looking for an alternative 13:23:47 <irenab> for my understanding it should be possible to have MD that does not support security groups, it is extension 13:24:22 <sadasu> that was my understanding too until I got a comment this morning saying that it is not optional 13:24:54 <sadasu> how does the noop firewall driver interact with your agent? 13:25:38 <irenab> sadasu: The noop firewall driver is defined on the agent side 13:26:34 <irenab> on the MD side, I declare vif_details={portbindings.CAP_PORT_FILTER: False} 13:28:22 <irenab> sadasu: Do you have more concerns on this? 13:28:33 <sadasu> yes, agreed...I guess I have to go figure out the exactly functionality provided by the noop firewall driver 13:29:06 <sadasu> I was looking for information on how the firewall driver interacts with your agent... 13:29:48 <irenab> not having sevurity groups on SR-IOV port is also required for NFV, so we have use case that needs it 13:30:34 <irenab> there is some which is quite critical for both our MDs : #link https://bugs.launchpad.net/neutron/+bug/1338202 13:30:35 <uvirtbot> Launchpad bug 1338202 in neutron "ML2 plugin update_port changes binding:profile when not changed" [Undecided,Confirmed] 13:31:39 <irenab> sadsu: sorry, I moved to another topic. Do you have questions on security groups for our MD? 13:32:15 <sadasu> irenab: not for now...go ahead 13:32:54 <irenab> so the bug I mentioned, seems to clear binding:profile for any port update API call 13:33:23 <irenab> which causes port to try to bind again and to fail, since no profile is present any more 13:33:48 <irenab> I think that I know how to fix, will work on this ASAP 13:34:47 <sadasu> irenab: I think this port_update is used when VM is migrated to a diff host 13:35:02 <sadasu> we need to check with Bob Kukura before proceeding with the fix 13:35:26 <irenab> admin/tenant can call port-update API, and even if nothing is changed, it will clear profile content (till bug is fixed) 13:35:54 <irenab> since we canot prevent api calls for this, seems to me as critical 13:36:25 <sadasu> got it. yes, seems critical 13:36:30 <irenab> sadsu: agree, could not catch rkukura on irc 13:36:51 <irenab> will try to attend ML2 meeting this week to discuss 13:37:06 <sadasu> ok 13:39:12 <irenab> any other topics to discuss? 13:40:27 <irenab> when do you expect the rest of nova patches to land? 13:41:49 <rpothier> I hope to get a second patch this week. 13:42:31 <irenab> rpothier: this is the one that completes the nova side, or there is more? 13:43:03 <rpothier> still more. 13:43:16 <irenab> rpothier: thanks 13:43:19 <rpothier> my first patch can get merged without affecting anything 13:44:41 <irenab> rpothier: I am looking for nova side patches to use to integrate internally the neutron part 13:45:22 <irenab> I guess what is working for sadasu, will work for me as well 13:46:02 <sadasu> irenab: haven't tested, just patched...willl pass them along anyways 13:46:55 <irenab> sadsu: Thanks! 13:47:00 <irenab> any other topics to discuss or shall we finish earlier? 13:47:25 <sadasu> I don't have any more topics 13:47:33 <irenab> me too 13:48:21 <irenab> sadsu: I'll folow your spec review for security groups decision 13:48:26 <yongli> me neither 13:48:37 <yongli> any neutron patch released? 13:48:46 <yongli> could we get a link here? 13:49:14 <irenab> yeongli: hope tomorrow, adding few more unit tests 13:49:41 <yongli> thanks, drag me to the reviewer list, please 13:50:08 <irenab> yongli: sure 13:50:24 <irenab> thank you all. 13:50:25 <irenab> #endmeeting