13:01:46 #startmeeting hyper-v 13:01:47 Meeting started Wed Apr 6 13:01:46 2016 UTC and is due to finish in 60 minutes. The chair is alexpilotti. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:01:48 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:01:50 The meeting name has been set to 'hyper_v' 13:02:00 bonjour! 13:02:04 \o/ 13:02:05 Hello 13:02:09 Hi 13:02:10 hi 13:02:57 Focus this week is mostly on releasing Mitaka 13:03:16 so we have a bunch of Py3 bugs that came up 13:03:21 #topic Py3 bugs 13:03:27 Hi 13:03:37 claudiub|2: would you like to list the bugs? 13:04:12 we still need to file them, but if somebody is aiming at running a Py3 compute node, I think it's useful to know they exist 13:04:34 sure. i've fixed a couple of bugs on nova master. primarely about attached volumes, configdrive, etc. you can see them at #link https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:master+topic:bp/nova-python3-newton 13:05:45 anything else to add here? 13:06:02 python 3 is generally slower 13:06:18 so, it should be used only when absolutely necessary. :) 13:06:44 we need to do some profiling to see why this happens 13:06:49 even when running py3 unit tests in nova gate, they are about 66% slower than py27 tests. 13:07:14 yep. 13:07:23 if it's 66.6% slower we can possible do an exorcism on Py3 13:07:54 well, i can definetely say that there's something unholy about it. :) 13:08:18 there's a reason why it's the nova-compute daemon 13:08:31 anyway 13:08:35 onwards 13:09:09 #topic OVS 2.5 13:09:25 We have a OVS 2.5 MSI under test 13:09:51 sagar_nikam: do you know if sonu or somebody in your team is testing OVS? 13:10:37 i know sonu has it in plans. dont know the exact time 13:10:41 when it will be done 13:11:00 sagar_nikam: ok, I dont see him online, can you please let him know about 2.5? 13:11:08 sure 13:11:45 sonu: has joined 13:12:01 Sonu: hey sonu 13:12:04 sonu: alexpilotti: wants to know the plans of testing OVS2.5 13:12:30 What is new with OVS 2.5 for Windows? 13:12:45 I thought we are focused to test OVS 2.6 13:13:15 'cz that comes Microsoft certified. Am I wrong? 13:13:28 2.5 will be certified as well 13:13:46 we're currently testing it, before sending it to certification 13:13:47 great. then we will use OVS 2.5 + WMI security driver 13:13:57 cool 13:14:03 and it should all work for VXLAN 13:14:28 so, if you guys could give it a test-ride before we send it to MSFT signature, it'd be great 13:14:37 yes, VXLAN support is there 13:15:16 alexpilotti: Do you test security groups with OVS? 13:16:02 we will 13:16:20 unfortunately for now this means networking-hyperv security groups 13:16:59 on the good side, conntrack is coming in 2.6 13:17:12 I know. But that is ok, since our aim is VXLAN. 13:17:24 VXLAN is also in 2.5 13:17:31 actually even in 2.4 13:17:42 Yes we got that working with 2.4 13:17:58 with promt help from Alin 13:17:59 di dyou manage to do some more benchmarking on the latest networking-hyperv security groups? 13:18:12 in progress. 13:18:29 we're very pleased with the current results (in the limits of the WMI ACL API) 13:18:37 We are running our scale tests with native threads and pyMI and Enahanced RPC support 13:18:41 but I'm curious to hear your results 13:18:56 Sonu: perfect, that's also what we are using 13:19:47 based on latest Rally tests, we're even faster than KVM on Hadoop workloads 13:20:04 not by a big margin, just a tad faster :) 13:20:21 but still a huge step forward from the pre-pymi days 13:20:40 where we used to be 4x slower :) 13:20:53 anywthing else to add on this? 13:21:13 thanks for efforts. 13:21:36 Sonu: thanks, I take is a "nothing to add" :) 13:22:16 #topic ton of new stuff coming in new-ton 13:22:29 sorry, I couldnt resist 13:22:53 actually there are two main areas on which we will work: 13:23:07 Magnum support for Windows containers 13:23:13 and 13:23:37 New Neutron plugin for the Windows Server 2016 networking stack 13:24:07 the new stack is based on it's own controller, using REST API 13:24:18 OVSDB based? 13:24:35 it has some OVSDB compatibility 13:24:55 but it's not as complete and hence usable as the full OVS porting 13:25:13 so on the long term our general vision is to have: 13:25:24 alexpilotti: magnum support is intresting, we would be intrested 13:26:03 OVS for people wanting to have multiple hypervisor types / interop solutions 13:26:23 especially with OVN, OpendayLight, NSX, etc 13:26:45 and the new Neutron Hyper-V plugin for Hyper-V only scenarios 13:27:21 given the current usage distribution, the former (OVS) will most probably have more traction 13:27:48 sagar_nikam: is there any HP core reviewer in Magnum? 13:28:05 alexpilotti: not sure, can check 13:28:17 alexpilloti: while it seems like more flexibility, but won't this be a challenge to maintain two approaches? one native Hyper-V versus OVS based 13:28:27 there's a non trivial amount of work required around the fact that Heat temmplates used by Magnum are very Linux specific 13:28:59 Sonu: it's what we are doing already today with networking-hyperv and OVS 13:29:19 this new plugin will become networking-hyperv v2 13:30:08 alexpilotti: any BPs already ready for magnum ? 13:31:12 sagar_nikam: not yet, we are planning to discuss this at the summit with the Magnum team and get the BPs up shortly afterwards 13:31:37 ok 13:31:39 this reminds me of the fact that we have a design session at the summit 13:32:00 claudiub|2: can you post details? 13:32:26 yep. sure. it's on wednesday, from 9:00AM to 9:40AM 13:32:33 let me get the exact details. 13:33:08 alexpilotti: any plans in magnum hyperv supporting freezer and monasca ? 13:33:19 https://wiki.openstack.org/wiki/Freezer 13:33:26 https://wiki.openstack.org/wiki/Monasca 13:33:43 i mean any plans in newton release 13:33:52 that's also on the TODO list 13:34:03 are you guys already using them in production scenarios? 13:34:09 #info Winstackers: Work session: 2016-04-27, 09:00-09:40, Boardroom 401 13:34:18 monasca PTL is from HPE, i can connect you to him 13:34:29 sagar_nikam: that'd be great! 13:34:40 Freezer and Monasca for KVM is supported in production 13:34:57 if you have some core reviewer in Freezer to introduce us to, that'd be great 13:35:14 alexpilotti: shall i request for a meeting between Monasca PTL and your team in summit ? 13:35:15 I mean HP core reviewers 13:35:22 sagar_nikam: yes please! 13:35:41 for Freezer, Hyper-V has a new API, called RCT 13:36:02 Freezer PTL is also from HPE, if i remember right 13:36:43 i can find it and request for a meeting with your team and Freezer PTL 13:37:15 cool 13:37:29 alexpilotti: do you need any meetings with cinder team from HPE ? 13:38:13 lpetrut: anything on the agenda for Cinder worth requesting a meeting? 13:38:29 it'd be great meeting in person, of course 13:38:41 well, os-brick may be one of the topics 13:39:23 let me check and try to schedule a meeting between lpetrut: and hpe cinder team 13:39:29 cool 13:39:44 sagar_nikam Sonu: are you guys coming to Austin? 13:39:50 alexpilotti: do you need to meet anybody else from HPE 13:40:11 I guess I can talk about os-brick Windows support with Walter Boring at the summit, as far as I know, he's in charge of the project 13:40:20 not me. i am not coming to austin. hopefully some other time 13:40:29 sagar_nikam: no thanks, I think those are the main areas 13:40:41 lpetrut: sure i will request for a meeting 13:41:00 alexpilloti: I have one of my team member attend the design session for hyper-v 13:41:17 alexpilotti: sure, will try to arrange for those 2 meetings, monasca and freezer 13:42:11 ok, for today's topics, we have a new major feature ready for release: 13:42:19 #topic Shielded VMs 13:42:52 we will upload the bits soon 13:43:17 but if you guys plan to test the feature, we can already provide some info 13:43:26 thats news to us. Any blue print? 13:44:41 there's a vTPM BP, which is the basis for shielded VMs 13:44:46 alexpilotti: we will get back on shielded VMs 13:45:10 just wanted to make sure it's on your radar 13:45:18 this was the bp that was approved in Liberty: #link https://review.openstack.org/#/c/195068/ 13:46:18 thanks. I will read through it to understand the case. 13:46:43 shielded VM specs: https://review.openstack.org/#/c/274709/4/specs/newton/approved/hyper-v-shielded-vms.rst 13:46:52 alexpilotti: i have a update on SSL/TLS, we can discuss later when we are done with this topic 13:48:01 sure, I'm done with this 13:48:05 also time is -12' 13:48:31 #topic SSL/TLS 13:48:51 alexpilotti: thanks to the notes from alin: i was able to get the glance image download working as part of nova boot 13:49:15 sweet 13:49:22 next i am hitting a issue in invoking neutron agent 13:49:26 wil debug further 13:49:30 in the meanwhile 13:49:34 i have a question 13:49:43 we added the crt file in nova .conf 13:49:51 point to some location on hyperv host 13:50:04 that was a self signed certificate 13:50:14 how do we add multiple certificates 13:50:30 suppose a customer does not want to use the self signed certs 13:50:40 and adds his own certificate 13:50:56 possible multiple certificates 13:51:05 how do we handle it 13:51:21 multiple because you have multiple endpoints for the same service? 13:51:30 no 13:51:43 same endpoint for a service 13:52:06 but assuming the customer adds his own signed certificate 13:52:15 each service has it's own config, I'd expect 13:52:53 plus, I need to check, but if the cert is signed by a CA, on the client side the CA cert should be enough 13:52:54 in case of KVM, multiple certs can be added in cert manager 13:53:03 provided that CN matches the hostname 13:53:27 one SSL/TLS endpoint = 1 cert 13:53:47 ok 13:53:56 will investigate further and get back 13:54:03 cool 13:54:05 clear 13:54:15 wrong window, sorry 13:54:20 np :) 13:54:21 on freerdp 13:54:26 ok 13:54:31 how does it work 13:54:37 if TLS is enabled ? 13:54:52 on the network which tenants access horizon 13:54:56 same: wsgate.ini has settings for the certifcate 13:55:09 ok 13:55:19 our MSI generates a self signed one, for ease of use 13:55:35 ok 13:55:40 which can be replaced by a CA signed one for most production usages 13:55:55 if you just override it, it just works 13:55:58 thats good 13:56:17 -4' 13:56:30 #topic open discussion 13:56:37 if the same works for nova, i mean signed certificate from a customer, by just adding in nova.conf, we are good 13:56:48 yes 13:57:05 anything else that you guys would like to add before wrapping up? 13:57:26 nothing from my end 13:57:58 alright, thanks y'all see you next week! 13:58:04 #endmeeting