#openstack-meeting-alt log

13:03:09 <baoli> #startmeeting PCI Passthrough
13:03:10 <openstack> Meeting started Tue Feb  4 13:03:09 2014 UTC and is due to finish in 60 minutes.  The chair is baoli. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:03:11 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:03:13 <openstack> The meeting name has been set to 'pci_passthrough'
13:03:36 <baoli> Hi
13:03:41 <sadasu> Hello
13:03:58 <irenab> hi
13:04:23 <irenab> rkukura said he maybe late ~10 mins
13:04:29 <baoli> ok
13:04:59 <irenab> baoli: can we discuss you wiki page https://wiki.openstack.org/wiki/Nova-neutron-sriov?
13:05:10 <baoli> sure.
13:05:20 <baoli> I just came in and didn't have time looking at your comments
13:05:31 <irenab> I have entered comments with irenab
13:06:16 <irenab> first for vif_type section
13:06:19 <baoli> Ok I just saw that. I was about to send you an email asking your about the new vif type
13:07:13 <baoli> Sounds like that you do need a new vif type like VIF_TYPE_HW_VEB
13:07:43 <irenab> currently, we use VIF_HOSTDEV, it is defined on Plugin level
13:07:50 <irenab> but sice need to add it to the common definitions anyway, maybe VIF_HW_VEB
13:08:08 <baoli> I'll add that, and keep 802_1GBG as it is
13:08:09 <irenab> ^since
13:09:02 <irenab> yes, QBG is another case, but seems currently no one supports it with neutron
13:09:34 <irenab> Is you bp approved?
13:10:04 <irenab> my bp is blocked on discussion
13:10:31 <baoli> I went through the email thread between Yunhong and you. Seems like no compromise can be easily reached even though we'd like to get something done in Icehouse
13:12:19 <irenab> I thought that for short term it can be OK to go without PCI flavors
13:12:57 <baoli> That's what I thought too, especially it's not approved yet and major design issues raised but not addressed
13:13:17 <baoli> Not sure if my bp is going to be approved
13:14:16 <irenab> what is required in order to approve it?
13:15:33 <baoli> I am not exactly sure. definitely it needs a core to ok it. I had John Garbutt as approver of mine
13:16:48 <baoli> I think that at least we can get something working, and change its implementation as the design gets mature with more input from people
13:16:55 <irenab> if new bp that Yunhong registered is approved, we have all the pieces?
13:17:57 <baoli> He said he was not optimistic (about the bp? or about the coding? I'm not exactly sure) in one of our exchanges.
13:18:00 <sadasu> baoli, irenab: what discussion between irenab and Yunhong are you talking about?
13:18:37 <baoli> sadasu, there is an email thread in the openstack alias I started a while back
13:18:41 <sadasu> irenabb, Yonghong discussion/email thread I mean?
13:19:06 <sadasu> ok...I didn't see anything yesterday, so was wondering.
13:19:17 <baoli> sorry, not on the alias. But you are one of the receipients
13:20:13 <irenab> sadasu: he sent questions, I just went through baoli's wiki. I thought we have all pieces at place ....
13:20:46 <sadasu> baoli: ok...I saw those
13:21:07 <irenab> I have also question regarding if normal user  may set vnict_type via neutron port is use case you need or its OK that only admin user can do it?
13:21:21 <sadasu> ireanb: ok...
13:22:08 <sadasu> irenab: yes, I think that question still remains...I think it should have the same access as a nova boot command
13:22:38 <sadasu> and with that reasoning should be all allowed even for non-admin access
13:22:44 <baoli> Irenab, how do we define a normal user?
13:23:40 <irenab> I am not sure, the one that is not admin ...
13:24:53 <baoli> Ok, then, the notion that a normal user has no notion of SRIOV ports seems to be in the way of allowing him/her to request one
13:25:43 <baoli> Then a normal user would say I need a fast port? And what does a fast port mean? As a normal user of wirelese, do we know hat wifi means?
13:26:54 <baoli> The question is what level of API abstraction is needed for a normal user to incorporate SRIOV
13:27:06 <irenab> baoli: just to be sure, you say that normal user should understand "flavors", not specific vnic_types?
13:27:34 <baoli> irenab, no.
13:28:03 <sadasu> from our earlier discussion with John Garbutt, it appears that if we let the user pick based on more friendlier terms, it can be a non-admin user input
13:28:03 <baoli> My question is should a normal user has the notion of SRIOV ports
13:28:49 <irenab> normal user is the one who asks for VM, right?
13:28:56 <sadasu> irenab: no flavors....just terms like "fast_no_migration", "fast_with_migration" for example
13:29:01 <baoli> yes
13:29:46 <irenab> sadasu: yes, but this will be via nova api, and nova will go to neutron and create port. nova is admin user
13:30:34 <sadasu> or the user can call create port first too
13:30:38 <irenab> so the question is if normal user will create be allowed to create neutron port and ask for vnic_type
13:30:56 <baoli> Help me understand this: a normal user can issue 'nova boot ..... --nic vnic-type=direct
13:31:27 <baoli> but he can not: neutron port-create .... vnic-type=direct, and nova boot ... --nic port-id=<port-uuid>
13:31:45 <irenab> probably with some vnic-type=fast_with_migration
13:31:55 <irenab> on nova
13:32:33 <baoli> what is fast_with_migration
13:32:41 <sadasu> macvtap
13:33:02 <baoli> is it simply the naming?
13:33:08 <sadasu> yes
13:33:08 <irenab> 'nova boot ..... --nic vnic-type=fast_with_migration'
13:33:11 <irenab> yes
13:33:45 <rkukura_> finally here - sorry I'm late
13:33:49 <baoli> so it's not a issue of normal user using vnic-type, but the naming of the available vnic types?
13:33:52 <irenab> hi
13:33:58 <baoli> rkukura, hi
13:34:29 <sadasu> welcome rkukura. we are discussiong vnic_types here
13:34:34 <irenab> rkukura: trying to close if vnic_type  should be exposed to normal user
13:34:45 <baoli> rkukura, how do you define a normal user?
13:35:16 <rkukura_> A normal user is a tenant of the (private or public) cloud, as opposed to an administrator/provider of the cloud
13:36:01 <baoli> does each tenant have an admin role?
13:36:56 <rkukura_> No, tenants are usually not given any unnecessary privileges that would allow them to influence other tenants
13:37:50 <baoli> a normal user can issue 'nova boot ..... --nic vnic-type=direct
13:37:50 <baoli> but he can not: neutron port-create .... vnic-type=direct, and nova boot ... --nic port-id=<port-uuid>
13:38:01 <baoli> I was asking that question earlier
13:38:40 <rkukura_> baoli: Why could the normal user not do the port-create in this case?
13:39:11 <rkukura_> Is this with vnic-type requiring admin privileges?
13:39:21 <baoli> rkukura, are we talking about that normal user is not allowed to use vnic-type in the port-create command?
13:39:24 <irenab> baoli: I think John has strong objections to --nic vnic_type option
13:40:21 <baoli> irenab, ok, then the question is does a normal have the notion of SRIOV ports, and there he/she can request them
13:40:45 <baoli> ^normal user
13:40:56 <irenab> based on earlier discussion with rkukura, we need to be quite confident what to expose with API, because it is not easiliy changed in the future
13:41:42 <rkukura_> Seems to me a normal user should have visibility/control over what their VM sees, but not how that is accomplished internally to the cloud
13:42:48 <irenab> rkukura: so you are in favor of axposing vnic_type to the user, right?
13:42:54 <rkukura_> irenab: Who is it that objects to the --nic vnic_type nova option?
13:43:59 <irenab> rkukura: requested network
13:45:01 <rkukura_> irenab: Not to be intentionally indecisive on this, but I really don't have a strong opinion. I'd probably prefer to see nova handle the user's choice of how the interface looks to the VM, which would mean neutron could require nova to set this as admin.
13:45:24 <sadasu> rkukura: I think irenab was referring to an earlier comment from John Garbutt, a nova core
13:45:43 <sadasu> he was briefly involved in this effort
13:46:03 <sadasu> this was a few weeks ago
13:46:37 <baoli> so is it ok for an admin to do port-create --vnic-type?
13:46:57 <sadasu> to summarize I think, it was ok to use --nic vnic_type as long as vnic_type did not have terms like macvtap, direct etc
13:47:04 <irenab> till we will figure out how nova API should look like, we want to have oprtion to set vnic_type via neutron port
13:47:12 <baoli> Then we can do --vnic-type on 'nova boot' with normal user, and admin on port-create --vnic-type
13:47:14 <irenab> ^option
13:47:38 <sadasu> baoli: that would be inconsistent correct?
13:48:35 <baoli> sadasu, to me it's inconsistent since the same APIs are exposed to all the users. it's just that some users don't see some of the options available to the APIs.
13:48:42 <rkukura_> If macvtap, direct, etc. are internal details of the cloud deployment, then I think these should not be exposed directly to normal users.
13:48:44 <sadasu> I agree, that we should 1st only look at how we should pass it as a parameter to port-create and then worry about nova boot
13:49:58 <sadasu> baoli: yes. I am specifically talking about this -vnic_type option..I think we cannot call it admin in one command and user-level in another
13:50:00 <rkukura_> We need to define the right abstraction for the normal user to specify what the NIC looks like to the VM and what QoS is provided, then decide whether that abstraction is provided in the nova API or in the neutron API.
13:50:11 <baoli> Basically, are we saying a normal user has no notion of SRIOV Ports? Or as a normal user of cellphone, he should have no notion of 3G or 4G ?
13:51:22 <irenab> rkukura: you suggested to take it to core discussion
13:52:14 <baoli> keep in mind that SRIOV ports is a limited resources available in a cloud
13:52:48 <sadasu> baoli: correct and the user is paying a premium to get access to it
13:52:59 <rkukura_> Can we separate the user-level abstraction from the admin-level detail of SR-IOV?
13:53:01 <irenab> I think user should understand that he gets different types, and pays differently for them.
13:53:47 <baoli> As long as a normal user can request a port either in the form of --nic or port-create, he should be aware what he is requesting for, one way or the other
13:53:54 <sadasu> yes. we only need to hide implementation specifics...we don't need to hide the service itself from the user, IMHO
13:54:41 <sadasu> we should be able to present the service in abstract terms  (I am repeating myself here)
13:55:01 <rkukura_> I agree with what sadasu just said. I'm not clear if the set of values for vnic_type are "implementation specifics" or "service itself".
13:55:11 <sadasu> like maybe "fast_with_migration" for macvtap and "fast_no_migration" for direct
13:55:54 <sadasu> that way the user knows understands that there is "fast" and vm migration is another knob
13:56:08 <baoli> keep in mind that people are working to support live migration even with direct passthrough without macvtap. Technology advances
13:56:22 <irenab> sadasu: so on neutron port, need to be user accessable with changed names?
13:57:11 <sadasu> baoli: exactly...our underlying implementation can change
13:57:26 <rkukura_> I'm not sure its just the names. I think their is a question of whether its nova or neutron that controls the decision.
13:57:30 <sadasu> but the user facing service might not
13:57:59 <baoli> rkukura, a normal user can use both 'nova boot' and 'neutron port-create", right?
13:58:08 <rkukura_> baoli: yes
13:58:10 <sadasu> rkukura: for this question, I think the answer is, for icehouse, it will be all neutron
13:58:29 <sadasu> in juno, nova would expose it too via nova boot
13:58:42 <baoli> rkukura, when you say it's nova that controls the decision, ultimately, isn't; the user who issued the command in control?
13:58:43 <rkukura_> sadasu: Then that's what we need to make work.
13:58:57 <sadasu> this is based on baoli's wiki
13:59:02 <sadasu> rkukura: agreed
13:59:53 <irenab> time is over, any conclusion how to proceed?
14:00:33 <baoli> Thanks everyone
14:00:40 <rkukura_> I'm OK with making vnic_type top-level and user-accessible if that's the only way we are going to get this into icehouse
14:00:42 <baoli> continue tomorrow?
14:00:51 <irenab> sure
14:00:54 <rkukura_> I can be on time tomorrow
14:00:55 <sadasu> rkukura : +1
14:01:09 <sadasu> yes. will be there
14:01:10 <irenab> rkukura: thank
14:01:14 <sadasu> thanks all.
14:01:21 <irenab> see you tomorrow
14:01:28 <baoli> cool. Let's go over the logs and think about it. Maybe we can find some lights in the tunnel tomorrow morning!
14:01:36 <baoli> #endmeeting