<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jul 15, 2013 at 1:26 PM, Robert Kukura <span dir="ltr"><<a href="mailto:rkukura@redhat.com" target="_blank">rkukura@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="im">On 07/15/2013 03:54 PM, Aaron Rosen wrote:<br>
><br>
><br>
><br>
> On Sun, Jul 14, 2013 at 6:48 PM, Robert Kukura <<a href="mailto:rkukura@redhat.com">rkukura@redhat.com</a><br>
</div><div class="im">> <mailto:<a href="mailto:rkukura@redhat.com">rkukura@redhat.com</a>>> wrote:<br>
><br>
> On 07/12/2013 04:17 PM, Aaron Rosen wrote:<br>
> > Hi,<br>
> ><br>
> ><br>
> > On Fri, Jul 12, 2013 at 6:47 AM, Robert Kukura <<a href="mailto:rkukura@redhat.com">rkukura@redhat.com</a><br>
> <mailto:<a href="mailto:rkukura@redhat.com">rkukura@redhat.com</a>><br>
</div><div><div class="h5">> > <mailto:<a href="mailto:rkukura@redhat.com">rkukura@redhat.com</a> <mailto:<a href="mailto:rkukura@redhat.com">rkukura@redhat.com</a>>>> wrote:<br>
> ><br>
> > On 07/11/2013 04:30 PM, Aaron Rosen wrote:<br>
> > > Hi,<br>
> > ><br>
> > > I think we should revert this patch that was added here<br>
> > > (<a href="https://review.openstack.org/#/c/29767/" target="_blank">https://review.openstack.org/#/c/29767/</a>). What this patch<br>
> does is<br>
> > when<br>
> > > nova-compute calls into quantum to create the port it passes<br>
> in the<br>
> > > hostname on which the instance was booted on. The idea of the<br>
> > patch was<br>
> > > that providing this information would "allow hardware device<br>
> vendors<br>
> > > management stations to allow them to segment the network in<br>
> a more<br>
> > > precise manager (for example automatically trunk the vlan on the<br>
> > > physical switch port connected to the compute node on which<br>
> the vm<br>
> > > instance was started)."<br>
> > ><br>
> > > In my opinion I don't think this is the right approach.<br>
> There are<br>
> > > several other ways to get this information of where a<br>
> specific port<br>
> > > lives. For example, in the OVS plugin case the agent running<br>
> on the<br>
> > > nova-compute node can update the port in quantum to provide this<br>
> > > information. Alternatively, quantum could query nova using the<br>
> > > port.device_id to determine which server the instance is on.<br>
> > ><br>
> > > My motivation for removing this code is I now have the free<br>
> cycles to<br>
> > > work on<br>
> > ><br>
> ><br>
> <a href="https://blueprints.launchpad.net/nova/+spec/nova-api-quantum-create-port" target="_blank">https://blueprints.launchpad.net/nova/+spec/nova-api-quantum-create-port</a><br>
> > > discussed here<br>
> > ><br>
> ><br>
> (<a href="http://lists.openstack.org/pipermail/openstack-dev/2013-May/009088.html" target="_blank">http://lists.openstack.org/pipermail/openstack-dev/2013-May/009088.html</a>)<br>
> > .<br>
> > > This was about moving the quantum port creation from the<br>
> nova-compute<br>
> > > host to nova-api if a network-uuid is passed in. This will<br>
> allow us to<br>
> > > remove all the quantum logic from the nova-compute nodes and<br>
> > > simplify orchestration.<br>
> > ><br>
> > > Thoughts?<br>
> ><br>
> > Aaron,<br>
> ><br>
> > The ml2-portbinding BP I am currently working on depends on<br>
> nova setting<br>
> > the binding:host_id attribute on a port before accessing<br>
> > binding:vif_type. The ml2 plugin's MechanismDrivers will use the<br>
> > binding:host_id with the agents_db info to see what (if any)<br>
> L2 agent is<br>
> > running on that host, or what other networking mechanisms<br>
> might provide<br>
> > connectivity for that host. Based on this, the port's<br>
> binding:vif_type<br>
> > will be set to the appropriate type for that agent/mechanism.<br>
> ><br>
> > When an L2 agent is involved, the associated ml2<br>
> MechanismDriver will<br>
> > use the agent's interface or bridge mapping info to determine<br>
> whether<br>
> > the agent on that host can connect to any of the port's network's<br>
> > segments, and select the specific segment (network_type,<br>
> > physical_network, segmentation_id) to be used. If there is no<br>
> > connectivity possible on the host (due to either no L2 agent<br>
> or other<br>
> > applicable mechanism, or no mapping for any of the network's<br>
> segment's<br>
> > physical_networks), the ml2 plugin will set the binding:vif_type<br>
> > attribute to BINDING_FAILED. Nova will then be able to<br>
> gracefully put<br>
> > the instance into an error state rather than have the instance<br>
> boot<br>
> > without the required connectivity.<br>
> ><br>
> > I don't see any problem with nova creating the port before<br>
> scheduling it<br>
> > to a specific host, but the binding:host_id needs to be set<br>
> before the<br>
> > binding:vif_type attribute is accessed. Note that the host<br>
> needs to be<br>
> > determined before the vif_type can be determined, so it is not<br>
> possible<br>
> > to rely on the agent discovering the VIF, which can't be<br>
> created until<br>
> > the vif_type is determined.<br>
> ><br>
> ><br>
> > So what your saying is the current workflow is this: nova-compute<br>
> > creates a port in quantum passing in the host-id (which is the<br>
> hostname<br>
> > of the compute host). Now quantum looks in the agent table in it's<br>
> > database to determine the VIF type that should be used based on the<br>
> > agent that is running on the nova-compute node?<br>
><br>
> Most plugins just return a hard-wired value for binding:vif_type. The<br>
> ml2 plugin supports heterogeneous deployments, and therefore needs more<br>
> flexibility, so this is whats being implemented in the agent-based ml2<br>
> mechanism drivers. Other mechanism drivers (i.e. controller-based) would<br>
> work differently. In addition to VIF type selection, port binding in ml2<br>
> also involves determining if connectivity is possible, and selecting the<br>
> network segment to use, and these are also based on binding:host_id.<br>
><br>
><br>
> Can you go into more details about what you mean by heterogeneous<br>
> deployments (i.e what the topology looks like)? Why would connectivity<br>
> not be possible? I'm confused why things would be configured in such a<br>
> way where the scheduler wants to launch an instance on a node where<br>
> quantum is not able to provide connectivity for.<br>
<br>
</div></div>By heterogeneous deployment, I meant that all compute nodes are not<br>
necessarily identically configured. Some might be running the<br>
openvswitch agent, some the linuxbridge agent, and some the hyperv<br>
agent, but all able to access VLANs on (some of) the same trunks.<br>
<br>
One example of connectivity not being possible would be if multiple VLAN<br>
trunks are in use in the datacenter, but not all compute nodes have<br>
connections to every trunk. <br></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I agree the scheduler should ensure connectivity will be possible. But<br>
mechanisms such as cells, zones, and flavors can also be used in nova to<br>
manage heterogeneity. The ml2 port binding code should ideally never<br>
find out the scheduled node does not have connectivity, but we've at<br>
least defined what should happen if it does. The main need here though<br>
is for the port binding code to select the segment to use.<br></blockquote><div><br></div><div>Why does the port binding code select which segment to use? I'm unclear why anyone would ever have a deployment with a mix of vlans where things are trunked in some places and not in others and neutron would have to keep up with that. The part i'm unclear on is how neutron would be expected to behave in this type of setup. Say one boots several instances: instance1 lands on compute1 and neutron puts it on vlan X. Later instance 2 is booted and it lands on compute2 on this node vlan X isn't reachable? <br>
</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="im"><br>
><br>
><br>
><br>
> > My question would<br>
> be why<br>
> > the nova-compute node doesn't already know which VIF_TYPE it should be<br>
> > using?<br>
><br>
> I guess the thinking was that this knowledge belonged in quantum rather<br>
> than nova, and thus the GenericVifDriver was introduced in grizzly. See<br>
> <a href="https://blueprints.launchpad.net/nova/+spec/libvirt-vif-driver" target="_blank">https://blueprints.launchpad.net/nova/+spec/libvirt-vif-driver</a> and<br>
> <a href="https://blueprints.launchpad.net/neutron/+spec/" target="_blank">https://blueprints.launchpad.net/neutron/+spec/</a>.<br>
> vif-plugging-improvements<br>
</div>> <<a href="https://blueprints.launchpad.net/neutron/+spec/vif-plugging-improvements" target="_blank">https://blueprints.launchpad.net/neutron/+spec/vif-plugging-improvements</a>>.<br>
<div class="im">><br>
><br>
> Thanks for the links. It seems like the the motivation for this was to<br>
> remove the libvirt vif configuration settings from nova and off load<br>
> that to quantum via the vif_type param on a port. It seems like when<br>
> using a specific plugin that plugin will always returns the same<br>
> vif_type to a given node. This configuration option in my opinion looks<br>
> best to be handled as part of your deployment automation instead and not<br>
> baked into quantum ports.<br>
<br>
</div>For monolithic plugins, returning a fixed vif_type works, but this is<br>
not sufficient for ml2.<br>
<br>
I was happy with the old approach of configuring drivers in nova (via<br>
deployment automation ideally), but the decision was made in grizzly to<br>
switch to the GenericVifDriver.<br>
<div class="im"><br>
><br>
> My goal is to reduce the orchestration and complexity between nova and<br>
> quantum. Currently, nova-api and nova-compute both call out to quantum<br>
> when all of this could be done on the api node (ignoring bare metal for<br>
> now as in this case we'd need to do something special to handle updating<br>
> the mac addresses on those logical ports in quantum).<br>
<br>
</div>Sounds like the scheduler is going to need to call neutron as well, at<br>
least in some cases.<br>
<br></blockquote><div>Why is this? The only use case I see so far for something other than nova-api to call into neutron would be bare metal. I think having neutron telling nova which vif type it should be using is really tightly coupling nova+quantum integration. I think we should probably reexamine <a href="https://blueprints.launchpad.net/nova/+spec/libvirt-vif-driver">https://blueprints.launchpad.net/nova/+spec/libvirt-vif-driver</a> as setting the libvirt_type from the neutron side seems to be something that the sysadmin should configure once and not have to rely on neutron to specify. <br>
<br></div><div>Thanks, <br><br>Aaron<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
-Bob<br>
<div class="im"><br>
><br>
><br>
> -Bob<br>
><br>
> ><br>
> ><br>
> > Back when the port binding extension was originally being<br>
> hashed out, I<br>
> > had suggested using an explicit bind() operation on port that<br>
> took the<br>
> > host_id as a parameter and returned the vif_type as a result.<br>
> But the<br>
> > current attribute-based approach was chosen instead. We could<br>
> consider<br>
> > adding a bind() operation for the next neutron API revision,<br>
> but I don't<br>
> > see any reason the current attribute-based binding approach<br>
> cannot work<br>
> > for now.<br>
> ><br>
> > -Bob<br>
> ><br>
> > ><br>
> > > Best,<br>
> > ><br>
> > > Aaron<br>
> > ><br>
> > ><br>
> > > _______________________________________________<br>
> > > OpenStack-dev mailing list<br>
> > > <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
> <mailto:<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>><br>
</div>> > <mailto:<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<div class="im">> <mailto:<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>>><br>
> > ><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
> > ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > OpenStack-dev mailing list<br>
> > <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
</div>> <mailto:<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>><br>
> > <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
> ><br>
><br>
><br>
<br>
</blockquote></div><br></div></div>