[Yahoo-eng-team] [Bug 1585510] Re: [RFE] openvswitch-agent support rootwrap daemon when hypervisor is XenServer

Sat, 07 Jan 2017 16:48:11 -0800 

** Changed in: neutron
       Status: Opinion => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1585510

Title:
  [RFE] openvswitch-agent support rootwrap daemon when hypervisor is
  XenServer

Status in neutron:
  In Progress
Status in oslo.rootwrap:
  New

Bug description:
  As titled, when XenServer is hypervisor we want to implement rootwrap
  daemon mode in neutron-openvswitch-agent which runs in compute node.

  neutron-openvswitch-agent which runs in compute node(DomU) cannot
  support rootwrap daemon mode. This is because XenServer has the
  seperation of Dom0(privileged domain) and DomU(user domain), br-int
  bridge of neutron-openvswitch-agent(in compute node) resides in Dom0,
  so all the ovs-vsctl/ovs-ofctl/iptables/ipset commands executed by
  neutron-openvswitch-agent(in compute node) need to be executed in Dom0
  not DomU which is different with other hypervisors.

  https://github.com/openstack/neutron/blob/master/bin/neutron-rootwrap-
  xen-dom0 is current implementation but cannot support rootwrap daemon.

  We noticed rootwrap produces significant performance overhead and We
  want to implement the rootwrap daemon mode when XenServer is
  hypervisor to improve the performance.

  Also, we discoverde that calls to netwrap (and creation of lots of
  sessions) are causing huge logging in dom0. Logrotate can handle those
  logs, but it will make diagnosis of issues very difficult indeed due
  to the very regular rotations.

  Also, it seems that perhaps the excessive logging is causing the host
  to be **very** slow downloading an image from glance due to contention
  on the disk (looking at iostat, %iowait is up over 60% the majority of
  the time, sometimes up to 90%)

  So, it's not stable and strong enough for a production OpenStack
  environment.

  Proposal: subclass and override some class/functions from
  oslo.rootwrap to achive the goal. Actually I have did the POC which
  can work well.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1585510/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to