← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #51495

[Bug 1585510] [NEW] [RFE] openvswitch-agent support rootwrap daemon when hypervisor is XenServer

  Thread PreviousDate PreviousThread Next 
Public bug reported:

As titled, when XenServer is hypervisor we want to implement rootwrap
daemon mode in neutron-openvswitch-agent which runs in compute node.

neutron-openvswitch-agent which runs in compute node(DomU) cannot
support rootwrap daemon mode. This is because XenServer has the
seperation of Dom0(privileged domain) and DomU(user domain), br-int
bridge of neutron-openvswitch-agent(in compute node) resides in Dom0, so
all the ovs-vsctl/ovs-ofctl/iptables/ipset commands executed by neutron-
openvswitch-agent(in compute node) need to be executed in Dom0 not DomU
which is different with other hypervisors.

https://github.com/openstack/neutron/blob/master/bin/neutron-rootwrap-
xen-dom0 is current implementation but cannot support rootwrap daemon.

We noticed rootwrap produces significant performance overhead and We
want to implement the rootwrap daemon mode when XenServer is hypervisor
to improve the performance.

Proposal: subclass and override some class/functions from oslo.rootwrap
to achive the goal. Actually I have did the POC which can work well.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1585510

Title:
  [RFE] openvswitch-agent support rootwrap daemon when hypervisor is
  XenServer

Status in neutron:
  New

Bug description:
  As titled, when XenServer is hypervisor we want to implement rootwrap
  daemon mode in neutron-openvswitch-agent which runs in compute node.

  neutron-openvswitch-agent which runs in compute node(DomU) cannot
  support rootwrap daemon mode. This is because XenServer has the
  seperation of Dom0(privileged domain) and DomU(user domain), br-int
  bridge of neutron-openvswitch-agent(in compute node) resides in Dom0,
  so all the ovs-vsctl/ovs-ofctl/iptables/ipset commands executed by
  neutron-openvswitch-agent(in compute node) need to be executed in Dom0
  not DomU which is different with other hypervisors.

  https://github.com/openstack/neutron/blob/master/bin/neutron-rootwrap-
  xen-dom0 is current implementation but cannot support rootwrap daemon.

  We noticed rootwrap produces significant performance overhead and We
  want to implement the rootwrap daemon mode when XenServer is
  hypervisor to improve the performance.

  Proposal: subclass and override some class/functions from
  oslo.rootwrap to achive the goal. Actually I have did the POC which
  can work well.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1585510/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next