Bug 856149

Summary: Need to provide a formal API for Nova to use to plug/unplug VIFs
Product: Red Hat OpenStack Reporter: Daniel Berrangé <berrange>
Component: openstack-quantumAssignee: RHOS Maint <rhos-maint>
Status: CLOSED CURRENTRELEASE QA Contact: yfried
Severity: medium Docs Contact:
Priority: medium    
Version: 2.0 (Folsom)CC: acathrow, apevec
Target Milestone: betaKeywords: Rebase, Reopened
Target Release: 3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-quantum-2013.1.1-9.el6 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of:
: 884595 (view as bug list) Environment:
Last Closed: 2014-01-06 19:48:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 894913    
Bug Blocks:    

Description Daniel Berrangé 2012-09-11 10:20:48 UTC 
Description of problem:
The current interaction model between Nova and Quantum is critically flawed in a number of respects

 - There is a hard configuration dependency between Quantum & Nova. ie When changing the Quantum network driver implementation, the admin must also update the Nova libvirt_vif_driver config parameter to match.

 - Some quantum drivers are providing custom plugin impls for the Nova libvirt VIF driver classes. This exposes Quantum to the internal implementation details of the libvirt driver in Nova. These impl details ought to be private to Nova since they can be changed arbitrarily at any time which will break Quantum plugins (eg see bug 1046758).

 - Some Quantum drivers are tied to usage with Nova and libvirt. This is more or less the same point as above - since the drivers need to provide custom libvirt VIF drivers to work with Nova, this is tieing Quantum into Nova + libvirt, preventing its re-use with other non-libvirt drivers or applications like oVirt.

 - Some Quantum drivers are doing work which belongs under the hypervisors' control. eg the Quantum Linux bridge driver is wanting to create TAP devices itself & add them to the bridge. This is only achievable by using the libvirt type=ethernet VIF config. Not only is this config designated unsupported by RHEL (due to its inherent security limitations), but this can only ever work with KVM. libvirt's LXC and Xen drivers do not use TAP devices for their networking, and want to be in charge of adding their own interface to the bridge.

All these problems could be solved if Quantum exposed a formal API for compute services to call to plug/unplug VIFs, instead of relying on hooking into the libvirt VIF driver internal impls. The API would do any port configuration work that might be neccessary, and then return information about where the VIF should be attached & what parameters it should use. The compute service would then take care of actually deciding the optimal libvirt configuration & let the hypervisor actually create & attach the VIF to the network.

See also upstream bug

https://bugs.launchpad.net/quantum/+bug/1046766

Version-Release number of selected component (if applicable):
Folsom
Comment 5 Gary Kotton 2012-11-05 18:03:48 UTC 
This will be addressed in https://blueprints.launchpad.net/quantum/+spec/vif-plugging-improvements. This is targeted for Grizzly.
There are 2 pending reviews that can be backported to Folsom - these improve the usage of the linuxbridge plugin:
Quantum - https://review.openstack.org/#/c/14961/
Nova - https://review.openstack.org/#/c/14830/
Comment 15 Gary Kotton 2013-03-18 19:42:16 UTC 
In the nova conf the libvirt_vif_driver3should have the following: libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtGenericVIFDriver
Nova will receive the relevant information from Quantum. This should work out of the box.
In short we should check that the linux bridge and ovs plugins are able to spawn VM's and traffic works from them when the aforementioned driver is set.
Comment 16 Gary Kotton 2013-05-31 11:21:42 UTC 
There are anumber of notes here to be aware of:
1. When using the linuxbridge plugin the new generic driver can be used (libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtGenericVIFDriver)
2. When using the openvswitch as the quantum plugin the driver
libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
should be used. This is required for the security group support by Quantum. This is currently being addressed upstream
Comment 17 yfried 2013-06-06 08:48:00 UTC 
rpm -qa | grep quan
openstack-quantum-2013.1.1-9.el6ost.noarch

OVS - VMs get ip and communicate with outside components