------=_Part_17897434_1769683215.1375106264138 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hi Moti, Thanks for the quick response, Please look down at the comment. Amihay ----- Original Message -----
From: "Moti Asayag" <masayag@redhat.com> To: "Amihay Winter" <awinter@redhat.com> Cc: engine-devel@ovirt.org, "Livnat Peer" <lpeer@redhat.com> Sent: Sunday, July 28, 2013 3:33:27 PM Subject: Re: VNIC profiles & Device Custom Properties
Hi Amihay,
Thank you for your inputs on the feature. See answers in-line for each of the raised issues.
----- Original Message -----
From: "Amihay Winter" <awinter@redhat.com> To: engine-devel@ovirt.org Cc: "Moti Asayag" <masayag@redhat.com>, "Livnat Peer" <lpeer@redhat.com> Sent: Tuesday, July 23, 2013 3:12:45 PM Subject: VNIC profiles & Device Custom Properties
Hi all,
I'm building a TCMS plan for the Device Custom Properties feature and I came across some questions. I'm sorry that I'm a little late with my thoughts but I hope you'll still hear them out. Also, I know It's a little long but please bear with me :)
I want to talk about two things: 1. Sending an updateDevice verb whenever clicking on "Edit" and than "OK". 2. Setting Port Mirroring at the configuring of a nic and not at the profile.
1.According to the Vnic_Profiles's wiki (in the Editing a profile section) it says: "The changes will seep down to all VNICs using the profile. In case VNIC using the edited profile are connected to running VMs, the change will apply only on the VM next run." I'll describe a Scenario: Creating profile A with property speed = 500 Setting vnic2 on vm to have profile A (using Hotplugnic) Changing (in the profile) speed = 700 According to the Vnic_Profiles's wiki, only when I restart my vm I'll get my setting right. In my opinion, If we could enable the update of those setting LIVE we will give the clients a better solution in the Vnic Profiles. I will be able to update all of my 1000 vms in a few minutes with a single script instead of restarting them all and maybe stopping others' work. I think that restarting 1000 vms because I want to set a property is not something that an admin would want to do. One way to implement it is to send a verb "updateDevice" each time we open the the "Edit" window and clicking "OK" I guess that when the design of update device was made, we tried to send minimal verbs, but in this case, I think that if a user clicked on "Edit" & "OK" then he wanted to send the verb, otherwise, he would have pressed on "Edit" & "Cancel".
Sending this verb will allow us to keep the vms update with, in my opinion, minimum cost and with great profit - Giving the client a "more correct environment" LIVE.
The engine-vdsm has a verb for updating a device. It is sent when the engine detect a change in the state of the vnic which requires updating the device. However, the engine doesn't store the vnic profile definition used to activate the vnic.
Instead of restarting the VM, the user can plug-unplug the specific device, if it already activated. I know that plug/unplug the specific device will propagate the change but why use only the hotplug & hotunplug verbs? why not using the updateDevice verb as well? Isn't LIVE (without losing connectivity to vm (because the hotunplug)) is better?
2. I'll start with saying that in my opinion, the Vnic Profile feature was created to give the client a *more dynamic network environment* and I support. But, I think that the statical variables like MAC, Un/Pluged and Port Mirroring which always exist should be at the nic and not in the profile. In my opinion, Profile's properties may have: max_mtu, min_mtu, mtu, speed, id, vlan... Identifiers for the network. Maybe I'm missing something but it seems natural to me that the port mirroring will be at nic and not at the profile.
I'm not sure how port mirroring is commonly used to enable it on vnic level. Having the port mirroring on vnic profile level allows to control the network usage in a concentrated place.
In both cases, we're a bit late on schedule, therefore changes would be done later on if required.
I'll really appreciate comments. Thank you for your time. Amihay Winter
----- Original Message -----
----- Forwarded Message ----- From: "Livnat Peer" <lpeer@redhat.com> To: "Moti Asayag" <masayag@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org>, "Ofri Masad" <omasad@redhat.com>, "Mike Kolesnik" <mkolesni@redhat.com>, "Oved Ourfalli" <oourfali@redhat.com> Sent: Monday, July 8, 2013 10:11:15 AM Subject: Re: VNIC profiles
On 07/08/2013 12:36 AM, Moti Asayag wrote:
I've updated the wiki accordingly and added few comments inline.
----- Original Message -----
From: "Livnat Peer" <lpeer@redhat.com> To: "Moti Asayag" <masayag@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org>, "Ofri Masad" <omasad@redhat.com>, "Mike Kolesnik" <mkolesni@redhat.com>, "Oved Ourfalli" <oourfali@redhat.com> Sent: Sunday, July 7, 2013 2:59:34 PM Subject: Re: VNIC profiles
On 07/07/2013 01:59 PM, Moti Asayag wrote:
Hi,
I've updated the wiki with the feedbacks from this thread, added a backend section naming the affected commands and also add added few questions of my own embedded in the pastedtext below.
Hi Moti, A good and comprehensive description of the feature behavior. See my comments bellow -
In addition, another question here:
The units within the UI mockups are Mb and Mbps. The libvirt APIs expects the units to be in kb and kbps. Which component is responsible to convert them to the expect units ? engine or VDSM ?
Giuseppe mentioned that in a previous thread on this subject. Ofri and Giuseppe agreed that the translation would be done on the engine level.
Copied text from the wiki:
Adding a Profile
The network administrator could create several VNIC Profiles for each network. He could then grant a users with the permission to use (consume) each profile. The user will only be able to use profiles which he was granted access to.
For example: the network admin will create two VNIC profiles for network "blue":
Profile "Gold" - with better QoS and with port mirroring Profile "Silver" with lower QoS and without port mirroring.
I would use other names for the profiles to avoid confusion. Gold and Silver are likely to be QoS object names, a more typical name for a network profile is - teachers-blue and students-blue
The different profiles can have different QoS (teachers-blue would get Gold QoS while Students-blue will have Silver).
He will then define the user-group "students" as user of profile "Silver" and user-group "teachers" as user of profile "Gold". In this case the teachers will enjoy better quality of service then the students. When a teacher will add/edit a virtual NIC he could select profile "Gold" for that NIC - the VNIC will be connected to network "blue" with high QoS and with port mirroring.
Question: In the same matter we allowed via the UI to grant 'NetworkUser' to 'everyone' user, wouldn't it ease the use of Profiles if we support it in this context as well?
The ease of use could be that when creating a network we'll display in the UI all VNIC-QoS-objects and the users could tick next to the QoS they are interested in, for each QoS that was chosen a profile would be created.
I would enhance that with youe suggestion above and display next to the QoS that was checked the option to mark 'Allow All users' like we have today for making a network public, this option would give permission to everyone on that profile.
Editing a Profile
A user should be able to edit the profile properties (including profile name) while VMs are attached and are using this Profile (reference should be done by id). Changing the network of a vNic profile will be allowed only if no VMs are using the profile.
It would be better if we can limit this to no running VM is using the profile (or more simple to implement if all VMs that are using this profile are in status down).
Allowing to delete a vnic profile when used by vms is asymmetric to the network removal when it is used by vms or templates. Today the update network operation is blocked for that. In addition, with the suggest simplification to remove a profile when no running vms, the user will have to find for himself if the profile is being used prior to its removal since the operation will not be blocked.
If we allow to delete a vnic profile, when a vm is using it (regardless the VM status) we'll have to update the VM entity as well in that operation: since we do not support a network with 'none' profile, we'll have to delete the network as well.
If we'll remove a vnic profile in 3.1 cluster, used by vms in status down, we'd find a case in which a VM is attached to a 'none' network. This is unsupported in 3.1 cluster. We can block such operation, but this is another motivation why we'd better not to allow removing a used profile.
The context above is about editing not deleting :) I agree with what you wrote if the context was remove.
Since we have no way to distinguish between running and current configurations, the expected behavior of such a change is unpredictable and less intuitive to the user (especially since dynamic wiring is supported). The changes will seep down to all VNICs using the profile. In case VNIC using the edited profile are connected to running VMs, the change will apply only on the VM next run.
Question: What about Hibernate/Suspend VM ? will the resume VM action uses the original configuration for the vnics when the VM was started ?
Currently profile includes: network, port-mirroring, custom property, QoS
Changing any of the above (except for network) requires a VM reboot, so I think that we can start with the following statement - the profile change would only apply after next VM reboot.
There are 2 problems with the above: - Today we support network wiring, with VNIC profiles we are asking the users to create a new profile and attach the VMs to the new profile, I can see the RFE coming - we can report that ourselves ;)
- We don't reflect with which configuration the VM is running, e.g we edited the profile QoS but I'm not sure with which QoS the VM is currently running. (The RFE for differentiating between current configuration and running configuration was already asked for by numerous users)
The above is a general issue that we need to solve and I would not limit editing VNIC profiles because of it. We can mitigate this specifically for QoS like described bellow.
Deleting a Profile
VNIC Profiles could not be deleted from the engine as long as one or more VM/Templates are using those profiles.
Reporting vNic actual configuration
The engine will retrieve the actual configuration of the profile properties on the VNIC from VDSM (using the network statistics mechanism) and the networked administrator will be presented with the state of each VNIC (synched/unsynched).
Will the admin be able to see the actual values? I think the synced property is not enough (I'm not sure how interesting this property is to start with).
We can extend the VmGuestAgentInterface to contain the actual value, so they will be presented for each vnic in the 'guest data' sub-tab.
AFAIU this info does not come from the guest it is info we retrieve from libvirt. The VmGuestAgentInterface should be used only for information reported by the guest, information whose credibility can be questioned.
Editing a VNIC / Changing a VNIC profile
Changing the profile a VM is using while the VM is running should behave like dynamic wiring (changing the VM network while it is running). Hot-plug of a vnic will will use will use the updated profile connected to the VNIC.
Not sure I fully understand the sentence above. Hot plug will be fully supported, you can choose any profile (you have permissions on) while plugging a new device.
That was the intention. seems like an edgy hand syndrome :) Changed to: * Hot plug will be fully supported: the user can choose any permitted profile while plugging a new device or when activating an existing one.
Adding a Network
When adding a network, a user can provide an option to create a vNic Profile for it.
Question: Is it s default profile ? what are its properties ? Question: What about 'Public Use' option ? Are they still relevant in the context of adding new networks or we should eliminate them and move it only to 'Add vNic Profile' dialog?
see previous comments In addition when creating a profile we should have 'Allow all' for implicitly creating permissions, like we have today for network.
Updating a Network
When a network role is modified to be a 'non-VM network', all vNic profiles associated with it should be deleted.
And permissions associated with these profiles
Removing a Network
Should remove all profiles on that network
And associated permissions
Adding an Empty Data-Center
Currently, When creating a new Data-Center, the management network is automatically created. From 3.3, a default vNic profile will be created for the management network.
VM snapshot/import/export
We should handle VMs that are pointing to a network directly for backward compatibility. We need to select first profile that is on that network that the user has permissions on.
Question: Do we wish to support it export from 3.3 and import to 3.2 or below?
That means that when you write a VM in the OVF you need to write network in addition to profile.
The network name is already there, so when importing a vnic from 3.3 to an earlier version the profile name will be ignored.
Question: A user can import/export a VM/Template even if he doesn't have permissions on the networks. Is the next flow valid ?
The profile name should be saved in the OVF (in addition to the network name which is saved today). During import, if both (network name, profile name) exist on the target DC, the vnic will get the profile id. If the network exists in the Data-Center, but has no profile as specified in the OVF, the user will be notified (event log) and the VNIC will be connected to a default minimal profile defined in the system, regardless the permissions the user has on the network.
What is a 'default minimal profile' ? I would rather have a VNIC with no profile associated with it.
The 'default minimal profile' refers to a vnic profile with the lower average bandwidth.
With the approach you've suggested, any imported VM/Template from an earlier to 3.3 version will require a manual intervention in order to configure a network to the VM.
I should have elaborated some more -
If a VM has a profile then we should look up this specific profile, if such a profile does not exists then import the VM with profile none like we do today for VM's with reference to a network that does not exist on the setup.
If a VM does not have a profile (3.2 and lower versions) we should look into the network name, if this network exist and we have a profile with permissions to the user then use this profile (if there is more than one choose one randomly).
And for 3.1 we'll have to drop such vnics since network 'none' isn't supported.
If failed to find any matching vNic profile, the vnic's profile will be set with 'none'.
When a Template is created from a VM the VNIC Profile will be kept along with the VNIC. When a VM is created from template the VNIC Profiles will be taken from the template's VNICs.
----- Original Message ----- > From: "Livnat Peer" <lpeer@redhat.com> > To: "engine-devel" <engine-devel@ovirt.org>, "Ofri Masad" > <omasad@redhat.com> > Cc: "Mike Kolesnik" <mkolesni@redhat.com>, "Moti Asayag" > <masayag@redhat.com>, "Oved Ourfalli" <oourfali@redhat.com> > Sent: Sunday, June 30, 2013 3:59:37 PM > Subject: VNIC profiles > > Hi, > > We are working on adding VNIC profiles as part of the work to add > VNIC > QoS. > > http://www.ovirt.org/Features/Network_QoS#VNIC_Profiles > > We need to define some of the system behavior followed by this > change, > here is my take - > > Editing a profile - > -------------------- > A user should be able to edit the profile properties (including > profile > name) while VMs are attached and are using this Profile (reference > should be done by id). > > Changing the network though is a bit more tricky as long as we don't > have a way to distinguish between running and current configurations > I > think it could be very confusing to the user. Especially since we > support dynamic wiring so the behavior IMO is unpredictable. > I think it should be blocked at this point. > > > Edit a VNIC / change a VNIC profile - > ------------------------------------ > Changing the profile a VM is using while the VM is running should > behave > like dynamic wiring (changing the VM network while it is running). > > > Remove a Profile - > ------------------- > Is only valid if all VMs that are using this profile are in status > down. > It should update all VMs to point to no profile which should behave > like > none network today. > > I see no reason to support a profile on a none network at this > point. > > The above is also relevant for upgrade flow (upgrading none network > to > point to no profile) > > > Removing a Network - > ---------------------- > should remove all profiles on that network > > > VM snapshot/import/export - > -------------------------- > We should handle VMs that are pointing to a network directly for b/w > compatibility. > we need to select first profile that is on that network that the > user > has permissions on. > > > I assume there are more, comments are welcome > > Thanks, Livnat > >
<div>Thanks for the quick response,<br></div><div><br></div><div>Please lo= ok down at the comment.<br></div><div><br></div><div><br></div><div>Amihay<= br></div><hr id=3D"zwchr"><blockquote style=3D"border-left:2px solid #1010F= F;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style= :normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-si= ze:12pt;"><b>From: </b>"Moti Asayag" <masayag@redhat.com><br><b>To: <= /b>"Amihay Winter" <awinter@redhat.com><br><b>Cc: </b>engine-devel@ov= irt.org, "Livnat Peer" <lpeer@redhat.com><br><b>Sent: </b>Sunday, Jul= y 28, 2013 3:33:27 PM<br><b>Subject: </b>Re: VNIC profiles & Device Cus= tom Properties<br><div><br></div>Hi Amihay,<br><div><br></div>Thank you for= your inputs on the feature. See answers in-line for each of the raised iss= ues.<br><div><br></div>----- Original Message -----<br>> From: "Amihay W= inter" <awinter@redhat.com><br>> To: engine-devel@ovirt.org<br>>= ; Cc: "Moti Asayag" <masayag@redhat.com>, "Livnat Peer" <lpeer@red= hat.com><br>> Sent: Tuesday, July 23, 2013 3:12:45 PM<br>> Subject= : VNIC profiles & Device Custom Properties<br>> <br>> Hi all,<br>= > <br>> I'm building a TCMS plan for the Device Custom Properties fea= ture and I came<br>> across some questions.<br>> I'm sorry that I'm a=
> One way to implement it is to send a verb "updateDevice" each time we= open<br>> the the "Edit" window and clicking "OK"<br>> I guess that = when the design of update device was made, we tried to send<br>> minimal= verbs, but in this case, I think that if a user clicked on "Edit" &<br= > "OK" then he wanted to send the verb, otherwise, he would have presse= d on<br>> "Edit" & "Cancel".<br>> <br>> Sending this verb will= allow us to keep the vms update with, in my opinion,<br>> minimum cost = and with great profit - Giving the client a "more correct<br>> environme= nt" LIVE.<br><div><br></div>The engine-vdsm has a verb for updating a devic= e. It is sent when the engine<br>detect a change in the state of the vnic w= hich requires updating the device.<br>However, the engine doesn't store the= vnic profile definition used to activate<br>the vnic.<br><div><br></div>In= stead of restarting the VM, the user can plug-unplug the specific device, i= f<br>it already activated.</blockquote><div><br></div><div>I know that plug= /unplug the specific device will propagate the change but why use only the = hotplug &<br></div><div>hotunplug verbs? why not using the updateDevice= verb as well?<br></div><div>Isn't LIVE (without losing connectivity to vm = (because the hotunplug)) is better?<br></div><div><br></div><blockquote sty= le=3D"border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:= #000;font-weight:normal;font-style:normal;text-decoration:none;font-family:= Helvetica,Arial,sans-serif;font-size:12pt;"><div><br></div>> <br>> 2.= I'll start with saying that in my opinion, the Vnic Profile feature was<br= > created to give the client a *more dynamic network environment* and I= <br>> support.<br>> But, I think that the statical variables like MAC= , Un/Pluged and Port<br>> Mirroring which always exist should be at the = nic and not in the profile.<br>> In my opinion, Profile's properties may= have: max_mtu, min_mtu, mtu, speed,<br>> id, vlan... Identifiers for th= e network.<br>> Maybe I'm missing something but it seems natural to me t= hat the port<br>> mirroring will be at nic and not at the profile.<br>&g= t; <br><div><br></div>I'm not sure how port mirroring is commonly used to e= nable it on vnic level.<br>Having the port mirroring on vnic profile level = allows to control the network<br>usage in a concentrated place.<br><div><br= </div>In both cases, we're a bit late on schedule, therefore changes would= be done <br>later on if required.<br><div><br></div>> I'll really appre= ciate comments.<br>> Thank you for your time.<br>> Amihay Winter<br>&= gt; <br>> ----- Original Message -----<br>> <br>> > ----- Forwa= rded Message -----<br>> > From: "Livnat Peer" <lpeer@redhat.com>= ;<br>> > To: "Moti Asayag" <masayag@redhat.com><br>> > Cc= : "engine-devel" <engine-devel@ovirt.org>, "Ofri Masad"<br>> > = <omasad@redhat.com>, "Mike Kolesnik" <mkolesni@redhat.com>, "Ov= ed Ourfalli"<br>> > <oourfali@redhat.com><br>> > Sent: Mo= nday, July 8, 2013 10:11:15 AM<br>> > Subject: Re: VNIC profiles<br>&= gt; <br>> > On 07/08/2013 12:36 AM, Moti Asayag wrote:<br>> > &= gt; I've updated the wiki accordingly and added few comments inline.<br>>= ; > ><br>> > > ----- Original Message -----<br>> > >= ;> From: "Livnat Peer" <lpeer@redhat.com><br>> > >> To= : "Moti Asayag" <masayag@redhat.com><br>> > >> Cc: "engin= e-devel" <engine-devel@ovirt.org>, "Ofri Masad"<br>> > >>= <omasad@redhat.com>, "Mike Kolesnik" <mkolesni@redhat.com>,<br= > > >> "Oved Ourfalli" <oourfali@redhat.com><br>> >= ; >> Sent: Sunday, July 7, 2013 2:59:34 PM<br>> > >> Subj= ect: Re: VNIC profiles<br>> > >><br>> > >> On 07/07= /2013 01:59 PM, Moti Asayag wrote:<br>> > >>> Hi,<br>> &g= t; >>><br>> > >>> I've updated the wiki with the fe= edbacks from this thread, added a<br>> > >>> backend<br>>= > >>> section naming the affected commands and also add added = few questions<br>> > >>> of<br>> > >>> my own= embedded in the pastedtext below.<br>> > >>><br>> > &= gt;><br>> > >> Hi Moti,<br>> > >> A good and com=
> > >>> each profile. The user will only be able to use pro= files which he was<br>> > >>> granted access to.<br>> >= ; >>><br>> > >>> For example: the network admin wil= l create two VNIC profiles for<br>> > >>> network "blue":<br= > > >>><br>> > >>> Profile "Gold" - with bet= ter QoS and with port mirroring<br>> > >>> Profile "Silver" = with lower QoS and without port mirroring.<br>> > >>><br>>= ; > >><br>> > >> I would use other names for the profi= les to avoid confusion.<br>> > >> Gold and Silver are likely to= be QoS object names, a more typical name<br>> > >> for a netwo= rk profile is - teachers-blue and students-blue<br>> > >><br>&g= t; > >> The different profiles can have different QoS (teachers-bl= ue would get<br>> > >> Gold QoS while Students-blue will have S= ilver).<br>> > >><br>> > >><br>> > >>&g= t; He will then define the user-group "students" as user of profile<br>>= > >>> "Silver" and user-group "teachers" as user of profile "G=
> > >> Not sure I fully understand the sentence above.<br>>= > >> Hot plug will be fully supported, you can choose any profile= (you have<br>> > >> permissions on) while plugging a new devic= e.<br>> > >><br>> > ><br>> > > That was the i= ntention. seems like an edgy hand syndrome :)<br>> > > Changed to:= <br>> > > * Hot plug will be fully supported: the user can choose = any permitted<br>> > > profile while plugging a new device or when= activating an existing one.<br>> > ><br>> > >>> Ad= ding a Network<br>> > >>><br>> > >>> When add= ing a network, a user can provide an option to create a vNic<br>> > &= gt;>> Profile for it.<br>> > >>><br>> > >>= > Question: Is it s default profile ? what are its properties ?<br>> = > >>> Question: What about 'Public Use' option ? Are they still= relevant in<br>> > >>> the<br>> > >>> contex= t of adding new networks or we should eliminate them and move it<br>> &g= t; >>> only to 'Add vNic Profile' dialog?<br>> > >>>= ;<br>> > >><br>> > >> see previous comments<br>>= > >> In addition when creating a profile we should have 'Allow al= l' for<br>> > >> implicitly creating permissions, like we have = today for network.<br>> > >><br>> > >>> Updating= a Network<br>> > >>><br>> > >>> When a netwo= rk role is modified to be a 'non-VM network', all vNic<br>> > >>= ;> profiles<br>> > >>> associated with it should be delet= ed.<br>> > >><br>> > >> And permissions associated = with these profiles<br>> > >><br>> > >>> Removin= g a Network<br>> > >>><br>> > >>> Should remo= ve all profiles on that network<br>> > >>><br>> > >= ><br>> > >> And associated permissions<br>> > >>= <br>> > >>> Adding an Empty Data-Center<br>> > >>= ;><br>> > >>> Currently, When creating a new Data-Center,=
> > permissions to the user then use this profile (if there is more =
------=_Part_17897434_1769683215.1375106264138 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: times new roman, new york, times, se= rif; font-size: 12pt; color: #000000"><div>Hi Moti,<br></div><div><br></div= little late with my thoughts but I hope you'll still<br>> hear them out= .<br>> Also, I know It's a little long but please bear with me :)<br>>= ; <br>> I want to talk about two things:<br>> 1. Sending an updateDev= ice verb whenever clicking on "Edit" and than "OK".<br>> 2. Setting Port= Mirroring at the configuring of a nic and not at the profile.<br>> <br>= > 1.According to the Vnic_Profiles's wiki (in the Editing a profile sect= ion) it<br>> says:<br>> "The changes will seep down to all VNICs usin= g the profile.<br>> In case VNIC using the edited profile are connected = to running VMs, the<br>> change will apply only on the VM next run."<br>= > I'll describe a Scenario:<br>> Creating profile A with property spe= ed =3D 500<br>> Setting vnic2 on vm to have profile A (using Hotplugnic)= <br>> Changing (in the profile) speed =3D 700<br>> According to the V= nic_Profiles's wiki, only when I restart my vm I'll get my<br>> setting = right.<br>> In my opinion, If we could enable the update of those settin= g LIVE we will<br>> give the clients a better solution in the Vnic Profi= les.<br>> I will be able to update all of my 1000 vms in a few minutes w= ith a single<br>> script instead of restarting them all and maybe stoppi= ng others' work.<br>> I think that restarting 1000 vms because I want to= set a property is not<br>> something that an admin would want to do.<br= prehensive description of the feature behavior.<br>> > >> See m= y comments bellow -<br>> > >><br>> > >>> In addi= tion, another question here:<br>> > >>><br>> > >>= ;> The units within the UI mockups are Mb and Mbps. The libvirt APIs<br>= > > >>> expects<br>> > >>> the units to be in= kb and kbps. Which component is responsible to<br>> > >>> c= onvert<br>> > >>> them to the expect units ? engine or VDSM = ?<br>> > >><br>> > >> Giuseppe mentioned that in a = previous thread on this subject.<br>> > >> Ofri and Giuseppe ag= reed that the translation would be done on the<br>> > >> engine= level.<br>> > >><br>> > >><br>> > >>&g= t;<br>> > >>> Copied text from the wiki:<br>> > >&g= t;><br>> > >>> Adding a Profile<br>> > >>>= <br>> > >>> The network administrator could create several V= NIC Profiles for each<br>> > >>> network. He could then gran= t a users with the permission to use<br>> > >>> (consume)<br= old". In this<br>> > >>> case the teachers will enjoy better= quality of service then the<br>> > >>> students. When a tea= cher will add/edit a virtual NIC he could select<br>> > >>> = profile "Gold" for that NIC - the VNIC will be connected to network<br>>= > >>> "blue" with high QoS and with port mirroring.<br>> &g= t; >>><br>> > >>> Question: In the same matter we a= llowed via the UI to grant<br>> > >>> 'NetworkUser'<br>> = > >>> to 'everyone' user, wouldn't it ease the use of Profiles = if we support<br>> > >>> it<br>> > >>> in thi= s context as well?<br>> > >><br>> > >> The ease of = use could be that when creating a network we'll display in<br>> > >= ;> the UI all VNIC-QoS-objects and the users could tick next to the QoS<= br>> > >> they are interested in, for each QoS that was chosen = a profile would be<br>> > >> created.<br>> > >><br>= > > >> I would enhance that with youe suggestion above and disp= lay next to the<br>> > >> QoS that was checked the option to ma= rk 'Allow All users' like we have<br>> > >> today for making a = network public, this option would give permission to<br>> > >> = everyone on that profile.<br>> > >><br>> > >><br>&g= t; > >>><br>> > >>> Editing a Profile<br>> &g= t; >>><br>> > >>> A user should be able to edit the= profile properties (including profile<br>> > >>> name) whil= e VMs are attached and are using this Profile (reference<br>> > >&= gt;> should be done by id).<br>> > >>> Changing the netwo= rk of a vNic profile will be allowed only if no VMs<br>> > >>&g= t; are using the profile.<br>> > >><br>> > >> It wo= uld be better if we can limit this to no running VM is using the<br>> &g= t; >> profile (or more simple to implement if all VMs that are using = this<br>> > >> profile are in status down).<br>> > ><b= r>> > > Allowing to delete a vnic profile when used by vms is asym= metric to the<br>> > > network removal<br>> > > when it i= s used by vms or templates. Today the update network operation<br>> >= > is<br>> > > blocked for that.<br>> > > In addition,= with the suggest simplification to remove a profile when no<br>> > &= gt; running vms, the user<br>> > > will have to find for himself i= f the profile is being used prior to its<br>> > > removal since th= e<br>> > > operation will not be blocked.<br>> > ><br>>= ; > > If we allow to delete a vnic profile, when a vm is using it (re= gardless<br>> > > the<br>> > > VM status)<br>> > &g= t; we'll have to update the VM entity as well in that operation: since we d= o<br>> > > not support a<br>> > > network with 'none' pro= file, we'll have to delete the network as well.<br>> > ><br>> &= gt; > If we'll remove a vnic profile in 3.1 cluster, used by vms in stat= us<br>> > > down,<br>> > > we'd find a case<br>> > = > in which a VM is attached to a 'none' network. This is unsupported in = 3.1<br>> > > cluster. We can block<br>> > > such operatio= n, but this is another motivation why we'd better not to<br>> > > = allow<br>> > > removing a used profile.<br>> > ><br>> = <br>> > The context above is about editing not deleting :)<br>> &g= t; I agree with what you wrote if the context was remove.<br>> <br>> = > >><br>> > >>> Since we have no way to distinguish= between running and current<br>> > >>> configurations, the = expected behavior of such a change is<br>> > >>> unpredictab= le and less intuitive to the user (especially since<br>> > >>&g= t; dynamic wiring is supported).<br>> > >>> The changes will= seep down to all VNICs using the profile.<br>> > >>> In cas= e VNIC using the edited profile are connected to running VMs,<br>> > = >>> the change will apply only on the VM next run.<br>> > &g= t;>><br>> > >>> Question: What about Hibernate/Suspend= VM ? will the resume VM action<br>> > >>> uses<br>> >= >>> the original configuration for the vnics when the VM was star= ted ?<br>> > >><br>> > >> Currently profile include= s: network, port-mirroring, custom property,<br>> > >> QoS<br>&= gt; > >><br>> > >> Changing any of the above (except f= or network) requires a VM reboot, so<br>> > >> I think that we = can start with the following statement - the profile<br>> > >> = change would only apply after next VM reboot.<br>> > >><br>>= > >> There are 2 problems with the above:<br>> > >> -= Today we support network wiring, with VNIC profiles we are asking the<br>&= gt; > >> users to create a new profile and attach the VMs to the n= ew profile, I<br>> > >> can see the RFE coming - we can report = that ourselves ;)<br>> > >><br>> > >> - We don't re= flect with which configuration the VM is running, e.g we<br>> > >&= gt; edited the profile QoS but I'm not sure with which QoS the VM is<br>>= ; > >> currently running. (The RFE for differentiating between cur= rent<br>> > >> configuration and running configuration was alre= ady asked for by<br>> > >> numerous users)<br>> > >>= ;<br>> > >> The above is a general issue that we need to solve = and I would not limit<br>> > >> editing VNIC profiles because o= f it.<br>> > >> We can mitigate this specifically for QoS like = described bellow.<br>> > >><br>> > >><br>> > = >><br>> > >>> Deleting a Profile<br>> > >>= ><br>> > >>> VNIC Profiles could not be deleted from the = engine as long as one or<br>> > >>> more<br>> > >&g= t;> VM/Templates are using those profiles.<br>> > >><br>>= > >>> Reporting vNic actual configuration<br>> > >>= ;><br>> > >>> The engine will retrieve the actual configu= ration of the profile<br>> > >>> properties on the VNIC from= VDSM (using the network statistics<br>> > >>> mechanism) an= d the networked administrator will be presented with the<br>> > >&= gt;> state of each VNIC (synched/unsynched).<br>> > >>><b= r>> > >><br>> > >> Will the admin be able to see th= e actual values? I think the synced<br>> > >> property is not e= nough (I'm not sure how interesting this property is to<br>> > >&g= t; start with).<br>> > ><br>> > > We can extend the VmGue= stAgentInterface to contain the actual value, so<br>> > > they<br>= > > > will be presented for each vnic in the 'guest data' sub-tab.= <br>> > ><br>> <br>> > AFAIU this info does not come from= the guest it is info we retrieve from<br>> > libvirt.<br>> > T= he VmGuestAgentInterface should be used only for information reported<br>&g= t; > by the guest, information whose credibility can be questioned.<br>&= gt; <br>> > >><br>> > >>> Editing a VNIC / Chang= ing a VNIC profile<br>> > >>><br>> > >>> Chan= ging the profile a VM is using while the VM is running should<br>> > = >>> behave like dynamic wiring (changing the VM network while it i= s<br>> > >>> running).<br>> > >>> Hot-plug of= a vnic will will use will use the updated profile connected<br>> > &= gt;>> to the VNIC.<br>> > >>><br>> > >><br= the management network is<br>> > >>> automatically created.= <br>> > >>> From 3.3, a default vNic profile will be created= for the management<br>> > >>> network.<br>> > >>= ;><br>> > >>> VM snapshot/import/export<br>> > >= >><br>> > >>> We should handle VMs that are pointing t= o a network directly for<br>> > >>> backward compatibility.<= br>> > >>> We need to select first profile that is on that n= etwork that the user<br>> > >>> has permissions on.<br>> = > >>><br>> > >>> Question: Do we wish to support= it export from 3.3 and import to 3.2 or<br>> > >>> below?<b= r>> > >><br>> > >> That means that when you write a= VM in the OVF you need to write network<br>> > >> in addition = to profile.<br>> > >><br>> > ><br>> > > The n= etwork name is already there, so when importing a vnic from 3.3 to<br>> = > > an<br>> > > earlier version<br>> > > the profil= e name will be ignored.<br>> > ><br>> > >><br>> >= ; >>> Question: A user can import/export a VM/Template even if he = doesn't<br>> > >>> have<br>> > >>> permission= s on the networks. Is the next flow valid ?<br>> > >>><br>&g= t; > >>> The profile name should be saved in the OVF (in additi= on to the network<br>> > >>> name which is saved today).<br>= > > >>> During import, if both (network name, profile name) = exist on the target<br>> > >>> DC, the vnic will get the pro= file id.<br>> > >>> If the network exists in the Data-Center= , but has no profile as<br>> > >>> specified in the OVF, the= user will be notified (event log) and the<br>> > >>> VNIC w= ill be connected to a default minimal profile defined in the<br>> > &= gt;>> system, regardless the permissions the user has on the network.= <br>> > >>><br>> > >><br>> > >> What= is a 'default minimal profile' ? I would rather have a VNIC with no<br>>= ; > >> profile associated with it.<br>> > ><br>> > = > The 'default minimal profile' refers to a vnic profile with the lower<= br>> > > average bandwidth.<br>> > ><br>> > > Wi= th the approach you've suggested, any imported VM/Template from an<br>> = > > earlier to 3.3 version<br>> > > will require a manual in= tervention in order to configure a network to the<br>> > > VM.<br>= > <br>> > I should have elaborated some more -<br>> <br>> &g= t; If a VM has a profile then we should look up this specific profile, if<b= r>> > such a profile does not exists then import the VM with profile = none like<br>> > we do today for VM's with reference to a network tha= t does not exist on<br>> > the setup.<br>> <br>> > If a VM d= oes not have a profile (3.2 and lower versions) we should look<br>> >= into the network name, if this network exist and we have a profile with<br= than one<br>> > choose one randomly).<br>> <br>> > > And = for 3.1 we'll have to drop such vnics since network 'none' isn't<br>> &g= t; > supported.<br>> > ><br>> > >><br>> > >= ;>> If failed to find any matching vNic profile, the vnic's profile w= ill be<br>> > >>> set<br>> > >>> with 'none'.= <br>> > >>><br>> > >>> When a Template is cre= ated from a VM the VNIC Profile will be kept<br>> > >>> alon= g with the VNIC. When a VM is created from template the VNIC<br>> > &= gt;>> Profiles will be taken from the template's VNICs.<br>> > = >>><br>> > >>> ----- Original Message -----<br>>= > >>>> From: "Livnat Peer" <lpeer@redhat.com><br>>= > >>>> To: "engine-devel" <engine-devel@ovirt.org>, "= Ofri Masad"<br>> > >>>> <omasad@redhat.com><br>>= > >>>> Cc: "Mike Kolesnik" <mkolesni@redhat.com>, "Mo= ti Asayag"<br>> > >>>> <masayag@redhat.com>, "Oved = Ourfalli" <oourfali@redhat.com><br>> > >>>> Sent: S= unday, June 30, 2013 3:59:37 PM<br>> > >>>> Subject: VNIC= profiles<br>> > >>>><br>> > >>>> Hi,<b= r>> > >>>><br>> > >>>> We are working o= n adding VNIC profiles as part of the work to add VNIC<br>> > >>= ;>> QoS.<br>> > >>>><br>> > >>>> = http://www.ovirt.org/Features/Network_QoS#VNIC_Profiles<br>>; > >&g= t;>><br>> > >>>> We need to define some of the syst= em behavior followed by this change,<br>> > >>>> here is = my take -<br>> > >>>><br>> > >>>> Editi= ng a profile -<br>> > >>>> --------------------<br>> &= gt; >>>> A user should be able to edit the profile properties (= including<br>> > >>>> profile<br>> > >>>&g= t; name) while VMs are attached and are using this Profile (reference<br>&g= t; > >>>> should be done by id).<br>> > >>>&g= t;<br>> > >>>> Changing the network though is a bit more = tricky as long as we don't<br>> > >>>> have a way to dist= inguish between running and current configurations I<br>> > >>&= gt;> think it could be very confusing to the user. Especially since we<b= r>> > >>>> support dynamic wiring so the behavior IMO is = unpredictable.<br>> > >>>> I think it should be blocked a= t this point.<br>> > >>>><br>> > >>>><b= r>> > >>>> Edit a VNIC / change a VNIC profile -<br>> = > >>>> ------------------------------------<br>> > >= ;>>> Changing the profile a VM is using while the VM is running sh= ould<br>> > >>>> behave<br>> > >>>> lik= e dynamic wiring (changing the VM network while it is running).<br>> >= ; >>>><br>> > >>>><br>> > >>>&= gt; Remove a Profile -<br>> > >>>> -------------------<br=
> > >>>> Is only valid if all VMs that are using this pr= ofile are in status<br>> > >>>> down.<br>> > >&g= t;>> It should update all VMs to point to no profile which should beh= ave<br>> > >>>> like<br>> > >>>> none n= etwork today.<br>> > >>>><br>> > >>>> I= see no reason to support a profile on a none network at this point.<br>>= ; > >>>><br>> > >>>> The above is also rel= evant for upgrade flow (upgrading none network to<br>> > >>>= > point to no profile)<br>> > >>>><br>> > >&g= t;>><br>> > >>>> Removing a Network -<br>> > = >>>> ----------------------<br>> > >>>> shoul= d remove all profiles on that network<br>> > >>>><br>>= > >>>><br>> > >>>> VM snapshot/import/exp= ort -<br>> > >>>> --------------------------<br>> >= >>>> We should handle VMs that are pointing to a network direc= tly for b/w<br>> > >>>> compatibility.<br>> > >&= gt;>> we need to select first profile that is on that network that th= e user<br>> > >>>> has permissions on.<br>> > >&= gt;>><br>> > >>>><br>> > >>>> I a= ssume there are more, comments are welcome<br>> > >>>><br= > > >>>> Thanks, Livnat<br>> > >>>><br= > > >>>><br>> > >><br>> > >><br>= > <br></blockquote><div><br></div></div></body></html> ------=_Part_17897434_1769683215.1375106264138--