Wednesday, 2016-08-17

*** yushiro has joined #openstack-fwaas		00:09
*** diogogmt has quit IRC		00:28
yushiro	Hi njohnston, I've just commented your patch(https://review.openstack.org/#/c/311159)	00:47
yushiro	Would you please confirm it?	00:47
*** chandanc_ has joined #openstack-fwaas		01:14
*** diogogmt has joined #openstack-fwaas		01:25
*** chandanc_ has quit IRC		01:38
*** padkrish has joined #openstack-fwaas		02:06
*** chandanc_ has joined #openstack-fwaas		02:40
*** SridarK_ has quit IRC		02:43
*** padkrish has quit IRC		02:49
*** padkrish has joined #openstack-fwaas		02:50
*** padkrish has quit IRC		02:54
*** diogogmt has quit IRC		03:28
*** padkrish has joined #openstack-fwaas		03:28
*** yushiro has quit IRC		03:31
*** padkrish_ has joined #openstack-fwaas		03:49
*** padkrish has quit IRC		03:52
*** SarathMekala has joined #openstack-fwaas		03:52
*** yushiro has joined #openstack-fwaas		03:59
*** davidlenwell has quit IRC		04:42
*** davidlenwell has joined #openstack-fwaas		04:55
yushiro	ping SarathMekala	05:00
SarathMekala	hi Yushiro	05:00
yushiro	SarathMekala, hi. Would you tell me more about your last words on IRC meeting?	05:01
SarathMekala	In V1, we can create a firewall with State as DOWN	05:01
SarathMekala	this will prevent the plugin from creating the namespace	05:02
*** SridarK has joined #openstack-fwaas		05:02
yushiro	SarathMekala, 'State' means 'admin_state_up' or 'status' ?	05:02
SarathMekala	admin_state_up i think	05:02
SarathMekala	not sure what status stands for	05:02
SridarK	SarathMekala: admin_state is the administrative state	05:03
SridarK	status is operational status	05:03
SarathMekala	Yeah.. it should be the admin_state only	05:03
yushiro	SarathMekala, OK. I see. you say 'admin_state'.	05:03
SarathMekala	yeah.. there can be scenarios where a tenant precreates a firewall	05:04
SarathMekala	but brings it up later	05:04
SarathMekala	one more scenario is... during update operation a firewall admin_state can be brought down.. at which point the namespace has to be cleaned up	05:05
SridarK	SarathMekala: yes, if the firewall is not bound to port(s) we can also mark status as INACTIVE	05:05
yushiro	SridarK, SarathMekala Yes.	05:05
SarathMekala	yeah..	05:05
SarathMekala	admin_state down + ports associated will not have a namespace	05:06
SarathMekala	admin_state up + ports associated (or not) will have a namespace	05:06
SarathMekala	correction: by namespace I mean the FW rules on the iptable namespace	05:07
SridarK	SarathMekala: i think to be clear - u mean rules in a namespace	05:07
SridarK	ok we said the same thing :-)	05:07
SarathMekala	:-)	05:07
yushiro	SarathMekala, Yes, however, no rule exists on firewall_group if firewall_group doesn't have 'ingress_firewall_policy_id' and 'egress_firewall_policy_id'	05:07
yushiro	Ah, sorry. I'll AFK.... I'll go back here later...	05:08
SarathMekala	right.. I am telling about one more scenario for your consideration	05:08
*** yushiro is now known as yushiro_afk		05:08
SarathMekala	ok.. catch u later	05:08
SridarK	SarathMekala: yes correct	05:08
SridarK	but the key thing is if there is no policy on the fwg, even if we associate ports - there is nothing really to push into the namespace	05:09
SridarK	so we keep the operational state (status) as INACTIVE	05:09
SarathMekala	Yeah.. agreed... operation state is fine as per the discussion	05:10
SridarK	or we enforce the need for atleast one policy	05:10
SridarK	to create a fwg	05:10
SarathMekala	SG has a default security group	05:10
SarathMekala	can we have a similar concept here for both ingress/egress	05:11
SridarK	one thing to look at is if in the default sec grp, i we take out all the rules	05:11
SridarK	what happens	05:12
SarathMekala	see your point.. thats why SG does not allow to remove all the rules from default :)	05:13
chandanc_	in SG when a VM is launched, the default SG is always attached but the tenant can change it to his custom SG	05:13
SridarK	yes that is correct	05:13
chandanc_	Can check it	05:13
SridarK	we will need some notion of specifying something like a default fwg that is applied to all vms	05:14
SridarK	on create	05:14
chandanc_	Here is a analogy for your case "for i in None " and "for i in []". I think the second case is still valid	05:15
chandanc_	what do you think :)	05:15
SridarK	chandanc_: yes agree :-)	05:16
SridarK	lets discuss more on email	05:16
chandanc_	sure	05:16
SridarK	let me go back to debugging	05:16
SarathMekala	sure	05:16
SridarK	:-(	05:16
SridarK	many thx for pulling together on this	05:17
chandanc_	lets catch up on mail	05:17
SarathMekala	no problem	05:17
SarathMekala	AFK for teabreak	05:18
*** yushiro_afk is now known as yushiro		06:27
yushiro	I just turned back.	06:27
SridarK	yushiro: can u pls scan the ext patch	06:38
SridarK	if u are good we can get it in	06:39
yushiro	SridarK, Sure. I'll do it. Just a moment please.	06:39
SridarK	ok np	06:39
SridarK	take ur time	06:39
yushiro	SridarK, I checked it . All of my comments are reflected. However, I noticed that there is no test for firewall_group.	06:44
yushiro	SridarK, Should I comment about that?	06:45
SridarK	yushiro: maybe we can add that later ?	06:47
SridarK	i can pick it up along with the plugin patch	06:47
yushiro	SridarK: I think so. We can add it later. It looks good for 'firewall_groups' on ext patch.	06:50
SridarK	yushiro: ok good	06:51
SridarK	pls go ahead and i do the +A	06:51
yushiro	OK. I'll put +2	06:52
SridarK	i also saw that all comments were addressed - mainly tenant_id and default	06:52
SridarK	on policies	06:52
yushiro	Yeah. These are reflected. In this stage, we should keep "None" for both 'ingress_firewall_policy_id' and 'egress_firewall_policy_id', shouldn't we?	06:56
yushiro	as a default value.	06:56
SridarK	yushiro: yes i think so too	06:58
yushiro	SridarK, OK!! thanks	06:58
SridarK	i will add the validation to make sure that at least one is present on CR	06:58
SridarK	and we will not allow UPD that will result in no policy on the fwg	06:59
yushiro	SridarK, that make sense. additionally, we should take care of UPD 'admin_state_up' as SarathMekala mentioned.	07:00
SridarK	yushiro: yes agreed	07:00
yushiro	SridarK: I just put +2 on ext patch.	07:00
SridarK	yushiro: thanks - i did the +A	07:02
yushiro	:-)	07:03
SridarK	yushiro: tomorrow i will help on the db patch as needed and we can try to have that ready, then i can clean up the plugin	07:04
yushiro	SridarK, I understand. I'll review DB and plugin patches. Today, I'll put the CLI patch.	07:05
SridarK	yushiro: thx - i will sign off now	07:10
yushiro	SridarK, good night.	07:17
*** yushiro has quit IRC		07:56
*** padkrish_ has quit IRC		08:05
*** chandanc_ has quit IRC		08:08
*** mickeys has quit IRC		08:39
*** mickeys has joined #openstack-fwaas		08:39
*** mickeys has quit IRC		08:44
*** chandanc_ has joined #openstack-fwaas		08:52
*** openstack has joined #openstack-fwaas		10:16
*** chandanc_ has quit IRC		10:18
*** SarathMekala has quit IRC		10:18
*** chandanc_ has joined #openstack-fwaas		10:30
*** SarathMekala has joined #openstack-fwaas		10:31
*** yamamoto has joined #openstack-fwaas		10:50
*** yamamoto has quit IRC		10:56
*** yamamoto has joined #openstack-fwaas		10:57
*** yamamoto has quit IRC		11:02
*** chandanc_ has quit IRC		11:03
*** yamamoto has joined #openstack-fwaas		11:03
*** yamamoto has quit IRC		11:07
*** yamamoto has joined #openstack-fwaas		11:07
*** SarathMekala has quit IRC		11:09
*** yamamoto has quit IRC		11:09
*** yamamoto has joined #openstack-fwaas		11:09
*** yamamoto has quit IRC		11:40
*** yamamoto has joined #openstack-fwaas		11:46
*** yamamoto has quit IRC		12:15
*** yamamoto has joined #openstack-fwaas		12:28
*** yamamoto has quit IRC		12:32
*** yamamoto has joined #openstack-fwaas		12:55
mfranc213	SridarK: ping	13:05
SridarK	mfranc213: GM	13:21
mfranc213	good morning SridarK--you are up early and were up late!	13:22
mfranc213	I wonder if you could look quickly at what I've done here and let me know if these changes are okay. If not, I will revert: https://review.openstack.org/#/c/337699/12..13/neutron_fwaas/services/firewall/agents/l3reference/firewall_l3_agent_v2.py	13:22
SridarK	:-) for the next couple of days need to keep chugging	13:22
SridarK	mfranc213: ok let me look	13:22
mfranc213	ty	13:22
SridarK	mfranc213: i think we can keep the reference as project in all the text and method names, but found out yesterday that setting the key as 'project_id' still has some issues with the infrastructure	13:26
SridarK	so across the ext patch and db patch we reverted back to using tenant_id as the attribute	13:27
mfranc213	yes, i read the meeting notes so wasn't sure what to do.	13:27
SridarK	so i think when ever u have time as u spin thru the patch - u can change 'project_id' back to 'tenant_id' where it is actually used as a key	13:28
mfranc213	so router['project_id'] should be router['tenant_id'] ?	13:28
mfranc213	(just want to be doubly sure :) )	13:28
SridarK	yes exactly	13:29
mfranc213	thank you SridarK. i will fix.	13:29
SridarK	let me put a comment on gerrit as well	13:29
*** yamamoto has quit IRC		13:29
mfranc213	perfect	13:29
*** yamamoto has joined #openstack-fwaas		13:30
*** mickeys has joined #openstack-fwaas		13:34
SridarK	mfranc213: Done and thx	13:35
mfranc213	SridarK: thank you!	13:35
SridarK	mfranc213: np - i also msged padkrish that u were look for him - and thx for the follow up on the email - that will be the next hunk of things to get in	13:36
mfranc213	SridarK: thank you for doing that.	13:37
SridarK	mfranc213: np	13:37
SridarK	njohnston: ping	13:37
mfranc213	SridarK: nate is out of the office for a bit.	13:38
*** chandanc_ has joined #openstack-fwaas		13:39
SridarK	mfranc213: ok thx for the heads up - i just wanted to coordinate on the db patch - so i can work thru some of the comments without overwriting anything that he may have done	13:39
SridarK	i will not push anything up	13:39
mfranc213	SridarK: i believe he will be back in the office in 1/2 hour of so.	13:39
SridarK	mfranc213: ok cool thx	13:40
mfranc213	SridarK: would you be able to give me your opinion on something else?	13:40
SridarK	mfranc213: sure pls go ahead	13:40
mfranc213	SridarK: i've put this TODO in here, but now i think i should do something else: i think we should have a fwaas_base_v2.py instead? https://review.openstack.org/#/c/337699/13/neutron_fwaas/services/firewall/drivers/fwaas_base.py	13:40
mfranc213	and so all the methods can be abc.abstractmethods	13:40
mfranc213	one file for v1, and the other for v2	13:41
mfranc213	?	13:41
SridarK	let me look	13:41
SridarK	mfranc213: i think that makes sense to have a separate file for _v2	13:43
mfranc213	SridarK: i will do that now.	13:43
mfranc213	thank you!	13:43
SridarK	mfranc213: ok great thx	13:43
njohnston	Good morning all.	14:16
njohnston	SridarK: pong	14:16
xgerman	good morning — sorry I missed last nights meeting	14:27
*** yamamoto has quit IRC		14:27
*** yamamoto has joined #openstack-fwaas		14:29
*** yamamoto has quit IRC		14:34
*** padkrish has joined #openstack-fwaas		14:39
*** padkrish_ has joined #openstack-fwaas		14:42
*** chandanc_ has quit IRC		14:43
*** padkrish has quit IRC		14:44
*** diogogmt has joined #openstack-fwaas		14:47
SridarK	njohnston: Hi sorry i stepped away	14:58
njohnston	SridarK: No problem	14:59
SridarK	xgerman: no worries - i think we had a good discussion and things are moving	14:59
SridarK	njohnston: would u like me to work thru yushiro's last set of comments as i look thru some of the UTs	15:00
njohnston	SridarK: If you have updates to 311159, please proceed	15:00
njohnston	I'm on something else for the moment, I have no pending changes to 311159	15:00
SridarK	njohnston: i will get started on that - but if u things to push at some point - we can sync with each other	15:00
SridarK	and coordinate	15:01
njohnston	SridarK: sounds good	15:01
njohnston	SridarK: I hope you, Paddu, and Shweta aren't affected by this: https://www.sdxcentral.com/articles/news/cisco-lay-off-14000-employees/2016/08/	15:07
SridarK	njohnston: this is the major news for today - we have not heard anything and trying to stay optimisitic	15:07
SridarK	njohnston: thx for asking	15:07
*** yamamoto has joined #openstack-fwaas		15:32
mfranc213	padkrish_ ping	15:33
padkrish_	mfranc213: hello	15:33
mfranc213	hello there. i've read ihar's comments and am ready to implement the changes if that's okay with you	15:34
SridarK	mfranc213: padkrish_ : if i am not mistaken - the comments were made in the context of the Address Group resource	15:37
mfranc213	yes and Firewall Group	15:37
SridarK	we removed Address Group	15:37
*** yamamoto has quit IRC		15:37
SridarK	as a todo for the future	15:37
padkrish_	mfranc213: I also wanted to discuss some of those with you....we need to remove some of those to keep in sync with the DB patch	15:38
SridarK	but the idea applies to FirewallGroup	15:38
njohnston	padkrish_: correct	15:38
SridarK	we removed in the ext and i removed it in the db patch also	15:38
padkrish_	ok...mfranc213# if you are ready with the changes, pls go ahead	15:39
padkrish_	i don't have the patches anyways, so it's ok	15:39
mfranc213	padkrish_: okay, i'll go ahead. thank you paddu.	15:40
*** padkrish_ has quit IRC		15:57
*** padkrish has joined #openstack-fwaas		16:19
*** yushiro has joined #openstack-fwaas		16:48
yushiro	hi, good evening.	16:48
yushiro	I've just updated CLI patch and sorry for late.	16:49
*** padkrish has quit IRC		16:49
yushiro	Good night...zzz	16:50
*** yushiro has left #openstack-fwaas		16:50
*** padkrish has joined #openstack-fwaas		17:00
*** padkrish has quit IRC		17:08
*** yamamoto has joined #openstack-fwaas		17:34
*** padkrish has joined #openstack-fwaas		17:37
*** yamamoto has quit IRC		17:38
SridarK	njohnston: i took care of yushiro's comments on the db patch. I will interleave on the UT issues and the plugin patch for the rest of the day	18:17
SridarK	njohnston: so u can continue to chug along, i will check in with u so we dont overwrite anything	18:18
njohnston	OK, I have grabbed your latest PS, and I will deep dive into the remaining UT issues, starting with test_update_shared_firewall_policy_with_unshared_rule	18:18
SridarK	njohnston: perfect	18:18
SridarK	mfranc213: i missed ur comment on the nullable fields - one of us will pick that up on the next PS	18:18
mfranc213	SridarK: yes, i think you were pushing the next PS right at the moment I was leaving my comment :)	18:19
njohnston	I am looking at the spec to compare to make sure that all the non-nullable fields are marked as such. SridarK, that would be the opposite of what is in the "Req" column in https://specs.openstack.org/openstack/neutron-specs/specs/newton/fwaas-api-2.0.html#data-model-impact right?	18:24
njohnston	i.e. if "Req" = YES, then nullable=False, correct?	18:25
*** padkrish has quit IRC		18:34
SridarK	njohnston: yes ur correct	18:35
*** padkrish has joined #openstack-fwaas		18:35
SridarK	mfranc213: yes i think i was doing the pep8 dance and did not notice, anyways njohnston is on it	18:36
*** padkrish has quit IRC		18:37
*** padkrish has joined #openstack-fwaas		18:50
*** padkrish has quit IRC		18:51
*** padkrish has joined #openstack-fwaas		18:56
*** padkrish has quit IRC		18:59
mfranc213	ahh the pep8 dance--similar to the polka	19:06
*** padkrish has joined #openstack-fwaas		19:08
*** padkrish has quit IRC		19:10
*** padkrish has joined #openstack-fwaas		19:11
njohnston	down to just 14 failed tests and chugging along	19:18
*** padkrish has quit IRC		19:19
*** padkrish has joined #openstack-fwaas		19:32
-openstackstatus- NOTICE: The volume for logs.openstack.org filled up rather suddenly, causing a number of jobs to fail with a POST_FAILURE result and no logs; we're manually expiring some logs now to buy breathing room, but any changes which hit that in the past few minutes will need to be rechecked and/or approved again		19:44
SridarK	njohnston: cool	19:49
njohnston	Of the remaining 14 that are broken, 9 of the test names start with test_update_firewall, 2 test_create_firewall, and 3 test_delete_firewall	20:13
njohnston	I just posted my progress to 311159	20:18
njohnston	I think most of the rest of things that need to be done are probably just making sure that references to 'firewall' get changed to 'firewall_group', or in some cases references to 'firewall_rule_id' get changed to 'ingress_firewall_rule_id' (or egress as the case may be).	20:20
SridarK	njohnston: ok tell which ones u want me to take on	20:30
njohnston	Sure thing; I'll upload the list to a paste, 1 sec	20:40
njohnston	ok, the openstack paste is not responding, so http://pastebin.com/QeYfZNwz	20:42
njohnston	that is what is still not working; I fixed 2 more, just pushed a new version of 311159. So there are 12 left.	20:42
njohnston	SridarK: better URL: http://pastebin.com/raw/QeYfZNwz	20:43
SridarK	njohnston: ok i will work thru this list	20:45
njohnston	I'll be on later to tackle them again, whichever ones you don't make headway on	20:46
SridarK	njohnston: perfect - will keep u posted	20:46
*** padkrish has quit IRC		21:35
*** padkrish has joined #openstack-fwaas		21:44
*** mickeys has quit IRC		22:07
*** yamamoto has joined #openstack-fwaas		22:30
*** padkrish has quit IRC		22:42
*** padkrish has joined #openstack-fwaas		22:44
*** padkrish has quit IRC		23:25
*** padkrish has joined #openstack-fwaas		23:29
*** padkrish has quit IRC		23:29
*** yushiro has joined #openstack-fwaas		23:43
yushiro	morning!	23:43
yushiro	xgerman, njohnston chandan, Thanks for your e-mail. I'll reply to you soon.	23:44
*** diogogmt has quit IRC		23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!