Wednesday, 2016-11-09

*** mickeys has quit IRC		00:41
*** hoangcx has joined #openstack-fwaas		00:48
*** amotoki has quit IRC		00:49
*** diogogmt has quit IRC		00:52
*** SridarK has quit IRC		01:34
*** diogogmt has joined #openstack-fwaas		01:39
*** amotoki has joined #openstack-fwaas		01:43
*** amotoki has quit IRC		01:48
hoangcx	njohnston: Hi	01:55
hoangcx	njohnston: Will the FWaaS team meeting hold at the same time as usual? Or change to another slot?	01:56
*** yushiro has joined #openstack-fwaas		03:50
xgerman	I think same time	04:52
*** SridarK has joined #openstack-fwaas		05:51
SridarK	yushiro: ping	06:02
yushiro	SridarK: pong	06:03
SridarK	yushiro: quick question - did we meet today	06:03
SridarK	i think with the time change - i got confused	06:03
yushiro	Ah, I also confused.. However, I attended usual time (13:00JST) but nobody exists ;	06:04
SridarK	yushiro: ok - i did not see the logs either	06:05
SridarK	we changed the clocks in the US	06:06
SridarK	sigh ok never mind	06:06
SridarK	i am looking thru the CLI patch	06:06
yushiro	OK. njohnston suggested http://lists.openstack.org/pipermail/openstack-dev/2016-October/106410.html and decided 1st proposal.	06:08
yushiro	SridarK, njohnston sorry I forgot to reply e-mail about this suggestion.	06:08
SridarK	yushiro: no we decided in the last mtg - but i also meant to confirm with njohnston today	06:09
yushiro	Ah, OK.	06:09
SridarK	and i forgot during the day time	06:09
yushiro	I understand. Thank you.	06:09
SridarK	np i think the only discussion items we had were for the stadium	06:10
yushiro	BTW, could you wait for reviewing my CLI patch? Because I have to update my patch today.	06:11
yushiro	I discussed with Akihiro and he agreed to customize his utility patch.	06:12
yushiro	Also, he will propose his utility patch into osc-lib.	06:12
yushiro	I'll update my CLI patch within TODAY!	06:12
yushiro	BTW, quick question.. firewall_group always returns 'ports', don't you? Currently, only POST/PUT returns 'ports'.	06:14
SridarK	yushiro: ok on the CLI patch	06:18
SridarK	let me check fwg	06:18
yushiro	Sure	06:18
SridarK	u mean on the delete ?	06:20
SridarK	we dont	06:21
SridarK	on the plugin from the code standpoint - we kind of treat ports differently to accomodate how we handle on the db layer	06:22
SridarK	maybe i am not understanding ur question	06:22
SridarK	ok i see may be an issue on GET ?	06:26
*** _MoonWolf_ has left #openstack-fwaas		06:26
yushiro	sorry for confusing. Let me paste some result..	06:32
SridarK	yushiro: ok i think i may see one issue	06:33
SridarK	but let me check the paste	06:34
yushiro	http://paste.openstack.org/show/588508/	06:34
yushiro	POST, PUT returns 'ports' as response parameter. GET(list, show) no 'ports' returns as response parameter.	06:35
SridarK	yushiro: yes u are correct	06:35
SridarK	i see the issue	06:35
SridarK	let me fix it	06:35
yushiro	oh, Thanks. Can I file a bug now?	06:35
yushiro	on Launchpad	06:35
SridarK	oh yes pls	06:36
yushiro	Sure.	06:36
SridarK	and assign it to me, i can use that for the fix	06:36
yushiro	Done! https://bugs.launchpad.net/neutron/+bug/1640395	06:37
openstack	Launchpad bug 1640395 in neutron "Missing 'ports' attribute when GET firewall-groups" [Undecided,New]	06:37
yushiro	Sridar, I cannot find your launchpad name(skandasw) I don't know why...	06:39
SridarK	hmm not sure - but i assigned it to myself	06:40
SridarK	thanks	06:40
yushiro	OK.	06:40
*** andrein has joined #openstack-fwaas		07:14
SridarK	yushiro: i will have a patch tomorrow morning our time	07:36
yushiro	SridarK: Sure. I'll review it :)	07:36
SridarK	ok i am signing off	07:36
yushiro	see u	07:45
*** andrein has quit IRC		08:10
*** andrein has joined #openstack-fwaas		08:38
*** andrein has quit IRC		08:56
*** andrein has joined #openstack-fwaas		08:57
*** andrein has quit IRC		09:04
*** andrein has joined #openstack-fwaas		09:06
mfranc213	yushiro ping	09:08
yushiro	mfranc213, pong	09:08
mfranc213	yushiro: how are you?	09:09
yushiro	mfranc213, Fine thanks :) BTW, sorry for yesterday. I didn't notice your ping	09:09
mfranc213	yushiro: no apologies. we are on very different schedules. i have a question for you. is there a way that i can see the resulting api-ref without sending it through the gate?	09:10
yushiro	mfranc213: Sure.	09:11
yushiro	mfranc213: I think "tox -e api-ref" can bulid on your local environment.	09:14
yushiro	mfranc213: after "tox -e api-ref" command, you can check a result by accessing with some browser(I.E, Firefox...)	09:16
mfranc213	which file is it that i look at?	09:18
yushiro	mfranc213: Maybe api-ref/build/html. I'll try it now.	09:19
yushiro	I checked it. You should look at api-ref/build/html	09:25
yushiro	mfranc213: "python -m SimpleHTTPServer" is easy to build HTTP server. It's my recommend :)	09:27
*** andrein has quit IRC		09:28
mfranc213	thank you yushiro. i'll try this later. right now it's not building because i've made a lot of changes.	09:28
mfranc213	i want you to know that i've abandoned things like audited_4 because it's totally confusing. so instead i've created	09:29
yushiro	mfranc213: Definitely agree. It is so confusing & not easy to understand.	09:29
mfranc213	variables like audited_body_required (for instance). this is transparent and i hope others won't object.	09:29
mfranc213	yushiro what time is it right now for you?	09:31
yushiro	mfranc213: It's 18:32. I'll be in my office at 23:00 today :)	09:33
mfranc213	yushiro: thank you. it's 04:33 for me. i'm going to start working again soon. why will you be working so late?	09:33
yushiro	mfranc213: Because I have to create some presentation files for summit report within this weekend. TBH, I'd like to focus on writing/reviewing codes :)	09:36
yushiro	mfranc213: So, can I wait reviewing for your latest PS?	09:37
mfranc213	yushiro: yes. i need to review what i've done, add parameters, and then i will push the next PS for you to review. i think this will take me 2 or 3 hours but that's a guess. will that be okay for you?	09:41
yushiro	mfranc213: Sure!	09:41
yushiro	mfranc213: Ah, in previous review comments, please ignore that "it shuld be Optional at response params". I wanted to say at request params. This is my mistake.	09:41
mfranc213	yushiro. thank you. TBH i didn't understand how this whole thing worked until you provided your first review, and then i started to see. so now i think it will be much more correct.	09:42
*** andrein has joined #openstack-fwaas		09:43
yushiro	mfranc213: I see. I also put the comment that is easy to understand :)	09:45
*** andrein has quit IRC		10:07
*** andrein has joined #openstack-fwaas		10:11
*** andrein has quit IRC		10:15
*** andrein has joined #openstack-fwaas		10:16
mfranc213	yushiro: yes, your comments were extremely helpful.	10:18
mfranc213	yushiro: do you understand why the commands are listed in the order they are (insert rule, show policy details, update policy, etc.)?	10:22
yushiro	mfranc213: hmm, I think the order is same as api-ref/source/v2/fwaas-v2.inc. How about moving these sections?	10:23
mfranc213	yushiro: yes, that is where the order is taken from; i'm sorry my question was ambiguous. what i meant, really, was: would it be okay with the community if i changed these sections around?	10:25
mfranc213	yushiro: i'm going to go ahead and do it.	10:25
yushiro	mfranc213: Ah, I just understood what you mean.	10:26
yushiro	mfranc213: Sorry, I don't know. I watched other resources API ref, they weren't ordered at all..	10:29
mfranc213	yushiro: thank you. i will order them and we'll see what people have to say :)	10:29
yushiro	mfranc213: IMO, a title explains (fwaas, firewall_groups, firewall_policies, firewall_rules). So, how about aligning it?	10:30
mfranc213	yushiro: yes, good idea. that's what i'll do.	10:31
mfranc213	yushiro: i had a couple of questions for you on the PS if you have time to look. also, i wonder if you might be able to get me the JSON for some of the commands? if you don't have time, then don't worry.	10:31
*** andrein has quit IRC		10:32
yushiro	mfranc213: Sure. Is it maybe the JSON for firewall_group?( ports is missing)	10:33
mfranc213	yes, that's one of them.	10:33
mfranc213	and the sample firewall-policy-show-response.json doesn't show firewall_list and i think that may be wrong.	10:34
yushiro	mfranc213, OK. Let me explain about firewall-group JSON.	10:35
mfranc213	yushiro: excellent.	10:35
yushiro	mfranc213: This is fwaas-v2 bug. I filed a bug report(https://bugs.launchpad.net/neutron/+bug/1640395)	10:35
openstack	Launchpad bug 1640395 in neutron "Missing 'ports' attribute when GET firewall-groups" [Low,Confirmed] - Assigned to Sridar Kandaswamy (skandasw)	10:35
yushiro	mfranc213: 'ports' attribute includes when POST/PUT as response param. However, currently, GET(list, show) result doesn't include 'ports'.	10:36
mfranc213	yushiro: ahhh! how do you think i should handle this? should i mark it in the api-ref as a bug? or just not mention it? (just to confirm with you: we are talking about GET /v2.0/fwaas/firewall_groups/{firewall_group_id} ?)	10:37
mfranc213	s/not mention it/not mention that variable as being in the response	10:37
yushiro	mfranc213: I think that api-ref should be included 'ports' as a response parameter for all methods GET(list, show),POST and PUT firewall-group.	10:39
yushiro	mfranc213: Currently, SridarK is trying to fix above bug.	10:39
mfranc213	yushiro: okay, that's what i'll do.	10:39
*** andrein has joined #openstack-fwaas		10:40
mfranc213	yushiro: neither firewall-policy-show-response.json and firewall-policy-update-response.json contain the firewall_list variable, but i think they both should. what do you think?	10:40
yushiro	mfranc213: hmm, is it 'firewall_rules' ?	10:41
mfranc213	yushiro: no, firewall_rules is a separate variable. my understanding is that firewall_list is the list of firewall (groups) that a policy is attached to. you'll see that this is part of the response in insert-rule-in-policy. see https://review.openstack.org/#/c/391338/7..8/api-ref/source/v2/fwaas-v2.inc@86	10:44
yushiro	mfranc213: I checked it.	10:50
mfranc213	yushiro: what did you find?	10:51
yushiro	mfranc213: 1st: In current source code, 'firewall_list' is used only fwaas-v1.	10:54
*** andrein has quit IRC		10:54
yushiro	mfranc213: 2nd: In fwaas-v2 SPEC[1], the response params for 'insert rule' is same 'GET/PUT firewall_policy' [1]http://specs.openstack.org/openstack/neutron-specs/specs/newton/fwaas-api-2.0.html	10:54
yushiro	mfranc213: Please let me investigate more..	10:56
*** andrein has joined #openstack-fwaas		10:57
*** andrein has quit IRC		10:57
*** amotoki has joined #openstack-fwaas		10:58
*** hoangcx has quit IRC		10:59
mfranc213	yushiro: thank you.	10:59
*** korzen has joined #openstack-fwaas		11:07
mfranc213	yushiro: do you know if the id, name, and description in firewall-policy-insert-rule-response.json are for the policy or the rule? the response contains firewall_rules and audited, which are are properties of the policy, but all the other variables in the response could be properties of either the rule or its policy.	11:07
mfranc213	yushiro: and i have the same questions about firewall-policy-remove-rule-response.json	11:08
yushiro	mfranc213: id, name and description is for firewall-policy.	11:10
mfranc213	yushiro: thank you.	11:10
yushiro	mfranc213: it's same as remove-rule-response.	11:10
mfranc213	yushiro: thank you.	11:10
*** amotoki has quit IRC		11:43
*** amotoki has joined #openstack-fwaas		12:13
*** amotoki has quit IRC		12:28
korzen	hi, is there fwaas team meeting in 15 minutes?	12:45
*** amotoki has joined #openstack-fwaas		12:46
korzen	hi SridarK, ^ ?	12:49
yushiro	korzen, Long time no see from Barcelona summit :) Unfortunately, the weekly meeting time has not decided yet correctly.	12:57
korzen	yeap, hi yushiro	12:59
korzen	ok, I was hoping to join todays meeting	13:00
yushiro	Sure!	13:00
yushiro	ping mfranc213	13:00
mfranc213	yushiro hello	13:05
yushiro	mfranc213: Sorry for late. Let me talk about 'firewall_list' for 'insert/remove_rule'	13:07
mfranc213	yushiro: sounds good	13:07
yushiro	In fwaas-v2, there is no attribute 'firewall_list' in firewall-policy.	13:08
mfranc213	yushiro: excellent. i will remove that everywhere i see it.	13:08
yushiro	Here is a result for insert_rule and remove_rule. http://paste.openstack.org/show/588549/	13:08
mfranc213	yushiro: nice i will put this into the PS.	13:09
yushiro	Source code point of view, there is no DB to store a relation b/w firewall_group and firewall_policy because firewall_group stores them as "ingress_firewall_policy_id" and "egress_firewall_policy_id".	13:10
yushiro	Therefore, 'firewall_list' is not necessary.	13:10
mfranc213	yushiro: that makes sense. thank you for figuring this out.	13:12
*** vhoward has joined #openstack-fwaas		13:12
*** amotoki has quit IRC		13:17
mfranc213	yushiro: a firewall rule might have a null ip_version, correct?	13:22
yushiro	mfranc213: A default value of ip_version is 4(integer), and either 4 or 6.	13:25
yushiro	mfranc213: If a user doesn't specify 'ip_version', it is set 4 by default[1]	13:27
yushiro	[1] https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/extensions/firewall_v2.py#L217	13:27
mfranc213	yushiro: when a firewall rule applies to any ip address coming from a particular port, what should the ip_version be set to?	13:27
yushiro	mfranc213: ip_version should align with ip address(source_ip_address or destination_ip_address) when creating firewall-rule. A validation exists[2]	13:33
yushiro	[2]https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/extensions/firewall_v2.py#L217	13:33
yushiro	mfranc213: Please let me know if I don't answer to your question.	13:33
mfranc213	yushiro: oh i see. thank you. sorry you had to answer twice.	13:33
yushiro	mfranc213: np. I'd like to help for fwaas members.	13:34
mfranc213	yushiro: :)	13:35
mfranc213	yushiro: does insert_after mean that the new rule will be inserted immediately after the specified rule, or just anywhere after?	13:39
yushiro	mfranc213: "inserted immediately after the specified rule" is right.	13:41
mfranc213	yushiro: thank you.	13:41
yushiro	mfranc213: "insert_before" is also "inserted immediately before the specified rule".	13:41
mfranc213	yushiro: thank you.	13:45
yushiro	mfranc213, :)	13:45
korzen	I am trying to setup devstack with fwaas, but docs page seems lacking local.conf entries: http://docs.openstack.org/developer/neutron-fwaas/devstack.html	13:55
korzen	can you share you local conf or point me to working one?	13:56
*** vhoward has quit IRC		14:00
*** andrein has joined #openstack-fwaas		14:06
mfranc213	yushiro: what is the default status of a firewall group? if a user creates a firewall group with no status, what happens?	14:11
yushiro	mfranc213: At first, 'status' can not specify from a user.	14:12
mfranc213	you mean when the user creates the firewall group, no status can be set?	14:13
yushiro	mfranc213: Sorry. What I wanted to say is that user cannot specify the attributes 'status' when creating a firewall-group.	14:13
mfranc213	yushiro: okay, is there a default status for a newly created firewall_group?	14:14
yushiro	mfranc213: when user creates firewall-group with no ports, the 'status' is 'INACTIVE'.	14:14
mfranc213	yushiro. thank you. is there a default admin_state_up for a newly created firewall_group?	14:15
SridarK	korzen: hi	14:16
yushiro	mfranc213: Default value of 'admin_state_up' is "True"	14:17
SridarK	sorry had gone to bed when u pinged me	14:17
mfranc213	yushiro: thank you.	14:17
korzen	SridarK, no problem, I was trying to figure out if there is team meeting today	14:17
SridarK	korzen: no there was some confusion on our part too - we decided to move the mtg to a more friendly time (urself included)	14:18
SridarK	we will make sure to have an email out to the fwaas team as well - so u will get a heads up	14:19
SridarK	mfranc213: yushiro: +1 on status	14:20
*** andrein has quit IRC		14:20
SridarK	status is something that comes back from the server	14:20
yushiro	Yes.	14:20
SridarK	yushiro: thx for the info on generating from rst file - i meant to ask ur workflow on this also	14:25
SridarK	i will try it	14:25
*** andrein has joined #openstack-fwaas		14:25
yushiro	OK :)	14:25
mfranc213	yushiro: i have one more question and then i can push the next PS. is it the case that the user can supply either the insert_after or the insert_before, but not both?	14:34
yushiro	If both 'insert_after' and 'insert_before' specified, 'insert_after' is ignored.('insert_before' wins)	14:36
mfranc213	yushiro: thank you. and i lied before, because i have one more question :)	14:37
mfranc213	yushiro: when there are not yet any rules in a policy, then does the user specify neither a before nor an after?	14:38
yushiro	mfranc213: Sure.	14:38
mfranc213	yushiro: i lied again because i realize another question: what happens if a user specifies a before or an after that doesn't exist on that policy?	14:38
SridarK	mfranc213: i believe we will raise an exc on that	14:50
SridarK	https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/db/firewall/v2/firewall_db_v2.py#L316	14:50
yushiro	mfranc213: 1st, Yes, Sridar is correct. It happens 400 Bad Request.	14:50
mfranc213	thank you SridarK. yushiro, i will push the PS in a minute or two. i'm sorry it's so late in the evening for you.	14:51
yushiro	mfranc213: 2nd,	14:51
yushiro	mfranc213: ah, sorry. it is same question.	14:51
yushiro	mfranc213: when insert_rule, if user specified firewall_rule_id which is already associated the policy, 409(Conflict)[3] occurs.	14:53
yushiro	[3]https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/db/firewall/v2/firewall_db_v2.py#L301	14:53
yushiro	mfranc213: OK. that's sounds great.	14:53
mfranc213	yushiro and sridark: okay new PS is up. yushiro thank you for answering a million questions :)	14:56
SridarK	mfranc213: thx	14:56
yushiro	mfranc213: You're welcome :)	14:56
*** korzen_ has joined #openstack-fwaas		14:58
yushiro	SridarK: Sorry for late. I just updated CLI patch(https://review.openstack.org/#/c/351582/)	15:01
*** andrein has quit IRC		15:01
SridarK	yushiro: ok thx - no prob i just woke up some time ago :-) So will look into it in a few hours	15:02
yushiro	mfranc213, SridarK I'll go home now :) See you today(It's 0:02 JST)	15:02
mfranc213	yushiro: goodnight.	15:02
SridarK	:-)	15:02
SridarK	GN yushiro	15:02
yushiro	good night~ :)	15:03
*** yushiro has quit IRC		15:03
*** andrein has joined #openstack-fwaas		15:06
*** vhoward has joined #openstack-fwaas		15:09
*** diogogmt has quit IRC		15:13
*** andrein has quit IRC		15:35
*** korzen has quit IRC		15:36
*** andrein has joined #openstack-fwaas		15:39
*** andrein has quit IRC		16:14
*** andrein has joined #openstack-fwaas		16:21
*** andrein has quit IRC		17:21
*** andrein has joined #openstack-fwaas		17:26
*** mickeys has joined #openstack-fwaas		17:31
*** mickeys has quit IRC		17:33
*** mickeys has joined #openstack-fwaas		17:33
*** andrein has quit IRC		17:45
*** SridarK has quit IRC		17:55
*** vhoward has quit IRC		18:53
*** amotoki has joined #openstack-fwaas		18:55
*** SridarK_ has joined #openstack-fwaas		18:55
*** amotoki has quit IRC		18:59
*** diogogmt has joined #openstack-fwaas		19:03
*** amotoki has joined #openstack-fwaas		19:21
*** amotoki has quit IRC		19:25
*** vhoward has joined #openstack-fwaas		20:08
*** mickeys has quit IRC		20:14
njohnston	SridarK_: ping	20:47
SridarK_	njohnston: pong	20:47
SridarK_	njohnston: pls go ahead - i wanted to ask u some thing also	20:47
njohnston	I just wanted to let you know that I have been having difficulty finding a time for the fwaas team meeting that is at (or generally pretty close) to the time we voted for... the irc channels are occupied then	20:48
njohnston	https://review.openstack.org/#/c/393793/	20:48
njohnston	I don't want to confuse things, it's definitely important that we meet this week since it's the last meeting before the 11/14 O-1 deadline but I am not sure if we should just meet in #openstack-fwaas or what, until we get this sorted out	20:49
SridarK_	njohnston: ok - i wanted to also sync with u on that, meant to ask u y'day before ur day ended	20:50
njohnston	I was out yesterday - I work as an election officer at my local precinct, so I was offline all day	20:50
SridarK_	no i agree - we should meet, last night yushiro and i chatted a bit in general	20:50
SridarK_	aha ok	20:51
SridarK_	or we can do a webex style meeting	20:51
SridarK_	for tomorrow or late today	20:51
njohnston	I am amenable to anything	20:52
SridarK_	ok we can try for tonight also, but not sure on yushiro, chandan & Sarath's avail	20:53
SridarK_	we will only hear from them in the eve	20:53
SridarK_	shall we try for early am tomorrow	20:54
SridarK_	so it gives them some time to respond	20:54
njohnston	sounds good	20:54
SridarK_	we can target 6am Pacific	20:54
SridarK_	i will check their resp late night and u can checkin early before i wake up	20:55
SridarK_	if we need to adjust the timings a bit	20:55
njohnston	thanks!	20:55
SridarK_	let me send an email out	20:56
SridarK_	on the multinode CI - what else remains to be done ?	20:56
njohnston	Well, it is in the experimental queue right now	20:58
njohnston	I just tried it on https://review.openstack.org/#/c/391477/ and the multinode jobs both died	20:59
njohnston	failed, I mean	20:59
njohnston	now, I also put in the grenade tests as multinode also	20:59
SridarK_	njohnston: ok	20:59
njohnston	but they won't mean much until we put in smoke tests	21:00
njohnston	which is here: https://review.openstack.org/#/c/394607/	21:00
*** mickeys has joined #openstack-fwaas		21:01
SridarK_	sounds good - i will get on this	21:04
*** vhoward has quit IRC		21:06
*** vhoward has joined #openstack-fwaas		21:46
*** amotoki has joined #openstack-fwaas		21:50
*** amotoki has quit IRC		21:53
*** vhoward has quit IRC		22:03
*** SridarK_ has quit IRC		23:46

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!