Tuesday, 2017-02-14

« Monday, 2017-02-13 Index Wednesday, 2017-02-15 »
*** lnicolas has quit IRC00:06
*** hoangcx has joined #openstack-fwaas00:39
*** chandanc__ has joined #openstack-fwaas02:54
*** yushiro has quit IRC04:00
*** padkrish has joined #openstack-fwaas06:32
*** padkrish has quit IRC06:42
*** yamamoto has quit IRC07:47
*** fandi has joined #openstack-fwaas08:00
*** yamamoto has joined #openstack-fwaas08:24
*** amotoki has joined #openstack-fwaas09:21
*** chandanc__ has quit IRC09:25
*** yamamoto has quit IRC09:31
*** chandanc__ has joined #openstack-fwaas09:38
*** yamamoto has joined #openstack-fwaas10:05
*** hoangcx has quit IRC10:07
*** mickeys has quit IRC10:09
*** yamamoto has quit IRC10:12
*** fandi has quit IRC10:51
*** chandanc__ has quit IRC11:02
*** yamamoto has joined #openstack-fwaas11:04
*** yamamoto has quit IRC11:04
*** yamamoto has joined #openstack-fwaas11:05
*** yamamoto has quit IRC11:07
*** mickeys has joined #openstack-fwaas11:10
*** mickeys has quit IRC11:14
*** amotoki has quit IRC12:02
*** chandanc__ has joined #openstack-fwaas12:05
*** yamamoto has joined #openstack-fwaas12:08
*** mickeys has joined #openstack-fwaas12:11
*** yamamoto has quit IRC12:14
*** mickeys has quit IRC12:15
*** yamamoto has joined #openstack-fwaas12:17
*** chandanc__ has quit IRC12:27
*** mickeys has joined #openstack-fwaas13:11
*** amotoki has joined #openstack-fwaas13:13
*** mickeys has quit IRC13:16
*** yamamoto has quit IRC13:45
*** yamamoto has joined #openstack-fwaas13:55
*** chandanc_ has joined #openstack-fwaas13:57
*** yamamoto has quit IRC14:00
*** AlexeyAbashkin has joined #openstack-fwaas14:06
*** hoangcx_ has joined #openstack-fwaas14:08
*** mickeys has joined #openstack-fwaas14:40
*** yamamoto has joined #openstack-fwaas14:40
*** mfranc213 has quit IRC14:43
*** mickeys has quit IRC14:44
*** yamamoto has quit IRC14:45
*** mfranc213 has joined #openstack-fwaas14:50
*** yamamoto has joined #openstack-fwaas14:57
*** yamamoto has quit IRC14:57
*** yushiro has joined #openstack-fwaas15:00
yushiroI'm home.15:00
yushiroZZelle, tuhv, Could you wait a moment? I just take coffee.15:01
*** yushiro is now known as yushiro_afk15:01
*** hoangcx_ has quit IRC15:03
*** yushiro_afk is now known as yushiro15:05
yushiroOK15:05
*** chandanc_ has quit IRC15:06
yushiroZZelle, here is today's IRC log: http://eavesdrop.openstack.org/meetings/fwaas/2017/fwaas.2017-02-14-14.00.log.html15:07
ZZelleyushiro, ok15:08
yushiroI'd like to sync a direction and next action about https://bugs.launchpad.net/neutron/+bug/166429415:08
openstackLaunchpad bug 1664294 in neutron "Netlink solution not enough mature for Ocata" [Undecided,In progress] - Assigned to Cedric Brandily (cbrandily)15:08
*** AlexeyAbashkin has quit IRC15:08
yushirooh, tuhv is not here...15:08
yushiroOK, I'll tell him tomorrow.15:09
ZZelleyushiro, tuhv created to change to allow to choose between legacy/netlink driver15:09
yushiroZZelle, yes, and he just add functional test.15:09
*** reedip_ has joined #openstack-fwaas15:10
reedip_Hi yushiro15:10
yushiroreedip_, hi15:10
ZZelleyushiro, i am working on correctly handling moves between netns https://review.openstack.org/43363315:10
reedip_Can i take a look at the stadium bug which was mentioned by njohnston15:11
xgermansure15:11
yushiroreedip_, sure15:11
reedip_Thnx15:12
yushiroZZelle, good.15:13
yushirohttps://review.openstack.org/#/c/433598/1   Make conntrack driver be configurable15:13
ZZelleyushiro, we should correct fd usage also and add FT15:13
yushiroZZelle, Yes.  BTW, I think UT is also necessary for it.  What do you think?15:14
ZZelleyushiro, yes but UT are easier because the framework exists :s15:15
ZZelleyushiro, it seems the 1st FT will be really costly15:15
yushiroZZelle, Aha, yes.  I just understood what tuhv wanted to say in today's IRC meeting :)15:16
yushiroZZelle, So, we just focus on improving netlink solution patch without reverting.  Are we on same page?15:18
yushiroZZelle, I just want to check about that with you.15:18
ZZelleyushiro, yes, we should backport in ocata https://review.openstack.org/433598 when it will merged15:18
yushiroZZelle, OK. We're on same page now.15:19
yushiroZZelle, apologize for my strange e-mail :(15:20
xgermanbackporting of features is a bit tricky15:20
xgermanso don’t get your hopes up just yet :-)15:20
yushiroxgerman, thanks.15:26
yushiroxgerman, So, if it is hard to backport that, we should take an alternative plan.15:27
xgermanit’s a policy thing - not technically hard15:28
yushiroxgerman, I see.15:28
xgermanthere is a grey area and Neutron has been on the no-backport side of things so far15:28
yushiroxgerman, OK.  Usually, backportable patch is only fixing critical bug or security one I know.15:29
xgermanyep, and it’s controversial to call performance issues critical bugs… but we can go for it15:31
ZZellexgerman, which means we should revert netlink driver in Ocata?15:32
xgermanif it’s in the release we can :fix” it15:32
*** reedip_1 has joined #openstack-fwaas15:47
reedip_1o/15:48
ZZellexgerman, not sure to understand what you mean15:50
reedip_1are you guys still available to discuss the shared vs public discussion ?15:50
xgermanZZelle the decision what’s being backported and what’s not is done by the stable team and usually cores are not members. So, not sure, if they will let us backport or not.15:51
xgermanreedip_1 yes15:52
reedip_1xgerman : okay, bascially I was of the opinion that instead of the public keyword, we can rename it to shared15:53
reedip_1but while I was thinking that, the other thing that crossed my mind ( which may not be linked directly to this ) is an rbac implementation for the firewalls themselves15:53
reedip_1share a set of firewall /firewall groups /firewall rules with a set of members , but share others with a wider generation15:54
xgermanyeah, I think RBAC is what we want eventually15:54
xgermannow, what’s the step in between which is attainable today15:55
reedip_1xgerman : I am goinf back a bit , to neutron ....15:55
reedip_1xgerman : in neutron, we had the -shared option for networks15:56
reedip_1if you enable that option, then the network is SHARED with everyone15:56
reedip_1if not, then it is not visible to anyone15:56
reedip_1xgerman : if seen from the same perspective, the network which is shared with all other tenants is almost similar to a PUBLIC network15:57
reedip_1because it is visible and operatable by anyone15:57
reedip_1anyone can use the network to create a port on the network and connect it to their VM for boot15:57
*** yamamoto has joined #openstack-fwaas15:58
reedip_1keeping the analogy similar, we also have the PUBLIC attribute of FW15:58
reedip_1Now the public attribute works similar to the -shared attribute of the network15:59
xgermanwell, our plan for the next step is have cloud admins make firewalls policies which are applied to ALL ports16:00
reedip_1xgerman : if the policies are applied to all ports, we can use the public attribute16:01
xgermanor you can pick from a set of policies16:01
xgermanreddip16:01
reedip_1i mean we can use the keyword public16:01
xgermanyeah, but then we have other admins in the hierarchy16:02
xgermanwhich would only share with things they are responsible for16:02
reedip_1xgerman : so you want something like a fine tuner16:03
reedip_1i.e. rbac :)16:03
xgermanI think for now we can do public and RBAC comes in phase 216:03
xgermanso it probably makes sense to rename shared->public and then have shared re-introduced in that phase16:03
reedip_1xgerman : I agree with public now , makes more sense16:04
reedip_1xgerman : but I dont think we need a shared attribute if we implement rbac on firewall objects16:05
xgermanok, now we need to tell yushiro ;-)16:05
*** yamamoto has quit IRC16:05
reedip_1I will show him this transcript :D16:06
reedip_1njohnston : there ?16:07
yushiroxgerman, reedip_1 I'm waking up :)16:08
yushiroxgerman, reedip_1 I just read your discussion log above.16:08
xgermank16:08
reedip_1saved me time :D16:09
njohnstonreedip_1: here16:09
reedip_1mailed you today njohnston regarding the congress integration with fwaas16:09
njohnstonreedip_1: I saw that you mailed, but I haven16:10
reedip_1ok16:10
reedip_1no16:10
njohnston't had a chance to respond yet, sorry16:10
reedip_1issues16:10
reedip_1no problem njohnston , I understand you  are busy, specially as todays valentine's day :D16:11
reedip_1yushiro : we can keep the public attribute, so no issues with that patch.16:11
yushiroreedip_1, OK.  I hope to put +1 from you :)16:11
reedip_1yeah, if everythinf else is ok :P16:12
yushiroxgerman, reedip_1 thanks for your great discussion!16:13
yushiroI'll go to bed now.  Good night.16:14
*** amotoki has quit IRC16:19
*** yushiro has quit IRC16:40
*** faizy has joined #openstack-fwaas16:58
*** mickeys has joined #openstack-fwaas17:55
*** reedip_1 has quit IRC17:55
*** mickeys has quit IRC18:01
*** SridarK_ has joined #openstack-fwaas19:13
*** faizy has quit IRC19:47
*** reedip_1 has joined #openstack-fwaas20:56
*** mickeys has joined #openstack-fwaas20:57
*** reedip_1 has quit IRC20:58
*** mickeys has quit IRC21:01
*** SridarK_ has quit IRC21:12
*** SridarK_ has joined #openstack-fwaas21:13
*** SridarK_ has quit IRC21:15
*** SridarK_ has joined #openstack-fwaas21:16
*** yamamoto has joined #openstack-fwaas22:12
*** greghaynes has quit IRC22:42
*** zigo has quit IRC22:46
*** njohnston has quit IRC22:46
*** njohnston has joined #openstack-fwaas22:46
*** greghaynes has joined #openstack-fwaas22:49
*** zigo has joined #openstack-fwaas22:52
*** zigo is now known as Guest2705722:54
*** mickeys has joined #openstack-fwaas23:09
*** mickeys has quit IRC23:13
*** SridarK_ has quit IRC23:25
*** reedip_1 has joined #openstack-fwaas23:59
« Monday, 2017-02-13 Index Wednesday, 2017-02-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!