Wednesday, 2017-07-26

« Tuesday, 2017-07-25 Index Thursday, 2017-07-27 »
*** yamamoto has quit IRC00:10
*** yamamoto has joined #openstack-fwaas00:11
*** vishwanathj has quit IRC00:18
*** vishwanathj has joined #openstack-fwaas00:18
*** deep-book-gk_ has joined #openstack-fwaas00:36
*** deep-book-gk_ has left #openstack-fwaas00:37
*** hoangcx has joined #openstack-fwaas02:04
*** mestery_ has joined #openstack-fwaas02:19
*** mestery has quit IRC02:19
*** mestery_ is now known as mestery02:20
*** vishwanathj has quit IRC03:06
*** vishwanathj has joined #openstack-fwaas03:07
*** vishwanathj has quit IRC03:09
*** vishwanathj has joined #openstack-fwaas03:09
reedipamotoki : looking at it04:14
openstackgerritReedip proposed openstack/neutron-fwaas master: Use API Definitions from neutron-lib  https://review.openstack.org/47888304:58
*** vishwana_ has joined #openstack-fwaas05:08
*** vishwana_ has quit IRC05:09
*** vishwanathj has quit IRC05:09
*** vishwanathj has joined #openstack-fwaas05:10
*** yushiro has joined #openstack-fwaas05:19
amotokiyushiro: could you check https://review.openstack.org/#/c/487157/ ? this is neutron-fwaas-dashboard doc cleanup.05:28
amotokiyushiro: I would like to merge this before releasing the initial version of the dashboard.05:29
yushiroamotoki, sure05:29
amotokiyushiro: thianks05:29
yushiroamotoki, also, thanks for your update for cliff minor bug.05:29
amotokiyushiro: np05:30
yushiroamotoki, I'm checking here http://docs-draft.openstack.org/57/487157/1/check/gate-neutron-fwaas-dashboard-releasenotes/a1b76a9//releasenotes/build/html/unreleased.html05:32
yushiroamotoki, Just a question.  What is difference ``foo`` and "foo" ?05:33
yushiroI always confuse in writing reno about that.  You wrote "Add Router" / "Remove Router" in Bug Fixes section.  Is ``foo`` one of parameter/attribute ?05:35
amotokiyushiro: the difference is how they are rendered05:36
amotokiyushiro: for example, http://docs-draft.openstack.org/57/487157/1/check/gate-neutron-fwaas-dashboard-releasenotes/a1b76a9//releasenotes/build/html/unreleased.html05:36
yushiroamotoki, Yes, I'm watching same place :)05:36
amotokiyushiro: I use ``foo`` for literal strings. in this case, "update_router" is a rule name in policy.json05:37
amotokiso I use ``xxx`` for "update_router"05:37
amotoki"Add Router" is just a quoted string from the dashboard, so I use "xxx" for this.05:37
yushiroamotoki, OK, I understood.05:37
yushiroThank you05:37
yushiroLGTM.  Done.05:39
yushiroamotoki, If you don't have any problem about your patch, can I put +A or assign other cores?05:43
amotokiyushiro: I am fine with a single approve.05:50
yushiroamotoki, OK, will do it05:50
amotokiyushiro: actually horizon use a single +2/A model unless an author belongs to a same company.05:51
yushiroamotoki, aha, I see. Thanks for your guide.05:51
amotokiit is under neutron project, so i usually wait two +2, but I think it is okay dependin on a case or content.05:52
amotoki+ depending on review attention :)05:52
yushiro+105:52
openstackgerritMerged openstack/neutron-fwaas-dashboard master: Document cleanup and release notes for a new release  https://review.openstack.org/48715705:59
openstackgerritYushiro FURUKAWA proposed openstack/neutron-fwaas master: Use API Definitions from neutron-lib  https://review.openstack.org/47888306:10
reedipyushiro : you are fast now .. I was making this change :(06:12
yushiroreedip, ah, sorry ~~~06:12
yushiroreedip, please review it again :)06:13
yushiroafter jenkins +106:13
reedipyushiro : sure :)06:14
*** yamamoto has quit IRC06:54
*** yamamoto has joined #openstack-fwaas07:55
*** vishwanathj has quit IRC07:58
*** vishwanathj has joined #openstack-fwaas07:58
*** yamamoto has quit IRC08:02
*** yushiro has quit IRC08:42
*** vishwanathj has quit IRC09:01
*** vishwanathj has joined #openstack-fwaas09:01
*** yamamoto has joined #openstack-fwaas09:24
*** yamamoto has quit IRC09:35
*** vishwanathj has quit IRC09:43
*** vishwanathj has joined #openstack-fwaas09:43
*** yamamoto has joined #openstack-fwaas09:45
*** vishwanathj has quit IRC11:45
*** vishwanathj has joined #openstack-fwaas11:45
*** yamamoto has quit IRC11:57
*** yamamoto has joined #openstack-fwaas12:13
*** yamamoto has quit IRC12:54
*** yamamoto has joined #openstack-fwaas13:09
*** Tim_Eberhard has joined #openstack-fwaas13:55
*** yushiro has joined #openstack-fwaas13:55
*** SarathMekala has joined #openstack-fwaas13:58
yushirohi14:00
*** chandanc has joined #openstack-fwaas14:00
yushirohi chandanc and SarathMekala14:01
chandancI am still bringing p my devstack14:01
chandancHello yushiro14:01
yushirochandanc, me too.   Here is my progress now.(not so fast ...) https://etherpad.openstack.org/p/fwaas-v2-l2-agent14:02
yushiroYou can see 'Error trace' section for pastestack.14:02
SarathMekalahi yushiro14:03
yushiroI just editted to get local vlan tag from port dict.  As a result, a minor error occurred.14:03
yushiroHi SarathMekala14:03
chandancso you are getting the Traceback ?14:04
yushiroYes, could you see https://etherpad.openstack.org/p/fwaas-v2-l2-agent  in 'Error trace' section?14:04
chandancok looks like some constant definition is missing14:05
yushirochandanc, minor error was ICMPV&_ALLOWED_TYPES14:05
yushiroyes, I didn't know this value has been removed from neutron-lib.14:05
yushiroIt's minor bug.14:07
chandancok ok14:07
yushirowe can refer constants from neutron.agent.linux.openvswitch_firewall14:07
yushirochandanc, I'd like to discuss about race condition for handle_port() with you14:08
chandancSure14:08
chandanclet me open the patch14:09
yushiroOK14:09
chandancYes14:11
chandancin def _apply_fwg_rules(self, context, fwg, fwg_ports, host, event=UPDATE):14:13
chandancfwg_ports are list of port_id or port dict ?14:14
chandanchttps://review.openstack.org/#/c/323971/37/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py14:14
chandancL16414:14
chandanc@ yushiro14:15
yushironow, this is a list of port_dict14:15
chandancoh ok ok14:15
yushiroplease refer  https://etherpad.openstack.org/p/fwaas-v2-l2-agent14:15
yushiroin handle_port() section or some method name14:16
chandancsure , in that case i agree with your suggestion to update the port dict with lvlan key14:16
yushiroovs driver handles port['device'] like that.  Therefore, I think it should be kept a list of port_dict.14:16
yushiroOK,14:17
chandancthis means the previous patch should do the job14:17
chandancI will test it.14:17
chandancCould you please chare the diff to fix the lates Traceback14:17
chandancshare*14:18
yushiroOK, currently, I editted fwaas_v2.py and openvswitch_firewall/firewall.py.14:18
chandanccan you paste the diff14:19
chandanc i will apply locally to my devstack14:19
*** SarathMekala has quit IRC14:23
*** yamamoto has quit IRC14:24
yushirosorry chandanc , here : http://paste.openstack.org/show/616588/14:25
chandancThanks yushiro14:26
yushiroMaybe handle_port() has passed but failed in update_firewall_group().  Because in this case, there is no 'network_id' in port dict.14:26
*** SridarK has joined #openstack-fwaas14:27
chandancoh14:27
SridarKyushiro: hi14:27
yushiroSridarK, Hi :)14:28
SridarKsorry got late14:28
yushiroNo problem, SridarK  I and chandanc just sync with latest patch file.14:28
SridarKok14:28
yushiroLatest patch is here : http://paste.openstack.org/show/616588/14:28
SridarKok14:29
yushiroNow, I added local vlan manager in l2-agent side and stored in port dict as 'lvlan' key.14:30
yushiroIn addition, in driver layer, I also editted to get local vlan id from port dict not from ovsdb.14:31
yushiroIt seems handle_port() passed but failed in update_firewall_group().  This is current status.14:32
SridarKi am bringing up my env - will pull this change in14:33
yushirochandanc, I'd like to ask you to check OVS flow rule is configured or not when you execute 'openstack server create'14:33
chandancok sure14:34
SridarKchandanc: i will be around - if there is something specific u would like me to look at14:35
chandancSure SridarK14:35
chandancyushiro: can you please help me understand , why ‘network_id’ is not part of the port dict ?14:37
yushirobecause, port dict in update_firewall_group() is not generated from core_plugin.get_port() but from update_firewall_group in services/firewall/fwaas_plugin_v2.py14:39
yushiroPlease refer https://etherpad.openstack.org/p/fwaas-v2-l2-agent  LINE#15314:39
yushiroTherefore, in order to refer 'network_id' at any case(handle_port, delete_port, create/update/delete_firewall_group) in l2-agent side,  we have to do following ways:14:42
yushiro1. Call _core_plugin.get_port() at each case except delete_port()14:43
yushiro2. Store 'lvlan' infor into PortFirewallGroupMap dict14:43
chandancok got it14:50
*** vishwanathj has quit IRC14:51
*** vishwanathj has joined #openstack-fwaas14:52
yushirohmm, otherwise, we can insert 'network_id' in fwaas_plugin_v2 layer.15:00
yushiroI'll try it.15:00
yushiroI mean that I'll customize _get_fwg_port_details() to add 'network_id'.15:03
chandancyushiro: +115:10
chandanci think that is the right way15:10
yushiroOK.  but it is a little confuse :)15:12
amotokiFYI: neutron-fwaas-dashboard 0.1.0 has been relased https://releases.openstack.org/pike/index.html#horizon-plugins15:15
yushirowow !!15:19
yushiroamotoki, Sarath thanks for your great work :)15:20
amotokiit was shipped with FWaaS v1 support only (with several bug fixes)15:20
yushiroOK15:21
amotokithe next release will include v2 support. the release model is cycle-with-intermediary, so I think we can release a next version soon after Pike is released.15:22
yushiroamotoki, yes, sure.15:22
yushiroAh, amotoki I updated https://review.openstack.org/#/c/453204/15:23
yushiroamotoki, I just fixed releasenote section.15:23
yushiroCould you please review it again?15:24
*** yamamoto has joined #openstack-fwaas15:24
amotokiyushiro: thanks. Looking at the relnote, I wonder regular level users asscoiate 'attribute' with 'option' name.. options like --public/--private looks easier to understand to me.15:26
amotokithis is really a release note developer tend to write.15:27
yushiroamotoki, indeed.  will update.15:27
yushiroThank you15:27
yushirofor your quick review :)15:27
amotokii can tweak it a bit if necessary15:27
amotokinp15:27
*** yamamoto has quit IRC15:36
yushirochandanc, SridarK   I updated patch file http://paste.openstack.org/show/616596/15:39
yushiroIt seems be passed  VM creation and update_firewall_group()15:39
chandancThanks yushiro15:39
chandanccool :)15:40
yushironot tested delete VM/firewall_group15:40
yushiroIt seems no race condition but need to check of rule layer15:40
yushiroPlease kindly check it :)15:41
chandancWill do15:41
chandancSo we need a 1 line change in the plugin side too15:41
chandancyushiro: will you pull the plugin side change into your patch. I will update my driver patch with the cahnges needed fron the pastebin you shared15:44
yushiroYou mean update l2-agent patch set?15:45
yushiroin plugin side?15:45
yushiroOK, but please wait to fix minor bug ...15:51
yushirochandanc, "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/drivers/linux/l2/openvswitch_firewall/firewall.py", line 355, in initialize_port_flows16:02
yushiroI got an error from 'ovsfw_consts.FW_BASE_EGRESS_TABLE)'  -> 'ValueError: Unknown format code 'd' for object of type 'str''16:03
yushirochandanc, have you already updated in your latest driver patch?16:04
chandancnot yet16:04
chandanci will do once my destack is up, it is still not16:04
yushiroI believe ovsfw_consts.FW_BASE_EGRESS_TABLE = 41 and it is definitely 'integer'...16:05
yushiroOK16:05
*** Tim_Eberhard has quit IRC16:09
yushirochandanc, sorry this is my bug.  I forgot to cast integer value for lvlan in l2-agent side.16:10
yushiroport['lvlan'] = int(self.vlan_manager.get(network_id).vlan)16:11
chandancsure, no probs. You have already solved all the bugs :)16:11
yushirochandanc, hmm, sorry I found that in VM creation, handle_port() just called.16:17
chandancok16:17
yushiroIn this timing, local_vlan cannot found.16:17
yushiroIn fact, handle_port() is called twice from neutron-side.16:18
chandancya, create and update16:18
chandancupdate is called after the port is bound i think16:18
*** Tim_Eberhard has joined #openstack-fwaas16:18
yushiroIn 2nd time, local vlan can be found (in case of my env is lvlan = 1)16:18
yushiroya16:18
chandanchmm, so we have to differentiate this case and ignore the handle port in case of create port16:19
chandancquestion is how do we do that16:19
yushiroHmm, in my understanding, if we try to find local vlan and cannot find, then skip(do nothing) calling ovs driver.16:20
yushiroThis is what we can do...16:20
yushiroAnyway, I'll try to implement  and check it.16:20
chandancya skip should do it16:21
chandancin any case if we dont get the lvlan we cant do much16:21
yushirochandanc, indeed.  We cannot setup/clear ovs flow16:21
chandancyes16:22
chandancyushiro: i have to go away for dinner16:22
yushirochandanc, OK, enjoy your dinner time :)16:23
chandanci will catch you tomorrow. I will be ready with the devstack and tests16:23
chandancthanks for all your help :)16:23
*** chandanc has quit IRC16:23
yushironp :)16:23
*** Tim_Eberhard has quit IRC16:24
yushiroah, regarding race condition, I have an idea.17:16
yushiroIn l2 layer, we can judge whether local vlan mapping exists or not.17:17
yushiroIf not exist, then skipped otherwise calls driver.17:18
yushiroSo, no need to edit chandan's patch.  It's enough to refer vlan tag from ovsdb.17:18
*** reedip_ has joined #openstack-fwaas17:36
reedip_xgerman_ ping17:53
*** reedip_ has quit IRC17:53
*** reedip_ has joined #openstack-fwaas17:53
reedip_xgerman_ : review requested on https://review.openstack.org/#/c/478883/17:54
*** yamamoto has joined #openstack-fwaas18:09
*** yamamoto has quit IRC18:13
*** Tim_Eberhard has joined #openstack-fwaas18:20
*** Tim_Eberhard has quit IRC18:20
*** Tim_Eberhard has joined #openstack-fwaas18:21
*** yushiro has quit IRC18:23
*** reedip_ has quit IRC18:23
*** Tim_Eberhard has quit IRC18:25
*** SridarK has quit IRC18:33
*** vishwanathj has quit IRC19:14
*** vishwanathj has joined #openstack-fwaas19:14
*** yamamoto_ has joined #openstack-fwaas21:19
*** yamamoto_ has quit IRC21:21
*** Tim_Eberhard has joined #openstack-fwaas21:21
*** vishwana_ has joined #openstack-fwaas21:49
*** vishwanathj has quit IRC21:52
*** yamamoto has joined #openstack-fwaas23:10
*** Tim_Eberhard has quit IRC23:22
*** yamamoto has quit IRC23:37
*** yamamoto has joined #openstack-fwaas23:51
*** yamamoto_ has joined #openstack-fwaas23:55
*** yamamoto has quit IRC23:56
« Tuesday, 2017-07-25 Index Thursday, 2017-07-27 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!