Thursday, 2017-09-14

« Wednesday, 2017-09-13 Index Friday, 2017-09-15 »
*** sterdnotshaken has quit IRC00:24
openstackgerritIhar Hrachyshka proposed openstack/neutron-fwaas master: Fix mismatch in error messages  https://review.openstack.org/50383003:04
openstackgerritMerged openstack/neutron-fwaas master: Use shim tool for ostestr  https://review.openstack.org/50381503:59
openstackgerritReedip proposed openstack/neutron-fwaas master: Introduce default firewall groups  https://review.openstack.org/42576904:01
*** reedip_afk is now known as reedip04:15
*** SarathMekala has joined #openstack-fwaas04:40
*** yamamoto_ has quit IRC05:21
*** openstack has joined #openstack-fwaas05:30
openstackgerritMerged openstack/neutron-fwaas master: Fix mismatch in error messages  https://review.openstack.org/50383005:48
*** ivasilevskaya has joined #openstack-fwaas11:03
*** SarathMekala has quit IRC11:03
ivasilevskayareedip, didn't know this channel existed :)11:04
ivasilevskayareedip, I wonder if we can go with a blunt 'create_default_firewall_group' method. If I understood your suggestion correctly you advise to move default fwg creation to l2 extension patch and I'd rather get the things done and throughly tested in original patch11:06
*** ivasilevskaya has quit IRC12:08
openstackgerritAkihiro Motoki proposed openstack/neutron-fwaas-dashboard master: FWaaS v1 dashboard: Clean up admin_state logic  https://review.openstack.org/50080514:07
openstackgerritMerged openstack/neutron-fwaas-dashboard master: FWaaS v1 dashboard: Clean up admin_state logic  https://review.openstack.org/50080514:19
*** yamamoto has joined #openstack-fwaas14:35
*** yamamoto has quit IRC14:46
*** yamamoto has joined #openstack-fwaas15:00
*** reedip_ has joined #openstack-fwaas15:12
*** bbbbzhao_ has joined #openstack-fwaas15:13
reedip_xgerman_ when will we have our meeting tomorrow ? Can you discuss the timing once with SridarK and yushiro ? I would like to join in :)15:14
xgerman_Will be 9-12 Mountain time ;-) Maybe longer…15:15
xgerman_That’s what the Neutron schedule says15:16
reedip_hmm ...15:22
reedip_Let me see what it is in my TZ15:22
reedip_:P15:22
*** sterdnotshaken has joined #openstack-fwaas15:27
reedip_sterdnotshaken : the fwaas_dashboard is only for FWaaS v215:31
reedip_sorry, I saw your message but couldnt respond back ( couldnt find you online )15:31
*** SridarK has joined #openstack-fwaas15:37
sterdnotshakenreedip_ Thanks for responding! Ok, so there now is a fwaas dashboard fir fwaas v2 then? For a while there, it was only for v1 right?15:38
reedip_sterdnotshaken : yes, earlier there was only for V1 but the new dashboard serves V215:38
reedip_SridarK : hi, seems there is some work to be done for the Default FWG15:39
reedip_couldnt find yushiro online15:39
SridarKreedip_: hi15:39
reedip_need to discuss this tomorrow in our team meeting for PTG .15:39
SridarKyes default fwg will need some work15:40
reedip_I couldnt find the etherpad for FWaaS PTG15:40
reedip_I would like to update it so that atleast we have the topics to discuss15:40
reedip_SridarK : we would have out meeting around 24 hours from now, right ?15:40
SridarKthe etherpad got reconstituted into the neutron ptg etherpd15:40
SridarKthe format here it seems is to give a quick update on where things stand15:41
SridarKand bring up any blocking issues15:41
reedip_SridarK : ok , actually there have been some issues in DVR15:42
reedip_with FWaaS.15:42
SridarKreedip_: yes i spoke with Swami15:42
reedip_I am trying to set up a system with DVR , so I would need some help of Swami on this ...15:42
SridarKu have some bugs filed ?15:42
reedip_2 actually....15:42
reedip_one by me one by another person....15:42
SridarKcan u pls paste them here15:42
reedip_umm, wait15:43
SridarKthere have been some changes on DVR side15:43
reedip_a lot , actually15:43
reedip_I have been trying to read some of the recent code changes... and I am lost, simply..15:43
SridarKno in terms of the issue with FIP15:43
reedip_https://bugs.launchpad.net/neutron/+bug/171539515:43
openstackLaunchpad bug 1715395 in neutron "FWaaS: Firewall creation fails in case of distributed routers (Pike)" [High,In progress] - Assigned to Reedip (reedip-banerjee)15:43
reedip_https://bugs.launchpad.net/neutron/+bug/171640115:44
openstackLaunchpad bug 1716401 in neutron "FWaaS: Ip tables rules do not get updated in case of distributed virtual routers (DVR)" [Undecided,New] - Assigned to Reedip (reedip-banerjee)15:44
SridarKbut yes the DVR code has changed significantly15:44
SridarKok good thx for the links15:44
SridarKwe can work with Swami to resolve this15:44
reedip_SridarK , can you get an idea of the changes in DVR15:44
reedip_so that we can sync up with the code?15:45
*** yushiro2 has joined #openstack-fwaas15:45
SridarKbut the agent side of the code has changed a lot - since i added the widgets for us to coexist with dvr15:45
SridarKit is unrecognizable to me too15:45
reedip_widgets ?15:45
SridarKcode :-)15:45
reedip_oh ... :)15:46
reedip_oh , got it...15:46
reedip_maybe you can get Swami in tomorrow's meeting as well for 30 min or so ?15:46
SridarKok spoke to Swami a bit yday - will try to sit with him today15:46
reedip_ok SridarK , and it would be great if you can share the points .. I would like to work on the DVR part15:48
SridarKreedip_: sure will do thx15:51
reedip_+1 :)15:51
*** reedip_ is now known as outofmemory16:28
*** outofmemory has quit IRC16:32
doudeHi reedip16:34
sterdnotshakenSo is the FWaaS Horizon dashboard plugin available for Ocata or is it new for Pike only?16:48
*** sterdnotshaken1 has joined #openstack-fwaas16:58
*** sterdnotshaken has quit IRC17:01
yushiro2sterdnotshaken1, Hi.  You mean FWaaS v1?17:04
sterdnotshaken1yushiro2, FWaas v217:05
yushiro2sterdnotshaken1, OK.  v2 dashboard cannot use in Pike.  This is for Queens. (Now, under development)17:06
sterdnotshaken1yushiro2, Oh, ok. so there is no FWaaS Horizon Dashboard for Ocata nor Pike… Good to know. Queens is slated for release in 6 months or so correct?17:09
yushiro2sterdnotshaken1, yes..  You're right.  Queens is slated for 6month.  You can check following link: https://releases.openstack.org/queens/schedule.html17:11
yushiro2We're planning to complete fwaas v2 (including dashboard) in early queens.17:12
sterdnotshaken1Also, if we are using Linux Bridge based SG, but our Ocata implementation uses OVS, can we use FWaaS v2 (which deploys security rules in the form of OVS flows) or do we need to change our SG to use OVS as well?17:14
sterdnotshaken1Hopefully that question makes sense...17:15
sterdnotshaken1I guess my question is, if we have Linux Bridge set as our firewall driver, but are running OVS as our mechanism driver, does FWaaS v2 work with that?17:17
SridarKsterdnotshaken1: in theory this could work - but some clarifications:17:19
SridarK1) FWaaS v2 on L3 ports - will have no issues on what u are doing with SG17:20
SridarK2) FWaaS v2 on VM ports - will use ovs as u point out. This code is in the last stages of review so should merge hopefully in a few weeks.17:21
SridarK3) As a first step - we will spend more time on testing out FWaaS v2 on VM ports standalone (ie no SG)17:21
SridarK4) We were hoping that the deployment for SG and FWaaS v2 will start will all ovs17:22
yushiro2Aha, thanks for your explanation, SridarK17:23
SridarK5) Then we get to the stage where we could have SG on iptables and and FWaaS v2 on ovs - this will require some validation -17:23
SridarKsterdnotshaken1: that is the basic plan as we were thinking - pls go ahead if u have more questions or suggestions17:24
SridarKone of the things i am not entirely sure abt is when SG on ovs is ready for consumption or what state it is in17:25
sterdnotshaken1We've ran it in the past and it worked great for us. We end up switching back to Linux Bridge per some concerns regarding flow table size on br-int with we got up to 1000's of customers...17:26
SridarKsterdnotshaken1: ok17:27
sterdnotshaken1SridarK, Excellent, very good explanation! That clarifies it. Thank you very much. So it sound like Queens is going to be a very significant release for FWaaS then.17:27
SridarKsterdnotshaken1: yes with respect L2 support17:27
sterdnotshaken1excellent!17:27
SridarKsterdnotshaken1: perhaps if u have time u can drop in to some of our weekly IRC mtgs17:28
SridarKwe would love to get some feedback from users17:28
yushiro2SridarK, sterdnotshaken1 yes, it sounds good ;)17:28
sterdnotshaken1Thank you for your help as well Yushiro217:29
yushiro2sterdnotshaken1, quick question.  I found a person in Wiki:https://en.wikipedia.org/wiki/Steven_Davis  Is it you?? ;)17:31
sterdnotshaken1ha ha! I wish! Naw, not me :)17:32
SridarK:-)17:32
SridarKsterdnotshaken1: by any chance are u at the PTG gathering at Denver ?17:33
sterdnotshaken1I'm located in Utah, which is next to Colorado, alas, I don't think I'll be able to make it. :(17:34
*** yamamoto has quit IRC17:34
yushiro2sterdnotshaken1, hahaha :)  OK, just joking.17:34
*** SumitNaiksatam has joined #openstack-fwaas17:40
SridarKsterdnotshaken1: ok cool - lets stay in touch here and possibly on the weekly mtgs17:47
sterdnotshaken1Sounds great!17:47
*** yushiro2 has quit IRC17:57
*** SridarK has quit IRC17:58
*** yamamoto has joined #openstack-fwaas18:12
*** yamamoto_ has joined #openstack-fwaas18:14
*** yamamoto has quit IRC18:18
*** yamamoto_ has quit IRC19:00
*** yamamoto has joined #openstack-fwaas19:06
*** SumitNaiksatam has quit IRC19:10
*** yushiro has joined #openstack-fwaas19:19
*** yushiro has quit IRC19:59
*** yamamoto has quit IRC20:02
*** yamamoto has joined #openstack-fwaas20:55
*** sterdnotshaken has joined #openstack-fwaas21:05
*** sterdnotshaken1 has quit IRC21:05
*** yamamoto has quit IRC22:19
*** yamamoto has joined #openstack-fwaas22:21
*** yamamoto has quit IRC22:24
*** yamamoto has joined #openstack-fwaas22:46
*** yamamoto has quit IRC22:47
*** openstackstatus has joined #openstack-fwaas23:10
*** ChanServ sets mode: +v openstackstatus23:10
« Wednesday, 2017-09-13 Index Friday, 2017-09-15 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!