| *** yamamoto has joined #openstack-fwaas | 00:06 | |
| *** SridarK has quit IRC | 00:35 | |
| *** chandanc has joined #openstack-fwaas | 01:24 | |
| *** hoangcx has quit IRC | 01:24 | |
| *** hoangcx has joined #openstack-fwaas | 01:25 | |
| *** chandanc has quit IRC | 01:31 | |
| *** threestrands_ has joined #openstack-fwaas | 02:49 | |
| *** threestrands_ has quit IRC | 02:49 | |
| *** threestrands_ has joined #openstack-fwaas | 02:49 | |
| *** threestrands has quit IRC | 02:51 | |
| *** chandanc has joined #openstack-fwaas | 02:56 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 03:44 | |
| *** jappleii__ has joined #openstack-fwaas | 03:44 | |
| *** jappleii__ has quit IRC | 03:45 | |
| *** jappleii__ has joined #openstack-fwaas | 03:45 | |
| *** jappleii__ has quit IRC | 03:46 | |
| *** threestrands_ has quit IRC | 03:46 | |
| *** jappleii__ has joined #openstack-fwaas | 03:47 | |
| *** jappleii__ has quit IRC | 03:48 | |
| *** AlexeyAbashkin has quit IRC | 03:48 | |
| *** jappleii__ has joined #openstack-fwaas | 03:48 | |
| *** jappleii__ has quit IRC | 05:52 | |
| *** annp has joined #openstack-fwaas | 06:33 | |
| annp | chandanc, hi | 06:33 |
|---|---|---|
| chandanc | Hello | 06:33 |
| annp | I've just put my comment in gerrit. | 06:34 |
| annp | Have you check it? | 06:34 |
| annp | https://review.openstack.org/#/c/535237/1/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py | 06:34 |
| chandanc | We sould not have any checks in the driver | 06:35 |
| chandanc | driver should be dumb | 06:35 |
| chandanc | all intelegence should be in the invoker | 06:36 |
| annp | chandanc, IMO we should check sg_driver at fw v2 driver | 06:36 |
| annp | It's more reasonable than check sg_driver at agent extension. | 06:36 |
| chandanc | no, i dont thnk that is correct, we always keep the driver isolated as much as possible | 06:38 |
| chandanc | all interaction with OpenStack components including plugin/ config/ db should be avoided from driver | 06:39 |
| chandanc | this is what we separate driver and agent | 06:39 |
| annp | I mean firewall l2 agent extension can have more driver, not only currently driver. | 06:40 |
| chandanc | Sure, it can and we can paramereize them accordingly | 06:40 |
| chandanc | but we should have the responsibility of the driver and agent clearly defined | 06:41 |
| annp | In addition, May be there is another way to implement co-existence mode | 06:41 |
| chandanc | and pushing config parsing to driver should be avoided | 06:41 |
| chandanc | i am ok wth another way of implementing co-existance in driver | 06:42 |
| chandanc | but to figureout if co-existance or not in driver based on config parsing is not right | 06:42 |
| annp | Sorry, I don't get your point here. Why do we need to check sg_driver at firewall l2 agent extension? | 06:44 |
| annp | IMO, it's not reasonable to me. | 06:45 |
| chandanc | I am saying, that we need to keep driver isolated from figuring out environment | 06:46 |
| chandanc | that job belongs to agent | 06:46 |
| annp | But I don't see any reason why we need to check sg_driver at Fwaas Agent extension. As I said, maybe there is another way to implement co-existence mode. | 06:49 |
| annp | and the currently implementation used sg_enable to enabled co-existence with assuming sg-driver = 'openvswitch' | 06:50 |
| chandanc | yes it is assuming openvswitch | 06:52 |
| annp | I think that, the check sg_driver is 'openswitch' should be do in https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/drivers/linux/l2/openvswitch_firewall/firewall.py#L242 | 06:52 |
| chandanc | as we are supporting ovs | 06:52 |
| chandanc | but if you want coexistance with iptables, we will have a different driver and still the check of coexistance need to be outside the driver | 06:53 |
| chandanc | if you are reading config or communicating to plugin | 06:53 |
| annp | You mean, sg_driver = iptables, right? if so the value of sg_enable at https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/drivers/linux/l2/openvswitch_firewall/firewall.py#L242 should be false | 06:58 |
| annp | We can change name of sg_enable at driver side. However we shouldn't change sg_enable value at firewall agent extension. | 06:59 |
| annp | I assuming there is 2 driver DriverA and DriverB, | 07:01 |
| annp | How do we start DriverA and DriverB correctly? if we check sg_driver then change value of sg_enable at Firewall agent extension? | 07:03 |
| annp | I assume DriverA and DriverB will use sg_enable with different action for implementing co-existence mode. | 07:04 |
| chandanc | “We can change name of sg_enable at driver side. However we shouldn't change sg_enable value at firewall agent extension” | 07:13 |
| chandanc | i agree | 07:13 |
| chandanc | in the current driver we can rename the avriable as sg_with_ovs | 07:14 |
| annp | +1 | 07:14 |
| annp | I think sg_with_ovs is better. | 07:14 |
| chandanc | but in this case for iptables driver we have to use sg_with_iptables | 07:15 |
| chandanc | we can keep things to mean what as the name of the variable | 07:15 |
| chandanc | i will post an update to the patch | 07:16 |
| annp | Ok, I will review it and dig more if i can find another better. :) | 07:17 |
| annp | Sorry for this inconvenience. Thanks | 07:18 |
| reedip | bbzhao : ping | 07:19 |
| *** AlexeyAbashkin has joined #openstack-fwaas | 08:13 | |
| *** annp has quit IRC | 08:28 | |
| *** hoangcx has quit IRC | 08:28 | |
| *** annp has joined #openstack-fwaas | 08:29 | |
| *** hoangcx has joined #openstack-fwaas | 08:29 | |
| *** jafeha has quit IRC | 10:00 | |
| *** jafeha has joined #openstack-fwaas | 10:01 | |
| *** hoangcx has quit IRC | 10:21 | |
| *** chandanc has quit IRC | 11:07 | |
| *** annp has quit IRC | 11:55 | |
| *** jafeha__ has joined #openstack-fwaas | 12:01 | |
| *** jafeha has quit IRC | 12:01 | |
| *** reedip has quit IRC | 12:28 | |
| *** reedip has joined #openstack-fwaas | 12:41 | |
| *** hoangcx_ has joined #openstack-fwaas | 12:45 | |
| *** hoangcx_ has quit IRC | 14:21 | |
| *** yamamoto has quit IRC | 15:05 | |
| *** yamamoto has joined #openstack-fwaas | 15:06 | |
| *** yamamoto has quit IRC | 15:17 | |
| *** annp has joined #openstack-fwaas | 15:31 | |
| *** yamamoto has joined #openstack-fwaas | 15:48 | |
| *** annp has quit IRC | 16:00 | |
| *** AlexeyAbashkin has quit IRC | 16:35 | |
| *** yamamoto has quit IRC | 17:31 | |
| *** yamamoto has joined #openstack-fwaas | 17:38 | |
| *** yamamoto has quit IRC | 17:38 | |
| *** openstackgerrit has joined #openstack-fwaas | 17:39 | |
| openstackgerrit | Édouard Thuleau proposed openstack/neutron-fwaas master: Implements a plugable backend driver https://review.openstack.org/480265 | 17:39 |
| openstackgerrit | Édouard Thuleau proposed openstack/neutron-fwaas master: Implements a plugable backend driver https://review.openstack.org/480265 | 17:56 |
| *** AlexeyAbashkin has joined #openstack-fwaas | 18:16 | |
| *** AlexeyAbashkin has quit IRC | 18:20 | |
| *** yamamoto has joined #openstack-fwaas | 18:39 | |
| *** yamamoto has quit IRC | 18:50 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 19:45 | |
| *** AlexeyAbashkin has quit IRC | 19:49 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 20:27 | |
| *** AlexeyAbashkin has quit IRC | 20:31 | |
| openstackgerrit | Ihar Hrachyshka proposed openstack/neutron-fwaas master: DNM testing whether lib/neutron switch breaks this repo https://review.openstack.org/535946 | 20:54 |
| *** AlexeyAbashkin has joined #openstack-fwaas | 23:22 | |
| *** AlexeyAbashkin has quit IRC | 23:26 | |
| *** yamamoto has joined #openstack-fwaas | 23:40 | |
| -openstackstatus- NOTICE: Zuul will be offline over the next 20 minutes to perform maintenance; active changes will be reenqueued once work completes, but new patch sets or approvals during that timeframe may need to be rechecked or reapplied as appropriate | 23:42 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!