Thursday, 2018-04-12

« Wednesday, 2018-04-11 Index Friday, 2018-04-13 »
*** yamamoto has joined #openstack-fwaas00:47
*** yamamoto has quit IRC00:52
*** hoangcx has joined #openstack-fwaas00:57
*** openstackgerrit has quit IRC05:48
*** AlexeyAbashkin has joined #openstack-fwaas05:58
*** threestrands has joined #openstack-fwaas06:05
*** threestrands has quit IRC06:05
*** threestrands has joined #openstack-fwaas06:05
*** hoangcx has quit IRC06:20
*** hoangcx has joined #openstack-fwaas06:21
*** AlexeyAbashkin has quit IRC06:24
*** AlexeyAbashkin has joined #openstack-fwaas06:35
*** AlexeyAbashkin has quit IRC06:44
*** AlexeyAbashkin has joined #openstack-fwaas07:01
*** yamamoto has joined #openstack-fwaas07:05
*** piepmatz has joined #openstack-fwaas07:50
*** yamamoto has quit IRC08:17
*** AlexeyAbashkin has quit IRC08:29
*** AlexeyAbashkin has joined #openstack-fwaas08:30
*** yamamoto has joined #openstack-fwaas08:32
*** yamamoto has quit IRC08:36
*** piepmatz has quit IRC09:16
*** yamamoto has joined #openstack-fwaas09:46
*** yamamoto has quit IRC09:48
*** openstackgerrit has joined #openstack-fwaas09:48
openstackgerritCao Xuan Hoang proposed openstack/neutron-fwaas master: [log]: Add rpc stuff for logging  https://review.openstack.org/53071509:48
*** yamamoto has joined #openstack-fwaas09:49
*** yamamoto has quit IRC09:52
openstackgerritCuong Nguyen proposed openstack/neutron-fwaas master: [WIP] Add log validator for FWaaS side  https://review.openstack.org/53279209:53
*** yamamoto has joined #openstack-fwaas09:54
*** yamamoto has quit IRC10:00
*** yamamoto has joined #openstack-fwaas10:01
*** AlexeyAbashkin has quit IRC10:10
*** hoangcx has quit IRC10:12
*** threestrands has quit IRC10:24
*** AlexeyAbashkin has joined #openstack-fwaas10:53
*** yamamoto has quit IRC10:56
*** yamamoto has joined #openstack-fwaas11:02
*** yamamoto has quit IRC11:03
*** yamamoto has joined #openstack-fwaas11:08
*** yamamoto has quit IRC11:11
*** yamamoto has joined #openstack-fwaas11:11
*** yamamoto has quit IRC11:33
*** AlexeyAbashkin has quit IRC12:28
*** AlexeyAbashkin has joined #openstack-fwaas12:29
*** yamamoto has joined #openstack-fwaas12:30
*** yamamoto has quit IRC12:35
openstackgerritMerged openstack/neutron-fwaas master: Fix pep8 new warnings  https://review.openstack.org/56030312:47
*** yamamoto has joined #openstack-fwaas12:47
*** yamamoto has quit IRC12:49
*** hoangcx has joined #openstack-fwaas12:57
*** yamamoto has joined #openstack-fwaas13:01
*** yamamoto has quit IRC13:01
*** yamamoto has joined #openstack-fwaas13:05
*** yamamoto has quit IRC13:09
*** yamamoto has joined #openstack-fwaas13:21
*** yamamoto has quit IRC13:24
*** yamamoto has joined #openstack-fwaas13:43
*** yamamoto has quit IRC13:44
*** SridarK has joined #openstack-fwaas13:48
*** wkite has joined #openstack-fwaas13:48
*** yamamoto has joined #openstack-fwaas13:48
*** yamamoto has quit IRC13:49
*** yamamoto has joined #openstack-fwaas13:49
SridarKHi FWaaS folks13:59
*** chandanc has joined #openstack-fwaas13:59
*** annp has joined #openstack-fwaas13:59
SridarK#startmeeting fwaas13:59
openstackMeeting started Thu Apr 12 13:59:51 2018 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.13:59
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.13:59
*** openstack changes topic to " (Meeting topic: fwaas)"13:59
openstackThe meeting name has been set to 'fwaas'13:59
SridarK#chair xgerman_14:00
openstackCurrent chairs: SridarK xgerman_14:00
SridarKyushiro will not be able to join today14:00
annphi14:00
chandancHello All14:00
SridarKWe are nearing Rocky R-1 milestone14:01
xgerman_o/14:02
SridarKhttps://releases.openstack.org/rocky/schedule.html14:02
*** wkite has quit IRC14:03
SridarKxgerman_: any other announcements that u would like to bring up ?14:03
*** wkite has joined #openstack-fwaas14:03
xgerman_for the Vancouver people there is a CI/CD summit colocated with the OopenStack summit14:03
xgerman_#link https://www.openstack.org/news/view/376/opendev-cicd-schedule-now-live-collaborative-technical-event-focuses-on-jenkins-spinnaker-zuul-and-more14:04
SridarKxgerman_: oh that is interesting, do u know if the summit registration covers that ?14:04
xgerman_yep, covered with the OpenStack pass14:05
SridarKnice, thx for that info xgerman_14:05
wkiteExcuse me, what might I have missed?14:06
SridarKwkite: will u be at the summit in Vancouver ?14:06
wkiteThis is unlikely14:07
SridarKwkite: if so check out the link above for a CI/CD summit that happens colocated14:07
SridarKwkite: ok then no impact14:07
SridarKbut might be good to check out and if there are videos post event - u can catch up14:07
SridarKok lets move on14:08
SridarK#topic Rocky: Pluggable backend Driver14:08
*** openstack changes topic to "Rocky: Pluggable backend Driver (Meeting topic: fwaas)"14:08
SridarKdoude: pls go ahead14:08
doudeHi14:08
SridarKdoude: thx for addressing comments14:09
doudeI had few reviews, one from you SridarK  and two others14:09
doudeI answered them14:09
SridarK#link https://review.openstack.org/#/c/480265/14:10
doudeand for the moment no issue was reported to me14:10
SridarKI think yushiro had some clarifications on the tests14:10
annpdoude, have you tested with your patch in multi node environemnt?14:10
doude#link https://etherpad.openstack.org/p/fwaas-pluggable-backend-testing14:10
doudeno I did not14:10
doudeannp14:11
annpdoube, Today I tried to test your patch, I got same result as yushiro report last metting14:11
annpdoube, Exception OVSFWaaSPortNotFound was raised.14:12
doudeok14:12
SridarKdoude: it seems yushiro did not have u in he email - just fwd-ed it to u14:12
SridarKannp: this was on update of FWG correct ?14:13
doudehot it now14:13
doudegot it now14:13
annpSridarK,I have tested with master branch, I don't see OVSFWaasPortNotFound exception14:14
SridarKannp: thx14:14
SridarKannp: was it updating a FWG with a port ?14:14
doudeannp can you descibe step you used to reproduce it?14:14
annpdoube, SridarK, 1st: building 1 controller node and 2 compute node with doube's patch14:15
annpthen create VM, You can see log in q-agt.service14:16
annpDefault fwg status change to ERROR14:16
doudeyushiro said in his email he reproduces it in both cases: all-in-one and multi node14:16
SridarKannp: oh ok it is on VM create (which triggers the update on FWG)14:17
doudeok I'll look at it14:17
annpdoude, I just tested with multi node not tested with all-in-one14:17
doudeok14:17
doudeI've a aio ready, I can try14:17
annpSridarK, yes14:17
SridarKannp: ok thx and as u mention, it seems yushiro sees it in all in one itself14:18
SridarKdoude: thx can u quickly check that out and debug14:18
SridarKannp: would u mind to put a comment on gerrit as well ?14:18
annpSridarK, No problem. I will do.14:19
SridarKannp: thx14:19
doudealso, I've comment from NSX developer who said they already have a NSX driver for FWaaSv2 and ask if my patch will break it14:20
doudehttps://review.openstack.org/#/c/480265/19/devstack/plugin.sh@4714:20
SridarKdoude: yes I think there has to be some accompanying change but i think it may not be too bad14:22
doudeok, but I don't get how their driver work actually14:22
doudethere is no driver interface14:22
SridarKdoude: but it will help to get that to a resolution to make sure that there is a clear path for existing users14:23
SridarKIf someone is using the community version of the pluging and only defining a backend driver - their impact should be minimal ?14:24
SridarKjust specifying the driver14:24
doudeyes14:24
SridarKbut with anyone with their version of the plugin - they will need to conform to the service driver interface14:25
doudenot sure to understand that14:25
SridarKno they will need to specify their plugin as a flavor14:26
SridarKdoude: possibly a discussion with the reviewer to outline the changes would be good14:26
SridarKas we dont really understand their implementation14:26
doudeok14:27
doudeI think they implemented their own service plugin14:27
SridarKok14:27
doudeso event after my patch, that'll continuing to work14:27
doudethe service plugin insterface did not change with my patch14:28
SridarKand if they want they can implement their plugin as a service driver14:28
SridarKbut as such they should be fine14:28
SridarKok if they are comfortable we can move on - else maybe a discussion on the channel with them will be good so u can move fwd14:29
SridarKok shall we move on14:30
SridarKdoude: anything else ?14:30
doudeoh no they use that driver interface https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/drivers/fwaas_base.py14:30
doudeno it's ok for me14:31
SridarKok14:32
SridarKlets talk more offline14:32
doudeok14:32
SridarK#topic Rocky Address Group Spec14:32
*** openstack changes topic to "Rocky Address Group Spec (Meeting topic: fwaas)"14:32
SridarK#link https://review.openstack.org/#/c/557137/14:33
SridarKwkite: pls go ahead14:33
wkiteok14:33
SridarKI have also added a few comments14:33
wkitein14:34
SridarKannp: chandanc: also pls take a look in what we can support on the driver14:34
SridarKwe will need to do both iptables and ovs14:34
chandancsure SridarK14:34
annpsure14:35
SridarKor rather how we will support on the driver14:35
SridarKwkite: i also echo njohnston 's comment on the address range14:35
SridarKwkite:  is that very critical need - defn it improves usability14:36
wkiteThis is a function we need14:36
SridarKto support arbitrary ranges not along a cidr block14:36
SridarKwkite: ok14:36
SridarKwkite: ok lets continue this on the review14:37
SridarKwkite: other things u want to bring up14:38
wkitewe also need multi address groups14:38
wkiteI have implemented this function with my own code.14:39
wkiteBut I only implemented the driver of iptables by iprange module14:40
SridarKwkite: we only support a single address (or range) but i can see the value of having multiple AG's14:41
SridarKwkite: we will need to eval ovs for L2 support14:41
SridarKlets continue discussion on the review14:42
wkiteok14:42
SridarK#topic Rocky FWaaS Logging spec14:43
*** openstack changes topic to "Rocky FWaaS Logging spec (Meeting topic: fwaas)"14:43
SridarK#link https://review.openstack.org/#/c/509725/14:43
SridarKannp: pls go ahead14:43
SridarKI think we just have to resolve some minor things and we should be able to move fwd ?14:44
hoangcxSridarK: Yes14:44
annpI'm waiting update from submiter :)14:44
SridarKannp: ok14:44
SridarKannp anything else u would like to bring up here ?14:44
annpI think spec is quite close to merge.14:44
hoangcxOops, job failed!!!14:45
*** AlexeyAbashkin has quit IRC14:45
annpSridarK, that's all from me.14:45
SridarKok sounds good14:45
SridarK#topic Rocky Remote FWG14:46
*** openstack changes topic to "Rocky Remote FWG (Meeting topic: fwaas)"14:46
SridarKxgerman_: pls go ahead14:46
SridarK#link https://review.openstack.org/52120714:46
xgerman_not much progress — but I am firmaly in for R-214:47
SridarKxgerman_: sounds good14:47
SridarK#topic Rocky tempest14:47
*** openstack changes topic to "Rocky tempest (Meeting topic: fwaas)"14:47
SridarKI have been looking at this and will get something going for R-214:48
SridarK#topic bugs14:48
*** openstack changes topic to "bugs (Meeting topic: fwaas)"14:48
SridarK#link  https://bugs.launchpad.net/neutron/+bug/175977314:49
openstackLaunchpad bug 1759773 in neutron "FWaaS: Invalid port error on associating L3 ports (Router in HA) to firewall group" [Undecided,Confirmed] - Assigned to Sridar Kandaswamy (skandasw)14:49
SridarKand we had a similar issue for DVR, I will address the DVR issue but on HA would like to get some discussion going on behavior after switchover14:49
SridarKI dont know that we had any other bugs come up recently but it is time to do a scrub at some point soon14:50
SridarK#topic Open Discussion14:50
*** openstack changes topic to "Open Discussion (Meeting topic: fwaas)"14:50
annpHi xgerman_14:51
xgerman_hi14:51
SridarKWe will skip Dashboard as i dont see SarathMekala - he was going to come up with a list of enhancements14:51
annpI'm planning to start collect idea for l7 filtering14:51
SridarKannp: +114:51
xgerman_nice — that’s cilium’s claim to fame14:52
annpI think we can bring this topic to forum at vancouver summit. Do you think so?14:52
annpxgerman_, yes, cilium is great.14:52
xgerman_yes, we can ;-)14:53
SridarKannp: have u had some ideas on the backend ? BPF ?14:53
annpSridarK, actually, I just want to collect idea to start chose good solution before I implement it14:54
xgerman_well, we should make it pluggable in any way and then just have a rference implementation14:54
annpMay be BPF and XDP is good choice. Is there any simpler than BPF and XDP?14:54
annp:)14:54
xgerman_iptables?14:54
SridarKannp: ok the challenge (and part of the requirements and discussion) is we will need to support a ref implementation14:55
xgerman_(which is BPF under the cover but…)14:55
annpyes. maybe but i'm not sure :)14:55
xgerman_we should also look at how Octavia/LBaaS define L7 rules14:55
SridarKxgerman_: that would be useful14:56
xgerman_https://developer.openstack.org/api-ref/load-balancer/v2/#l7-policies14:56
annpxgerman_ +114:56
xgerman_yeah, if we can settle on a common “language” that would  make it easier for users14:56
xgerman_I also think CCF was going in that direction14:57
annpSo I think we can create a etherpad to collect requirement and idea for L7 filtering, Do you think so?14:57
SridarKannp: +114:57
SridarKxgerman_: we should also evaluate where we stand with CCF14:57
SridarKand also the progress on CCF14:58
xgerman_+114:58
annphttps://etherpad.openstack.org/p/fwaas-v2-L7-filtering14:59
SridarKannp: ok great lets add thoughts there14:59
SridarKok we are at time14:59
SridarKthanks all for joining14:59
SridarKbye15:00
annpthanks all15:00
SridarK#endmeeting15:00
*** openstack changes topic to "Queens (Meeting topic: fwaas)"15:00
openstackMeeting ended Thu Apr 12 15:00:14 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:00
openstackMinutes:        http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-04-12-13.59.html15:00
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-04-12-13.59.txt15:00
openstackLog:            http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-04-12-13.59.log.html15:00
annpbye15:00
*** chandanc has quit IRC15:00
*** AlexeyAbashkin has joined #openstack-fwaas15:07
*** annp has quit IRC15:07
*** AlexeyAbashkin has quit IRC15:12
*** hoangcx has quit IRC15:14
*** wkite has quit IRC15:14
*** AlexeyAbashkin has joined #openstack-fwaas15:32
*** yamamoto has quit IRC16:47
*** yamamoto has joined #openstack-fwaas16:58
*** yamamoto has quit IRC17:03
*** SridarK has quit IRC17:10
openstackgerritboden proposed openstack/neutron-fwaas master: use rpc Connection rather than create_connection  https://review.openstack.org/56099517:58
*** yamamoto has joined #openstack-fwaas18:04
*** openstackgerrit has quit IRC18:19
*** AlexeyAbashkin has quit IRC19:06
*** yamamoto has quit IRC20:21
*** yamamoto has joined #openstack-fwaas20:22
*** openstackstatus has quit IRC21:27
*** openstack has joined #openstack-fwaas21:29
*** ChanServ sets mode: +o openstack21:29
-openstackstatus- NOTICE: The Etherpad service at https://etherpad.openstack.org/ is being restarted to pick up the latest release version; browsers should see only a brief ~1min blip before reconnecting automatically to active pads23:39
« Wednesday, 2018-04-11 Index Friday, 2018-04-13 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!