Wednesday, 2014-03-26

« Tuesday, 2014-03-25 Index Thursday, 2014-03-27 »
alexpilottirkukura: we have an Hyper-V patch that got abandoned after approval due to rebasing issues00:00
alexpilottirkukura: as the commit that merged in the meantime solved the issue that the failing patch was meant to solve, there was no need for it anymore00:01
alexpilottirkukura: https://review.openstack.org/#/c/63840/300:01
alexpilottirkukura: but we still need it in Havana00:01
alexpilottirkukura: how can we do that, as normally when we do a backport, we alway refer to a patch in master!00:01
*** spandhe has quit IRC00:02
alexpilottirkukura: as a side note, the reason why the patch is not needed in master is that the security groups blueprint code replaced the code where the issue was happening00:02
*** Trozz has joined #openstack-neutron00:03
alexpilottirkukura: but we cannot backport the security groups blueprint, so we still need to backport the failed patch :-)00:03
*** spandhe has joined #openstack-neutron00:03
*** banix has joined #openstack-neutron00:05
rkukuraalexpilotti: I think a stable-branch-specific patch is acceptible with this sort of justification. Just make sure thats clear in the commit message, and reference the patch fixing the issue on master.00:12
alexpilottirkukura: ok tx!00:12
*** gdubreui has joined #openstack-neutron00:17
*** krtaylor has joined #openstack-neutron00:20
*** mestery has quit IRC00:23
*** alagalah has quit IRC00:25
*** matsuhashi has joined #openstack-neutron00:27
*** rkukura has quit IRC00:28
*** singhs has quit IRC00:28
*** thuc has joined #openstack-neutron00:29
*** banix has quit IRC00:31
*** manishg has quit IRC00:32
*** morganfainberg is now known as morganfainberg_Z00:33
*** thuc has quit IRC00:33
*** yamahata has quit IRC00:34
*** SumitNaiksatam has quit IRC00:36
*** beagles has quit IRC00:40
*** banix has joined #openstack-neutron00:56
*** Jianyong has joined #openstack-neutron00:58
openstackgerritA change was merged to openstack/python-neutronclient: Show the unknown auth stratey in neutron client  https://review.openstack.org/8283400:59
*** armitage81 has quit IRC01:03
*** tomoe_ has joined #openstack-neutron01:09
*** otherwiseguy has joined #openstack-neutron01:09
*** changbl has joined #openstack-neutron01:12
*** matsuhashi has quit IRC01:12
*** matsuhashi has joined #openstack-neutron01:14
*** tomoe_ has quit IRC01:19
*** spandhe has quit IRC01:30
*** ramishra has joined #openstack-neutron01:30
*** dave_tucker_zzz is now known as dave_tucker01:32
*** krtaylor has quit IRC01:34
*** devlaps1 has quit IRC01:36
*** _cjones_ has quit IRC01:37
*** catohornet__ has joined #openstack-neutron01:43
*** singhs has joined #openstack-neutron01:45
*** alexpilotti has quit IRC01:47
*** xuhanp has joined #openstack-neutron01:53
*** otherwiseguy has quit IRC01:55
*** dfarrell07 has joined #openstack-neutron01:58
*** yamahata has joined #openstack-neutron01:58
openstackgerritHenry Gessau proposed a change to openstack/neutron: Remove auto-generation of db schema from models at startup  https://review.openstack.org/4029601:59
openstackgerritLi Ma proposed a change to openstack/neutron: Race condition of L3-agent to add/remove routers  https://review.openstack.org/7323402:00
*** flwang has quit IRC02:00
*** tomoe_ has joined #openstack-neutron02:00
*** matsuhashi has quit IRC02:00
xuhanpamotoki, ping02:04
*** singhs has quit IRC02:07
*** matsuhashi has joined #openstack-neutron02:08
*** tomoe_ has quit IRC02:10
*** dave_tucker is now known as dave_tucker_zzz02:10
*** thuc has joined #openstack-neutron02:11
*** otherwiseguy has joined #openstack-neutron02:12
*** xianghui has joined #openstack-neutron02:22
*** harlowja is now known as harlowja_away02:27
*** thuc has quit IRC02:27
*** thuc has joined #openstack-neutron02:28
*** thuc has quit IRC02:32
*** catohornet___ has joined #openstack-neutron02:33
*** catohornet__ has quit IRC02:35
*** singhs has joined #openstack-neutron02:37
*** krtaylor has joined #openstack-neutron02:38
*** singhs_ has joined #openstack-neutron02:40
*** flwang has joined #openstack-neutron02:41
*** singhs has quit IRC02:41
*** singhs_ is now known as singhs02:41
*** nati_ueno has quit IRC02:42
*** catohornet___ has quit IRC02:44
*** tomoe_ has joined #openstack-neutron02:45
*** ramishra has quit IRC02:45
*** ramishra has joined #openstack-neutron02:45
openstackgerritenikanorov proposed a change to openstack/neutron: Fix namespace exist() method  https://review.openstack.org/8153702:48
*** baoli has quit IRC02:50
*** ramishra has quit IRC02:50
*** manishg has joined #openstack-neutron02:54
*** ramishra has joined #openstack-neutron02:54
*** carl_baldwin has joined #openstack-neutron02:55
*** tomoe_ has quit IRC02:56
*** manishg_ has joined #openstack-neutron02:57
*** manishg has quit IRC02:58
*** manishg has joined #openstack-neutron02:59
*** manishg_ has quit IRC03:01
*** ramishra has quit IRC03:02
*** manishg_ has joined #openstack-neutron03:02
*** ramishra has joined #openstack-neutron03:02
*** devlaps has joined #openstack-neutron03:03
*** manishg has quit IRC03:04
*** manishg has joined #openstack-neutron03:05
*** banix has quit IRC03:07
*** manishg_ has quit IRC03:07
*** ramishra has quit IRC03:07
*** manishg_ has joined #openstack-neutron03:08
*** tomoe_ has joined #openstack-neutron03:09
*** manishg has quit IRC03:10
*** manishg has joined #openstack-neutron03:11
*** BuSerD has quit IRC03:12
*** manishg_ has quit IRC03:13
*** emagana has joined #openstack-neutron03:13
*** manishg_ has joined #openstack-neutron03:14
*** matsuhashi has quit IRC03:15
*** manishg has quit IRC03:16
*** manishg has joined #openstack-neutron03:17
*** thuc has joined #openstack-neutron03:17
*** manishg_ has quit IRC03:19
*** thuc has quit IRC03:19
*** thuc has joined #openstack-neutron03:20
*** manishg_ has joined #openstack-neutron03:20
*** baoli has joined #openstack-neutron03:20
*** Matt1 has quit IRC03:21
*** manishg has quit IRC03:22
*** manishg has joined #openstack-neutron03:23
*** emagana has quit IRC03:24
*** manishg_ has quit IRC03:25
*** manishg_ has joined #openstack-neutron03:26
*** sbalukoff has quit IRC03:26
*** sbalukoff has joined #openstack-neutron03:27
*** thuc has quit IRC03:27
*** tomoe_ has quit IRC03:27
*** manishg has quit IRC03:28
*** manishg has joined #openstack-neutron03:28
*** baoli has quit IRC03:29
*** manishg_ has quit IRC03:30
*** manishg_ has joined #openstack-neutron03:31
*** manishg has quit IRC03:33
*** manishg has joined #openstack-neutron03:34
*** tomoe_ has joined #openstack-neutron03:35
*** manishg_ has quit IRC03:36
*** manishg_ has joined #openstack-neutron03:37
*** manishg has quit IRC03:38
*** emagana has joined #openstack-neutron03:39
*** manishg has joined #openstack-neutron03:40
*** manishg_ has quit IRC03:42
*** manishg_ has joined #openstack-neutron03:43
amotokixuhanp: pong03:43
xuhanpamotoki, Can I add you as the reviewer of my patch related to IPv6 security group? we (ipv6 sub team) hope this can be the next patch of IPv6 changes03:44
*** manishg has quit IRC03:44
xuhanpamotoki, here is the link https://review.openstack.org/#/c/72252/03:45
*** tomoe_ has quit IRC03:45
amotokixuhanp: sure03:45
xuhanpamotoki, thanks a lot!03:46
*** ramishra has joined #openstack-neutron03:46
*** manishg has joined #openstack-neutron03:46
*** manishg_ has quit IRC03:47
amotokixuhanp: Do we need to target this bug to rc1?03:48
*** thuc has joined #openstack-neutron03:48
xuhanpamotoki, we hope so. But depends on how many comments we get03:48
*** manishg_ has joined #openstack-neutron03:49
*** spandhe has joined #openstack-neutron03:49
amotokixuhanp: okay. i added it to my review list.03:51
*** mestery has joined #openstack-neutron03:51
*** emagana has quit IRC03:51
xuhanpamotoki, perfect. Thanks again03:51
*** manishg has quit IRC03:51
*** armax has joined #openstack-neutron03:52
*** manishg has joined #openstack-neutron03:52
*** carl_baldwin has quit IRC03:53
*** spandhe_ has joined #openstack-neutron03:54
*** spandhe has quit IRC03:54
*** spandhe_ is now known as spandhe03:54
*** manishg_ has quit IRC03:54
*** carl_baldwin has joined #openstack-neutron03:55
*** manishg_ has joined #openstack-neutron03:55
*** manishg has quit IRC03:56
*** manishg has joined #openstack-neutron03:58
*** manishg_ has quit IRC03:59
*** manishg_ has joined #openstack-neutron04:00
*** nati_ueno has joined #openstack-neutron04:02
*** manishg has quit IRC04:02
*** thuc_ has joined #openstack-neutron04:03
*** manishg has joined #openstack-neutron04:03
*** manishg_ has quit IRC04:05
*** thuc has quit IRC04:06
*** manishg has quit IRC04:08
*** tomoe_ has joined #openstack-neutron04:08
*** manishg has joined #openstack-neutron04:14
*** manishg_ has joined #openstack-neutron04:17
*** manishg has quit IRC04:18
*** SumitNaiksatam has joined #openstack-neutron04:18
*** armax has quit IRC04:21
*** crc32 has quit IRC04:24
*** manishg_ has quit IRC04:24
*** matsuhashi has joined #openstack-neutron04:25
*** SumitNaiksatam has quit IRC04:25
*** mestery has quit IRC04:25
*** baoli has joined #openstack-neutron04:25
*** baoli has quit IRC04:33
*** tomoe_ has quit IRC04:40
*** tomoe_ has joined #openstack-neutron04:41
*** tomoe_ has quit IRC04:41
*** tomoe_ has joined #openstack-neutron04:42
*** carl_baldwin has quit IRC04:48
*** yfried has quit IRC04:53
openstackgerritAkihiro Motoki proposed a change to openstack/neutron: nec plugin: allow to delete resource with ERROR status  https://review.openstack.org/8214304:56
*** sacharya has joined #openstack-neutron04:57
*** WackoRobie has quit IRC04:58
*** carl_baldwin has joined #openstack-neutron04:58
*** WackoRobie has joined #openstack-neutron04:58
*** carl_baldwin has quit IRC05:01
*** WackoRobie has quit IRC05:03
*** ramishra_ has joined #openstack-neutron05:04
*** ramishra has quit IRC05:07
*** Longgeek has joined #openstack-neutron05:11
*** Longgeek has quit IRC05:12
*** Longgeek has joined #openstack-neutron05:12
openstackgerritLi Ma proposed a change to openstack/neutron: Race condition of L3-agent to add/remove routers  https://review.openstack.org/7323405:16
*** dguitarbite has joined #openstack-neutron05:17
*** Longgeek_ has joined #openstack-neutron05:19
*** Longgee__ has joined #openstack-neutron05:20
*** tomoe_ has quit IRC05:21
*** skraynev_afk is now known as skraynev05:22
*** Longgeek has quit IRC05:23
*** Longgeek_ has quit IRC05:24
*** thuc_ has quit IRC05:26
*** thuc has joined #openstack-neutron05:27
*** flwang1 has joined #openstack-neutron05:27
*** tomoe_ has joined #openstack-neutron05:27
*** flwang has quit IRC05:29
*** baoli has joined #openstack-neutron05:30
*** thuc has quit IRC05:31
*** baoli has quit IRC05:34
*** armax has joined #openstack-neutron05:36
*** irenab has joined #openstack-neutron05:36
*** Longgee__ has quit IRC05:39
*** emagana has joined #openstack-neutron05:40
*** devlaps has quit IRC05:43
*** nati_ueno has quit IRC05:57
*** WackoRobie has joined #openstack-neutron05:59
*** Jabadia has joined #openstack-neutron06:00
*** WackoRobie has quit IRC06:00
*** WackoRobie has joined #openstack-neutron06:01
*** sridhar has joined #openstack-neutron06:03
*** WackoRobie has quit IRC06:05
*** rkukura has joined #openstack-neutron06:06
*** Longgeek has joined #openstack-neutron06:10
*** bvandenh has quit IRC06:13
*** yfried has joined #openstack-neutron06:14
*** Longgeek has quit IRC06:15
*** saju_m has joined #openstack-neutron06:19
*** otherwiseguy has quit IRC06:25
openstackgerritJenkins proposed a change to openstack/neutron: Imported Translations from Transifex  https://review.openstack.org/8243506:29
*** matsuhashi has quit IRC06:33
*** gdubreui has quit IRC06:34
*** matsuhashi has joined #openstack-neutron06:35
*** thuc has joined #openstack-neutron06:37
*** spandhe has quit IRC06:41
*** thuc has quit IRC06:42
*** spandhe has joined #openstack-neutron06:43
*** armax has quit IRC06:47
*** jlibosva has joined #openstack-neutron06:49
*** kedarkul has joined #openstack-neutron06:56
*** WackoRobie has joined #openstack-neutron06:59
*** Longgeek has joined #openstack-neutron07:03
*** matsuhas_ has joined #openstack-neutron07:03
*** flwang1 has quit IRC07:03
*** WackoRobie has quit IRC07:03
*** matsuhas_ has quit IRC07:04
*** singhs has quit IRC07:05
*** flwang has joined #openstack-neutron07:06
*** matsuhas_ has joined #openstack-neutron07:06
*** matsuhashi has quit IRC07:07
*** saju_m has quit IRC07:13
*** tomoe_ has quit IRC07:13
*** afazekas has joined #openstack-neutron07:21
*** rotbeard has joined #openstack-neutron07:21
*** tomoe_ has joined #openstack-neutron07:22
*** sacharya has quit IRC07:23
*** afazekas has quit IRC07:25
*** Jianyong has quit IRC07:27
*** Jianyong has joined #openstack-neutron07:30
*** ramishra_ has quit IRC07:34
*** markmcclain has joined #openstack-neutron07:37
*** jprovazn has joined #openstack-neutron07:39
*** afazekas has joined #openstack-neutron07:40
*** Longgeek has quit IRC07:42
*** Longgeek has joined #openstack-neutron07:43
*** spandhe has quit IRC07:46
*** Longgeek has quit IRC07:47
enikanorov_markmcclain: hi. I've filed another bug for the change we were discussing. also refined the commit message: https://review.openstack.org/#/c/81537/ could you please remove -2?07:50
markmcclainI'm about to board a plane.  I'll take a look when I land07:50
*** yamamoto_ has joined #openstack-neutron07:52
yamamoto_any core reviewers?07:54
yamamoto_we have some changes in gerrit waiting for core reviewers.07:56
*** markmcclain has quit IRC07:57
*** matsuhas_ has quit IRC07:59
*** WackoRobie has joined #openstack-neutron07:59
*** banix has joined #openstack-neutron08:01
*** WackoRobie has quit IRC08:03
*** matsuhashi has joined #openstack-neutron08:04
*** luqas has joined #openstack-neutron08:04
*** luqas has quit IRC08:06
*** bvandenh has joined #openstack-neutron08:07
*** Jianyong has quit IRC08:10
*** pnavarro has joined #openstack-neutron08:15
*** luqas has joined #openstack-neutron08:16
*** dfarrell07 has quit IRC08:18
*** Longgeek has joined #openstack-neutron08:20
*** tomoe_ has quit IRC08:21
*** Longgeek has quit IRC08:24
*** tomoe_ has joined #openstack-neutron08:29
*** jgallard has joined #openstack-neutron08:31
*** Matt2 has joined #openstack-neutron08:31
*** Jianyong has joined #openstack-neutron08:31
*** jgallard has quit IRC08:33
*** jgallard has joined #openstack-neutron08:33
*** emagana has quit IRC08:33
*** jistr has joined #openstack-neutron08:37
*** bjornar has joined #openstack-neutron08:38
*** banix_ has joined #openstack-neutron08:40
*** banix has quit IRC08:41
*** banix_ is now known as banix08:41
*** chandankumar_ has joined #openstack-neutron08:42
*** banix has quit IRC08:50
*** amotoki has quit IRC08:51
openstackgerritJakub Libosvar proposed a change to openstack/neutron: Migrate data from cap_port_filter to vif_details  https://review.openstack.org/8300808:51
*** banix has joined #openstack-neutron08:52
*** banix has quit IRC08:52
*** leseb has joined #openstack-neutron08:54
*** djoreilly has joined #openstack-neutron08:59
*** WackoRobie has joined #openstack-neutron08:59
*** jpich has joined #openstack-neutron09:03
*** WackoRobie has quit IRC09:04
*** ygbo has joined #openstack-neutron09:04
*** Longgeek has joined #openstack-neutron09:10
*** yfried1 has joined #openstack-neutron09:10
*** yfried has quit IRC09:12
*** Longgeek has quit IRC09:14
*** jianingy_afk has quit IRC09:14
*** tomoe_ has quit IRC09:22
*** Trozz has quit IRC09:28
*** Trozz has joined #openstack-neutron09:29
*** Trozz_ has joined #openstack-neutron09:30
*** tomoe_ has joined #openstack-neutron09:30
*** Trozz_ has quit IRC09:30
*** Trozz has quit IRC09:30
*** Trozz has joined #openstack-neutron09:31
openstackgerritLi Ma proposed a change to openstack/neutron: Race condition of L3-agent to add/remove routers  https://review.openstack.org/7323409:31
*** Trozz_ has joined #openstack-neutron09:31
*** mich5225 has joined #openstack-neutron09:32
*** samuelbercovici has joined #openstack-neutron09:32
*** Trozz has quit IRC09:33
*** Trozz_ has quit IRC09:33
*** mich5225 has quit IRC09:33
*** Trozz has joined #openstack-neutron09:33
*** flwang has quit IRC09:35
*** samuelbercovici1 has joined #openstack-neutron09:36
*** sphoorti has joined #openstack-neutron09:36
*** tomoe_ has quit IRC09:36
*** Trozz has quit IRC09:39
*** samuelbercovici has quit IRC09:39
*** samuelbercovici1 is now known as samuelbercovici09:39
*** Trozz has joined #openstack-neutron09:40
*** Trozz has quit IRC09:40
*** Trozz has joined #openstack-neutron09:43
*** amuller has joined #openstack-neutron09:45
*** Trozz has quit IRC09:45
*** samuelbercovici1 has joined #openstack-neutron09:47
*** samuelbercovici has quit IRC09:50
*** samuelbercovici1 is now known as samuelbercovici09:50
openstackgerritBerezovsky Irena proposed a change to openstack/neutron: Add L2 Agent side handling for non consistent security_group settings  https://review.openstack.org/8272909:51
*** yamamoto_ has quit IRC09:52
*** samuelbercovici1 has joined #openstack-neutron09:53
*** pradipta_away is now known as pradipta09:54
*** samuelbercovici has quit IRC09:57
*** samuelbercovici1 is now known as samuelbercovici09:57
*** samuelbercovici1 has joined #openstack-neutron09:59
*** WackoRobie has joined #openstack-neutron09:59
*** jp_at_hp has joined #openstack-neutron10:01
*** samuelbercovici has quit IRC10:02
*** samuelbercovici1 is now known as samuelbercovici10:02
*** WackoRobie has quit IRC10:03
*** samuelbercovici1 has joined #openstack-neutron10:06
*** yfried1 has quit IRC10:06
*** amuller has quit IRC10:07
*** samuelbercovici has quit IRC10:08
*** samuelbercovici1 is now known as samuelbercovici10:09
*** matsuhashi has quit IRC10:09
*** samuelbercovici1 has joined #openstack-neutron10:12
*** overlayer has joined #openstack-neutron10:12
*** samuelbercovici has quit IRC10:15
*** samuelbercovici1 is now known as samuelbercovici10:15
*** yamahata has quit IRC10:15
*** Longgeek has joined #openstack-neutron10:16
*** yfried has joined #openstack-neutron10:19
*** yfried has quit IRC10:20
*** yfried has joined #openstack-neutron10:20
*** chandankumar_ has quit IRC10:22
*** samuelbercovici1 has joined #openstack-neutron10:27
*** b3nt_pin has joined #openstack-neutron10:28
*** b3nt_pin is now known as beagles10:28
*** samuelbercovici has quit IRC10:29
*** samuelbercovici1 is now known as samuelbercovici10:29
*** Trozz has joined #openstack-neutron10:31
openstackgerritA change was merged to openstack/neutron: Imported Translations from Transifex  https://review.openstack.org/8243510:33
*** Trozz has quit IRC10:34
*** samuelbercovici1 has joined #openstack-neutron10:36
*** matsuhashi has joined #openstack-neutron10:39
*** networkstatic is now known as networkstatic_zZ10:40
*** samuelbercovici has quit IRC10:40
*** samuelbercovici1 is now known as samuelbercovici10:40
*** Longgeek has quit IRC10:41
*** Trozz has joined #openstack-neutron10:41
*** Trozz has quit IRC10:42
*** Jabadia_ has joined #openstack-neutron10:43
*** Jabadia has quit IRC10:43
*** xuhanp has quit IRC10:44
*** pcm_ has joined #openstack-neutron10:44
*** Trozz has joined #openstack-neutron10:44
*** svilgelm has joined #openstack-neutron10:45
*** Trozz has quit IRC10:45
*** yfried is now known as yfried|lunch10:47
*** Jianyong has quit IRC10:49
*** samuelbercovici1 has joined #openstack-neutron10:51
*** samuelbercovici has quit IRC10:55
*** samuelbercovici1 is now known as samuelbercovici10:55
*** tomoe_ has joined #openstack-neutron10:58
*** WackoRobie has joined #openstack-neutron10:59
*** WackoRobie has quit IRC11:04
*** samuelbercovici1 has joined #openstack-neutron11:04
*** Longgeek has joined #openstack-neutron11:06
*** samuelbercovici has quit IRC11:07
*** samuelbercovici1 is now known as samuelbercovici11:07
*** amuller has joined #openstack-neutron11:08
*** irenab has quit IRC11:09
*** roeyc has joined #openstack-neutron11:09
*** irenab has joined #openstack-neutron11:10
*** sphoorti_ has joined #openstack-neutron11:10
*** jgallard has quit IRC11:10
openstackgerritSphoorti proposed a change to openstack/neutron: Add unit test for add_vxlan in test_linux_ip_lib  https://review.openstack.org/8055411:11
*** leseb has quit IRC11:14
*** sphoorti has quit IRC11:14
*** leseb has joined #openstack-neutron11:14
*** tvardeman has joined #openstack-neutron11:15
*** tomoe_ has quit IRC11:16
openstackgerritAnn Kamyshnikova proposed a change to openstack/neutron: Set correct nullable parameter for columns  https://review.openstack.org/8208911:17
*** Longgeek has quit IRC11:17
*** leseb has quit IRC11:19
*** Longgeek has joined #openstack-neutron11:19
*** saju_m has joined #openstack-neutron11:20
*** rkukura has quit IRC11:21
*** Trozz has joined #openstack-neutron11:23
*** Trozz has quit IRC11:23
*** sphoorti_ has quit IRC11:25
*** samuelbercovici1 has joined #openstack-neutron11:26
*** sphoorti_ has joined #openstack-neutron11:26
*** mwagner_ is now known as mwagner_notHere11:29
*** Trozz has joined #openstack-neutron11:29
*** samuelbercovici has quit IRC11:29
*** samuelbercovici1 is now known as samuelbercovici11:29
*** samuelbercovici1 has joined #openstack-neutron11:32
*** sphoorti_ has quit IRC11:33
*** sphoorti_ has joined #openstack-neutron11:33
*** WackoRobie has joined #openstack-neutron11:35
*** WackoRobie has joined #openstack-neutron11:35
*** samuelbercovici has quit IRC11:35
*** samuelbercovici1 is now known as samuelbercovici11:35
*** Trozz has quit IRC11:36
*** yamahata has joined #openstack-neutron11:40
*** samuelbercovici1 has joined #openstack-neutron11:41
*** sphoorti_ has quit IRC11:42
*** sphoorti_ has joined #openstack-neutron11:42
*** samuelbercovici has quit IRC11:45
*** samuelbercovici1 is now known as samuelbercovici11:45
*** sphoorti_ has quit IRC11:47
*** sphoorti_ has joined #openstack-neutron11:48
openstackgerritSylvain Afchain proposed a change to openstack/neutron: L2 pop regular mac learning as parameter  https://review.openstack.org/8305311:51
openstackgerritSergey Lukjanov proposed a change to openstack/neutron: Start using oslosphinx theme for docs  https://review.openstack.org/8305411:52
*** samuelbercovici1 has joined #openstack-neutron11:54
*** leseb has joined #openstack-neutron11:56
*** samuelbercovici has quit IRC11:57
*** samuelbercovici1 is now known as samuelbercovici11:57
*** mwagner_lap has quit IRC12:00
*** leseb has quit IRC12:00
*** samuelbercovici1 has joined #openstack-neutron12:02
*** Trozz has joined #openstack-neutron12:02
*** Trozz has quit IRC12:03
*** WackoRobie has quit IRC12:03
*** sphoorti_ has quit IRC12:04
*** sphoorti_ has joined #openstack-neutron12:05
*** samuelbercovici has quit IRC12:05
*** samuelbercovici1 is now known as samuelbercovici12:06
*** yamahata has quit IRC12:06
*** samuelbercovici1 has joined #openstack-neutron12:08
*** flwang has joined #openstack-neutron12:08
*** matsuhashi has quit IRC12:10
*** samuelbercovici has quit IRC12:11
*** samuelbercovici1 is now known as samuelbercovici12:11
*** matsuhashi has joined #openstack-neutron12:11
*** samuelbercovici1 has joined #openstack-neutron12:13
*** matsuhas_ has joined #openstack-neutron12:13
*** matsuhashi has quit IRC12:13
*** xianghui has quit IRC12:14
*** bashok has joined #openstack-neutron12:15
*** sphoorti_ has quit IRC12:15
*** samuelbercovici has quit IRC12:16
*** samuelbercovici1 is now known as samuelbercovici12:16
*** sphoorti_ has joined #openstack-neutron12:16
*** dims_ has quit IRC12:18
*** dims_ has joined #openstack-neutron12:21
*** sphoorti_ has quit IRC12:21
*** sphoorti_ has joined #openstack-neutron12:23
*** samuelbercovici1 has joined #openstack-neutron12:25
*** leseb has joined #openstack-neutron12:27
sphoorti_roeyc: should I make that change and submit a new patch ? the blank line was unintentional.12:28
*** samuelbercovici has quit IRC12:28
*** samuelbercovici1 is now known as samuelbercovici12:28
*** tomoe_ has joined #openstack-neutron12:29
*** luqas has quit IRC12:30
*** samuelbercovici1 has joined #openstack-neutron12:32
roeycsphoorti_: yes please12:33
sphoorti_okay roeyc .12:34
akamyshnikovasalv-orlando, Hello, I'm researching database and models synchronization and found out that in TzNetworkBinding model incorrect nullable is set for vlan_id and phy_uuid. It sets nullable=True, when they should be NOT NULL according to database content http://paste.openstack.org/show/74224/ and that they are primary keys. But when I corrected the model unit tests started to fail as in some of them vlan_id expected as None. https://github12:34
akamyshnikova.com/openstack/neutron/blob/master/neutron/tests/unit/vmware/test_nsx_plugin.py#L265 Is it mistake in unit tests? Please, answer me when you'll have time.12:34
*** samuelbercovici has quit IRC12:35
*** samuelbercovici1 is now known as samuelbercovici12:35
salv-orlandoit's likely to be a migration issue. They should not be nullable, even if I think the code never allows for nullifying them. I will investigate and push a patch if needed.12:36
salv-orlandothanks for reporting this.12:36
*** sphoorti_ has quit IRC12:39
*** sphoorti_ has joined #openstack-neutron12:40
openstackgerritSphoorti proposed a change to openstack/neutron: Add unit test for add_vxlan in test_linux_ip_lib  https://review.openstack.org/8055412:42
akamyshnikovasalv-orlando, I have already do change with this https://review.openstack.org/82089. May be you should take a look at it?12:43
openstackgerritAnn Kamyshnikova proposed a change to openstack/neutron: Set correct nullable parameter for columns  https://review.openstack.org/8208912:43
*** leseb has quit IRC12:43
*** xuhanp has joined #openstack-neutron12:47
*** jecarey has quit IRC12:48
*** sphoorti_ has quit IRC12:49
*** sphoorti_ has joined #openstack-neutron12:50
*** jaypipes has quit IRC12:51
*** samuelbercovici1 has joined #openstack-neutron12:51
openstackgerritOleg Bondarev proposed a change to openstack/neutron: Delete disassociated floating ips on external network deletion  https://review.openstack.org/5336412:53
*** samuelbercovici has quit IRC12:54
*** samuelbercovici1 is now known as samuelbercovici12:54
*** sridhar has quit IRC12:55
*** sphoorti_ has quit IRC12:56
*** sphoorti_ has joined #openstack-neutron12:56
*** jaypipes has joined #openstack-neutron12:56
*** thuc has joined #openstack-neutron12:57
*** thuc_ has joined #openstack-neutron12:58
*** leseb has joined #openstack-neutron13:00
*** WackoRobie has joined #openstack-neutron13:01
*** sphoorti__ has joined #openstack-neutron13:01
*** nplanel_ has joined #openstack-neutron13:02
*** thuc has quit IRC13:02
*** sphoorti_ has quit IRC13:02
*** matsuhas_ has quit IRC13:07
*** jgallard has joined #openstack-neutron13:07
*** baoli has joined #openstack-neutron13:09
*** pradipta is now known as pradipta_away13:12
*** mwagner_lap has joined #openstack-neutron13:12
*** Jianyong has joined #openstack-neutron13:16
*** julim has joined #openstack-neutron13:16
*** Jianyong has left #openstack-neutron13:16
*** yamahata has joined #openstack-neutron13:18
*** jobewan has joined #openstack-neutron13:19
openstackgerritYuriy Taraday proposed a change to openstack/neutron: Abstract out root_helper calls to classes  https://review.openstack.org/8278713:21
*** irenab has quit IRC13:23
*** jecarey has joined #openstack-neutron13:25
*** tomoe_ has quit IRC13:28
*** leseb has quit IRC13:31
*** leseb has joined #openstack-neutron13:34
*** luqas has joined #openstack-neutron13:35
*** afazekas_ has joined #openstack-neutron13:36
*** afazekas has quit IRC13:39
*** sridhar has joined #openstack-neutron13:39
*** spandhe has joined #openstack-neutron13:44
*** armax has joined #openstack-neutron13:46
*** spandhe_ has joined #openstack-neutron13:47
*** flwang has quit IRC13:49
*** spandhe has quit IRC13:49
*** spandhe_ is now known as spandhe13:49
*** flwang has joined #openstack-neutron13:50
*** kedarkul has quit IRC13:51
*** Jianyong has joined #openstack-neutron13:51
*** samuelbercovici1 has joined #openstack-neutron13:58
*** rkukura has joined #openstack-neutron13:59
*** skraynev is now known as skraynev_going_h13:59
*** skraynev_going_h is now known as skraynev_afk13:59
*** dguitarbite has quit IRC14:00
*** thuc_ has quit IRC14:00
*** thuc has joined #openstack-neutron14:01
*** samuelbercovici has quit IRC14:01
*** samuelbercovici1 is now known as samuelbercovici14:01
*** beagles is now known as beagles_food14:03
*** baoli has quit IRC14:03
*** spandhe has quit IRC14:04
*** thuc has quit IRC14:05
*** thuc has joined #openstack-neutron14:05
*** thuc has quit IRC14:06
*** yfried|lunch has quit IRC14:06
*** baoli has joined #openstack-neutron14:06
*** thuc has joined #openstack-neutron14:07
*** spandhe has joined #openstack-neutron14:07
*** samuelbercovici has quit IRC14:10
*** jgrimm has joined #openstack-neutron14:11
*** svilgelm has quit IRC14:12
*** WackoRobie has quit IRC14:13
*** otherwiseguy has joined #openstack-neutron14:15
*** amotoki has joined #openstack-neutron14:18
*** thuc has quit IRC14:23
*** thuc has joined #openstack-neutron14:23
*** Longgeek has quit IRC14:23
*** Longgeek has joined #openstack-neutron14:24
*** rkukura has quit IRC14:25
overlayerfolks, say I wanted to merge one of my existing physical LANs (connected to a physical router reachable from my openstack deployment) with neutron... is it currently possible or is there any work ongoing?14:25
*** Longgeek has quit IRC14:25
*** otherwiseguy has quit IRC14:26
*** Longgeek has joined #openstack-neutron14:27
*** thuc has quit IRC14:28
*** dguitarbite has joined #openstack-neutron14:30
openstackgerritMiguel Angel Ajo proposed a change to openstack/neutron: fixes broken neutron-netns-cleanup  https://review.openstack.org/8026114:30
*** tomoe_ has joined #openstack-neutron14:31
openstackgerritAkihiro Motoki proposed a change to openstack/neutron: Import request_id middleware from oslo  https://review.openstack.org/8308014:34
openstackgerritOleg Bondarev proposed a change to openstack/neutron: Reschedule router if new external gateway is on other network  https://review.openstack.org/5288414:34
openstackgerritYves-Gwenael Bourhis proposed a change to openstack/neutron: Make dnsmasq aware of all names  https://review.openstack.org/5293014:34
openstackgerritAkihiro Motoki proposed a change to openstack/neutron: Import request_id middleware bug fix from oslo  https://review.openstack.org/8308014:35
*** alexpilotti has joined #openstack-neutron14:39
*** Jianyong has quit IRC14:42
*** chandan_kumar has quit IRC14:42
*** chandankumar_ has joined #openstack-neutron14:44
*** skraynev_afk is now known as skraynev14:44
*** sphoorti__ has quit IRC14:45
*** chandankumar_ has quit IRC14:46
*** mestery has joined #openstack-neutron14:46
*** chandan_kumar has joined #openstack-neutron14:47
*** kmak_ has joined #openstack-neutron14:47
*** chandan_kumar has quit IRC14:48
*** chandan_kumar has joined #openstack-neutron14:48
*** thedodd has joined #openstack-neutron14:48
*** sphoorti has joined #openstack-neutron14:51
*** emagana has joined #openstack-neutron14:55
*** carl_baldwin has joined #openstack-neutron14:55
*** chandan_kumar has quit IRC14:55
*** chandan_kumar has joined #openstack-neutron14:56
*** dave_tucker_zzz is now known as dave_tucker14:57
*** sweston has quit IRC14:58
*** banix has joined #openstack-neutron14:59
*** emagana has quit IRC15:00
*** julim_ has joined #openstack-neutron15:00
*** beagles_food is now known as beagles15:01
*** julim has quit IRC15:01
*** networkstatic_zZ has quit IRC15:01
*** yfried has joined #openstack-neutron15:01
*** bvandenh has quit IRC15:02
*** chandan_kumar has quit IRC15:03
*** yamahata has quit IRC15:03
*** thuc has joined #openstack-neutron15:04
*** thuc_ has joined #openstack-neutron15:05
flwangsafchain: ping15:05
*** mestery has quit IRC15:05
*** yamahata has joined #openstack-neutron15:05
*** otherwiseguy has joined #openstack-neutron15:08
*** thuc has quit IRC15:09
*** yamahata has quit IRC15:09
*** dguitarbite has quit IRC15:09
*** chandan_kumar has joined #openstack-neutron15:09
*** yamahata has joined #openstack-neutron15:10
*** thuc_ has quit IRC15:12
*** thuc has joined #openstack-neutron15:13
*** mflobo has joined #openstack-neutron15:15
openstackgerritIhar Hrachyshka proposed a change to openstack/neutron: Synced rpc and gettextutils modules from oslo-incubator  https://review.openstack.org/8099815:16
*** sweston has joined #openstack-neutron15:16
amotokiHenryG: thanks for catching quotas db migration issue on folsom_initial. I am now investigating the situation. I remember I filed a bug about it.15:16
*** yfried has quit IRC15:16
HenryGamotoki: cool, let me know what you find15:17
*** Longgeek has quit IRC15:17
amotokiHenryG: https://bugs.launchpad.net/neutron/+bug/1277379 but my initial investigation has incorrect points. I am updating it now.15:18
HenryGamotoki: FYI cisco plugin is also affected15:20
amotokiHenryG: i see. is it because cisco plugin loads ovs plugin internally?15:20
HenryGamotoki: yup15:20
*** kmak_ has quit IRC15:21
amotokiHenryG: if my investigation is correct, the thing is simpler than i thought first :)15:21
HenryGamotoki: that would be nice15:23
*** Longgeek has joined #openstack-neutron15:24
*** Longgeek has quit IRC15:24
openstackgerritIhar Hrachyshka proposed a change to openstack/neutron: Synced rpc and gettextutils modules from oslo-incubator  https://review.openstack.org/8099815:24
*** rkukura has joined #openstack-neutron15:26
amotokiHenryG: i post a comment to bug 1277379 above. Could you check my comment?15:29
* HenryG looks ...15:29
*** networkstatic has joined #openstack-neutron15:30
*** Longgeek has joined #openstack-neutron15:32
openstackgerritAkihiro Motoki proposed a change to openstack/neutron: nec plugin: allow to delete resource with ERROR status  https://review.openstack.org/8214315:33
HenryGamotoki: looks good to me, but I am no expert on this. We should get markmcclain and others ( salv-orlando maybe?) to weigh in.15:33
*** Longgeek has quit IRC15:34
HenryGamotoki: meanwhile I will apply the proposed changes and update the review, adding your bug as also fixed. OK?15:34
*** Longgeek has joined #openstack-neutron15:34
amotokiHenryG: sounds good.15:34
salv-orlandoamotoki, HenryG: definetely fine. You need to cleanup stale resources.15:36
amotokisalv-orlando: thanks. I think it is better to deal with qutoas table bug in the same patch.15:36
HenryGsalv-orlando: sorry, I don't get the "cleanup stale resources" part? Can you elaborate?15:37
*** emagana has joined #openstack-neutron15:38
salv-orlandoamotoki: can we do a quick list of plugins needing hybrid plugging? ML2 with OVS, OVS, RYU, and then?15:38
salv-orlandodoes also NEC require hybrid?15:38
amotokisalv-orlando: yes. nec plugin uses it.15:38
*** sacharya has joined #openstack-neutron15:38
HenryGsalv-orlando: since cisco plugin uses OVS, it also need hybrid15:39
salv-orlandoHenryG: which one? I see only n1kv is setting port bindings (from what I gather)15:39
amotokisalv-orlando: cisco network plugins loads ovs plugin internally.15:40
amotokibigswitch seems affected. it has two types of secgroup implementation: controller and agent-based.15:40
salv-orlandoamotoki: right. So fixing OVS plugi fixes cisco as well. I don't know however if n1kv which is used as a switch also needs hybrid plugging15:41
*** mflobo has quit IRC15:41
HenryGsalv-orlando: amotoki: I will have to check with the n1kv team how they do plugging15:42
salv-orlandosure np15:42
HenryGsalv-orlando: amotoki is right for cisco with (nexus + ovs) sub-plugins uses OVS agent to plug15:42
*** saju_m has quit IRC15:43
amotokisalv-orlando: ML2 meeting will start in 20 minutes. Is it better to check which MDs are affected?15:44
*** spandhe_ has joined #openstack-neutron15:44
*** spandhe has quit IRC15:44
*** spandhe_ is now known as spandhe15:44
salv-orlandonot a great idea to crash the ML2 agenda. Maybe that can be mentioned mention that in Open discussion15:47
*** _cjones_ has joined #openstack-neutron15:48
*** spandhe has quit IRC15:51
amotokiokay. vif_security bug will be covered in the agenda. if we have time i will check it.15:53
*** Sudhakar has joined #openstack-neutron15:54
*** dfarrell07 has joined #openstack-neutron15:54
jlibosvarkukura: salv-orlando: obondarev hi, may I ask you please to check https://review.openstack.org/#/c/83008/ ? - it is probably the last piece of puzzle for grenade15:56
salv-orlandoyes sure15:56
jlibosvathanks!15:56
rkukurasalv-orlando, amotoki: ML2 agenda is light, VIF security is last item, so can discuss their if you’d like15:58
Sudhakarsalv-orlando,carl_baldwin : You had comments/concerns with patch https://review.openstack.org/#/c/77549/ ...if you have time .. we can discuss a little ..16:00
*** rcurran has joined #openstack-neutron16:00
*** mestery has joined #openstack-neutron16:01
*** xuhanp has quit IRC16:01
carl_baldwinSudhakar: My reason for the -1 was mostly around the timing of the patch with respect to Icehouse RC.  If there were some benchmarking or testing that showed that this patch is very valuable then that might justify it.16:02
*** rudrarugge has joined #openstack-neutron16:02
*** bashok has quit IRC16:02
Sudhakarwe did scale testing on this fix and it helped us to scale more VMs on CNs16:03
carl_baldwinDo you have some data that you could put in to the patch?16:04
Sudhakarshould i put along the test results from our testing??16:04
carl_baldwinMy other comments were around potentially simplifying the patch to achieve the same result.  Might reduce risk but I did not give -1 for those comments because I realize that is more being critical of style rather than finding a real problem.16:04
*** yamamoto has joined #openstack-neutron16:05
carl_baldwinSudhakar: I think it could help justify the inclusion of the patch sooner than later but I can't speak for the core devs.16:05
*** mlavalle has joined #openstack-neutron16:06
*** mlavalle has quit IRC16:06
SudhakarI responded to your comments reg. the alternate approach as part of the review comment replies...16:06
Sudhakarcarl_baldwin: Yes, I can understand...16:06
carl_baldwinSudhakar: Okay, I have not had time yet to revisit the patch.  I will today.16:06
Sudhakarcarl_baldwin: Thanks :)16:06
carl_baldwinGlad to help.16:06
Sudhakarcarl_baldwin: I will attach the test results to give more confidence...16:07
carl_baldwincool16:07
carl_baldwinSudhakar: The data might fit better in the bug report.16:09
carl_baldwin... or a comment in the review.  I don't know where the best place to include it is, actually.16:09
Sudhakarcarl_baldwin: Yes, I thought the same too...will post a comment in the bug report...16:09
carl_baldwinGreat.16:09
*** Sukhdev has joined #openstack-neutron16:10
carl_baldwinSudhakar: btw, I don't see your responses in the review.  Have you submitted your draft comments yet?16:10
*** mlavalle has joined #openstack-neutron16:11
Sudhakarcarl_baldwin: err...let me check ...16:11
Sudhakarcarl_baldwin: i saved them...and thought they are published..16:11
*** amuller has quit IRC16:13
Sudhakarcarl_baldwin: sorry...they are still marked as drafts...16:13
Sudhakarcarl_baldwin: how do i submit ?16:13
carl_baldwinIn the main review page under patch set 5, find the "Review" button and fill out the form and submit.16:14
Sudhakarcarl_baldwin:ok..let me try..16:14
*** skraynev is now known as skraynev_afk16:14
*** Dseven has joined #openstack-neutron16:15
Sudhakarcarl_baldwin:done... thanks for helping out :)16:15
carl_baldwinGreat, glad to help.  I'll have a look in a bit.16:16
*** pnavarro has quit IRC16:17
Sudhakarcarl_baldwin:sure..16:17
*** irenab has joined #openstack-neutron16:20
salv-orlandoSudhakar: no concern on your patch. I think the code works (I don't think we can use it to say "closes bug" however given the very nature of the bug)16:22
salv-orlandobut we need to get RC1 out of the way and I don't want to push patches which change logic and therefore might trigger regressions, unless they're fixing somehting which is now fundamentally broken16:22
*** leseb has quit IRC16:22
salv-orlandolet16:22
salv-orlandolet's give a few more spins, and then we'll see whether cut it for RC2, or then do early Juno and then backport16:23
Sudhakarcarl_baldwin:agreed..16:23
*** Longgeek has quit IRC16:23
*** Longgeek has joined #openstack-neutron16:23
Sudhakarhi salv-orlando16:24
*** SumitNaiksatam has joined #openstack-neutron16:24
*** dfarrell07 has quit IRC16:28
openstackgerritYuriy Taraday proposed a change to openstack/neutron: Abstract out root_helper calls to classes  https://review.openstack.org/8278716:29
_cjones_kevinbenton. Thanks for the help over the past few days. I did a clean install and have everything running to my satisfaction. I've added my own test cases and I have a few questions regarding how these should be set up. If you wouldn't mind.16:30
*** Longgeek has quit IRC16:30
*** afazekas_ has quit IRC16:30
*** Longgeek has joined #openstack-neutron16:31
*** Longgeek has quit IRC16:31
*** leseb has joined #openstack-neutron16:32
*** Longgeek has joined #openstack-neutron16:32
*** devlaps has joined #openstack-neutron16:36
*** tomoe_ has quit IRC16:42
openstackgerritHenry Gessau proposed a change to openstack/neutron: Cisco APIC ML2 mechanism driver, part 1  https://review.openstack.org/7335516:43
*** mestery has quit IRC16:49
*** sacharya has quit IRC16:50
*** Longgeek has quit IRC16:54
*** pnavarro has joined #openstack-neutron16:54
*** chandan_kumar has quit IRC16:57
*** harlowja_away is now known as harlowja16:58
*** jlibosva has quit IRC17:00
*** nati_ueno has joined #openstack-neutron17:00
*** dave_tucker is now known as dave_tucker_zzz17:00
nati_uenohi17:01
rkukuranati_ueno: hi17:02
kevinbentonhey17:02
nati_uenorkukura: hi17:02
nati_uenokevinbenton: hey17:02
kevinbenton_cjones_: sure17:02
*** gpizza has joined #openstack-neutron17:03
marunnati_ueno: hi17:04
*** baoli has quit IRC17:04
nati_uenomarun: hi17:04
nati_uenorussellb: around?17:04
Sukhdevrcurran: Ping17:05
nati_uenosalv-orlando: around?17:05
russellbi am, just now reading through your mail though17:05
nati_uenorussellb: Thanks we will wait your question in here17:06
russellbnati_ueno: you see danpb's comment on the patch?17:07
nati_uenorussellb: let me check17:08
*** Sudhakar has quit IRC17:08
rcurranSukhdev, yes -17:08
russellbnati_ueno: or that won't work because it's not for all neutron cases, just for one driver?17:08
nati_uenorussellb: I think Salvatore's patch also works https://launchpadlibrarian.net/170772780/hack.patch17:09
*** mestery has joined #openstack-neutron17:09
nati_uenorussellb: please take a looks his comment on #6 https://bugs.launchpad.net/neutron/+bug/129746917:09
rkukuraAre we now considering any patch that passes a minimal set of flags via binding:vif-details to the nova VIF object and to the GenericVIFDriver, or has that been absolutely ruled out for icehouse?17:09
nati_uenorkukura: I don't think we can take vif-details way now17:10
*** leseb has quit IRC17:10
*** salv-mobile has joined #openstack-neutron17:10
*** jistr has quit IRC17:10
nati_uenoso I'm +1 for Salvatore's patch (this is equivalent with Daniel's suggestion)17:11
russellbnati_ueno: yes, if that works, that looks a lot better17:11
russellbno config changes17:11
rkukuraMy view is that if we do some simple nova-only short term hack, fine, but if we are trying to do anything we’ll live with long term, the vif-details approach is the way to go - I have not seen any objections to it17:11
russellbrkukura: yeah it's just a timing thing17:11
kevinbenton+1 to salv-orlando's17:11
nati_uenorussellb: yes. OK If you like this way, I'll fix this patch asap. (I'll push the patch in short, but give me 1,2 hours including test)17:11
rkukuranati_ueno: Can you pose he link to Salvatore’s patch?17:12
russellbnati_ueno: sounds good17:12
nati_uenorussellb: Thanks17:12
kevinbentonhttps://launchpadlibrarian.net/170772780/hack.patch17:12
kevinbentonrkukura: ^^17:12
salv-mobileSo I've missed the rest of the discussion. What are we ok with?17:12
rkukurakevinbenton: Thanks - noticed that right after asking17:12
kevinbentonsalv-mobile: the hack.patch17:12
salv-mobileWhat about the other thing I tried?17:12
salv-mobileThe non hack one17:12
kevinbentonsalv-mobile: which one is that?17:13
*** gpizza has quit IRC17:13
salv-mobileIt's still on the bug report17:13
*** Jabadia_ has quit IRC17:13
salv-mobileToo not still17:13
_cjones_kevinbenton: Awesome. Give me a minute to compose my questions.17:13
*** yfried has joined #openstack-neutron17:13
*** Jabadia has joined #openstack-neutron17:13
*** ygbo has quit IRC17:13
russellbi'd rather not make API changes under this much time pressure17:13
salv-mobileBasically i just let nova use vif type to decide but add a new hybrid vif type17:13
russellbwould rather have time to have it more completely thought out17:14
salv-mobileRussellb there no api change17:14
salv-mobilerussellb: nova already leverage that attribute. The change is simply to add one more value to the list of possible vif types17:15
*** dave_tucker_zzz is now known as dave_tucker17:15
rkukuraLong term, binding:vif_type plus binding:vif_details should be all that’s needed for neutron plugin/driver to control what nova’s GenericVIFDriver does.17:16
*** rcurran has quit IRC17:16
*** baoli has joined #openstack-neutron17:16
*** itzikb has joined #openstack-neutron17:16
kevinbentonsalv-mobile: i don't like the extra VIF type as much. nova gets by with security groups using one vif type, but then neutron needs another one...17:16
salv-mobileMeh look at how many vif types are already there17:16
*** sweston has quit IRC17:17
marunSo are we going with salv-mobile's workaround?17:18
*** Jabadia has quit IRC17:18
rkukuraWe already have support for vif-details on the neutron side for months -  why is having nova pass this to the GenericVIFDriver any more work/risk than defining new vif_type values tjhat nova treats specially?17:18
marunIt looks reasonable to me.17:18
russellbmarun: the first one, yes17:18
marungreat17:18
marunrkukura: because what do we do on reboot?17:18
russellbsalv-mobile: but it's a hack we'd have to maintain support for, can't just remove it in a few weeks17:18
russellbsalv-mobile: at least the first hack is invisible and we can remove it as soon as we're ready to17:18
rkukuramarun: Explain?17:18
marunrkukura: doesn't nova replug on reboot?17:19
marunrkukura: and if so, how does it know what to do?17:19
marunrkukura: does it store those vif details/17:19
salv-mobileI don't think we'll ever get to an agreement on any patch larger than 10 lines17:19
marunrkukura: or does it have to query neutron again?17:19
rkukuraIf nova replugs, it should be getting the neutron port, but if its not doing this, I see the issue17:19
marunrkukura: I'm honestly asking, it's a gap in my knowledge17:19
salv-mobileSo maybe just go with the hack which at least does not require config changes17:19
marunrussellb: ^^ thoughts on reboot?17:19
marunrussellb: (same question on migration/resize/etc)17:20
marun+1 to the hack.17:20
salv-mobileIn this way any fix you work out it might be easy to backport17:20
marunIt's simple and doesn't violate the 'there should not be new vif drivers' mandate17:20
salv-mobileMight just be worth checking with a few plugin devs to see if forcing hybrid breaks their plugins17:21
marunrkukura: not anything we can't figure out, just not something that's simple enough to consider doing so late in cycle.17:21
salv-mobileOr on the other hand merge as it is and then wait for them screaming17:21
rkukuraI’m completely OK with something like salv-orlando’s hack if its acknowledged as a short term solution and that we’ll work out whether the vif-details approach is the long-term solution for VIF security, as well as for things like SR-IOV that need this same information flow to the GenericVIFDriver.17:21
marunrkukura: +117:22
marunrkukura: now that we have more people engaged in this discussion hopefully we can push for it early enough in juno to iron out the kinks17:22
openstackgerritKyle Mestery proposed a change to openstack/neutron: Correct OVS VXLAN version check  https://review.openstack.org/8293117:22
marunrkukura: (engaged on both the nova and neutron sides)17:22
russellbmarun: don't know, i'd have to look17:22
russellband yes, totally short term17:23
kevinbentonsalv-mobile: unless they were depending on security groups not functioning, i think it should be okay :)17:23
marunrussellb: no worries, just curious.  we'll have to get the details right for the proper fix.17:23
russellbavoiding the rest until it's not under pressure to avoid doing something without enough thinking on the proper fix17:23
*** jmeridth has joined #openstack-neutron17:23
marunrussellb: are you ok with the salv-mobile's workaround then?17:23
marunfrankly, I'd like to see this merge today if we're all in agreement so we focus on everything else.17:24
HenryGamotoki: ping re: quotas in folsom_initial17:24
Dsevenis the proposed workaround to force hybrid plugging always, even when iptables filtering is not required?17:24
marunDseven: no17:24
marunit's to use the facts that neutron is in use + what firewall driver is configured to decide whether to use hybrid plugging17:25
maruni.e. we have the ability to support what we need (selective use of hybrid plugging), just not in as straightforward a way configuration-wise17:25
kevinbentonthe hack.patch does always plug hybrid though if neutron is in use, right?17:26
marunsalv-mobile: or, hmm.  do I have it wrong.17:26
marunkevinbenton: I was just realizing that.17:26
marunsalv-mobile: doesn't that break vmware?17:26
marunkevinbenton: no, i'm wrong.17:26
djoreillyso what about the linuxbridge plugin?17:26
salv-mobileSee?17:27
rkukuraThis only applies when vif_type = ovs, right?17:27
marunkevinbenton: if firewall is 'noop' OR neutron is used, hybrid plugging17:27
salv-mobileThat's why I asked to query other plugin types17:27
_cjones_kevinbenton: I have built a driver that makes use of mongodb. When I run my tests individually they all seem to pass, but when I run them as a suite, it looks like things are not timed correctly and I get failures. Is this likely a programming issue or a timing issue?17:27
salv-mobileYes only ovs vif type17:27
russellbmarun: yes, i am17:27
marunkevinbenton: so if neutron wants hybrid plugging -> configure noop firewall17:27
marunkevinbenton: if neutron doesn't want hybrid plugging -> configure valid firewall17:27
marunrussellb: awesome.17:28
*** itzikb has quit IRC17:28
kevinbentonbut the OR condition will always be met17:28
kevinbentonor self.is_neutron()17:28
marunsalv-mobile: do you want to post that patch to a review so we can get nova eyes and get it merged?17:28
*** itzikb has joined #openstack-neutron17:28
Dsevenmarun: that's almost opposite of the current code17:28
Dsevenwhich uses hybrid if anything other than the noop firewall driver is configured17:28
marunkevinbenton: so the logic is messed in the patch.  you see how we can get it working though?17:28
salv-mobileI'm not at home now. But I think nati-ueni is doing that17:29
marunDseven: a fact we'll have to live with17:29
marunDseven: like I said, it's configuration chicanery to get the result we want because we've left things too late for a proper fix17:29
banixwhat if you really want the noop firewall (admiting i do not know about the context here but our plugin uses noop firewall; will this change affect us?)17:30
DsevenI'm hoping to end up with a non-iptables firewall solution, and I'd rather not have the overhead of the ethernet bridge and veth pair that I don't need17:30
kevinbentonmarun: Dseven, banix, how do you leverage security groups?17:30
_cjones_kevinbenton: Second part. My driver has a config portion: config = conf.CONF.ml2_mydriver. How do I get this installed/setup for the the test cases to be able to mock this class?17:30
marunnati_ueno: so you're posting a version of salvatore's patch?17:31
banixkevinbenton: in our case we do not support security groups17:31
DsevenI'm hoping to get a firewall solution that runs in a VM, and all traffic is sent through it via OVS17:31
nati_uenomarun: yep17:31
marunnati_ueno: awesome17:31
marunnati_ueno: thank you for your hard work to make this happen!17:31
nati_uenomarun: no This is my fault17:32
marunnati_ueno: we're all culpable17:32
marunnati_ueno: no one person is to blame.  anybody could have noticed things were slipping and raised the issue at any point this cycle17:33
marunnati_ueno: the fact that it didn't happen till now is as much the rest of core's fault as it is yours.17:33
marun(we're all in this boat together, we need all hands to bail)17:33
kevinbenton_cjones_: for your second question, you need something in your test setup that calls the config setup17:34
marunDseven: what are you working on and is it going to target icehouse?17:34
*** itzikb has quit IRC17:34
*** itzikb has joined #openstack-neutron17:35
Dsevenworking on a private cloud implementation (currently in development) and yes, targetting icehouse17:35
marunsalv-mobile: can the suggested workaround support non-hybrid plugging for neutron?17:35
salv-mobileNope otherwise I would not have called the attachment hack.patch17:36
marunsalv-mobile: is there a way it could?17:36
kevinbenton_cjones_: https://github.com/bigswitch/neutron/blob/master/neutron/tests/unit/ml2/drivers/test_bigswitch_mech.py#L4817:36
marunsalv-mobile: i.e. neutron configures a firewall driver - any firewall driver - and hybrid plugging is used17:36
*** nplanel_ has quit IRC17:36
salv-mobileNot in a million years. I clarified that on the bug repo17:36
marunsalv-mobile: oops, the reverse17:36
marunsalv-mobile: what repo?17:37
marunsalv-mobile: all I have is the patch17:37
salv-mobileReport not repo17:37
marunsalv-mobile: so why 'not in a million years'?17:37
marunsalv-mobile: nmind, i'll go read bug report17:37
*** sphoorti has quit IRC17:38
*** baoli has quit IRC17:38
_cjones_kevinbenton: Perfect. Got that. I think that should work.17:38
kevinbenton_cjones_: for your first question, what kind of failures are you getting? are they DB conflicts or something? you might need to add something to the UT cleanup to clear out your backend stuff after each test17:38
Sukhdevrkukura: Ping17:41
rkukuraSukhdev: hi17:41
*** sweston has joined #openstack-neutron17:41
marunDseven: It doesn't sound like we have any option but to add the intermediary bridge.17:41
Sukhdevrkukura: Wanted to chat with you regarding the idea of sync in ML217:41
marunDseven: at least for icehouse.  it may be we can backport something better early in juno17:41
_cjones_kevinbenton: No, they appear as timing errors. https://gist.github.com/cjones-/eef389050e6145a30ca917:42
rkukuraSukhdev: sure17:42
Sukhdevrkukura: If you think it is worthwhile to have a session on this topic - I would love to work with you17:42
Dsevenmarun: OK, I think I can live with it for a while ... or maybe I'll hack around it17:42
_cjones_kevinbenton: This test just tries to create 100 tenants and save them to mongodb.17:43
Sukhdevrkukura: perhaps we can jointly work on it - wanted to hear your thoughts17:43
rkukuraSukhdev: OK, you are welcome to take the lead on this, and I’ll assist17:43
marunDseven: if you're willing to maintain support for it, non-hybrid plugging is certainly doable17:43
*** baoli has joined #openstack-neutron17:43
Dsevenmarun: I actually have a side-issue where non-hybrid plugging doesn't seem to work with libvirt+Xen17:43
rkukuraSukhdev: Is the idea to draft a BP and discuss it at the summit?17:44
marunDseven: ah, xen :)17:44
marunDseven:  you have my condolenses17:44
Dsevenmarun: yeah, I like to make my life *really* difficult17:44
kevinbentonmarun: what about adding another "neutronfirewalldriver" to nova that extends the noop class17:44
marunDseven: not that xen isn't awesome, but given the poor support it gets in upstream testing it's always going to be an uphill battle17:44
Dsevenmarun: for reference https://bugs.launchpad.net/neutron/+bug/129369317:44
marunkevinbenton: that would be great but again, not likely this cycle17:45
Dsevenmarun: Yeah, I know, but for .... non-technical reasons .. I'm stuck with it17:45
marunkevinbenton: we're not looking for a solution beyond the workaround at this point17:45
Sukhdevrkukura: I was going to say the other way around :-) but, am OK either way17:45
rkukuraSukhdev: Want to start an etherpad or google doc to describe the issue, organize ideas, …?17:45
marunkevinbenton: it's not for technical reasons that we're pursuing the workaround, it's to minimize friction getting something merged to nova17:45
kevinbentonmarun: so it would satisfy people that want non-hybrid plugging17:46
Sukhdevrkukura: yes, how about google doc?17:46
marunkevinbenton: I think they'll have to live with that in the short term17:46
rkukuraSukhdev: sure17:46
marunkevinbenton: if everyone was so concerned, they might have wanted to push on this issue a bit sooner17:46
SukhdevI can throw in some initial thoughts and then you can jump in and add/clean?17:46
marunkevinbenton: now, it's too late.17:46
marunkevinbenton: (for icehouse)17:46
rkukuraSukhdev: grest17:46
Sukhdevrkukura: I will write it up over the weekend and send it to you.17:47
rkukuraSukhdev: great!17:47
marunDseven: i hear both amazon and rackspace would be on kvm if they could...17:47
Sukhdevrkukura: cool - will ping you once I have something on the doc17:47
Sukhdevrkukura: early next week17:47
Dsevenmarun: I guess I would have pushed the issue a bit sooner, except the logic as it stands in the code today seems to actually support what I want to do, aside from the bug mentioned above17:47
marunDseven: which bug?17:48
*** leseb has joined #openstack-neutron17:48
Dsevenmarun: the libvirt+Xen one - https://bugs.launchpad.net/neutron/+bug/129369317:48
Dsevenmarun: Basically, when non-hybrid plugging is used, the external-ids info doesn't get set on the OVS port, so neutron ignores the port and doesn't set the VLAN tag17:49
marunfun17:49
Dsevenyeah17:50
marunwell, on the upside hybrid plugging will always be used :)17:50
marunso things should work.  just a bit slower17:50
*** morganfainberg_Z is now known as morganfainberg17:50
marunDseven: are you not intending to support security groups then?17:51
Dsevenyeah, the hackaround sortof mitigates that bug ... but I am a bit worried about the bridge being a bottlebeck17:51
marunDseven: or are you working on a plugin that does the work itself?17:51
marunDseven: I don't think it's that signifacant17:51
Dsevenwe're working with a firewall vendor to develop a soluton that runs in a VM (on each server) and all traffic is piped through it via OVS17:51
DsevenTBH, I don't know yet how that's going to plug into neutron, etc.17:52
*** dave_tucker is now known as dave_tucker_zzz17:52
jogolooks like there may be a new neutron bug in the gate17:53
kevinbentonmarun: https://review.openstack.org/#/c/83148/17:53
jogohttp://status.openstack.org/elastic-recheck/data/uncategorized.html and click on 24 hours17:53
*** itzikb1 has joined #openstack-neutron17:54
*** itzikb has quit IRC17:54
jogomarun: ^17:55
kevinbentonrusselb: https://review.openstack.org/#/c/83148/17:56
marunjogo: cripes,17:56
*** saju_m has joined #openstack-neutron17:57
marunkevinbenton: you do realize that he's busy as heck right now?17:57
marunkevinbenton: why are you pinging him when we've already chosen a path?17:57
russellbyes let's stick with the is_neutron() hack17:58
jogoarosen: ^^17:58
kevinbentonmarun: sorry. just seemed like like a painful limitation in icehouse for the people that didn't want the hybrid mode17:58
*** roeyc has quit IRC17:58
russellbyes it's unfortunate17:58
marunkevinbenton: like I said, we can deal with that fallout and see if a workaround/backport is possible next release17:58
russellbbut it's also very unfortunate that lack of testing let it get until days before RC to bring it up17:58
marunkevinbenton: but this is a wake up call as much as anything - folks need to pay attention to severe issues and not just pass the buck17:59
jogohmm this may be on the nova side17:59
*** crc32 has joined #openstack-neutron18:00
kevinbentonmarun: i agree, but now the ones that take the performance hit are the only ones that legitimately didn't have to pay attention to this issue :)18:01
kevinbentonmarun: since they aren't using the firewall18:01
marunkevinbenton: who doesn't have to pay attention?18:01
marunkevinbenton: involvement in neutron means 'involvement'18:01
russellbfolks not thinking they have to care is a pretty core part of neutron's problem18:01
*** luqas has quit IRC18:02
rkukuramarun, russellb, Dseven, salv-orlando: I hate to keep beating an almost dead horse, but the port_filter flag in binding:vif_details is already there in the current nuetron code, I think with all plugins. With no change on the neutron side, couldn’t we come up with a simple enough and low enough risk patch to nova so that the GenericVIFDriver uses this flag to decide whether or not to do the hybrid bridging with vif_type is ‘ovs18:02
russellband is causing neutron to suffer greatly overall18:02
marunrkukura: you keep telling us this.  we hear you.  the answer is 'not this cycle'18:02
kevinbentonmarun, russellb: i'm just referring to a regular neutron user18:02
russellbkevinbenton: heh, OK.18:02
* russellb a little sore on the subject18:02
marunkevinbenton: well, they suffer for our mistakes, sadly.18:02
russellbrkukura: interested in putting together a patch to consider?18:03
rkukuramarun: I’m suggesting a compromise, where we leave neutron as-is, and just let nova use the data it already gets.18:03
russellbif there's data we can use for this already, that does sound even better18:04
marunrkukura: if nova calls neutron on every vif plug, so that the port details is always available, then it could be an option.18:04
marunrkukura: please verify that first18:04
rkukurarussellb: I’ll take a closer look at what the nova code does between the port_create/port_update and calling the GenericVIFDriver. I’m not very familiar with this code.18:04
kevinbentonrkukura, marun: isn't that already necessary for selecting the vif_type?18:06
rkukuraIf nova is getting binding:vif_type, its also getting binding:vif_details.18:08
*** Sukhdev has quit IRC18:10
*** dave_tucker_zzz is now known as dave_tucker18:12
HenryGarosen: ping18:12
HenryGamotoki: ping18:13
*** dave_tucker is now known as dave_tucker_zzz18:15
*** Jabadia has joined #openstack-neutron18:16
*** Jabadia has quit IRC18:16
*** luqas has joined #openstack-neutron18:16
*** Jabadia has joined #openstack-neutron18:17
*** luqas has quit IRC18:20
kevinbenton_cjones_: are all of the tests editing the same backend DB?18:21
*** thuc has quit IRC18:23
beaglesrkukura, I think the crux of your proposal is being missed. Why not point out what the change would be to vif driver would be if it were keyed off of vif_details?18:25
carl_baldwinemagana: ping18:25
*** salv-mobile has quit IRC18:25
rkukurabeagles: Working on a patch to do just that18:25
beaglesrkukura, if we can presume that it is always available to network_info, etc. ... the real difference would be just that18:25
jogomarun arosen salv-orlando: https://bugs.launchpad.net/neutron/+bug/129799218:25
*** salv-mobile has joined #openstack-neutron18:25
*** jgallard has quit IRC18:25
rkukurabeagles: exactly18:26
beaglesrkukura, my proposal only differed in that something nova specific be included in the model as opposed to the vif_details, so the gist is essentially the same and more of a design/cohesion nit18:26
beaglesrkukura, and I think that element is being overlooked by the implied complexity of the mysterious vif_details dict ;)18:27
rkukuraprobably less code involved to just append vif_details to the VIF object18:27
*** mlavalle has quit IRC18:28
kevinbentonrkukura: are the vif_details not currently passed to nova as part of the VIF object?18:28
openstackgerritArvind Somya proposed a change to openstack/neutron: Cisco APIC ML2 mechanism driver, part 2  https://review.openstack.org/7337218:28
beaglescould be... why not fling it and see if it sticks. We have been operating under the premise that the orig patch was too.. something.. but perhaps we are throwing baby out with the bathwater18:29
rkukurakevinbenton: They are passed to nova as a port attribute, but nova isn’t appending vif_details to the VIF object.18:29
beaglesrkukura, for example.. if the notion of the vif_details as an element of the vif object is abhorrent then it could either be backed off to something more specific or simply "no-way-man" for now18:30
*** thuc has joined #openstack-neutron18:30
beaglesrkukura, i'm just trying to cover the bases now ... so I don't have to ask myself why I didn't push harder again later on :)18:31
*** pnavarro has quit IRC18:31
*** jpich has quit IRC18:33
rkukurabeagles: Should have something concrete to discuss soon.18:34
kevinbentonrkukura: are you posting a patch?18:35
rkukurakevinbenton: yes18:36
*** blogan has joined #openstack-neutron18:37
*** _sweston_ has joined #openstack-neutron18:37
*** sweston has quit IRC18:38
DsevenBTW, is the use-case that requires an urgent fix for icehouse consisely described somewhere? i.e. why is Hybrid plugging required when the iptables firewall driver is not in use?18:38
marunDseven: you never did answer my question regarding security groups18:39
marunDseven: how are you intending to support them?18:39
*** beagles is now known as beagles_brb18:40
*** salv-mobile has quit IRC18:40
Dsevenmarun: we're working with a firewall vendor to implement firewalling that runs in a VM on each server, with all instance traffic piped through it by OVS .... but I'm not sure how that will related to security groups yet18:40
Dsevenmarun: so maybe it will involve a custom firewall driver .. I don't know yet18:41
marunDseven: lots of work18:41
marunDseven: definitely not going for the easy path :)18:41
*** flwang has quit IRC18:41
Dsevenmarun: pffft ... easy is no fun ..... or something18:41
marunDseven: Accidental complexity is never fun18:42
*** salv-mobile has joined #openstack-neutron18:42
marunDseven: in any case, you have lots of challenges to run through before the performance hit of a linux bridge is going to be a concern18:42
marunDseven: I'd recommend monitoring the situation and continuing to push for a real solution/backport to icehouse.18:42
marunDseven: by the time you're ready to worry about network performance, there should be a fix18:43
marunDseven: sooner if rkukura's gambit ends up successful18:43
Dsevenmarun: that approach may work ... so long as whatever OVS tricky is involved doesn't conflict with the hybrid plugging18:43
marunDseven: OVS trickery?18:43
Dseventrickery18:43
openstackgerritYuriy Taraday proposed a change to openstack/neutron: Abstract out root_helper calls to classes  https://review.openstack.org/8278718:43
Dsevenmarun: trickery to make all traffic for instances pass through this firewall VM18:44
marunDseven: ah, right18:44
nati_uenoUT and devstack tested. please review https://review.openstack.org/#/c/82904/18:44
marunDseven: my view is that NFV like that is dino tech. do the filtering directly on ovs.18:45
marunDseven: but vendors would disagree18:45
*** yfried has quit IRC18:46
Dsevenmarun: perhaps .. I'm not a firewall guru ... I'll try to press my peer (who is) a bit on why we're going down this road, but he seems to believe it's the right one18:46
marun“It is difficult to get a man to understand something, when his salary depends on his not understanding it.” -- Upton Sinclair18:47
rkukuramarun, Dseven: There has been some progress on an ovs-firewall-driver BP, but it didn’t complete for icehouse.18:48
*** overlayer has quit IRC18:48
marunrkukura: I'm looking forward to that.  But looking forward to ODL more ;)18:48
DsevenOklahoma Dept of Libraries ?18:49
Dseven:)18:49
emaganacarl_baldwin: pong18:50
salv-orlandojogo: are you positive the traceback for bug 1297992 is common to most uncategorized failures?18:50
salv-orlandojogo: just looking whether I just need to look at the bug or all failures18:51
banixnati_ueno: Does this affect plugins that do not support firewall by setting it to noop?18:51
salv-orlandohi folks I am back.18:51
marunDseven: I'm assuming you're just joshing but in case not - opendaylight18:51
salv-orlandoSo is there already a patch to revieW?18:51
banixnati_ueno: Does this affect plugins that do not support security groups by setting the firewall to noop?18:51
carl_baldwinemagana: Hey, a sudo patch has been discovered that helps reduce sudo overhead when agents run commands with sudo root wrap.  I was wondering if there is a place in the documentation where we document OS tweaks like this.18:52
*** BuSerD has joined #openstack-neutron18:52
marunbanix: yes18:52
Dsevenmarun: thanks, I'll check that out ... google didn't make it obvious18:52
marunbanix: all neutron plugins will use hybrid plugging with the proposed patch18:52
nati_uenobanix: you are right18:52
*** jecarey has quit IRC18:53
salv-orlandomarun, nati-ueno: so which approach was chosen? and most importantly, where's the patch. I'm sorry I ended up offline for most of the past hours.18:53
marunDseven: opensource SDN controller, allows more complex use of OVS18:53
marunsalv-orlando: your workaround is the proposed solution18:53
banixmarun, nati_ueno and by hybrid plugging you mean the vif driver used? Forgive my ignorance please.18:53
Dsevenmarun: Yep, I see it now .. will explore18:53
nati_uenobanix: yes18:53
marunsalv-orlando: rkukura is investigating if a vif details solution is possible, but until he determines that it is, we're working on the assumption that your workaround is the way to go18:54
_cjones_kevinbenton: As for the configuration issue. It appears that I need to get my new configuration in oslo. Pointers of how to get this portion done? I'll be golden.18:54
salv-orlandomarun: what about complaint about ovs-based plugins which do not want to use hybrid plugging?18:54
_cjones_kevinbenton: https://gist.github.com/cjones-/1f534d6fa09421a4630918:54
marunsalv-orlando: they're SOL18:54
salv-orlandoSOL?18:54
salv-orlandomissing this acronym18:54
marunsalv-orlando: s*** out of luck18:54
emaganacarl_baldwin: excellent point!18:54
banixnati_ueno: and if we need the Generic driver, will explicitly setting that in nova configuration would be enough?18:54
emaganathe patch is merged right?18:55
marunsalv-orlando: out of curiosity, where is mark?18:55
DsevenI believe that hybrid plugging is implement by the Generic VIF driver .. it's just logic within the driver that's being tweaked18:55
salv-orlandoI think nati-ueno initially did a vif_details patch, so why is now rkukura reinvestigating what nati-ueno already did?18:55
carl_baldwinemagana: The patch is found in a newer released version of sudo.  Is that what you are asking?18:55
marunsalv-orlando: he's like a dog with a bone18:55
nati_uenobanix: this fix don't need configuration change18:55
emaganacarl_baldwin: yes!18:56
salv-orlandoif vif_details is the way, ignore my comments, address nova concerns around merging this late in the release cycle and go ahead.18:56
banixnati_ueno, marun: or we won't be able to use the Generic driver?18:56
marunsalv-orlando: if he can come up with something simple enough that nova is willing to accept it, then great18:56
carl_baldwinemagana: I don't have all the details at my fingertips but I can provide them in an email or something.18:56
rkukurasalv-orlando: I suggested a compromise where we simply use the existing flag neutron already puts in vif_details to control whether or not the hybrid bridge is created in nova18:56
emaganacarl_baldwin: please, do that and I will file a BP/bug to make sure we document it18:56
banixnati_ueno: what if we want to use the generic driver? (Sorry i dont know the context and tying to figure out if I need to do anything with our plugin.)18:56
marunsalv-orlando: we're not adding a new driver18:56
marunoops, banix ^^18:56
rkukuraSo nati_ueno’s finer-grained control could be added later18:57
*** WormMan has joined #openstack-neutron18:57
salv-orlandoI think the simplest thing would be to let neutron tell nova what to use to plug, without changing the API. But still it was said here that it's too much of a change.18:57
carl_baldwinemagana: Great, I will provide it in the next day.18:57
nati_uenobanix: newest patch is using Generic driver18:57
emaganacarl_baldwin: Thanks!18:57
carl_baldwinThank you.18:57
salv-orlandoso yeah, I guess there is always the trick to skip the hybrid plugging18:57
salv-orlandoof willfully setting a wrong firewall driver in nova.conf18:57
*** flwang has joined #openstack-neutron18:57
banixmarun, nati_ueno : thanks; still confused but will follow the discussion.18:57
salv-orlandoso that it won't do hybrid plugging but won't either configure nova firewalling because neutron is in place18:58
nati_uenobanix: no worries, I'm confusing too X(18:58
marunsalv-orlando: did you see kevinbenton's proposal?18:58
marunsalv-orlando: creating a neutron-specific no-op firewall driver?18:58
*** yfried has joined #openstack-neutron18:58
marunsalv-orlando: not something nova will accept this cycle, but maybe a good workaround for next18:58
kevinbentonmarun: i already overrode that patch with what rkukura was getting at :-)18:59
*** salv-mobile has quit IRC18:59
maruntoo many cooks19:00
*** yfried has quit IRC19:01
marunsalv-orlando: I'm of the opinion that we should just force hybrid plugging for everyone.19:01
*** yfried has joined #openstack-neutron19:01
marunsalv-orlando: maybe then the folks impacted by the change would actually sit up and pay attention.19:01
marunsalv-orlando, rkukura: dividing our attention between different fixes is the reason we're in this mess in the first place.19:02
salv-orlandomarun: why are they at fault for anything?19:02
marunsalv-orlando: if they aren't paying attention, they're not sufficiently involved.19:02
jogosalv-orlando: I did a spot check the traceback was in many uncategorized failures19:02
salv-orlandojogo: thanks19:02
marunsalv-orlando: just like most people (including me) sit back while a core group of people (including you) work on fixing critical core issues.19:02
jogoI have an e-r patch up so once it lands we will know19:02
*** jecarey has joined #openstack-neutron19:02
rkukuramarun: I think the lesson to learn is to do these things in small steps as soon as possible19:02
marunrkukura: I think the lesson is that we're not sufficiently organized to pay attention to things that matter.19:03
marunrkukura: what you said -> in the small19:03
marunrkukura: what i said -> in the large19:03
salv-orlandomarun: by this standard shalle we start randomly breaking plugins where there aren't frequent contributions to make them pay attention?19:03
marunrkukura: I would agree that both views are necessary, but we're hurting in the large more than the small.19:03
*** luqas has joined #openstack-neutron19:03
marunsalv-orlando: not randomly19:04
marunsalv-orlando: but this bug has been brought up in what, every damn meeting this cycle?19:04
marunsalv-orlando: it's not like the situation hasn't been very public19:04
*** thuc has quit IRC19:05
marunsalv-orlando: like the testing problems of the past year, people don't sit up and pay attention unless it impacts them19:05
marunsalv-orlando: i.e. 'my patches can't merge because of persistent test failures'19:05
*** thedodd has quit IRC19:05
marunsalv-orlando: or 'my network performance is taking a hit because of vif plugging issues'!19:05
salv-orlandomarun: I'm not talking about the specific fact that a group of plugins will be negatively affected. I'm simply advocating that stating that people who will be affected will somehow be punished for their laziness makes no sense.19:07
salv-orlandoAs an example NSX plugin will be affected, and if this merges we'll have to devise a strategy19:08
salv-orlandostill I'm not saying no you don't merge this because NSX latencies will be hit19:08
*** rotbeard has quit IRC19:08
*** markmcclain has joined #openstack-neutron19:08
salv-orlandoon the other hand, putting too many people on the same issue is going to be worse than putting no people on it19:09
marunsalv-orlando: +119:09
salv-orlandoespecially with the kind of very strongly-minded, highly-skilled and experienced people you find in communities like this19:09
salv-orlandosome a**holes too19:09
salv-orlandobut that would be mostly me19:09
marunyou mean me? ;)19:11
*** irenab has quit IRC19:17
*** jp_at_hp has quit IRC19:20
Dsevenso is the proposal still salv's approach? - i.e. basically if is_neutron() then do_hybrid19:20
*** leseb has quit IRC19:24
enikanorov_markmcclain: hi, sorry for bothering again with https://review.openstack.org/#/c/81537/  could you please take a look19:26
*** dave_tucker_zzz is now known as dave_tucker19:27
*** markwash has quit IRC19:27
*** thuc has joined #openstack-neutron19:27
*** thuc_ has joined #openstack-neutron19:28
*** SumitNaiksatam has quit IRC19:31
*** leseb has joined #openstack-neutron19:32
*** thuc has quit IRC19:32
*** leseb has quit IRC19:34
banixmarun, salv-orlando: Please ignore if busy. I am still confused and have a question regarding the patches being discussed for the plugging: Does the proposed solution which sets the plugging to hybrid prevents all Neutron plugins from using anything but the hybrid plugging? In other words, can we use the Generic plugging after/if/when this patch is merged?19:35
Dsevenbanix: there is no hybrid plugin .. there is a generic VIF plugin for Nova ... there is logic within that plug that decides what type of plugging to do19:36
*** overlayer has joined #openstack-neutron19:36
Dsevenbanix: sorry, too many plugs ;) ... ".. there is logic with the generic VIF driver in nova that decides what type of plugging to do"19:37
Dsevenbanix: https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L46519:38
banixDseven: thanks weren't at some point two different classes one LibvirtGenericVIFDriver and another for Hybrid? I see the latest code has only one.19:39
marunbanix: the proposal is that _all_ plugins will be forced to use hybrid plugging19:39
marunbanix: you don't have to consider vif drivers at all.19:39
Dsevenbanix: yes, I believe that old plugin was removed and everything collapsed into the generic VIF driver19:40
marunbanix: the generic vif driver will force hybrid plugging if neutron is enabled.19:40
banixmarun: what is the implications of that? I will look at the code but in case there is a short answer to this19:41
marunbanix: the implication is that there will be a linux bridge between the vif and ovs bridge for all plugins19:41
marunbanix: regardless if they intend to do iptables filtering19:41
marunbanix: so unnecessary overhead19:41
Dsevenmarun: why is it that we need to do this? is there some use case other than iptables filtering that still requires the hybrid plugging ?19:42
marunDseven: no19:42
*** SumitNaiksatam has joined #openstack-neutron19:42
rkukuramarun, Dseven, russellb, kevinbenton, salv-orlando: Potential nova security group fix is: https://review.openstack.org/#/c/83190/19:42
banixmarun: thanks much; i think I understand this now better; so this will apply to all vifs that are of type OVS?19:43
marunbanix: correct19:43
Dsevenmarun: so what is the problem we're trying to solve then? i.e. what does not work with the code as-is ?19:44
marunDseven: we need to force hybrid plugging for any plugin that relies on iptables filtering between vif and ovs bridge19:44
marunDseven: ml2+ovs - the default plugin tested in the gate - simply doesn't support security groups without this fix19:45
marunDseven: and plugins that use the same approach are also broken19:45
banixmarun: Then that would potentially have implications beyond the performance. May be not but i am wondering. In our plugin we have a controller managing and setting up the rules for OVSs we have and am wondering if the linux bridges lead to any issues….19:46
Dsevenmarun: what type of plugin are we talking about? Not the firewall_drver in nova ?19:46
marunbanix: i'm not sure why it would unless you're touching the vif19:46
marunDseven: neutron plugin19:46
marunbanix: the linux bridge is a passthrough unless iptables-based security groups are enabled in neutron19:47
marunvif <-> linux bridge <-> ovs port19:47
Dsevenmarun: OK .. so there are some neutron plugins that depend on iptables, independently of the IptablesFirewallDriver in nova ?19:47
marun<-> -> veth pairs19:47
marunDseven: correct.19:48
marunDseven: it's basically the equivalent of the nova functionality19:48
Dsevenmarun: OK... I think I get it19:48
banixmarun: ok; and I suppose a single vif will still show up as a single port on the OVS and nothing else will be seen by the OVS; and setting the firewall to noop will make sure there are no iptable rules affecting traffic, etc19:48
marunbanix: correct19:49
DsevenI wonder if it might not be simpler to just have a nova config option to force hybrid plugging, rather than trying to come up with some logic for it last-minute19:49
banixmarun: thanks for taking the time to explain this here.19:49
marunDseven: we discussed that, a new config option is not an option this late in cycle19:49
marunbanix: np :)19:49
Dsevenmarun: hmmm... but a chance in logic is? ......19:49
Dsevens/chance/change/19:50
marunDseven: a change in logic is internal-only19:50
marunDseven: a config option has to be documented19:50
marunDseven: in any case, it's not our call19:50
Dsevenso we can pretend it never happened? ;)19:50
marunDseven: we're trying to merge something to nova - they decide what goes in.19:50
marunDseven: so we have to make them happy19:50
*** skraynev_afk is now known as skraynev19:54
*** claudiub has joined #openstack-neutron19:54
Dsevenmarun: what neutron plugin(s) depend on iptables? Trying to rationalise how this relates to ML219:55
marunDseven: I don't know off the top of my head19:55
*** otherwiseguy has quit IRC19:57
markmcclainDseven: OVS+ml2 was the only one that relied on the old hybrid driver19:58
*** pcm_ has quit IRC19:59
Dsevenmarkmcclain: I'm missing a piece somewhere .... ML2 doesn't handle layer 3 filtering, does it ?20:00
markmcclainit does not, but it implements the neutron security group extension20:01
Dsevenand it does that by configuring iptables ?20:02
markmcclainso previously the OVS plugin used a hybrid driver to implement security groups20:02
*** pcm_ has joined #openstack-neutron20:02
*** pcm_ has quit IRC20:02
*** sacharya has joined #openstack-neutron20:03
*** pcm_ has joined #openstack-neutron20:03
*** julim_ has quit IRC20:03
markmcclainthere are folks working on proposals for changing open implementation from the hybrid to using flow mods20:04
markmcclainbut that work is for Juno20:04
DsevenOK .. so .. meanwhile ... where is the code that interfaces with iptables?20:05
rkukuramarkmcclain: I posted a nova-only patch that uses the port_filter flag neutron currently includes in binding:vif_details. In juno, ML2 could control that based on which firewall driver is used on the compute node.20:06
*** beagles_brb is now known as beagles20:06
*** thedodd has joined #openstack-neutron20:08
kevinbentonsalv-orlando: this was the other approach that i had brought up. https://review.openstack.org/#/c/83148/20:10
Dsevenrkukura: isn't get_firewall_required() supposed to return True or False? You have it returning port_filter20:11
kevinbentonDseven: port_filter is a boolean20:11
Dsevenoh, ok20:11
*** saju_m has quit IRC20:11
rkukuraDseven: the ‘port_filter’ key in binding:vif_details maps to a boolean20:12
markmcclainrkukura, kevinbenton, nati_ueno: ping20:15
openstackgerritHenry Gessau proposed a change to openstack/neutron: Remove auto-generation of db schema from models at startup  https://review.openstack.org/4029620:15
kevinbentonmarkmcclain: pong20:15
markmcclainOk been stuck on a plane all day… Why do we have 3 patches?20:15
rkukuramarkmcclain: pong20:15
kevinbentonmarkmcclain: mine was just a hack if the other stuff didn't work20:16
rkukuramarkmcclain: If you are counting mine and kevinbenton’s, these are now very similar20:16
kevinbentonrkukura: i replaced the duplicate of yours back to my original one20:16
rkukuramarkmcclain: It seemed the vif_details approach was being rejected on the basis of too much change in nova, so kevinbenton and I both wanted to show it was very straightforward20:17
kevinbentonrkukura: but as long as the nova folks are good with merging the vif logic, mine isn't needed20:17
rkukurakevinbenton: what do yu mean by “merging the vif logic”?20:17
kevinbentonrkukura: your approach20:18
rkukuraok20:18
*** sacharya has quit IRC20:18
rkukuramarkmcclain: So my patch is basically what nati_ueno has been working towards, but without introducing the fine-grained control over VIF secuity. Its just on or off.20:19
kevinbentonmarkmcclain: the other patch is one marun had settled on had a side effect of forcing everyone to use hybrid plugging mode20:20
markmcclainforcing everyone to us hybrid plugging is super disruptive this late20:20
markmcclains/us/use/20:20
kevinbentonyeah, that's what prompted me to push up my patch. then rkukura suggested using the vif_details20:21
kevinbentonwhich is even better20:21
markmcclainrkukura: looks like unit test changes are needed for yours20:22
*** sacharya has joined #openstack-neutron20:23
*** crc32 has quit IRC20:23
*** dfarrell07 has joined #openstack-neutron20:24
nati_uenomarkmcclain: pong20:25
*** jprovazn is now known as jprovazn_afk20:25
markmcclainnati_ueno: mainly trying to figure why we have 3 proposals20:25
nati_uenomarkmcclain: three!?20:26
*** tvardeman has quit IRC20:26
markmcclainyes20:26
russellbheh, yeah, rkukura posted a new one20:27
russellbnati_ueno: was hoping you could tell me what you thought ...20:27
russellbnew one is https://review.openstack.org/#/c/83190/20:27
nati_uenorussellb: I think we should choise simplest one..20:27
russellbsimplest would be the is_neutron() hack i guess20:28
nati_uenoI agree20:28
russellbbut i'm really curious about this new patch20:28
russellbbecause if the API already had the info needed to do this ...20:28
russellbthen i'm confused why the bug has been open for like 9 months?20:28
russellbnot sure what i'm missing i guess20:28
markmcclainrussellb: I'm with you on this one too20:29
rkukuranati_ueno: This is similar to what you were proposing, but with just the current single port_filter flag rather than the fine grained flags20:29
*** saju_m has joined #openstack-neutron20:29
nati_uenorussellb: I'm working on fixing this issue. Mainly we are discussing vif security api.20:29
nati_uenorussellb: but neutron side ins't fixed yet..20:30
rkukurain hindsight, we should have got the mechanism into both sides for passing vif_details, and dealt with the fine grained VIF security as a separate followon step20:30
russellbOK20:31
russellbso, the simple patch for now then ...20:31
russellbfine with me.20:31
rkukurarussellb: Which is the simple patch?20:31
russellbheh, hard to track it all20:32
*** jobewan has quit IRC20:32
Dsevensimple patch is Salv's approach?20:32
russellbyes, i thin20:32
russellbthough he had 2 approaches20:32
russellbso it's nice and confusing20:32
rkukuranati_ueno: If we go with using the port_filter key in binding:vif_details, is work needed on the neutron side?20:32
Dseventhis one https://launchpadlibrarian.net/170772780/hack.patch20:33
russellbhttps://review.openstack.org/#/c/82904/20:33
russellbyeah20:33
nati_uenorkukura: I think so,, but i'm not sure20:33
nati_uenorkukura: I'm fixing ut for 82904, give me 1 hour20:33
rkukuranati_ueno: I know that ML2 passes True for the L2 agents that need the iptables firewall driver20:34
nati_uenomay be, if russelib is OK, we can do more better solution,, but I think it is safe start from simple step20:34
russellbif you want something for icehouse, the simpler the better, yes20:35
rkukuraI can’t argue that 82904 isn’t simpler than 83190, but not by much20:35
*** devlaps has quit IRC20:35
banixmarkmcclain: wouldn't your comment "forcing everyone to us hybrid plugging is super disruptive this late" above apply to this patch?20:36
rkukuraI’m concerned that the is_neutron() test is just too restrictive.20:36
*** jlibosva has joined #openstack-neutron20:36
Dseventoo broad .. yeah20:36
*** saju_m has quit IRC20:37
markmcclainyeah because a blanket use of hybrid would impact all vendors20:37
rkukuraSo 83190, at worst case, lets each plugin return set port_filter to either True or False.20:37
russellbmarkmcclain: that's what the simplest fix does20:37
russellbmarkmcclain: forces that for all neutron20:37
rkukuraThe plugin can either hard-code this (as most do right now), or be more clever20:38
marunrussellb: if we could get in rkukura's better fix, that would be preferable20:38
marunrussellb: fallback is the 'force hybrid' workaround20:38
marunrussellb: it's your call, really20:38
russellbmarun: it does seem preferable, if it works20:38
russellbyou guys tell me if it works20:38
russellbi don't have time to test this stuff out20:38
marun(this is where in-tree functional testing would be really useful)20:39
russellbbut we've got to merge *something* by sometime tomorrow, or it may miss rc120:39
marunhint, hint: https://review.openstack.org/#/c/72585/20:39
markmcclainmarun: in tree functional test would have never caught this20:39
marunmarkmcclain: nonsense20:39
russellbwell, you know ... testing of this functionality at all would have helped :-p20:39
markmcclainthis is an integration problem20:39
russellbmarkmcclain: right20:39
marunmarkmcclain: the patch in question runs it against an integration environment20:39
nati_uenook I think we should have no more discussion time. markmcclain: russellb: could you decide which way we go?20:39
marunbut from the neutron tree20:39
maruni.e. pre-merge testing rather than the post-merge of tempest20:40
markmcclainmarun: tempest can be run pre-merge20:40
markmcclainthere are ways to do it ask arosen20:40
russellbok, so https://review.openstack.org/#/c/83190 ...20:41
russellbthis is ready to go on the neutron side already?20:41
*** devlaps has joined #openstack-neutron20:41
marunrkukura: that's a yes, right? ^20:42
kevinbentonmarkmcclain: isn't tempest run pre-merge already as part of the jenkins tests?20:42
russellbpretty sure rkukura said yes before20:42
marunkevinbenton: but we can't merge tempest tests until neutron functionality exists20:42
markmcclainkevinbenton: marun is wanting to pair the code change and tests together20:42
nati_uenokevinbenton: marun: let's discuss ci issue later20:42
maruni'm talking out of my ass, really.  in this case in-tree tests make zero sense.20:43
marunnot when nova is involved.  it's only functional api testing we should be running in an integration environment20:43
russellblet's fix the bug first :)20:43
nati_uenoOK so we choose 83190  ?20:43
marunrussellb: waiting on rkukura to answer20:43
openstackgerritKevin Benton proposed a change to openstack/neutron: Disable XML tests on Py26  https://review.openstack.org/8186520:43
marunnati_ueno: i think the goal is to get it tested and if it can pass muster we can use it20:44
rkukurarussellb, marun: The ML2 plugin should be setting the right port_filter value based on which mechanism driver binds the port. For openvswitch and linuxbridge, this should be all set.20:44
marunnati_ueno: and if there are unexpected side-effects, we can fall back to workaround20:44
nati_uenomarun: you get a point20:44
markmcclainok now that rkukura has confirmed it we don't need a followup neutron change20:45
marunnati_ueno: good to have a safety net :)20:45
markmcclainlooks like we just need to add UT20:45
*** julim has joined #openstack-neutron20:45
nati_uenook so go with 83190 ?20:45
russellband i'd like someone to do functional testing20:45
rkukuraIf any other plugin or ML2 driver sets the wrong port_filter value, the fix is trivial.20:45
nati_uenorussellb: I'll do20:45
russellbnati_ueno: great thanks20:45
russellbnati_ueno: so that can be plan A20:45
russellbplan B the "force it for all of neutron" hack20:45
rkukuraI’ll add the unit test, and have addressed russellb’s comment20:45
marunrkukura: is there something we should be doing that tempest check jobs won't cover?20:45
nati_uenoOK if 83190 isn't merged in Today, let's go plan B20:45
rkukurawould be great if someone else could look into functional testing20:46
nati_uenorkukura: could you add UT for it?20:46
marunrkukura: it would be helpful to clarify so that people's efforts are focused.20:46
rkukuraI’ll base the UT on what nati_ueno proposed in his patch20:46
markmcclainrussellb: +1 for that plan20:46
russellbmarun: wasn't there a test submitted upstream for this?20:46
russellbmarun: that's what lpeer told me i think ...20:46
marunrussellb: yes20:47
russellbmarkmcclain: cool20:47
russellbmarun: k20:47
marunrussellb: good point.   we can manually run it locally20:47
marunrussellb: https://review.openstack.org/#/c/62702/20:47
russellbyeah20:47
rkukuramarun: What needs clarification?20:47
russellbor just manually test for now too20:47
russellbbut just saying, as far as preventing regression in the future ...20:47
marunrkukura: what to test - deploiy your branch and yfried's tempest branch with devstack, and running his test,20:48
marunrkukura: more testing than that would seem unnecessary given that all the tempest jobs should give us good coverage of everything else20:49
nati_uenomarun: I'm setting up the test20:49
salv-orlandoas arosen did, you might be able to do that test in the check queue pushing a devstack patch which changes stackrc20:49
salv-orlandoso the results will be immediately shared20:49
rkukuramarun: Could use a volunteer to look at the tempest testing of this20:50
marunarosen: help with that? ^20:50
marunrkukura: sounds like nati_ueno's on it20:50
rkukuragreat20:50
arosensalv-orlando:  yes see: https://review.openstack.org/#/c/78694/20:50
marunarosen: ah, clever20:50
marunnati_ueno: are you looking at this?20:51
arosenmarun:  I probably won't have the cycles today to look at the tempest stuff :/20:51
marunarosen: none needed20:51
arosenWe're about to upgrade our cloud to havana from grizzly20:51
marunarosen: we already have the test written20:51
marunarosen: best of luck!20:51
arosenmarun:  ah i though you're  help with that comment was related to rkukura20:52
marunarosen: nah, I just wanted instructions on how to run unmerged-tempest tests upstream20:53
arosenmarun:  yea i see now :)20:54
nati_uenohttps://review.openstack.org/#/c/83210/20:54
nati_ueno<-- Bob's patch and yfield patch20:54
nati_uenoso we will see the test result in that patch20:54
marunnati_ueno: sweet!20:54
nati_uenomarun: yes20:54
*** leseb has joined #openstack-neutron20:54
*** Jabadia has quit IRC20:55
salv-orlandoif you allow me to do that, I've started also vmware nsx checks. I won't bark if that doesn't work, but at least I want toknow20:55
salv-orlandoI mean technically I've started them even if you do not allow me to do that.20:56
marunsalv-orlando: not like it impacts anything :)20:56
salv-orlandomarun: nasty vendor trying to get his way into opensoruce stuff!20:57
openstackgerritAaron Rosen proposed a change to openstack/neutron: Subnets should be set as lazy='join'  https://review.openstack.org/8321320:57
nati_uenorkukura: 83190 isn't working. I posted the comment to fix20:59
nati_uenorkukura: I get error with devstack20:59
salv-orlandonati_ueno: could that be your env? I think rkukura said he tested it already with ml221:00
nati_uenorkukura: please ping me when you fix it. I'll do test again. Also could you recheck https://review.openstack.org/#/c/83210/21:00
rkukuraI have not done any devstack testing of this21:00
nati_uenosalv-orlando: IMO, code is wrong. Could you try it in your env? VM won't boot21:00
rkukuranati_ueno: Thanks - looking at that now21:01
nati_uenorkukura: Thanks21:01
*** rudrarugge has quit IRC21:01
marunrkukura: still allergic to devstack? ;)21:02
marunrkukura: I hope we'll be able to run it in a container in the near future, so at least virtualization isn't involved.21:03
openstackgerritMohammad Banikazemi proposed a change to openstack/neutron: Deals with fails in update_*_postcommit ops  https://review.openstack.org/8321721:03
*** singhs has joined #openstack-neutron21:03
*** sacharya has quit IRC21:05
rkukuranati_ueno: in get_config_bridge(), can you clarify what you think needs to be done?21:09
nati_uenorkukura: we don't need conf.filtername if it is neutron with security group21:10
*** sridhar has quit IRC21:10
rkukuraSo this needs a different test than get_firewall_required()?21:10
nati_uenorkukura: yes21:11
nati_uenorkukura: please take a look https://review.openstack.org/#/c/82904/21:11
rkukuraOK, same solution OK?21:12
nati_uenorkukura: if we use the value of port_filter, it is OK21:12
nati_uenorkukura: instead of is_neutron21:12
rkukuraBut when vif_details is available, get_firewall_required() is returning the value of port_filter.21:13
*** skraynev is now known as skraynev_afk21:14
*** jlibosva has quit IRC21:14
nati_uenorkukura: That's way won't work21:15
nati_uenorkukura: Two issues are mixed in this. conf.fitlername and vif selection21:16
*** otherwiseguy has joined #openstack-neutron21:16
rkukuraAny reason your code won’t work here:21:16
rkukura        if self.get_firewall_required(vif) and not utils.is_neutron():21:16
rkukura            conf.filtername = name21:16
kevinbentonrkukura: conf.filename needs to not be set if get_firewall_required returns true because of the VIF_DETAIL_PORT_FILTER21:16
*** jprovazn_afk has quit IRC21:16
nati_uenorkukura: yes21:17
nati_uenorkukura: if we are going to use port_filter, we should use that value21:17
rkukurathat’s what the current patch is doing, isn’t it?21:18
*** sacharya has joined #openstack-neutron21:18
nati_uenorkukura: no21:18
nati_uenorkukura: ok, so21:18
nati_uenothere is many combinations21:19
*** lifeless has quit IRC21:19
nati_ueno(1) nova security group + nova network (2) neutron security group + neutron (3) nova security group + neutron21:19
*** jorgem has joined #openstack-neutron21:19
nati_ueno(1) (3) needs conf.filtername to be set21:19
nati_ueno(2) needs conf.filtername = None21:20
nati_uenomy bad21:20
nati_uenoThere is (4)21:20
nati_ueno(2-1) neutron security group + neutron + iptables (2-2) neutron security group + neutron without iptables21:20
nati_uenosorry not (4) but (2-1), (2-2)21:20
nati_ueno(2-1),(2-2) needs conf.filtername =None21:20
nati_uenoand...21:21
kevinbenton if self.get_firewall_required(vif) and not vif['details'].get(network_model.VIF_DETAIL_PORT_FILTER)21:21
nati_ueno(2-1-1) OVS (2-1-2) Not OVS21:21
nati_ueno(2-1-1) needs hybrid plugging21:21
nati_uenokevinbenton: Thats the way21:21
rkukuranati_ueno: OK21:22
nati_uenosuper complicated....21:22
Dsevenis that safe if the port_detail is not set at all ?21:22
Dseven(my python-fu is not so strong)21:23
marunDseven: dicts as objects suck21:23
kevinbentonthe vif model sets detail to an empty dict21:23
kevinbentonhttps://review.openstack.org/#/c/83190/1/nova/network/model.py21:23
marunDseven: but hopefully the folks here are going to wrap dict access in a method call21:23
rkukuraThe whole point here is that only the GenericVIFDriver should know or care what keys to look for in vif_details. That lets things like SR-IOV pass the info they need without having to muck with intermediate code.21:25
marunkevinbenton: still, bad practice to expose the implementation of vif details outside the model21:25
marunkevinbenton: preferable to encapsulate access to vif details with methods on the model21:25
rkukuraWrapping at the VIF driver level is fine, just shouldn’t have to scatter this across the code21:25
*** crc32 has joined #openstack-neutron21:25
marunrkukura: it needs to be encapsulated somewhere21:26
rkukuraaccessors in the model are OK I guess21:26
marunrkukura: at least, if anything is actually going to look at it.21:26
*** ale____ has joined #openstack-neutron21:26
*** ale____ has quit IRC21:26
marunrkukura: if, as you say, it gets passed down raw, then no need for special handling21:26
marunrkukura: I'm just hoping we can move away from things like vif_details['blah'] sprinkled everywhere21:27
*** ale____ has joined #openstack-neutron21:27
kevinbentonmarun: i don't see where that's being done for anything else in the vif21:28
*** ale____ has quit IRC21:28
marunkevinbenton: even once is too many times21:28
kevinbentonmarun: or do you mean specifically for the nested stuff inside the 'details' dict21:28
bloganmarkmcclain: will you be attending the lbaas meeting tomorrow?21:28
marunkevinbenton: I think so21:28
marunkevinbenton: if model.vif_details is the extent of it, fine21:29
rkukuramarun, kevinbenton : Should this do it:21:29
marunkevinbenton: if it's model.vif_details['foo'], that's bad21:29
rkukuraand not utils.is_neutron():21:29
rkukurapasted wrong thing21:29
markmcclainblogan: I should be able to attend21:29
rkukura        if (self.get_firewall_required(vif) and21:29
rkukura            vif['details'].get(network_model.VIF_DETAIL_PORT_FILTER) is None):21:29
kevinbentonrkukura: if i understood nati_ueno, that second one needs to also check if the filter is True21:31
kevinbentoni mean make sure it's not True21:31
*** luqas has quit IRC21:31
kevinbentonso either False or None21:31
nati_uenokevinbenton: good point21:31
kevinbentonoh, i see get_firewall_required will handle if it's false21:32
DsevenI'm wondering if it makes more sense to have a separate function like  get_is_neutron_handling_the_filtering(), and call it from both places21:32
rkukuraNone means port_filter is not in vif_details21:32
marunDseven: +121:32
nati_uenoDseven: +121:32
marunrkukura: please ^21:32
nati_uenoDseven: my previous patch was doing that thing21:32
rkukuraChecking for False means either not present or present and False21:32
kevinbentonyeah, checking for present and False is handled by get_firewall_required21:33
kevinbentonso your suggestion works21:33
openstackgerritArvind Somya proposed a change to openstack/neutron: Cisco APIC ML2 mechanism driver, part 2  https://review.openstack.org/7337221:34
rkukuranati_ueno, kevinbenton, marun: If any of you have a really clear picture of what’s needed here, I’d be happy for you to push a new patch with the fix.21:37
kevinbentonrkukura: ok21:39
rkukuraI’ll push my latest version in a second21:39
nati_uenorkukura: Thanks21:40
*** sacharya has quit IRC21:41
rkukuranati_ueno, kevinbenton, marun: new patch pushed - if someone wants to pick this up and add a get_is_neutron_handling_the_filtering() function, and the unit tests for this and get_firewall_required(), that would be great.21:44
kevinbentono/21:44
nati_uenorkukura: OK let me take it21:48
kevinbentonnati_ueno: i'm on it21:48
nati_uenokevinbenton: Ah OK21:48
nati_uenokevinbenton: Please take it :P21:49
*** overlayer has quit IRC21:52
kevinbentonhmm, what is the expected behavior when VIF_DETAIL_PORT_FILTER is set to false by neutron?21:53
kevinbentonthat could happen from a plugin not supporting security groups, right?21:53
kevinbentonand it might want to offload to nova21:53
kevinbentonso if VIF_DETAIL_PORT_FILTER is False, get_firewall_required shouldn't return False automatically, but instead continue to check CONF.firewall_driver21:54
kevinbentondoes that make sense?21:54
Dsevenmakes sense to me21:55
*** leseb has quit IRC21:57
*** b3nt_pin has joined #openstack-neutron21:57
*** baoli has quit IRC21:57
nati_ueno+121:58
marunnati_ueno: is it ever desirable for neutron to rely on nova for security groups ??21:58
marunnati_ueno: how does that ever make sense when ovs is used?21:58
Dsevenmaybe there are legacy neutron plugins that have that reliance ?21:59
kevinbentonmarun: this was the case with the BigSwitch plugin until IceHouse22:00
*** beagles has quit IRC22:00
*** jmeridth has left #openstack-neutron22:00
*** b3nt_pin is now known as beagles22:00
marunkevinbenton: really?22:00
kevinbentonmarun: yeah, because it required us to add a security groups only agent22:01
nati_uenomarun: so there is three case (1) use nova security group (2) use neutron security group (3) don't use anything22:01
marunkevinbenton: so hybrid plugging but nova managing iptables?22:01
*** carl_baldwin has quit IRC22:01
bloganmarkmcclain: good, would like to hear your thoughts on the pros and cons of the object model discussion22:01
kevinbentonmarun: yes22:01
marunkevinbenton: yikes22:01
kevinbenton marun: well that was just nova security groups22:02
kevinbentonnot really a hack, just slow to adopt :-)22:02
markmcclainblogan: I should be caught up on the discussion by then22:03
bloganmarkmcclain: excellent! look forward to it22:03
*** banix has quit IRC22:04
*** mlavalle has joined #openstack-neutron22:04
*** ale____ has joined #openstack-neutron22:07
*** overlayer has joined #openstack-neutron22:12
*** luqas has joined #openstack-neutron22:12
*** armax has quit IRC22:13
*** ale____ has quit IRC22:14
Dsevenkevinbenton, are you going to post your version of the patch to 83190 ? I think I'm ready to test it (ML2+OVS) when it's ready....22:16
kevinbentonDseven: shortly. working on UT now22:17
Dsevenroger22:17
*** mwagner_lap has quit IRC22:17
*** carl_baldwin has joined #openstack-neutron22:22
*** bjornar has quit IRC22:22
*** baoli has joined #openstack-neutron22:23
*** beagles has quit IRC22:25
*** b3nt_pin has joined #openstack-neutron22:25
*** b3nt_pin is now known as beagles22:25
*** baoli has quit IRC22:26
*** blogan has quit IRC22:28
nati_uenoDseven: type apt-get install -y sl;sl    <-- This kills time we are waiting kevin :P22:29
*** carl_baldwin has quit IRC22:29
kevinbentonhttps://review.openstack.org/#/c/83190/22:29
marunkevinbenton: can you please post it w/o unit tests first so we can target nati_ueno 's devstack change for upstream tempest validation?22:30
kevinbentonmarun: i posted it with a unit test, would you like me to remove it? :-)22:30
marun:p22:30
kevinbentonnati_euno: sl is awesome :-)22:31
nati_uenokevinbenton: he he he22:31
marunkevinbenton: please replace the line 174-175 with a self-documenting conditional22:32
marunkevinbenton: i.e22:32
marunfiltername_required  = (self.get_firewall….)22:33
marunif filtername_required22:33
kevinbentonok22:33
marunkevinbenton: otherwise, lgtm22:34
*** mlavalle has quit IRC22:34
marunnot sure why the definition of name isn't inside the conditional, since it's not used elsewhere, but can't really change something like that in this patch22:34
nati_uenokevinbenton: One comment22:35
kevinbentonnati_ueno: yeah?22:36
nati_uenokevinbenton: ah commented on the gerrit22:36
kevinbentonnati_ueno: checking22:36
Dsevenlol ... just installed sl22:37
nati_uenoDseven: he he he22:37
Dsevenis there a gerp too? ;)22:37
nati_uenoDseven: you can invent it :)22:38
DsevenOK, will have to come up with an acronym that works22:38
nati_uenoDseven: :P22:39
*** jgrimm has quit IRC22:39
nati_uenoI confiremed the patch is working with devstack + ml2 + ovs22:40
*** ale has joined #openstack-neutron22:41
*** thedodd has quit IRC22:45
Dsevenhmm, looks like I'm behind on some other changes to api.py22:47
kevinbentonnati_ueno: did you see my comment?22:51
kevinbentonnati_ueno: oh nevermind22:51
kevinbentoni had to make another slight change to the UT because it was mangling the self.vif_ovs22:51
nati_uenokevinbenton: yep, you are right22:51
kevinbentonsalv-orlando: ping22:53
salv-orlandoyeah?22:53
kevinbentoni think 3 is covered. if someone wants to implement security groups without hybrid plugging, they could set cap_filter to false22:54
kevinbentonor is that an abuse of cap_filter?22:54
kevinbentonin the port bindings22:55
*** overlayer has quit IRC22:55
salv-orlandowho would be this fool which implements security groups this way?22:55
salv-orlandoanyway, it might work. But out of change.22:56
salv-orlandochance.22:56
salv-orlandobecause the intention of the code is that cap_port_filter=False then means no security groups22:56
*** harlowja has quit IRC22:58
salv-orlandoassuming the current approach is approved VNIC_TYPE might be the VIF_DETAILS attribute to leverage. It can be HYBRID or NATIVE and for simplicity you can let nova assume it's HYBRID by default23:00
salv-orlandoit will also solve the fact which now you're making the VIF driver select the plugging mode according to the capability of doing filters23:01
*** harlowja has joined #openstack-neutron23:03
*** ale has quit IRC23:03
*** julim has quit IRC23:05
kevinbentonsalv-orlando: i re-uploaded. can you check to see if i responded to your comments adequately?23:06
*** juice has quit IRC23:09
*** Trozz has joined #openstack-neutron23:10
*** dims_ has quit IRC23:12
kevinbentonrusselb: ping23:13
*** luqas has quit IRC23:14
kevinbentonrkukura: ping23:21
*** jorgem has quit IRC23:22
*** nati_ueno has quit IRC23:23
*** nati_ueno has joined #openstack-neutron23:23
rkukurakevinbenton: pong23:25
kevinbentonwhat is the VNIC_TYPE being sent in vif_details by ML223:26
kevinbentonrkukura: ^^23:26
*** juice has joined #openstack-neutron23:26
kevinbentonit can change per binding type, correct?23:27
rkukurakevinbenton: binding:vnic_type is a separate attribute that is an input to neutron. binding:vif_details is an output from neutron23:27
*** alexpilotti has quit IRC23:28
kevinbentonrkukura: who defines vnic_type?23:29
*** armax has joined #openstack-neutron23:30
*** dims_ has joined #openstack-neutron23:30
salv-orlandokevinbenton: meh don't mind hten23:30
rkukurakevinbenton: Its there for SR-IOV. The user could define it directly to say that their VM expects a certain type of VNIC.23:30
rkukuraOr eventually nova could do this, based on the user telling nova what it expects via —nic params23:31
kevinbentonok, so salv-orlando, are you okay with the current patch for now then?23:32
kevinbentonsalv-orlando, or do we want to add another field to portbindings?23:32
salv-orlandoI am not really, but I am not the one to judge here. Frankly a bit pissed off that you've done your best to accomodate all plugins and only the NSX plugin is cut out. But again, it's just yet another vendor plugin and therefore I shall not complain.23:33
salv-orlandoanyway, there is no other attribute you can use to specify the correct behaviour. So I guess there's nothing that can be done.23:33
kevinbentonsalv-orlando: oh, i didn't realize this broke the NSX one still.23:33
salv-orlandoit's not broken, but it would add a lot to traffic latency23:34
salv-orlandobut I think the patch is already a lot bloated23:35
kevinbentonsalv-orlando: ah, NSX is case 3 you mentioned above where it does filtering but without the bridge, right?23:35
salv-orlandoit is.23:35
salv-orlandoThe patch is now probably already beyond what nova core would deem acceptable.23:35
kevinbentonwhy didn't you just say so? ;-)23:35
salv-orlandoIn a review you have to respect the review's context. And basically I just limited myself to say that there are plugins for which the patch is not yet satisfactory. But before you dig even further, consider whether this is acceptable for nova.23:37
*** armitage81 has joined #openstack-neutron23:37
salv-orlandobecause they are very strict about changes they take in RC phase23:37
salv-orlandoand this is already at ~50 lines23:37
kevinbentonif we added a different portbindings field, it wouldn't change the bloat of this patch, but it would require a change on the neutron side as well23:37
*** yamahata has quit IRC23:37
*** thuc_ has quit IRC23:37
kevinbentonbecause this patch would just change to reference a different field23:37
salv-orlandoI don't understand why you see changing the neutron side as asomething bad23:38
*** mwagner_lap has joined #openstack-neutron23:38
salv-orlandowe have a lot more control than23:38
salv-orlandoyet again, changes in the API won't be accepted (ie: you can't add another attribute)23:38
*** thuc has joined #openstack-neutron23:38
kevinbentoni didn't say changing neutron was bad, just will require a little more coordination23:39
salv-orlandoso I guess it's endgame, since they idea of having making the hybrid a vif type of its own has been rejected, this is probably the best thing one could come up to. If NSX plugin is broken, it's my team that need to take care of that.23:39
*** gdubreui has joined #openstack-neutron23:40
*** Trozz has quit IRC23:40
kevinbentonwould another field in VIF_DETAILS count as an attribute change?23:40
claudiubrkukura: hi23:41
*** emagana has quit IRC23:41
claudiubyou talked yesterday with alexpilotti about a more complicated backport for a bug that was fixed within another blueprint23:42
*** rkukura has quit IRC23:42
claudiubcould you take a look at the backport commits and say if it's ok?23:42
*** thuc has quit IRC23:42
salv-orlandokevinbenton: I think it would, but you can try since vif details is one of the hideous blobs when in theory you can stash anything you want, in theory you can claim it's not a change in the API23:43
salv-orlandoand you would not need the neutron patch as in that case only the NSX plugin and probably some others (thinking of n1kv) might need an update23:44
salv-orlandowell, I guess it's goodnight from me.23:44
kevinbentonsalv-orlando: can you hang around for 10 mins?23:44
salv-orlandoI can23:45
mesterysalv-orlando: Any chance you can re-eyeball my critical bug fix here as well? https://review.openstack.org/#/c/82931/23:50
mesterysalv-orlando: I don't think this is a release blocker, per my discussion with markmcclain, but it is quite important to fix I believe for Ubuntu 14.04.23:51
salv-orlandosorry mestery I thought I had approved it23:51
mesteryYes, then amotoki gave it a -1 so I revved it :)23:51
mesteryAlso, I need one more core on it as well, so if anyone else has a moment, would be great to get this in!23:51
mesteryThis bug also led me to the fact we have a LOT of duplicate unit test code in places. Probably should clean that up at some point.23:52
*** rkukura has joined #openstack-neutron23:52
rkukuraclaudiub: yes23:52
mesterythanks salv-orlando23:52
claudiubrkukura: thanks. :)23:53
* mestery goes hunting for another core for https://review.openstack.org/#/c/82931/.23:53
salv-orlandomestery: np. hopefully we'll get another +2 soon23:53
claudiubrkukura: here's the first commit: https://review.openstack.org/#/c/83222/23:53
nati_uenohunted23:53
claudiuband here's the second one: https://review.openstack.org/#/c/83223/23:53
claudiubhad to add first the methods used in the second commit23:53
HenryGmarkmcclain: salv-orlando: just letting you know, https://review.openstack.org/40296 now has a more viable fix for quotas table thanks to amotoki. If you get a few minutes tomorrow please take a look.23:54
rkukurakevinbenton: The binding:vif_details attribute is intended exactly for this flow from neutron to VIF driver.23:54
rkukurakevinbenton: Not sure why using some different attribute is being suggested23:54
rkukuraclaudiub: My IRC client disconnected breifly and I may have missed part of the conversation right before I said “yes”23:55
salv-orlandosorry rkukura: that was my ignorance. I did not know port binding has input and output attributes23:55
claudiubrkukura: aah, i see, just one sec23:55
claudiubrkukura: you talked yesterday with alexpilotti about a more complicated backport for a bug that was fixed within another blueprint23:56
claudiubrkukura: could you take a look at the backport commits and say if it's ok?23:56
rkukurasalv-orlando: binding:host_id, binding:profile, and binding:vnic_type are inputs, binding:vif_type and binding:vif_details are outputs23:56
salv-orlandoyes, I must have missed the documentation23:58
rkukuraclaudiub: Looks reasonable at a glance. I’ll look closer as soon as I can23:58
mesterynati_ueno: Thanks man! Would you prefer I quickly rev for you concerns? I can do that if so.23:59
claudiubrkukura: ok, thanks. :)23:59
« Tuesday, 2014-03-25 Index Thursday, 2014-03-27 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!