Friday, 2021-10-01

« Thursday, 2021-09-30 Index Saturday, 2021-10-02 »
*** gmann is now known as gmann_afk00:07
*** gmann_afk is now known as gmann01:11
opendevreviewyangjianfeng proposed openstack/neutron master: Improve Router callback system's publish events  https://review.opendev.org/c/openstack/neutron/+/80484604:10
opendevreviewyangjianfeng proposed openstack/neutron master: [Server Side] L3 router support ndp proxy  https://review.opendev.org/c/openstack/neutron/+/74314204:38
opendevreviewyangjianfeng proposed openstack/neutron master: [WIP][PoC][Agent Side] L3 router support ndp proxy  https://review.opendev.org/c/openstack/neutron/+/74481504:44
opendevreviewManu B proposed openstack/neutron-dynamic-routing master: * Status update  https://review.opendev.org/c/openstack/neutron-dynamic-routing/+/81130005:08
opendevreviewManu B proposed openstack/neutron-dynamic-routing master: Status update  https://review.opendev.org/c/openstack/neutron-dynamic-routing/+/81130006:50
*** frickler_ is now known as frickler07:25
bcafarellajoskatona: just dropping l-c should be enough for xena no? or are they needed l-c constraints we missed before?07:26
lajoskatonabcafarel: true, I always forgot that we we can drop (with bleeding heart) l-c job07:29
bcafarel:)07:29
opendevreviewRodolfo Alonso proposed openstack/neutron stable/xena: Execute the quota reservation removal in an isolated DB txn  https://review.opendev.org/c/openstack/neutron/+/81112407:40
opendevreviewLajos Katona proposed openstack/python-neutronclient master: Add BFD monitor commands to client  https://review.opendev.org/c/openstack/python-neutronclient/+/81210107:46
opendevreviewRodolfo Alonso proposed openstack/neutron master: Remove SubnetDNSPublishFixedIP from Subnet query  https://review.opendev.org/c/openstack/neutron/+/81199908:03
opendevreviewLajos Katona proposed openstack/neutron-vpnaas stable/xena: [stable/xena] Dropping lower-constraints testing  https://review.opendev.org/c/openstack/neutron-vpnaas/+/81210408:06
opendevreviewBalazs Gibizer proposed openstack/neutron master: Enable min pps tempest tests  https://review.opendev.org/c/openstack/neutron/+/81174608:11
opendevreviewSlawek Kaplonski proposed openstack/neutron-vpnaas stable/train: Pin isort to 4.3.21  https://review.opendev.org/c/openstack/neutron-vpnaas/+/80596908:15
opendevreviewRodolfo Alonso proposed openstack/neutron master: Fix "_sync_metadata_ports" with no DHCP subnets  https://review.opendev.org/c/openstack/neutron/+/81199608:44
opendevreviewMerged openstack/neutron master: [DVR] Check if SNAT iptables manager is initialized  https://review.opendev.org/c/openstack/neutron/+/81131808:56
opendevreviewLajos Katona proposed openstack/neutron master: Doc: prerelease checklist  https://review.opendev.org/c/openstack/neutron/+/81211209:26
ralonsohlajoskatona, slaweq https://5ee086437c476c5dcb72-8ecfd22b203beab683094d725f2cb9f1.ssl.cf2.rackcdn.com/809983/7/check/neutron-tempest-plugin-scenario-linuxbridge/371b3dd/controller/logs/syslog.txt10:01
ralonsohchecking the logs (of the https://review.opendev.org/c/openstack/neutron/+/809983 patch)10:01
ralonsohwe still have OOM errors10:02
slaweqralonsoh: yes, I think we are still waiting for gmann's changes in tempest10:03
ralonsohperfect then10:04
slaweqso we will be able to run tests whch needs advanced image serially10:04
slaweqafter other tests will be finished10:04
ralonsohyeah10:04
slaweqthat way we should use less memory in same time10:04
slaweqbut it requires changes in tempest10:04
slaweqI didn't check recently how it is now10:04
lajoskatonaralonsoh: this is gmann's patch for serial execution: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/807800 (and it's depends-on patch)10:34
ralonsohlajoskatona, thanks!10:34
opendevreviewBernard Cafarelli proposed openstack/neutron-vpnaas stable/xena: Update .gitreview for stable/xena  https://review.opendev.org/c/openstack/neutron-vpnaas/+/80979310:35
opendevreviewBernard Cafarelli proposed openstack/neutron-vpnaas stable/xena: Update TOX_CONSTRAINTS_FILE for stable/xena  https://review.opendev.org/c/openstack/neutron-vpnaas/+/80979510:35
opendevreviewBalazs Gibizer proposed openstack/neutron master: Enable min pps tempest tests  https://review.opendev.org/c/openstack/neutron/+/81174610:48
lajoskatonabcafarel, slaweq: I added a new line to release checklist: https://review.opendev.org/c/openstack/neutron/+/812112 . Check it please if we need it or not, when you have few mins11:27
bcafarellajoskatona: sure I will look after lunch!11:39
slaweqlajoskatona: sure11:40
opendevreviewPrzemyslaw Szczerbik proposed openstack/python-neutronclient master: Add support for minimum packet rate rule to the client  https://review.opendev.org/c/openstack/python-neutronclient/+/81213213:03
ralonsohlajoskatona, slaweq https://review.opendev.org/c/openstack/neutron/+/809983 what do you think? So we merge it? CI is passing (after 7 rechecks)13:12
ralonsohstable/xena is passing too13:12
lajoskatonaralonsoh: I wf+1-d the master one13:14
ralonsohthanks13:15
lajoskatonaralonsoh: we waited and rechecked enough to include it :-) Thanks13:15
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Fix binding:profile parameter type check in the API  https://review.opendev.org/c/openstack/neutron/+/81197113:26
gmannslaweq: ralonsoh lajoskatona ah yeah, could not finish that as other gate blocker came. But I will continue this next week. 13:56
lajoskatonagmann: thanks, if you are overloaded I can take it over13:57
mlavallelajoskatona: the meeting is in this channel, right?13:57
lajoskatonamalavalle: yes13:57
gmannlajoskatona: let me try next week which should be not overloaded unless we hit another bugs. I will let you know13:57
lajoskatonagmann: ok13:57
slaweqlajoskatona: do we have drivers meeting now?14:01
slaweqare You going to start it?14:01
ralonsohhi14:02
ralonsohgmann, thanks14:02
slaweqralonsoh: mlavalle and others, as we are waiting for lajoskatona with drivers meeting I will ask You if You can maybe add to Your review list my two specs https://review.opendev.org/c/openstack/neutron-specs/+/810822 and https://review.opendev.org/c/openstack/neutron-specs/+/79870414:07
slaweqthx in advance14:07
lajoskatona1#startmeeting neutron_drivers14:07
opendevmeetMeeting started Fri Oct  1 14:07:09 2021 UTC and is due to finish in 60 minutes.  The chair is lajoskatona1. Information about MeetBot at http://wiki.debian.org/MeetBot.14:07
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:07
opendevmeetThe meeting name has been set to 'neutron_drivers'14:07
lajoskatona1Sorry, I disappeared without notice from the channel...14:07
mlavalleseems lajoskatona is having problems with his connection14:07
ralonsohhi14:07
mlavalleo/14:07
slaweqo/14:07
lajoskatona1Hi14:07
amotokio/14:07
njohnstono/14:08
lajoskatona1So we have only on etopic for today which is stateless firewall for OVS: https://bugs.launchpad.net/neutron/+bug/188526114:08
lajoskatona1It was asked by Liu to see if the community likes the idea to add it: https://meetings.opendev.org/meetings/networking/2021/networking.2021-09-28-14.00.log.html#l-12414:09
obondarevhi14:09
lajoskatona1On Tuesday the discussion was at the point to have it in neutron as a separate fw driver (see the meeting log above)14:10
slaweqI don't think it would be good to keep it as new driver14:11
slaweqin case of iptables_hybrid it's the same driver still14:11
slaweqand can do both stateless and stateful SGs14:12
lajoskatona1Some administratie question: do we need a spec for it? personally I think it's not necessary14:12
slaweqIIRC14:12
lajoskatona1yes for that we have a new API field, that can be used now as well14:12
obondarev+1 for no need new driver14:13
amotokiagree with slaweq. IIRC stateless and stateful SG cannot be used in a same SG but both of them can be used in a same deployment.14:13
slaweqregarding spec IMVHO we should have something what will describe how flows will be done in that case14:13
njohnston+1 agree with slaweq14:13
slaweqit don't need to be spec, but maybe good documentation together with code should be required14:13
lajoskatona1ok14:13
mlavalledocs are always good14:14
slaweqand now I would like to ask ralonsoh about how hard it can be to make it working :)14:14
ralonsohboth FW drivers are differents, this is not mixing stateless and stateful rules14:14
slaweqas he worked on something like that in the past probably14:14
ralonsohthis is like openswitch and hybrid14:14
ralonsohso the point here is to have another driver14:14
ralonsohbut you can always create a plugin and create an entry point14:15
ralonsohas in networking-ovs-dpdk14:15
ralonsoh(this is the FW liu's wants to re-implement)14:15
lajoskatona1ok, so your point is that we cant mix and select on the fly?14:16
slaweqralonsoh: are You saying that in case of ovs fw, we can't have mixed stateless and stateful SGs on the node?14:16
ralonsohno no14:16
ralonsohthose are different FWs14:16
ralonsohsame as the two drivers we have for OVS right now14:16
ralonsohwe can't mix both14:16
ralonsohwhat Liu needs, and I understand, is not to use CT14:17
ralonsohbut as I said, you can create a plugin project and create this entry point14:17
ralonsohand use it14:17
obondarevnot sure I understand what is plugin project in this context14:18
slaweqok, so IIUC if we will have such new driver, and someone will configure it on the compute node, all SG on that node will be stateless14:18
lajoskatona1outside of Neutron tree?14:18
slaweqcorrect?14:18
mlavalleme neither14:18
ralonsohslaweq, the backend implementation will be stateless, because the FW uses learn actions, not CR14:19
ralonsohlajoskatona1, yes, in another project14:19
ralonsohlajoskatona1, https://github.com/openstack-archive/networking-ovs-dpdk/blob/stable/ocata/networking_ovs_dpdk/agent/ovs_dpdk_firewall.py14:19
ralonsoh^^ for example14:19
lajoskatona1s/CR/CT/ I suppose14:20
mlavallewhy in another project?14:20
ralonsohmlavalle, not to have it in Neutron14:20
ralonsohactually when I requested this 5 years ago14:20
ralonsohit was rejected14:20
ralonsohbecause the statefull FW was being implemented14:21
ralonsohthis is why I pushed it in networking-ovn-dpdk14:21
mlavallewell, but now the case seems to be more compelling. HW offload is a new reason, isn't it?14:21
ralonsohit was before with DPDK14:21
ralonsohthis is the same case14:21
ralonsohand CT works with HW offload14:21
ralonsohanyway, I won't reject this proposal14:22
lajoskatona1Yeah why cant we have it in a floder like this : https://opendev.org/openstack/neutron/src/branch/master/neutron/agent/linux/openvswitch_firewall ? opensvswitch_stateless_fw14:22
mlavalleI also think it is a good proposal14:22
ralonsohI'm just devil's advocate here14:22
mlavalleI just don;t understand why not have it in Neutron14:22
obondarevralonsoh: do you agree it should not be a separate driver? 14:23
mlavalleMaybe there is a reason that I don't know, I just want to understand why14:23
amotokiovs-dpdk implementation is to support DPDK, so I guess it was implemented from a bit different need.14:23
lajoskatona1+114:23
ralonsohamotoki, no14:23
ralonsohthat fw driver was implemented because DPDK didn't support CT at this point14:23
mlavallelajoskatona1: yes, that is what I also want to understand14:23
ralonsohbut works fine with kernel OVS14:24
amotokiralonsoh: thanks. sounds fair14:24
ralonsohto be honest, I'm not against having this FW in the neutron code14:25
ralonsohas I requested 5 years ago14:25
ralonsohthe point is:14:25
ralonsoh1) we need to implement it isolated to the rest of the code14:26
ralonsoh2) we should have proper testing (another CI job running with OVS)14:26
ralonsoh3) should be properly documented with the limitations (it won't scale well with remote groups because it does not uses CT groups)14:27
ralonsohOF groups, sorry14:27
slaweqnothing scales well with remote groups ;)14:27
ralonsohOF conjuntions (sorry!!!)14:27
ralonsohslaweq, yeah...14:27
mlavalleslaweq: LOL14:27
ralonsohso, with those 3 conditions, +114:28
lajoskatona1ok so if new driver is needed the stateful field is useless for this driver, as it decided on deployment time, am I right?14:28
amotokiI wonder what is the assumption of the stateless SG implementation.  stateful and stateless FW can co-exist on a single node? what about the iptable firewall situtaion?14:29
ralonsohright14:29
obondarevwhy need a separate CI? Couldn't we just add tests for stateless SGs to existing job?14:29
ralonsohamotoki, no14:29
ralonsohyou can't use more that one FW in a node14:29
obondarevralonsoh: I thought we can.. what's the limitation?14:30
slaweqobondarev: how if that would be another driver? then You need to set it up on in the devstack14:31
obondarevI thought the difference is in OF flows only14:31
lajoskatona1and in this case that can be confuing inf one node has ovs the other ovs_stateless, and behaves differently based on scheduling decision14:31
ralonsohobondarev, no no, not the OF flows only. This is a completely different driver14:31
ralonsohthis is not an extension of the current OF FW14:31
obondarevralonsoh: ok got it, thanks14:31
ralonsohin any case, maybe Liu has something else in mind14:32
obondarevso I believe we need a spec :)14:32
lajoskatona1+114:32
ralonsoh(but that's what I understood last day, that this was going to be another FW driver)14:32
amotokiralonsoh: so you are just talkinag about networing-ovs-dpdk dirver?14:32
mlavalleso why don't we approve this RFE, request a spec and hash out these lingering questions in the spec?14:32
ralonsohamotoki, yes because this is what Liu wants to implement in Neutron14:33
ralonsohmlavalle, perfect for me14:33
amotokiralonsoh: got it. I am wondering how we can support it theoretically in OVS firewall.14:33
ralonsohamotoki, I wouldn't touch the current OVS FW to add this support14:34
lajoskatona1ok, than I add rfe approved tag in LP, and attach this dicsussion and ask for a spec, is that ok for everybody?14:34
ralonsoh+114:34
slaweq+114:34
amotoki+1. there is no reason to reject it but we need a spec to clarify the detail14:35
mlavalle+1 obviously14:35
lajoskatona1njohnston: Your opinion?14:36
njohnston+1 I think the spec will make things clearer but I think it is really a good idea14:37
lajoskatona1ok, thanks :-)14:37
lajoskatona1ok, we have an agreement, and Liu can start working on it based on this14:37
lajoskatona1We have no other topic for today, Do you have perhaps more things to discuss?14:38
mlavalleI don't14:39
slaweqme neighter14:39
amotokinone from me14:39
ralonsohI don't14:39
lajoskatona1Ok, Thanks for the discussion, have a nice weekend14:39
lajoskatona1#endmeeting14:39
opendevmeetMeeting ended Fri Oct  1 14:39:58 2021 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:39
opendevmeetMinutes:        https://meetings.opendev.org/meetings/neutron_drivers/2021/neutron_drivers.2021-10-01-14.07.html14:39
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/neutron_drivers/2021/neutron_drivers.2021-10-01-14.07.txt14:39
opendevmeetLog:            https://meetings.opendev.org/meetings/neutron_drivers/2021/neutron_drivers.2021-10-01-14.07.log.html14:39
slaweqthx, have a great weekend all14:40
ralonsohhave a nice weekend!14:40
slaweqo/14:40
lajoskatona1Bye14:40
amotokio/14:40
mlavalleo/14:40
njohnstono/14:40
sebaI'm trying to get https://review.opendev.org/c/openstack/neutron/+/788714 through the ci, but some zool tasks always fail and it's different tasks. It doesn't seem to explicitly be timeouts, but it also doesn't break consistently. Should I just recheck it again?14:46
isabekseba: Hi! Yes just recheck it. Because this failures not related to patch 14:49
sebaokay, tnx :)14:53
*** tbachman is now known as Guest150314:54
opendevreviewGhanshyam proposed openstack/neutron-vpnaas stable/train: Pin isort to 4.3.21  https://review.opendev.org/c/openstack/neutron-vpnaas/+/80596915:33
opendevreviewRodolfo Alonso proposed openstack/neutron stable/xena: Allow to set the OpenFlow protocol when needed  https://review.opendev.org/c/openstack/neutron/+/81216215:36
opendevreviewMerged openstack/neutron master: Doc: prerelease checklist  https://review.opendev.org/c/openstack/neutron/+/81211215:54
*** tbachman is now known as Guest151016:16
opendevreviewElod Illes proposed openstack/neutron-vpnaas master: Replace old UPPER_CONSTRAINTS_FILE name and url  https://review.opendev.org/c/openstack/neutron-vpnaas/+/81216916:27
opendevreviewMerged openstack/neutron-vpnaas stable/xena: [stable/xena] Dropping lower-constraints testing  https://review.opendev.org/c/openstack/neutron-vpnaas/+/81210416:57
opendevreviewMerged openstack/neutron-vpnaas stable/xena: Update .gitreview for stable/xena  https://review.opendev.org/c/openstack/neutron-vpnaas/+/80979316:57
opendevreviewMerged openstack/neutron-vpnaas stable/xena: Update TOX_CONSTRAINTS_FILE for stable/xena  https://review.opendev.org/c/openstack/neutron-vpnaas/+/80979516:57
opendevreviewRodolfo Alonso proposed openstack/neutron master: [WIP] [OVN] Check if OVN NB supports Port_Group  https://review.opendev.org/c/openstack/neutron/+/81217617:04
opendevreviewMerged openstack/neutron stable/xena: Execute the quota reservation removal in an isolated DB txn  https://review.opendev.org/c/openstack/neutron/+/81112417:52
opendevreviewMerged openstack/neutron master: [OVN] Set NB/SB "connection" inactivity probe  https://review.opendev.org/c/openstack/neutron/+/80052117:55
-opendevstatus- NOTICE: The review.opendev.org Gerrit server has become unreachable as of approximately 19:10 UTC due to a networking issue in the provider, but should be reachable again shortly19:44
hberaudamotoki: o/ Please can you validate https://review.opendev.org/c/openstack/releases/+/81103619:59
hberaudbcafarel: o/ ^19:59
bcafareloh nice the xena backport merged for that quota reservation one (master will need another recheck)20:05
hberaudonce neutron's RC2 will be out we will proceed the final release for all the RC deliverables20:08
bcafarelhberaud: ack, looks good to go for me at least20:10
hberaudthanks20:11
« Thursday, 2021-09-30 Index Saturday, 2021-10-02 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!