#openstack-meeting-3 log

18:33:05 <xgerman> #startmeeting FwaaS
18:33:06 <openstack> Meeting started Wed Oct 21 18:33:05 2015 UTC and is due to finish in 60 minutes.  The chair is xgerman. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:33:07 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:33:10 <openstack> The meeting name has been set to 'fwaas'
18:33:21 <xgerman> #chair sc68cal sridark
18:33:21 <openstack> Current chairs: sc68cal sridark xgerman
18:33:38 <SridarK> sc68cal: seems to be away
18:34:01 <xgerman> he is already in japan. Enjoying fish for breakfast when I interpret his twittered correctly
18:34:25 <SridarK> xgerman: aha ok
18:34:38 <njohnston> yeah it's 3:30am there
18:34:45 <xgerman> boo
18:34:45 <SridarK> lets slave on :-)
18:35:07 <xgerman> #topic Announcements
18:35:24 <xgerman> Tokyo next week; we have a design session; write stuff into the etherpad
18:35:40 <xgerman> #link https://etherpad.openstack.org/p/mitaka-neutron-next-adv-services
18:37:04 <xgerman> ok, I think next up
18:37:09 <xgerman> #topic Bugs
18:38:19 <xgerman> I am not as versed in LP as sc68cal — so I am not sure if we got some new ones...
18:38:35 <SridarK> xgerman: no there are no new ones of high priority
18:38:41 <xgerman> cool!!
18:38:42 <SridarK> xgerman: i troll this
18:38:48 <xgerman> any bugs bothering people?
18:38:59 <ogzy> i am new to fwaas irc, but i think documentation is missing
18:39:01 <SridarK> xgerman: we a have a few doc bugs as a result of docimpact
18:39:09 <badveli> i do not see from our link
18:39:19 <SridarK> ogzy: yes u are correct
18:39:24 <xgerman> ogzy +1
18:39:36 <SridarK> there is a patch set out there to get somethings straightened out
18:39:47 <ogzy> i am trying to develop a fwaas driver for a custom hardware driver and i am in a mass of remote neutron debugging
18:40:04 <SridarK> ogzy: welcome firstly
18:40:23 <SridarK> ogzy: we can help - there are a few code examples
18:40:27 <ogzy> i don't know whether it is the right way but, i couldn't find any doc that explains me what to implement for a fwaas driver
18:40:33 <SridarK> ogzy: lets bring this up in open discussion
18:40:40 <ogzy> SridarK: ok
18:41:23 <xgerman> so I would like to see reviews on https://review.openstack.org/#/c/231246/ — before I need to rebase again ;-)
18:42:23 <SridarK> xgerman: ok will do - sorry, beer for day to day slip. ;-)
18:42:45 <xgerman> no worries — there are aplenty of parties for free beer in Tokyo ;-)
18:44:30 <xgerman> #topic Roadmap
18:45:04 <xgerman> SridarK + Vish + I need to throw together a roadmap we show people in Tokyo
18:45:26 <xgerman> I think we should aim to get mickeys API improvements into M
18:45:36 <SridarK> xgerman: huge +1
18:45:42 <xgerman> #link https://etherpad.openstack.org/p/fwaas-api-evolution-spec
18:46:00 <xgerman> Aish has started to work them into a API doc document
18:46:16 <xgerman> #link http://rst.ninjs.org/?n=31854e576d81597aa17135700b090ef1&theme=nature
18:46:26 <Aish> Yup, I will push it as patch
18:46:29 <xgerman> now mickeys do you have any cycles to work on the API
18:46:33 <xgerman> ?
18:46:57 <mickeys> yes
18:47:08 <xgerman> awesome!!
18:47:29 <xgerman> so we will mark that down...
18:48:01 <xgerman> in looking at that Aish and I noticed that #link https://review.openstack.org/#/c/131596/8/specs/kilo/service-group.rst didn’t make much progress
18:48:28 <xgerman> so we are wondering if we should incubate that in FWaaS and then spin out when it has enough functionality
18:49:35 <SridarK> Aish: xgerman: quick question on the link - this the current API ?
18:50:02 <mickeys> xgerman: Trying to interpret "spin out"
18:50:39 <xgerman> SridarK this is the current API + mickeys extensions
18:51:48 <xgerman> mickeys “spin out” means we would donate code, docs, to the neutron API eventually
18:52:17 <mickeys> xgerman: ok
18:52:26 <xgerman> I am hoping we get more velocity in implementing server groups by doing it inside FWaaS
18:52:32 <badveli> xgerman: not able to follow on service group spec are you suggesting we add more functionalities
18:53:05 <SridarK> xgerman: ok - i think some stuff is missing but we can discuss that later
18:53:10 <xgerman> I am thinking we just add that functionality to our improved FWaaS API for now without getting bogged down by getting server groups into all of Neutron
18:53:23 <xgerman> SridarK we can avsolutely iterate
18:53:28 <badveli> thaught process was other modules wanted to use this is the reason it is neutron
18:53:49 <mickeys> Is this coupled to the classifier discussion?
18:54:15 <xgerman> badveli, I and hwarendt are going through something similar with flavor framework and doing something for all of Neutron is a huge velocity drag
18:54:55 <SridarK> xgerman: badveli: did this start this within fwaas and then on reviews and discussions was asked to bring it out to neutron - so we can call it out
18:55:16 <SridarK> if we can do it in fwaas - defn velocity advantages
18:55:20 <badveli> xgerman initially we had planned this to be a fwaas and then yes the reviews made it to neutron
18:55:37 <badveli> sridark: yes and the reason the spec was approved
18:55:51 <badveli> there was some interest to use the same in security groups i believe
18:56:40 <xgerman> mmh, I see comments from last year so we probably need to re-check with Neutron leadership if that is still the case
18:56:51 <xgerman> (I still think it would be good for FWaaS)
18:57:13 <SridarK> lets add this ot our priority list and work out the neutron vs neutron-fwaas at the summit
18:57:14 <badveli> yes especially there was some interest to use this by other modules
18:58:18 <xgerman> mickeys I am not sure if it relates to classifiers I think No since we just group ipranges
18:59:54 <badveli> xgerman: service group is a different one if we go through the spec
19:00:39 <badveli> but i agree to catch up with neutron its a bit difficult especially with the db
19:02:35 <SridarK> so can we resolve to add Service Groups and check on neutron vs neutron-fwaas ?
19:02:52 <xgerman> I think we know what to do ;-)
19:03:06 <SridarK> by add -> to our list of things for M
19:03:37 <xgerman> yep, we should add it to the roadmap...
19:03:48 <SridarK> good
19:03:59 <xgerman> anything else we should add? those were my two ideas...
19:04:09 <SridarK> next up, FWaaS association with ports
19:04:15 <SridarK> Router ports easier
19:04:26 <xgerman> yeah, Aish will make it all port based
19:04:27 <SridarK> then we need to lead into VM ports
19:04:37 <xgerman> +1
19:05:08 <xgerman> and mickeys was on board with ports so i think that’s a given
19:05:18 <mickeys> +1
19:05:54 <SridarK> so now in lieu of Blueprints, we can fire up some RFE bugs ?
19:06:28 <SridarK> I think bare minimum we can target the above for M
19:06:31 <xgerman> RfE is so you don;’t make a blueprint for something which is being shut down
19:06:54 <xgerman> for the stuff we agree here we should make blueprints/spec so we can track it
19:07:03 <mickeys> +1
19:07:08 <SridarK> ok blueprints it is
19:07:29 <SridarK> also we had fw zones
19:07:42 <SridarK> that had significant interest
19:08:11 <SridarK> will be an enhacement that can work off ports
19:08:27 <xgerman> yeah, true, let’s get a spec for that as well
19:08:45 <xgerman> zone mean many things to many people so some spec is needed
19:08:53 <SridarK> for zones, i had one a while back, we can resurrect that
19:08:54 <mickeys> I was hoping what I put in the API is close enough. We can discuss further in Tokyo.
19:09:13 <SridarK> mickeys: yes
19:09:46 <SridarK> mickeys: on the vm ports, dvr, sg - there is some overlap
19:10:04 <mickeys> SridarK: Agreed
19:10:04 <SridarK> we should hash that out
19:10:11 <xgerman> +1
19:11:02 <SridarK> i think things like classifiers, DPI we can put further out in the Roadmap
19:11:21 <xgerman> I think we can have some basic thing which runs reggae on apckages
19:11:23 <xgerman> regex
19:11:32 <mickeys> Are we meeting in Tokyo on Monday? This can eat up a lot of time ;-)
19:11:39 <xgerman> we should --
19:11:41 <SridarK> xgerman: +1
19:11:48 <SridarK> ok i think this good
19:11:59 <xgerman> I have a commitment Monday evening but the rest I am free
19:12:06 <SridarK> lets get to open discussion ? we can set some logistics ?
19:12:08 <xgerman> I can also meet Sunday evening ;-)
19:12:18 <xgerman> #topic OpenDiscussion
19:12:28 <ogzy> so i can talk
19:12:37 <SridarK> ogzy: :-) yes for sure
19:12:51 <ogzy> i told my problem
19:12:55 <ogzy> i checked the drivers
19:13:11 <SridarK> ogzy: yes understood - are u using the community plugin and only changing the driver ?
19:13:22 <SridarK> ur version in lieu of iptables ?
19:13:31 <ogzy> i installed devstack with fwaas enabled
19:13:41 <ogzy> so iptables is the driver
19:13:46 <ogzy> and trying to remote debug it
19:14:12 <SridarK> so u will still use the community implementation ?
19:14:34 <ogzy> indeed i need to write my own driver for a custom fw hardware
19:14:40 <ogzy> the hardware has a rest api
19:14:40 <SridarK> ok
19:15:06 <ogzy> so i am in the step of how the drivers are working
19:15:15 <SridarK> u can look at the brocade, intel, freescale for examples
19:15:16 <ogzy> but not sure whether it is the right way
19:15:28 <SridarK> for cisco we also have our own plugin
19:16:02 <SridarK> essentially plugin -> agent  -> drivers
19:16:17 <SridarK> why dont u shoot me an unicast email
19:16:33 <ogzy> i just saw drivers from https://github.com/openstack/neutron-fwaas/tree/master/neutron_fwaas/services/firewall/drivers
19:16:41 <SridarK> i will send u some pointers and if u are coming to Tokyo
19:16:47 <SridarK> we can sit together as well
19:16:53 <ogzy> i am coming to Tokyo :)
19:17:07 <ogzy> that will be great if we can talk a bit on driver implementation
19:17:15 <SridarK> ok we can do that next week - in person is a lot easier
19:17:22 <ogzy> ok great
19:17:31 <ogzy> and what is your email ?
19:17:37 <SridarK> i think there are some examples that can help
19:17:43 <ogzy> that will be great
19:17:45 <vishwana_> ogzy, I had come up with some class diagrams and sequence diagrams when implement Brocade firewall driver ...it is at link https://github.com/vishwanathj/vish-openstack if that is helpful....but Sridar helped me a lot though
19:17:56 <ogzy> i had checked them also :)
19:18:03 <SridarK> yes Vish has some great docs on this
19:18:08 <xgerman> + vish will be in Tokyo as well ;-)
19:18:27 <ogzy> vishwana_: i was looking at them today to find which func is trigering iptables_fwaas.py
19:18:32 <badveli> is there any remote sessions for the meetings?
19:18:36 <SridarK> ok good ogzy: will ping u - i saw ur email last night
19:18:54 <ogzy> SridarK: that will be great
19:19:04 <SridarK> ogzy: i can certainly help u on that specific point - it is from the agent
19:19:21 <SridarK> ok xgerman: perhaps we can set some logistics
19:19:23 <ogzy> SridarK: where should i put the break point while debugging remotely?
19:19:50 <ogzy> SridarK: i tried for create_firewall but it didn't worked
19:19:51 <xgerman> SridarK yes
19:19:56 <SridarK> ogzy: the driver is called by tge agent
19:20:13 <ogzy> SridarK: ok so i should debug the neutron agent?
19:20:23 <SridarK> ogzy: lets discuss more later so we an lay down the logistics
19:20:33 <SridarK> we can continue after
19:20:38 <ogzy> SridarK: ok
19:20:42 <xgerman> you guys use groupme on your phone?
19:21:01 <ogzy> xgerman: is this a question also to me?
19:21:01 <vishwana_> I use WhatsApp
19:21:07 <SridarK> xgerman: no
19:21:11 <mickeys> Not yet
19:21:18 <sc68cal> hey guys, sorry, I'm in Japan, I forgot this week was not APAC time :-\
19:21:37 <xgerman> sc68cal we are talking about meeting on Monday… you scouted the place out?
19:21:44 <SridarK> sc68cal: we heard u were seen with some fish and saki
19:21:47 <SridarK> :-)
19:21:59 <sc68cal> heh, no saki yet, but lots of fish. :)
19:22:18 <xgerman> anyway, I am german.eichberger@hp.com on group-me
19:22:26 <ogzy> are there free wifis around in Tokyo?
19:22:47 <xgerman> #link http://prepaid-data-sim-card.wikia.com/wiki/Japan
19:22:59 <xgerman> there is talk about free wifi on that wiki
19:24:09 <SridarK> so xgerman: Mon eve does not work for u - can we meet earlier or late on Mon ?
19:24:23 <xgerman> yeah, rest of the day is empty
19:24:35 <xgerman> and we can meet at some tourist sight as well ;-)
19:25:01 <SridarK> Can we try early Mon ? and that leaves some time for touristy things or work related stuff as well
19:25:07 <mickeys> +1
19:25:13 <xgerman> +1
19:25:17 <xgerman> breakfast?
19:25:22 <SridarK> sounds good
19:25:40 <mickeys> Not too early. I will get to the hotel around midnight on Sunday.
19:25:49 <SridarK> ok 10am ?
19:25:55 <mickeys> 9am or 10am works
19:25:56 <xgerman> sounds good
19:26:02 <xgerman> let’s do 9 am
19:26:06 <SridarK> +1
19:26:09 <xgerman> sc68cal any recommendations?
19:26:14 <xgerman> for breakfast?
19:26:22 <ogzy> SridarK: should i catch you at the summit?
19:26:28 <SridarK> or even a lounge
19:26:33 <SridarK> ogzy: sent u an email
19:26:38 <SridarK> ogzy: yes
19:26:52 <mickeys> We should probably pick a hotel lobby for meetup, then find breakfast from there?
19:26:55 <sc68cal> I'm in Shinjuku now, but i'll be at the summit location on Sunday, so I'll scout ahead
19:27:03 <xgerman> awesome
19:27:06 <SridarK> mickeys: lets do that
19:27:11 <xgerman> I stay at the grand prince
19:27:16 <mickeys> Shinagawa Prince
19:27:33 <SridarK> there are some similar sounding hotels
19:27:35 <vishwana_> sc68cal, share the location info on the openstack-fwaas IRC channel
19:27:42 <sc68cal> will do :)
19:27:51 <xgerman> awesome!!
19:28:12 <mickeys> We should pick one of the Prince hotels, being careful to identify which one
19:28:24 <xgerman> yep
19:29:12 <mickeys> Grand Prince?
19:29:12 <SridarK> Grand Prince Hotel New Takanawa
19:29:17 <mickeys> +1
19:29:21 <xgerman> +1
19:29:34 <SridarK> ok lobby of Grand Prince Hotel New Takanawa at 9am on Mon
19:29:47 <xgerman> #endmeeting