04:00:28 <njohnston__> #startmeeting fwaas
04:00:29 <openstack> Meeting started Wed May 18 04:00:28 2016 UTC and is due to finish in 60 minutes.  The chair is njohnston__. Information about MeetBot at http://wiki.debian.org/MeetBot.
04:00:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
04:00:32 <openstack> The meeting name has been set to 'fwaas'
04:00:34 <xgerman> o/
04:00:39 <njohnston__> #chair sridark
04:00:40 <openstack> Warning: Nick not in channel: sridark
04:00:41 <openstack> Current chairs: njohnston__ sridark
04:00:44 <njohnston__> #chair xgerman
04:00:45 <openstack> Current chairs: njohnston__ sridark xgerman
04:00:46 <chandanc> o/
04:00:51 <SridarK_> Hi All
04:01:31 <SridarK_> thanks for joining and special thanks to njohnston__ , mfranc213 & shweta for accomodating a really late time on the US East coast
04:01:43 <SridarK_> njohnston__: thanks for setting up the agenda
04:01:45 <xgerman> +1
04:01:46 <SridarK_> on the etherpad
04:01:49 <njohnston__> Sure thing!
04:01:52 <njohnston__> https://etherpad.openstack.org/p/fwaas-meeting
04:01:55 <njohnston__> #link https://etherpad.openstack.org/p/fwaas-meeting
04:02:05 <SridarK_> lets run thru things quickly and we can try to go quickly
04:02:20 <njohnston__> sounds good
04:02:37 <xgerman> +1
04:02:41 <SridarK_> #topic Unbreaking FWaaS
04:03:09 <hoangcx> hi
04:03:18 <SridarK_> njohnston__: could u pls set my IRC handle on the chair
04:03:30 <njohnston__> Ah, sorry!  I didn;t notice the underscore
04:03:34 <njohnston__> #chair SridarK_
04:03:35 <openstack> Current chairs: SridarK_ njohnston__ sridark xgerman
04:03:38 <SridarK_> thx
04:03:52 <SridarK_> #topic Unbreaking FWaaS
04:03:58 <SridarK_> thx njohnston__
04:04:22 <SridarK_> so quick update on this - over last week - some events -quick recap
04:04:50 <SridarK_> some of us made it out to the L3 team mtg and then subsequently the drivers mtg
04:05:32 <SridarK_> we discussed #link  https://bugs.launchpad.net/neutron/+bug/1580239
04:05:35 <openstack> Launchpad bug 1580239 in neutron "[RFE] Add agent extension framework for L3 agent" [Wishlist,In progress] - Assigned to Nate Johnston (nate-johnston)
04:05:53 <SridarK_> as an RFE for adding the right extensions to support service agents in L3 Agent
04:06:15 <SridarK_> we have gotten support on this in the drivers mtg and has been approved
04:06:32 <mfranc213> excellent
04:06:34 <yushiro> great!
04:06:36 <njohnston__> Please feel free to contribute to the RFE as well, where you see gaps.
04:06:51 <SridarK_> we did bring up the issues on the breakage and got a quick workaround proposal from armax
04:07:04 <SridarK_> #link https://review.openstack.org/#/c/315826
04:07:33 <njohnston__> praise be to armax :-)
04:07:37 <SridarK_> essentially this is a fork of L3Agent with FWaaS on it - and should be enough to make some fwd progress
04:08:17 <mfranc213> SridarK_ I think you had some follow-up questions for armax on this.
04:08:19 <SridarK_> for some reason even with the workflow - this did not merge - also had some queries for armax on things that are remaining
04:08:24 <SridarK_> mfranc213: +1
04:08:38 <SridarK_> i had to be out so will follow up on this tomorrow
04:09:01 <SridarK_> hopefully we can get this merged - even if there are limitations we would be in better shape
04:09:26 <SridarK_> folks request to take a look at the patch too and see if there are things we need to fix - possibly as subsequent patches
04:09:39 <xgerman> mmh,we tried recheck?
04:09:48 <SridarK_> tempest was happy and i also pulled a devstack and tested it
04:10:11 <SridarK_> xgerman: i was waiting to wait to hear back on my questions to armax as well
04:10:52 <xgerman> ok, will remove my +W then
04:10:56 <SridarK_> it almost seemed like it did not get queued to the pipeline at all
04:11:31 <SridarK_> xgerman: ok - i am hoping we can merge this soon
04:11:59 <SridarK_> Thanks to armax for a quick possible path fwd
04:12:01 <xgerman> yeah, if you are waiting for an answer it’s probably best not to +W
04:12:07 <njohnston__> +1
04:12:36 <SridarK_> yes i think he added a comment after u +W - so yes best to remove and wait
04:12:47 <SridarK_> * ur +W
04:13:28 <SridarK_> thx to njohnston__ for getting the bug filed and starting out the spec patch
04:13:43 <SridarK_> #link https://review.openstack.org/#/c/315745/
04:13:44 <njohnston__> no time like the present!
04:13:53 <SridarK_> :-)
04:14:34 <mfranc213> i think the L3 spec will be fleshed out considerably the more we understand the L2 agent extension implementation
04:14:37 <SridarK_> thx are definitely looking better this week (i hope i dont jinx anything by saying that)
04:14:48 <SridarK_> mfranc213: +1
04:15:07 <SridarK_> We could spend some time on going thru some sample workflows
04:15:25 <mfranc213> can you say more?
04:15:25 <SridarK_> and then compare that with the QoS work
04:15:31 <mfranc213> right
04:15:32 <mfranc213> good.
04:15:34 <xgerman> +1
04:16:05 <mfranc213> when i have completed some other word for Comcast, my first task is to study the L2 QoS code more
04:16:18 <njohnston__> we may need to modify the l2 agent extension
04:16:22 <mfranc213> (for a few fwaas-related purposes)
04:16:27 <SridarK_> ok
04:16:35 <njohnston__> at present it is intended to only make certain specific resources available
04:17:03 <xgerman> yep, but we can add our fawns resources without changes according to dogwig
04:17:09 <xgerman> dougwig
04:17:19 <mfranc213> poor dogwig
04:17:20 <SridarK_> what we really need on the L3 agent - is to be able to get access to the router info
04:17:37 <SridarK_> so we can map router ids to namespaces
04:17:37 <mfranc213> there were two things, right?
04:19:17 <yushiro> SridarK_, How about 'router_port_id'? Can we also get this information by using L3 extension?
04:19:32 <SridarK_> mfranc213: yes we can use the existing observer hierarchy for notifications
04:19:49 <mfranc213> thank you
04:19:54 <SridarK_> yushiro: router_port_id - we will get from the plugin
04:20:18 <SridarK_> yushiro:  and we can map the ns for the router that owns that port
04:20:43 <njohnston__> according to carl_baldwin, they don't use the term 'observer hierarchy' any more, they just call it a callback mechanism... but FYI there may be mines in that field, he said there were a number of bits left unimplemented
04:21:00 <SridarK_> njohnston__: true, agreed
04:21:04 <yushiro> SridarK_, I see. thanks.
04:21:05 <xgerman> :-(
04:21:56 <SridarK_> njohnston__: if u think it makes sense - we can get the interested folks on a call for some discussions too
04:23:07 <SridarK_> other thing on this topic folks would like to discuss ?
04:23:21 <njohnston__> let's quiz the right folks on irc to start
04:24:02 <SridarK_> njohnston__: sounds good whichever is easier
04:24:17 <xgerman> +1
04:25:08 <SridarK_> Sorry i think i globbed multiple agenda topics on to this - but they are related
04:25:32 <mfranc213> yep, they are! :)
04:26:02 <SridarK_> #topic Observer Hierarchy
04:26:19 <SridarK_> #link https://review.openstack.org/#/c/278863/
04:26:38 <SridarK_> njohnston__: i know u asked for some more clarity - i will ping the contributor too
04:27:20 <SridarK_> i was thinking if he can make the patch dependent on the workaround patch and do some testing
04:27:36 <SridarK_> then we can get a quick turnaround on this
04:28:06 <SridarK_> #action SridarK_ to reach out to Bharath on Observer Hierarchy
04:28:10 <njohnston__> +1
04:28:17 <xgerman> +1
04:28:33 <SridarK_> Ok moving on
04:28:37 <mfranc213> wait
04:28:39 <mfranc213> sorry
04:28:46 <SridarK_> sorry pls go ahead mfranc213
04:29:20 <mfranc213> can you quickly say what the relationship is/might be between the observer hierachy and neutron's L2 RPC callback implementation?
04:29:29 <mfranc213> "relationship" is the wrong word
04:29:44 <mfranc213> i mean: how they may or may not overlap functionally or architecturally
04:30:08 <SridarK_> mfranc213: this is the callback on L3 Agent on router events
04:30:22 <mfranc213> yes, so the objects differ...
04:30:42 <SridarK_> consumers (like fwaas) can register a call back and on router events - will get the callback to handle the event
04:30:52 <mfranc213> but are the general approaches similar or the same, and if not, should they be?
04:31:31 <mfranc213> SridarK_ yes, that sounds like the RPC callback implementation for L2 ;)
04:31:32 <SridarK_> i dont know enough abt the L2 callbacks - but i think the idea is similar
04:31:35 <mfranc213> at least at a high level
04:31:41 <SridarK_> mfranc213: yes it seems so
04:31:44 <mfranc213> so is there merit to stealing code?
04:31:56 <mfranc213> or is the observer hierarchy close to being done?
04:31:57 <SridarK_> mfranc213: shamelessly yes :-)
04:32:10 <SridarK_> mfranc213: but i think it is mostly done
04:32:16 <mfranc213> okay, thank you.
04:32:35 <SridarK_> mfranc213: no prob thx for asking
04:32:54 <SridarK_> ok then lets move on
04:32:56 <njohnston__> "shamelessly" lol
04:32:58 <padkrish> mfranc213, sridarK_: I am not sure or atleast i don't understand it yet, that L2 agent RPC is that way
04:33:18 <padkrish> hopefully will get to the bottom of it in a day
04:33:25 <xgerman> :-)
04:33:28 <SridarK_> padkrish: ok great
04:34:12 <SridarK_> #topic SG changes in neutron
04:35:08 <SridarK_> mickeys: were u able to get some cycles on this
04:35:08 <mfranc213> is this topic essentially the L2 FWaaS (i.e., port-level) functionality?
04:35:34 <mickeys> This is making changes to security groups so that L2 FWaaS can coexist with security groups on the same port
04:35:36 <SridarK_> mfranc213: mickeys was looking at some neutron changes to clean things up so we can land our L2 stuff
04:35:43 <mickeys> Two separate issues
04:35:51 <mfranc213> thank you
04:35:58 <njohnston__> mfranc213: This is the topic with the wrapped chain versus the unwrapped chain that we talked about in the summit
04:36:13 <mfranc213> excellent.  thanks for the clarification.
04:36:28 <mickeys> One is having a common chain that both security groups and fwaas can go off of to jump to interface specific chains. The ACCEPT needs to be in the common chain.
04:36:41 <mickeys> I have not started on that, and it does not look like I will get any cycles for that in the next week.
04:37:01 <mickeys> The other is conntrack, moving some stuff into the conntrack part of security groups that sits in the base security groups firewall driver right now
04:37:15 <mickeys> We need access to common conntrack zone mappings for both security groups and fwaas
04:37:30 <xgerman> I thought we could just use the same contrack...
04:37:50 <xgerman> mickeys +1
04:37:55 <mickeys> The mapping of interface to conntrack zones sits in the iptables-firewall security groups driver right now.
04:38:07 <mickeys> We want the mapping to be in the conntrack part, then make that conntrack part a singleton
04:38:46 <xgerman> yep, those are neutron changes? Do we need an RfE?
04:39:08 <njohnston__> there should at least be a bug, if there isn't one already
04:39:29 <mickeys> Bugs have not been opened yet
04:39:48 <mickeys> As RFEs?
04:40:09 <njohnston__> Open it as a regular bug and let them come back and say "this looks big enough to merit an RFE"
04:41:17 <njohnston__> My opinion, it isn't big enough to need an RFE but that's just me.
04:41:52 <SridarK_> mickeys: perhaps as njohnston__ suggests, u can then bring it up for discussion in the drivers mtg if needed
04:42:18 <njohnston__> if you want it discussed there, add the rfe tag and leave it in triaged state
04:42:31 <mickeys> For the conntrack part, it is moving some code from iptables_firewall.py to ip_conntrack.py and then making ip_conntrack.py a singleton
04:42:45 <xgerman> my worry is that they have ideas they like us to follow...
04:43:31 <xgerman> yeah, it’s straight forward but having it blessed might be good anyway
04:43:36 <mickeys> For the ip_conntrack piece, I don't see mcuh room for alternative solutions
04:43:41 <njohnston__> better safe than sorry I suppose
04:43:48 <mickeys> For the piece that messes with iptables chain structures, there may be some discussion
04:44:15 <SridarK_> getting a bug will atleast get it on the radar
04:44:22 <mickeys> ok
04:44:42 <SridarK_> sounds good then
04:45:07 <SridarK_> other things folks want to discuss on this ?
04:45:28 <SridarK_> chandanc: SarathChandraMek: did u guys also want to bring up discussion points or questions ?
04:45:55 <chandanc> SridarK: I am still going through the code in mikeys patch
04:46:02 <SarathChandraMek> Still catching up..
04:46:08 <chandanc> will need some time
04:46:22 <mickeys> Let me know if you want to discuss any of this
04:46:27 <SridarK_> chandanc: SarathChandraMek: ok that is fair, pls feel free to reach out if u have questions
04:46:36 <chandanc> sure
04:46:57 <SarathChandraMek> sure.. mickeys we will ping you offline
04:47:42 <SridarK_> ok lets move on
04:47:45 <njohnston__> cool
04:48:00 <SridarK_> #topic FWaaS V2
04:48:24 <SridarK_> nothing much but hopefull we can pick things up
04:48:49 <mfranc213> can you elaborate?
04:49:08 <SridarK_> njohnston__: mfranc213: do u think we can try to push for a first level integration across Ext - > db -> plugin
04:49:19 <njohnston__> yes, once armax's fix merges
04:49:25 <SridarK_> mfranc213: sorry, meant with the workaround patch
04:49:28 <SridarK_> njohnston__: +1
04:49:34 <njohnston__> then we can have a functioning way forward
04:49:43 <njohnston__> I am waiting in catlike readiness
04:49:53 <SridarK_> +1
04:50:14 <SridarK_> njohnston__: i know some cycles are getting spun out the L3 Agent refactor
04:51:06 <SridarK_> but if we get some basic things in place, even if it is a bit hacky, yushiro: & padkrish: can start playing around on the agent pieces
04:51:32 <njohnston__> +1
04:51:38 <padkrish> +1
04:51:47 <yushiro> +1
04:52:58 <SridarK_> ok sounds good - lets plan for that - we can continue discussions over the week
04:53:34 <SridarK_> other things to discuss on v2 ?
04:53:34 <njohnston__> I am enjoying the level of consensus
04:53:38 <njohnston__> nope
04:53:39 <SridarK_> :-)
04:54:31 <SridarK_> njohnston__: as u stated on the agenda 2 weeks from N-1
04:54:56 <njohnston__> time flies when you're having fun :-)
04:55:11 <SridarK_> we really need to aim to make the next 3 - 4 weeks very productive so we are in a good position for N-2
04:55:30 <njohnston__> completely agreed
04:55:38 <xgerman> +1
04:55:52 <SridarK_> #topic Open Discussion
04:56:04 <mfranc213> there are several open action items on https://etherpad.openstack.org/p/neutron-fwaas-austin, most of them mine. i'm not allowed to edit the fwaas wiki.  do you know how i can get it?
04:56:17 <SridarK_> mfranc213: yes u should be able to do it
04:56:36 <SridarK_> mfranc213: if u have issues - lets sync tomorrow
04:56:42 <mfranc213> i will ping you offline if i continue to have problems
04:56:57 <SridarK_> mfranc213: and i believe i had to address some too - thx for the reminder
04:57:10 <njohnston__> also check out the ML discussion titled 'wiki' - they're talking about how they need to turn off access rights to the wiki because of rampant spamming
04:57:20 <mfranc213> right...
04:57:27 <njohnston__> we may want to move all that kind of stuff to etherpads for the time being
04:57:36 <SridarK_> mfranc213: njohnston__ : thats right
04:57:44 <SridarK_> mfranc213: i can proxy for u too
04:57:52 <mfranc213> excellent.
04:57:53 <mfranc213> thank you.
04:57:59 <SridarK_> so we can get things in
04:58:05 <yushiro> padkrish, could you receive my e-mail ?
04:58:09 <SridarK_> but perhaps etherpad is the way to go
04:58:29 <padkrish> yushiro# Yes, replied
04:58:34 <xgerman> time: -2
04:58:40 <mfranc213> also, it would be helpful for me to know everyone's timezone along with their irc handle (i know some but not all)
04:58:41 <SridarK_> yes
04:59:00 <xgerman> Pacific
04:59:10 <chandanc> will update etherpad
04:59:12 <njohnston__> we can note those down in https://etherpad.openstack.org/p/fwaas-meeting perhaps
04:59:14 <mfranc213> thank you
04:59:22 <SridarK_> ok folks
04:59:28 <njohnston__> thanks everyone, this was very good
04:59:28 <yushiro> padkrish, Thanks,
04:59:32 <SridarK_> thx for joining and the discussion
04:59:34 <chandanc> thanks
04:59:38 <mfranc213> thanks everyone
04:59:40 <yushiro> Thank you.
04:59:45 <xgerman> thanks
04:59:47 <hoangcx> Thanks
04:59:52 <SridarK_> pls feel free to email if u need something
04:59:55 <SarathChandraMek> thanks
05:00:02 <njohnston__> ...and goodnight
05:00:05 <njohnston__> #endmeeting