04:00:28 #startmeeting fwaas 04:00:29 Meeting started Wed May 18 04:00:28 2016 UTC and is due to finish in 60 minutes. The chair is njohnston__. Information about MeetBot at http://wiki.debian.org/MeetBot. 04:00:30 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 04:00:32 The meeting name has been set to 'fwaas' 04:00:34 o/ 04:00:39 #chair sridark 04:00:40 Warning: Nick not in channel: sridark 04:00:41 Current chairs: njohnston__ sridark 04:00:44 #chair xgerman 04:00:45 Current chairs: njohnston__ sridark xgerman 04:00:46 o/ 04:00:51 Hi All 04:01:31 thanks for joining and special thanks to njohnston__ , mfranc213 & shweta for accomodating a really late time on the US East coast 04:01:43 njohnston__: thanks for setting up the agenda 04:01:45 +1 04:01:46 on the etherpad 04:01:49 Sure thing! 04:01:52 https://etherpad.openstack.org/p/fwaas-meeting 04:01:55 #link https://etherpad.openstack.org/p/fwaas-meeting 04:02:05 lets run thru things quickly and we can try to go quickly 04:02:20 sounds good 04:02:37 +1 04:02:41 #topic Unbreaking FWaaS 04:03:09 hi 04:03:18 njohnston__: could u pls set my IRC handle on the chair 04:03:30 Ah, sorry! I didn;t notice the underscore 04:03:34 #chair SridarK_ 04:03:35 Current chairs: SridarK_ njohnston__ sridark xgerman 04:03:38 thx 04:03:52 #topic Unbreaking FWaaS 04:03:58 thx njohnston__ 04:04:22 so quick update on this - over last week - some events -quick recap 04:04:50 some of us made it out to the L3 team mtg and then subsequently the drivers mtg 04:05:32 we discussed #link https://bugs.launchpad.net/neutron/+bug/1580239 04:05:35 Launchpad bug 1580239 in neutron "[RFE] Add agent extension framework for L3 agent" [Wishlist,In progress] - Assigned to Nate Johnston (nate-johnston) 04:05:53 as an RFE for adding the right extensions to support service agents in L3 Agent 04:06:15 we have gotten support on this in the drivers mtg and has been approved 04:06:32 excellent 04:06:34 great! 04:06:36 Please feel free to contribute to the RFE as well, where you see gaps. 04:06:51 we did bring up the issues on the breakage and got a quick workaround proposal from armax 04:07:04 #link https://review.openstack.org/#/c/315826 04:07:33 praise be to armax :-) 04:07:37 essentially this is a fork of L3Agent with FWaaS on it - and should be enough to make some fwd progress 04:08:17 SridarK_ I think you had some follow-up questions for armax on this. 04:08:19 for some reason even with the workflow - this did not merge - also had some queries for armax on things that are remaining 04:08:24 mfranc213: +1 04:08:38 i had to be out so will follow up on this tomorrow 04:09:01 hopefully we can get this merged - even if there are limitations we would be in better shape 04:09:26 folks request to take a look at the patch too and see if there are things we need to fix - possibly as subsequent patches 04:09:39 mmh,we tried recheck? 04:09:48 tempest was happy and i also pulled a devstack and tested it 04:10:11 xgerman: i was waiting to wait to hear back on my questions to armax as well 04:10:52 ok, will remove my +W then 04:10:56 it almost seemed like it did not get queued to the pipeline at all 04:11:31 xgerman: ok - i am hoping we can merge this soon 04:11:59 Thanks to armax for a quick possible path fwd 04:12:01 yeah, if you are waiting for an answer it’s probably best not to +W 04:12:07 +1 04:12:36 yes i think he added a comment after u +W - so yes best to remove and wait 04:12:47 * ur +W 04:13:28 thx to njohnston__ for getting the bug filed and starting out the spec patch 04:13:43 #link https://review.openstack.org/#/c/315745/ 04:13:44 no time like the present! 04:13:53 :-) 04:14:34 i think the L3 spec will be fleshed out considerably the more we understand the L2 agent extension implementation 04:14:37 thx are definitely looking better this week (i hope i dont jinx anything by saying that) 04:14:48 mfranc213: +1 04:15:07 We could spend some time on going thru some sample workflows 04:15:25 can you say more? 04:15:25 and then compare that with the QoS work 04:15:31 right 04:15:32 good. 04:15:34 +1 04:16:05 when i have completed some other word for Comcast, my first task is to study the L2 QoS code more 04:16:18 we may need to modify the l2 agent extension 04:16:22 (for a few fwaas-related purposes) 04:16:27 ok 04:16:35 at present it is intended to only make certain specific resources available 04:17:03 yep, but we can add our fawns resources without changes according to dogwig 04:17:09 dougwig 04:17:19 poor dogwig 04:17:20 what we really need on the L3 agent - is to be able to get access to the router info 04:17:37 so we can map router ids to namespaces 04:17:37 there were two things, right? 04:19:17 SridarK_, How about 'router_port_id'? Can we also get this information by using L3 extension? 04:19:32 mfranc213: yes we can use the existing observer hierarchy for notifications 04:19:49 thank you 04:19:54 yushiro: router_port_id - we will get from the plugin 04:20:18 yushiro: and we can map the ns for the router that owns that port 04:20:43 according to carl_baldwin, they don't use the term 'observer hierarchy' any more, they just call it a callback mechanism... but FYI there may be mines in that field, he said there were a number of bits left unimplemented 04:21:00 njohnston__: true, agreed 04:21:04 SridarK_, I see. thanks. 04:21:05 :-( 04:21:56 njohnston__: if u think it makes sense - we can get the interested folks on a call for some discussions too 04:23:07 other thing on this topic folks would like to discuss ? 04:23:21 let's quiz the right folks on irc to start 04:24:02 njohnston__: sounds good whichever is easier 04:24:17 +1 04:25:08 Sorry i think i globbed multiple agenda topics on to this - but they are related 04:25:32 yep, they are! :) 04:26:02 #topic Observer Hierarchy 04:26:19 #link https://review.openstack.org/#/c/278863/ 04:26:38 njohnston__: i know u asked for some more clarity - i will ping the contributor too 04:27:20 i was thinking if he can make the patch dependent on the workaround patch and do some testing 04:27:36 then we can get a quick turnaround on this 04:28:06 #action SridarK_ to reach out to Bharath on Observer Hierarchy 04:28:10 +1 04:28:17 +1 04:28:33 Ok moving on 04:28:37 wait 04:28:39 sorry 04:28:46 sorry pls go ahead mfranc213 04:29:20 can you quickly say what the relationship is/might be between the observer hierachy and neutron's L2 RPC callback implementation? 04:29:29 "relationship" is the wrong word 04:29:44 i mean: how they may or may not overlap functionally or architecturally 04:30:08 mfranc213: this is the callback on L3 Agent on router events 04:30:22 yes, so the objects differ... 04:30:42 consumers (like fwaas) can register a call back and on router events - will get the callback to handle the event 04:30:52 but are the general approaches similar or the same, and if not, should they be? 04:31:31 SridarK_ yes, that sounds like the RPC callback implementation for L2 ;) 04:31:32 i dont know enough abt the L2 callbacks - but i think the idea is similar 04:31:35 at least at a high level 04:31:41 mfranc213: yes it seems so 04:31:44 so is there merit to stealing code? 04:31:56 or is the observer hierarchy close to being done? 04:31:57 mfranc213: shamelessly yes :-) 04:32:10 mfranc213: but i think it is mostly done 04:32:16 okay, thank you. 04:32:35 mfranc213: no prob thx for asking 04:32:54 ok then lets move on 04:32:56 "shamelessly" lol 04:32:58 mfranc213, sridarK_: I am not sure or atleast i don't understand it yet, that L2 agent RPC is that way 04:33:18 hopefully will get to the bottom of it in a day 04:33:25 :-) 04:33:28 padkrish: ok great 04:34:12 #topic SG changes in neutron 04:35:08 mickeys: were u able to get some cycles on this 04:35:08 is this topic essentially the L2 FWaaS (i.e., port-level) functionality? 04:35:34 This is making changes to security groups so that L2 FWaaS can coexist with security groups on the same port 04:35:36 mfranc213: mickeys was looking at some neutron changes to clean things up so we can land our L2 stuff 04:35:43 Two separate issues 04:35:51 thank you 04:35:58 mfranc213: This is the topic with the wrapped chain versus the unwrapped chain that we talked about in the summit 04:36:13 excellent. thanks for the clarification. 04:36:28 One is having a common chain that both security groups and fwaas can go off of to jump to interface specific chains. The ACCEPT needs to be in the common chain. 04:36:41 I have not started on that, and it does not look like I will get any cycles for that in the next week. 04:37:01 The other is conntrack, moving some stuff into the conntrack part of security groups that sits in the base security groups firewall driver right now 04:37:15 We need access to common conntrack zone mappings for both security groups and fwaas 04:37:30 I thought we could just use the same contrack... 04:37:50 mickeys +1 04:37:55 The mapping of interface to conntrack zones sits in the iptables-firewall security groups driver right now. 04:38:07 We want the mapping to be in the conntrack part, then make that conntrack part a singleton 04:38:46 yep, those are neutron changes? Do we need an RfE? 04:39:08 there should at least be a bug, if there isn't one already 04:39:29 Bugs have not been opened yet 04:39:48 As RFEs? 04:40:09 Open it as a regular bug and let them come back and say "this looks big enough to merit an RFE" 04:41:17 My opinion, it isn't big enough to need an RFE but that's just me. 04:41:52 mickeys: perhaps as njohnston__ suggests, u can then bring it up for discussion in the drivers mtg if needed 04:42:18 if you want it discussed there, add the rfe tag and leave it in triaged state 04:42:31 For the conntrack part, it is moving some code from iptables_firewall.py to ip_conntrack.py and then making ip_conntrack.py a singleton 04:42:45 my worry is that they have ideas they like us to follow... 04:43:31 yeah, it’s straight forward but having it blessed might be good anyway 04:43:36 For the ip_conntrack piece, I don't see mcuh room for alternative solutions 04:43:41 better safe than sorry I suppose 04:43:48 For the piece that messes with iptables chain structures, there may be some discussion 04:44:15 getting a bug will atleast get it on the radar 04:44:22 ok 04:44:42 sounds good then 04:45:07 other things folks want to discuss on this ? 04:45:28 chandanc: SarathChandraMek: did u guys also want to bring up discussion points or questions ? 04:45:55 SridarK: I am still going through the code in mikeys patch 04:46:02 Still catching up.. 04:46:08 will need some time 04:46:22 Let me know if you want to discuss any of this 04:46:27 chandanc: SarathChandraMek: ok that is fair, pls feel free to reach out if u have questions 04:46:36 sure 04:46:57 sure.. mickeys we will ping you offline 04:47:42 ok lets move on 04:47:45 cool 04:48:00 #topic FWaaS V2 04:48:24 nothing much but hopefull we can pick things up 04:48:49 can you elaborate? 04:49:08 njohnston__: mfranc213: do u think we can try to push for a first level integration across Ext - > db -> plugin 04:49:19 yes, once armax's fix merges 04:49:25 mfranc213: sorry, meant with the workaround patch 04:49:28 njohnston__: +1 04:49:34 then we can have a functioning way forward 04:49:43 I am waiting in catlike readiness 04:49:53 +1 04:50:14 njohnston__: i know some cycles are getting spun out the L3 Agent refactor 04:51:06 but if we get some basic things in place, even if it is a bit hacky, yushiro: & padkrish: can start playing around on the agent pieces 04:51:32 +1 04:51:38 +1 04:51:47 +1 04:52:58 ok sounds good - lets plan for that - we can continue discussions over the week 04:53:34 other things to discuss on v2 ? 04:53:34 I am enjoying the level of consensus 04:53:38 nope 04:53:39 :-) 04:54:31 njohnston__: as u stated on the agenda 2 weeks from N-1 04:54:56 time flies when you're having fun :-) 04:55:11 we really need to aim to make the next 3 - 4 weeks very productive so we are in a good position for N-2 04:55:30 completely agreed 04:55:38 +1 04:55:52 #topic Open Discussion 04:56:04 there are several open action items on https://etherpad.openstack.org/p/neutron-fwaas-austin, most of them mine. i'm not allowed to edit the fwaas wiki. do you know how i can get it? 04:56:17 mfranc213: yes u should be able to do it 04:56:36 mfranc213: if u have issues - lets sync tomorrow 04:56:42 i will ping you offline if i continue to have problems 04:56:57 mfranc213: and i believe i had to address some too - thx for the reminder 04:57:10 also check out the ML discussion titled 'wiki' - they're talking about how they need to turn off access rights to the wiki because of rampant spamming 04:57:20 right... 04:57:27 we may want to move all that kind of stuff to etherpads for the time being 04:57:36 mfranc213: njohnston__ : thats right 04:57:44 mfranc213: i can proxy for u too 04:57:52 excellent. 04:57:53 thank you. 04:57:59 so we can get things in 04:58:05 padkrish, could you receive my e-mail ? 04:58:09 but perhaps etherpad is the way to go 04:58:29 yushiro# Yes, replied 04:58:34 time: -2 04:58:40 also, it would be helpful for me to know everyone's timezone along with their irc handle (i know some but not all) 04:58:41 yes 04:59:00 Pacific 04:59:10 will update etherpad 04:59:12 we can note those down in https://etherpad.openstack.org/p/fwaas-meeting perhaps 04:59:14 thank you 04:59:22 ok folks 04:59:28 thanks everyone, this was very good 04:59:28 padkrish, Thanks, 04:59:32 thx for joining and the discussion 04:59:34 thanks 04:59:38 thanks everyone 04:59:40 Thank you. 04:59:45 thanks 04:59:47 Thanks 04:59:52 pls feel free to email if u need something 04:59:55 thanks 05:00:02 ...and goodnight 05:00:05 #endmeeting