#openstack-meeting-3 log

04:01:13 <SridarK> #startmeeting fwaas
04:01:14 <openstack> Meeting started Wed Jul 27 04:01:13 2016 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.
04:01:15 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
04:01:17 <openstack> The meeting name has been set to 'fwaas'
04:01:17 <xgerman> o/
04:01:21 <yushiro> Hi all, o/
04:01:23 <SridarK> #chair xgerman
04:01:24 <openstack> Current chairs: SridarK xgerman
04:01:28 <padkrish> hi all
04:02:04 <SridarK> ok lets run thru the usual topics
04:02:08 <shwetaap> Hi
04:02:12 <SridarK> #topic FWaaS v2
04:02:16 <_SarathMekala_> hi all
04:02:24 <hoangcx> hi
04:02:44 <SridarK> on the patchsets, shwetaap: thx i saw that u uploaded a new patch on the extensions
04:02:58 <SridarK> and yushiro: thanks for addressing some of the comments
04:03:10 <yushiro> SridarK, you're welcome :)
04:03:24 <SridarK> shwetaap: do u see more work on the patch in terms of UT ?
04:03:43 <shwetaap> sure, thanks yushiro on fixing some of the comments.
04:04:02 <shwetaap> i may add a few UTs for firewall_groups
04:04:08 <shwetaap> the rest seem ok
04:04:08 <SridarK> shwetaap: ok
04:04:28 <SridarK> I will look thru and post some comments too
04:04:48 <yushiro> shwetaap, You're welcome.  I'll put some new comments on your patch.  would you check and fix it?
04:04:50 <SridarK> my sense is that we can target the first set of basic resources and attributes
04:05:19 <SridarK> i will comment on gerrit and we can discuss there
04:05:26 <shwetaap> yushiro: sure
04:05:53 <yushiro> shwetaap, OK
04:06:10 <SridarK> next up is njohnston and myself on the db & plugin
04:06:50 <SridarK> i have been working the db patch - i have some basic things working with the policy, tweaking out the policy - rule - position table
04:07:29 <SridarK> i will push the patch up as soon as i finish my testing
04:08:12 <yushiro> SridarK, I see. After that, I'll comment in your DB patch(I found some nit bugs)
04:08:32 <SridarK> yushiro: ok great - much appreciated
04:09:12 <SridarK> i will keep the plugin patch with the old rpc model
04:09:22 <SridarK> as the first approach
04:09:45 <padkrish> SridarK# Sounds good....once i see your patch, i will integrate with versioned object patch and test
04:09:48 <SridarK> we can refactor with versioned objects and the L3 Agent ext as the next step
04:10:16 <SridarK> padkrish: ok that is good - we can try to sync up to plan this a bit later in the week
04:10:29 <padkrish> SridarK# Ok
04:10:41 <yushiro> padkrish, I'll sync with you about the integration of our patches.
04:11:01 <SridarK> On the plugin, the old model had a PENDING state
04:11:26 <SridarK> and after the Agent applied the rules and sent an ACK back - we would go to the final state
04:11:27 <padkrish> #yushiro# absolutely...i am looking forward to your devstack plugin, which will help us all integrate
04:11:55 <SridarK> i would like folks to think abt this and get some comments out
04:12:08 <SridarK> perhaps with versioned objects - we dont need this
04:12:50 <SridarK> i will reach out to u guys to clarify this bit
04:12:51 <yushiro> padkrish, Ah, unfortunately, this is not devstack plugin but procedure how 2 integrate our patches..  Is it OK?
04:13:43 <padkrish> yushiro# i see, that's still very good...
04:13:49 <SridarK> yushiro: that is good too - all of us following a similar approch will be good
04:14:03 <xgerman> +1
04:14:06 <SridarK> i think we will be in some craziness with the dependencies
04:14:47 <SridarK> yushiro: padkrish: mfranc213_: pls go ahead with the agent side updates
04:15:30 <yushiro> SridarK, Sure.  Last week, I attended virtual mid-cycle with SridarK , njohnston|PTO  and margaret
04:15:39 <yushiro> SridarK, As you know :)
04:15:42 <SridarK> :-)
04:15:53 <SridarK> we can get this as a separate topic
04:16:00 <yushiro> SridarK, After that, I fosused on as follows:
04:16:19 <yushiro> 1. Review margaret patch first. I've already put some comments into her patch.
04:17:01 <yushiro> 2. Integrate our patches and try to pass  "GET".  Currently, I've just finished GET firewall_groups.
04:17:46 <yushiro> I'll share this information into FWaaS members within today(Japan timezone).
04:18:13 <SridarK> yushiro: great
04:18:40 <SridarK> can u elaborate more on (2)
04:18:50 <SridarK> have u added some missing pieces ?
04:19:13 <yushiro> SridarK, Yes. I've added some DB attributes.
04:19:22 <SridarK> yushiro: ok cool
04:19:25 <yushiro> SridarK, ex. "project_id", "public"...
04:19:39 <SridarK> yushiro: ok
04:20:07 <SridarK> i will have some of these missing pieces on the Rules, Policy and FW group resources also
04:20:08 <yushiro> SridarK, So, let me confirm about DB.  we use 'public' instead of 'shared', don't you?
04:20:15 <SridarK> yushiro: yes
04:20:33 <yushiro> SridarK, Also, 'project_id' instead of 'tenant_id', don't you?
04:20:42 <SridarK> yushiro: yes that is correct
04:21:05 <yushiro> SridarK, OK, thank you.
04:21:29 <SridarK> yushiro: just give me another day - and i will update the patch
04:21:44 <SridarK> so u can use that
04:21:52 <xgerman> nice!
04:22:45 <padkrish> SridarK# On my side, i have sent out couple of patches for versioned objects https://review.openstack.org/#/c/342476/2 and https://review.openstack.org/#/c/347092/
04:23:00 <SridarK> padkrish: yes thx
04:23:10 <yushiro> SridarK, Sure.  I also changed a little with migration file , DB, plugin, versioned object,..  in order to pass golden route(GET).  I'll feedback it.
04:23:39 <SridarK> yushiro: ok sounds good
04:23:56 <padkrish> they seem to have a circular dependency, so i am planning to split https://review.openstack.org/#/c/342476/2  into two...basically remove the notification driver portion from it
04:23:58 <SridarK> yushiro: u can comment on the patch after i push it too
04:24:09 <yushiro> SridarK, Sure. I'll do that :)
04:24:12 <SridarK> padkrish: yes saw ur email
04:25:06 <xgerman> the less circular dependencies we have the better. That’s the reason for neutron-lib (cut back on those dependencies)
04:25:33 <SridarK> xgerman: +1
04:25:43 <padkrish> xgerman# agree, but the resources are embedded in Neutron as it stands today...
04:25:48 <SridarK> padkrish: will look thru this
04:25:52 <padkrish> So, any suggestions on that?
04:26:02 <SridarK> and we can look for the easiest way fwd
04:26:24 <xgerman> I think proceed as is and hope they merge it...
04:26:57 <padkrish> xgerman# ok :)
04:27:14 <xgerman> that’s the best we can do — and if we need to change we do so
04:27:43 <padkrish> xgerman# sure
04:28:09 <SridarK> padkrish: yes this is can be quite tricky
04:28:34 <SridarK> but it is not very clear on how to get past this
04:29:30 <padkrish> SridarK# unless, we make the resource registration generic instead of hard-coding, i also need to think through this....if we do, we also may need to modify existing consumer (QoS) to make use of it
04:30:16 <SridarK> padkrish: yes, since QoS is part of neutron - things are good
04:30:46 <padkrish> SridarK# yes
04:31:22 <SridarK> lets discuss this more along with xgerman & mfranc213_ since Nate is out this week
04:31:47 <SridarK> ok lets move on to the next piece
04:31:56 <xgerman> +1
04:32:11 <SridarK> chandanc_: & SarathMekala: how do things look on the driver side
04:32:32 <SarathMekala> We are done with Security Group changes
04:32:37 <SarathMekala> things seem to be good
04:32:53 <SarathMekala> but there are certain issues that need discussion..
04:32:58 <SridarK> SarathMekala: ok great - which change is this ?
04:33:10 <SridarK> so both can coexist ?
04:33:27 <chandanc_> the changes are needed on the iptables_manager, in the neutron code\
04:34:04 <SarathMekala> contention between SG and FwaaS drivers got solved... this solution needs some review from the team
04:34:04 <chandanc_> we have introduced a common chain and then component level chains for fw and SG
04:34:14 <SridarK> ok nice
04:34:33 <xgerman> neat!
04:34:44 <chandanc_> with the changes the IPtables configuration is now not been overwritten by components
04:34:53 <SridarK> if u can review with mickeys and then reach out ot a broader audience
04:34:59 <SridarK> *to a
04:35:26 <SridarK> but this is great
04:35:28 <SarathMekala> sure..
04:35:37 <chandanc_> here is an example output   http://paste.openstack.org/show/542471/
04:35:39 <SridarK> and an important piece to have in place
04:35:51 <SarathMekala> SridarK# there are a few general concerns
04:36:08 <SarathMekala> for ex:  we need to change neutron code.. is it ok?
04:36:19 <SridarK> SarathMekala: yes u will need to get the review out
04:36:21 <SarathMekala> ip_firewall and iptable_manger are from neutron
04:36:49 <xgerman> SridarK +1
04:37:04 <xgerman> I think we are running up against their deadline soon
04:37:08 <SridarK> u can reference the before and after from paste in the review comments
04:37:13 <SarathMekala> sure will do that... there are a few more queries, will send across a mail after this meeting
04:37:47 <SridarK> i echo xgerman: - u will need to get some review time with the neutron folks
04:37:56 <SridarK> so sooner the better
04:38:00 <yushiro> SarathMekala, BTW, it there any update about ordering b/w firewall_groups?
04:38:06 <SarathMekala> sure.. we are in a shape to post a review
04:38:14 <SridarK> excellent
04:38:29 <xgerman> +1
04:38:37 <yushiro> +1
04:38:54 <SarathMekala> ordering is still open for now at the same level
04:39:13 <SridarK> there will be some minor updates to iptables rules for L3 as well - i will run it by both of u
04:39:25 <chandanc_> sure
04:39:27 <SarathMekala> xgerman suggested to throw an error.. so we can consider that
04:39:33 <SridarK> but this is quite simple compared to what u guys are doing for L2
04:40:11 <SarathMekala> sure..
04:40:32 <SarathMekala> Sridar can we sync up after this meeting
04:40:55 <SridarK> SarathMekala: sure
04:41:10 <yushiro> SarathMekala, I see.  Is it discussing in google doc now?
04:41:36 <SarathMekala> yushiro# the doc needs to be updated
04:42:03 <SarathMekala> we got busy sorting out some issues
04:42:23 <SarathMekala> will do it this week
04:42:38 <yushiro> SarathMekala, OK. great work.  I'll check in next week.  Thank you.
04:42:45 <SridarK> SarathMekala: understand no worries
04:43:06 <SridarK> anything else on driver pieces
04:43:50 <chandanc_> nothing much , we need to have some discussion.
04:44:03 <chandanc_> we will have the patch out
04:44:11 <SridarK> ok sounds good
04:44:17 <SarathMekala> code seems to be in a ok shape
04:44:25 <SridarK> ok
04:44:43 <SarathMekala> need to see how the review goes
04:45:08 <SridarK> lets move on
04:45:14 <SridarK> #topic L3 Agent
04:45:24 <SridarK> mfranc213_: has a review out:
04:45:35 <SridarK> #link https://review.openstack.org/#/c/337699/
04:46:04 <SridarK> we clarified that this can be step 1
04:46:35 <SridarK> and yushiro: has a patch out
04:46:39 <SridarK> #link https://review.openstack.org/#/c/341374
04:46:47 <SridarK> this could be step2
04:46:55 <yushiro> SridarK, yes.
04:47:11 <SridarK> mfranc213_: is not here - but we can continue the review
04:47:21 <SridarK> yushiro: thx for getting started
04:47:45 <SridarK> #topic virtual coding sprint
04:48:22 <SridarK> we met on thu & fri of last week (njohnston, mfranc213_ , padkrish yushiro & SridarK )
04:48:50 <SridarK> we spent some time to discuss and clear things up on any questions so we can focus
04:48:59 <SridarK> and get answers quickly
04:49:27 <SarathMekala> Sorry guys.. I fell sick and could not join the discussion
04:49:28 <SridarK> perhaps we can target allocating couple of hours on couple of days every week
04:49:46 <SridarK> SarathMekala: no worries - we were mainly on the plugin - agent side of things
04:50:27 <SridarK> if we can block some time to have a quick discussion and clarify issues, do reviews etc - could be useful to move quickly
04:50:53 <SridarK> anyways - something folks can think abt and see if it is worth pursuing - we can also do this on demand
04:51:58 <SridarK> #topic Open Discussion
04:52:08 <SridarK> other things folks want to bring up ?
04:52:44 <SridarK> in general we are tight on time but i think the dependencies are coming together - a focussed push will get us thru the finish line
04:52:53 <xgerman> #link http://graham.hayes.ie/posts/equal-opportunities-for-all-openstack-projects/
04:53:11 <xgerman> ^^ that’s interesting in case we spin out ;-)
04:53:33 <xgerman> SridarK +1
04:53:49 <SridarK> xgerman: how relevant :-)
04:55:03 <SridarK> We also need to keep an eye on the Client patch sets needed
04:55:27 <SridarK> Thats all I had, if nothing else we can close out
04:55:52 <yushiro> SridarK, I'll follow CLI's patch with njohnston.
04:56:07 <SridarK> yushiro: ok great - he will be back next week
04:56:44 <SridarK> ok then thanks all for attending and all the updates, have a great and productive week
04:56:46 <yushiro> TO All, if you'd like to reach out Japanese core-reviewer, please let me ask.  I can reach out them more easily.
04:56:58 <SridarK> yushiro: that is very useful
04:57:04 <xgerman> +1
04:57:05 <yushiro> Because I'm on the same timezone :)
04:57:06 <SridarK> thx
04:57:20 <SridarK> #endmeeting