14:00:27 #startmeeting fwaas 14:00:28 Meeting started Tue Dec 6 14:00:27 2016 UTC and is due to finish in 60 minutes. The chair is njohnston. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:29 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:30 good morning 14:00:31 The meeting name has been set to 'fwaas' 14:00:32 #chair SridarK yushiro xgerman 14:00:33 Warning: Nick not in channel: SridarK 14:00:34 Warning: Nick not in channel: yushiro 14:00:35 Current chairs: SridarK njohnston xgerman yushiro 14:00:37 hello all 14:00:39 #nick SridarK_ 14:00:41 hi all 14:00:43 oops 14:00:46 #chair SridarK_ 14:00:47 Current chairs: SridarK SridarK_ njohnston xgerman yushiro 14:00:55 there we go 14:01:01 so many chairs and nowhere to sit :) 14:01:06 :-) 14:01:33 Good morning mfranc213_! 14:01:37 lets get started 14:01:41 Hi, sorry for late 14:01:48 no problem yushiro 14:01:52 :) 14:02:10 1 min hardly qualifies as late yushiro :-) 14:02:22 I don't think we have any announcements that I know of 14:02:31 so let's jump right in to 14:02:32 #topic Stadium Compliance 14:02:57 i think we only have few things to wrap up 14:03:04 agreed 14:03:19 D2 (api-ref): Waiting on API spec to merge. 14:03:25 #link https://review.openstack.org/389388 Migrate neutron-fwaas API definitions to neutron-lib 14:03:44 I had a chance to work on this a bit yesterday. I think I got it much closer, and I got a number of comments from Armando. 14:03:53 nice 14:04:03 So I am hopeful I have some positive momentum and we can get that ready for merge 14:04:16 njohnston: yes it looks like u are close to merge 14:04:26 Yes, it's totally good to me. 14:05:06 the only thing that will impede a merge is that it is supposed to depend on almost all remaining stadium compliance items, except for the api-ref and the osc change 14:05:22 which means it depends on the tempest scenario tests, that is the only remaining unmet dependency 14:05:29 just to keep in mind 14:05:54 scenario tests are running now 14:06:03 will be checking in today 14:06:07 SarathMekala: great 14:06:07 C5 (tempest): API merged, Scenario testing WIP (Sarath) 14:06:13 #link https://review.openstack.org/#/c/391392/ Tempest scenario testing for FWaaS v2 14:06:17 are we ready for final review ? 14:06:21 yes 14:06:22 That is great news SarathMekala 14:06:29 have cleaned up the code 14:06:40 and taken care of redeep and yamamotos comments 14:06:46 cool! SarathMekala 14:06:59 Hi 14:07:00 am able to run one ping end to end properly 14:07:15 we can take look today to see if it can be pushed in 14:07:21 i can add up one more scenario and checkin for now 14:07:33 sure SridarK_ 14:07:48 will send a mail to you once I put in the patch 14:07:55 SarathMekala: ok sounds good 14:08:20 we can always keep making it more comprehensive in subsequent patches 14:08:34 yes SridarK_ .. thats my thought as well 14:09:00 very good, very good 14:09:11 next up is 14:09:12 L1 (OSC): WIP (Yushiro) 14:09:12 thanks njohnston 14:09:19 #link https://review.openstack.org/351582 OSC patch 14:09:29 I think OSC patch is totally good. 14:09:46 But reviewer is decreasing... 14:09:52 yushiro: i have been looking at it 14:10:08 The osc looks good 14:10:09 had some things to discuss before going to gerrit 14:10:24 i had a question on the router keyword 14:10:34 or rather option 14:10:41 u have router and subnet 14:10:47 SridarK_, Yes, 14:11:00 while the router is convenient, is it really necessary ? 14:11:32 SridarK_, I thought 'router' option is compatibility to fwaas v1. 14:11:44 SridarK_ any reason y? 14:11:53 yushiro: ok but do we need this compatibility ? 14:12:10 since it is a new api 14:12:25 it makes it look more like v1 which we want to get away from 14:12:33 SridarK_, Yes, v2 is a new API that is different from v1. 14:12:59 i am not religious abt it but was wondering if it is really necessary 14:13:16 SridarK_, However, I think there is a case that a user wants to apply firewall_group via 'router'. 14:14:37 If user wants to apply firewall_group for router port, the user has to find a port which 'device_owner' is 'router_interface'. 14:14:45 yushiro: now if say a user specifies router1, which has 2 ports 14:15:11 later on if router1 gets another port added - we have no mechanism to add the fwg on to that port 14:15:27 We do need a callback in that case 14:15:58 In v1, whenever a new port is added we will trigger on the notifier to add the fw to this new port 14:16:07 won't we have that when we get the L2 functionality in place? 14:16:14 we'll get the add port notification 14:16:22 Reedip_: yes exactly 14:16:27 njohnston: for L2 yes 14:16:37 but not for L3 14:16:51 well, what we're talking about is an L3 router's L2 port 14:16:57 So that would be Interesting if we have the functionality already enabled :) 14:17:31 my point is more along the lines of do we want to keep the v1 behavior (we can always make the model work) 14:17:39 I don't see why we wouldn't get the port add notification through l2 agent extensions like all the other port changes. Are router port changes not handled using port messaging? 14:18:39 njohnston: For L2 it will be a tenant wide behavior where whenever we get a new port on the tenant we will do this 14:19:21 but for L3, we kind of wanted to go away from this behavior to be on the whole router and we want a more port based semantics 14:19:36 handle_port or something in L2. But L3, we can notice only handle_router with event=UPDATE ? 14:19:37 good to get this discussion 14:20:05 i did not want to get on gerrit and derail and preferred that we discuss the behavior as a team 14:20:11 first 14:20:38 Again my point is more on the behavior we want 14:21:04 FWaaS started with all routers on the tenant (which was not at all desirable) 14:21:45 from there we went to list of routers that can be specified by the user (then applied on all internal ports of the specified routers) 14:22:07 but then we really wanted to be at the port level where it makes more sense 14:22:46 L2 of course needs to be tenant wide and that use case is a bit different as L3 14:23:32 SridarK_, Yes, I agree with port level association. What I want to say is 'router' option is just compat and convenient to specify for a user. 14:23:43 yushiro: totally agree 14:24:12 but we need to be careful 14:24:51 may be we can discuss more offline 14:25:18 i think these were some of the essential points - we can do an email on this 14:25:20 SridarK_, Yes. I'll take care the case that you and Reedip_ mentioned. Thank you. 14:25:35 ok, great 14:25:44 and the last item on stadium compliance is 14:25:44 C4 (fullstack - non-critical): Waiting on OSC to merge and be released. 14:25:52 but that is in stasis right now 14:26:06 so I think we can move forward to the next topic 14:26:12 njohnston: 1 sec 14:26:19 go ahead SridarK_ 14:26:53 just to add i think the efforts towards compliance has been recognized by the PTL 14:26:58 #link https://blueprints.launchpad.net/neutron/+spec/fwaas-api-2.0 14:27:06 so great job everyone 14:27:39 njohnston: we can move on 14:27:45 :-) 14:27:49 +1 great job all! 14:27:55 #topic FWaaS v2 14:28:11 #link https://review.openstack.org/348177 neutron: IPtables enhancement for co-existence of SG and FWaaS v2 drivers (Chandan/Sarath) 14:28:16 I saw some activity on this 14:28:32 chandanc_: How is it looking? 14:28:43 I have pushed 2 patches for this one, i still have to fix some of the SG firewall 14:29:26 currently the iptables manager code is complete, but the calls from the firewall driver for SG have to be adjusted 14:29:33 also working on the UTs 14:29:34 ok 14:29:49 should be able to openup reviews this week 14:29:57 Do you need any assistance from the team on any of those items> 14:29:58 ? 14:30:37 at tis point it is still WIP, but will ask for feedback once the SG driver is adjusted 14:30:43 With neutron at a reduced reviewer bandwidth, I think it's important to plan for a long review just in case 14:30:52 yes 14:31:02 thanks chandanc_ 14:31:07 agree, should be out this week 14:31:16 The other two have not been updated since last we met 14:31:27 #link https://review.openstack.org/361071 neutron-fwaas: FWaaS v2 driver for L2 ports (Chandan/Sarath) - last updated 3 months ago 14:31:38 #link https://review.openstack.org/323971 neutron-fwaas: FWaaS v2 extension for L2 agent (Yushiro/Paddu) - last updated 4 weeks ago 14:32:05 yes, the l2 driver is may not need much update , but urrently focusing on lthe iptables patch 14:32:09 njohnston: on 323971 - padkrish and i have to sync on this 14:32:34 i will drive for some closure this week 14:32:47 njohnston, could not spend time on the L2 driver patch 14:32:56 Last week, I just retrieved again. SridarK_ , please let me help in this patch. 14:32:59 not a problem :-) we are all busy on other things 14:33:26 i guess there is a chain of dependencies on both of these patches on the neutron iptables patch 14:33:40 but we can clear up some of the orthogonal issues 14:33:49 yushiro: thx - lets sync up with padkrish 14:34:40 next up is a topic I added 14:34:42 #topic FWaaS v1 deprecation 14:34:48 I keep getting questions about this. I figure it's best for us to discuss it and perhaps send something out to openstack-dev 14:35:15 most recently in the api definiton migration patch to neutron-lib, armax challenged why we were bothering with v1 14:35:27 I think it's worth a statement from the team 14:35:42 I have been saying that we wouldn't deprecate v1 until v2 was completely finished 14:35:49 njohnston: possibly post O release we can deprecate 14:35:53 but that is just my personal understanding 14:36:05 njohnston: u took the words of my thought process here exactly 14:36:19 so I think what I would like to say is 14:37:15 "We have delayed deprecating fwaas v1 until fwaas v2 is ready. The fwaas v2 effort is targeted to conclude within the Ocata cycle, so we expect to start the deprecation process at the beginning of the Pike cycle" 14:37:28 Does anyone have any issues with that approach? 14:37:54 i think that is good and that we do have some users on v1 evidenced by some bugs that have been filed 14:37:59 may be not a whole lot 14:38:05 Same with you, njohnston. v2 is first. 14:38:16 I would expect we have more users on v1 than v2 at this point 14:38:41 yes definitely 14:39:20 ok I will send that out to openstack-dev then 14:39:25 I think so too. Our customer is using v1 now. 14:39:45 #topic neutron-lib 14:39:54 I updated the fwaas neutron-lib punchlist 14:40:01 which was an action item for me from last time 14:40:09 #link https://etherpad.openstack.org/p/neutron_lib_fwaas_punchlist neutron-lib fwaas punchlist 14:40:56 I have been trying to put items in progress with the 'fwaas-neutron-lib' topic 14:40:57 https://review.openstack.org/#/q/topic:fwaas-neutron-lib 14:41:16 reviews are welcome, some of the jenkins failures here are difficult to debug 14:42:05 and anyone who wants to jump in for something on the neutron-lib punchlist feel free, I've been trying to keep things transparent there 14:42:17 njohnston: +1 14:42:28 njohnston, great 14:42:52 #topic performance improvement for v1 14:43:12 this topic was added by someone else, not sure who 14:43:17 but they posted this link 14:43:17 #link https://review.openstack.org/#/c/389654/ 14:43:32 Ha Van ? 14:43:36 tuhv: 14:43:38 tuhv, 14:43:39 njohnston, 14:43:41 Hi 14:43:49 Yes, here I am 14:43:49 tuhv, It's your turn :) 14:43:56 :) 14:44:15 I have updated as chandanc_ comments 14:44:39 yes and thanks for the explanation tuhv 14:44:48 It is ready for review, but the gate-grenade-dsvm-neutron-fwaas-multinode is failed 14:45:09 tuhv: (and as mentioned by hoangcx last week) the intent is to try to get this in for fwaas first ? 14:45:16 chandanc_, it's my pleasure 14:45:17 and then with SG ? 14:45:21 Yes, 14:45:43 I have discussed with Kevin, and he has commented on my RFE bugs 14:46:03 the issue with that patch 14:46:11 is that we need to handle the plurals problem 14:46:12 http://logs.openstack.org/54/389654/21/check/gate-grenade-dsvm-neutron-fwaas-multinode/84bc98b/logs/new/screen-q-svc.txt.gz#_2016-12-06_02_08_01_573 14:46:51 Thanks njohnston 14:46:55 I'll get a patch in later today, to fix that 14:47:07 #action njohnston to fix plurals issue 14:47:26 Thanks njohnston 14:47:47 anything else on this topic? 14:48:41 I would like to know that the gate-grenade-dsvm-neutron-fwaas-multinode failure is because of my patch or gate? 14:49:00 gate, it is not your patch... it has to do with neutron-lib changes 14:49:12 BTW tuhv, Thanks for your patch #link https://review.openstack.org/#/c/407311/ 14:49:20 njohnston, Thanks 14:49:34 #topic Open Discussion 14:49:43 thank you yushiro, 14:49:57 We have 10 minutes left, anything else you would like to bring up> 14:50:39 njohnston, I have 1 question of your migrating patch with agent extension. https://review.openstack.org/#/c/385045/ 14:51:05 yes sir, what is your question? 14:51:57 I think your patch looks good. However, in order to use agent extension, is it also necessary to migrate callback resources? 14:51:59 https://github.com/openstack/neutron/blob/master/neutron/api/rpc/callbacks/resources.py 14:52:48 that is an independent part that must also be migrated 14:52:55 they do not depend on each other, but we use them both 14:53:09 the neutron-lib migration for callback resources is already under way: https://review.openstack.org/#/c/346554/ 14:53:28 njohnston, exellent!! 14:53:39 :-) 14:53:44 njohnston, Thank you. I understand the situation. 14:54:13 SridarK_, can you discuss at #openstack-fwaas about l2-agent extension patch after this meeting? 14:54:13 yushiro: i will have an email out on the CLI to u and the team - i am not saying anything on gerrit until we have consensus 14:54:33 yushiro: ok 14:54:48 SridarK_, Thank you. I'll read it and reply tomorrow(Because today is 4 minutes left :-) 14:54:55 SridarK_, great. Thanks. 14:55:00 yushiro: yes it is late for u 14:55:20 we can discuss on openstack-fwaas during ur morning also 14:55:44 SridarK_, OK. BTW, what time is it now for you? 14:55:54 it is 6:55am 14:56:18 wow! It's earrrrrrrrrrly. 14:56:24 :-) 14:56:34 Well, I think that about wraps it up. 14:56:39 Thank you all! 14:56:51 Thanks, bye bye. 14:56:55 Thanks all bye 14:56:56 thank you 14:56:56 thanks all bye 14:56:58 bye 14:57:00 #endmeeting