14:00:02 <njohnston> #startmeeting fwaas 14:00:06 <openstack> Meeting started Tue Jan 24 14:00:02 2017 UTC and is due to finish in 60 minutes. The chair is njohnston. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:07 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:10 <openstack> The meeting name has been set to 'fwaas' 14:00:20 <hoangcx> Hi 14:00:22 <njohnston> #chair SridarK yushiro xgerman 14:00:22 <openstack> Warning: Nick not in channel: SridarK 14:00:23 <openstack> Current chairs: SridarK njohnston xgerman yushiro 14:00:25 <yushiro> hi 14:00:27 <tuhv> Hi 14:00:32 <xgerman> o/ 14:00:59 <njohnston> OK, so let's get started 14:01:10 <njohnston> #topic FWaaS v2 14:01:36 <njohnston> So it's going to be difficult to get this done before feature freeze I think 14:01:47 <njohnston> the neutron change is still outstanding 14:01:56 <njohnston> #link https://review.openstack.org/348177 neutron: IPtables enhancement for co-existence of SG and FWaaS v2 drivers (Chandan/Sarath/Nate) 14:02:18 <njohnston> I had worked on it, and gotten the tests working except for functional, fullstack, and grenade 14:02:25 <chandanc_> Nate, i just discovered some bug in the patch that was producing duplicate rules 14:02:32 <njohnston> chandanc_: I saw you uploaded a new PS last night? 14:02:41 <chandanc_> ya 14:02:53 <chandanc_> but UTs are again broken 14:03:01 <chandanc_> I have some changes in progress 14:03:01 <njohnston> ah, ok. I can work on getting the tests working again, but there is a substantial change this may miss Ocata 14:03:26 <chandanc_> ya, sorry i did not see the bug earlier 14:03:31 <njohnston> chandanc_: just let me know when you want to pass the baton and I'll work on it after you're in bed 14:04:06 <chandanc_> I can give you the patch in progress, can help you to loook at the right place 14:04:19 <njohnston> sure 14:04:36 <chandanc_> will summarize in a mail 14:04:39 <njohnston> thanks! 14:04:56 <njohnston> ok, next up is the driver 14:04:57 <njohnston> #link https://review.openstack.org/361071 neutron-fwaas: FWaaS v2 driver for L2 ports (Chandan/Sarath) 14:05:15 <njohnston> I assume this is pretty much ready to go since there has been no activity on it in months 14:05:39 <chandanc_> the driver patch looks good but we ned to test the full integration 14:05:40 <SridarK> This may still need some tweaks i am guessing 14:06:36 <njohnston> If the neutron patch does not make it, should we try and deliver this anyway with the theory that we can tell people to turn off SG entirely and they could still use FWaaS v2 for L2? 14:07:25 <SridarK> This can be a bit tricky as we have no control on whether SG is turned off or not 14:07:55 <njohnston> it would have to be documented very visibly 14:08:00 <xgerman> yep 14:08:12 <xgerman> and we will mark it beta as well 14:08:33 <njohnston> does anyone object to that strategy? 14:08:43 <SridarK> Also i am wondering if we can check if the SG driver is the noop driver 14:09:09 <njohnston> SridarK: how would we accomplish that? 14:10:01 <SridarK> I am not sure if ther is a way to check for that - but that would give an added assurance for user missteps 14:10:30 <SridarK> but yes we could shoot for this strategy with extremely visible caveats 14:11:08 <njohnston> ok. then let's start integration testing with the driver immediately 14:11:17 <xgerman> +1 14:11:33 <njohnston> #link https://review.openstack.org/323971 neutron-fwaas: FWaaS v2 extension for L2 agent (Yushiro/Paddu) 14:11:34 <SridarK> chandanc_: what are ur thoughts ? 14:11:45 <chandanc_> +1 for testing the solution 14:12:04 <SridarK> ok 14:12:27 <yushiro> l2 agent patch, paddu is updating this patch and I'm writing default firewall group logic. 14:12:42 <SridarK> I believe this is looking in decent shape too 14:13:06 <SridarK> yushiro: then perhaps we can attempt an integration with the L2 driver ? 14:13:30 <yushiro> SridarK, Yes. 14:13:41 <SridarK> chandanc_: if u can run thru the L2 driver to check if there are some missing pieces ? 14:13:57 <yushiro> And 1 question from paddu. 14:14:05 <chandanc_> Sure, will do 14:14:18 <yushiro> He'd like to get 'binding:xxx' data from port_id. 14:15:56 <yushiro> In other words, he wants to get PortBinding data from neutron port_id. If you know good way to get it, please tell him on e-mail :) 14:17:01 <njohnston> ok, let's move on 14:17:11 <njohnston> #topic Stadium Compliance 14:17:24 <njohnston> #link https://review.openstack.org/394619 Add fullstack testing for neutron-fwaas 14:17:41 <njohnston> that is a basic framework for fulstack testing with nothing fwaas-specific 14:18:00 <njohnston> so that can merge now, and once the OSC new version gets bumped in g-r we can add FWaaS-specific tests 14:18:24 <yushiro> njohnston, #link https://review.openstack.org/#/c/424068/ 14:18:41 <yushiro> njohnston, This is the last 1 bug for OSC. 14:19:04 <njohnston> I was looking at that just before the meeting 14:19:07 <njohnston> I just approved it 14:19:13 <SridarK> So on 394619 - we can get that in ? 14:19:37 <njohnston> SridarK: yes, we can approve that anytime since it just sets up the fullstack testing framework 14:19:37 <yushiro> njohnston, Thanks 14:19:43 <SridarK> ok cool 14:19:47 <SridarK> thx njohnston 14:20:14 <SridarK> i will look at it today 14:20:20 <njohnston> API transition - have one bugfix 14:20:25 <njohnston> #link https://review.openstack.org/421534 Add action map for neutron-fwaas API definition 14:20:41 <njohnston> and still working on the transition to use the API definition in neutron-lib 14:20:46 <njohnston> #link https://review.openstack.org/421472 Use neutron-lib definition of neutron-fwaas API 14:20:59 <njohnston> I have been deprioritizing this work in favor of fwaas v2 work 14:21:29 <SridarK> yes makes sense 14:21:41 <yushiro> good! 14:22:18 <njohnston> anything else on stadium? 14:22:52 <xgerman> we should mention the PTL alection 14:22:56 <SridarK> no it seems there is renewed interest in services with vpnaas as well 14:23:02 <xgerman> +1 14:23:07 <SridarK> so that is good overall for the community 14:23:12 <xgerman> indeed 14:23:20 <xgerman> + Kevin is a good guy! 14:23:21 <SridarK> and our own xgerman is back in play with lbaas 14:23:28 <SridarK> xgerman: resounding _1 14:23:36 <SridarK> resounding +1 14:23:48 <njohnston> indeed. I much liked kevinbenton's candidacy announcement with vpnaas as a plank 14:24:03 <yushiro> Yes, this is good news for me. 14:24:22 <njohnston> #topic performance improvement for v1 14:24:28 <tuhv> Hi 14:24:30 <njohnston> #link https://review.openstack.org/#/c/389654/ 14:24:46 <tuhv> I have to update to patch 32 because of pyroute2 updating 14:25:02 <njohnston> this looks like it's really close 14:25:18 <tuhv> I have also commented on my patch the reason, and my solution 14:25:32 <njohnston> tuhv: I will try and retest today 14:25:40 <tuhv> Also with my log test: https://github.com/uttu90/FWaaSNetlink/blob/master/experimental_log.txt 14:25:53 <tuhv> njohnston, thanks 14:26:24 <tuhv> njohnston, it (patch32) is more stable and even faster 14:26:24 <hoangcx> njohnston, xgerman It would be better if the patch can land in Ocata. 14:26:35 <yushiro> tuhv, I will. I'll put some results after you updated your patch. 14:27:07 <tuhv> yushiro, Actually this patch is the latest 14:27:10 <njohnston> hoangcx: agreed, I would definitely like it to land in Ocata if possible 14:27:16 <xgerman> +1 14:27:18 <yushiro> tuhv, aha. OK. 14:27:19 <tuhv> yushiro, so you can test now 14:27:43 <tuhv> njohnston, thank you 14:28:08 <njohnston> tuhv: thank you for working on this! 14:28:11 <njohnston> #topic bugs 14:28:13 <hoangcx> njohnston, xgerman large scale system need this one :-) 14:28:31 <njohnston> so there are a number of bugs 14:28:54 <njohnston> yushiro: would you mind leading us through this? I believe you have been the main bugsquasher 14:29:10 <yushiro> njohnston, OK. let me explain current progress. 14:29:21 <yushiro> #link https://review.openstack.org/#/c/423229/ 14:29:50 <yushiro> This patch needs to discuss parameters for 'protocol' in firewall_rule. 14:29:58 <SridarK> yushiro: yes 14:30:17 <SridarK> I just wanted to clarify this as on my comment 14:30:42 <yushiro> SridarK, yes. Let's discuss in opendiscussion. 14:30:48 <SridarK> ok 14:31:00 <yushiro> 2nd: OSC plugin bug will be fixed. Thanks all! 14:31:26 <yushiro> #link https://review.openstack.org/#/c/424534/ 14:31:52 <yushiro> Yesterday, I put this PS for 'public' attribute. 14:32:04 <yushiro> Thanks for your attention, njohnston and xgerman . 14:32:35 <yushiro> This patch can use 'puglic' attribute like 'shared'. 14:33:21 <njohnston> so the reason this is needed is because rbac feature considers 'shared' to be a special case? 14:33:29 <xgerman> yep 14:33:45 <xgerman> it finds everyhting for a tenant + what is shared 14:33:49 <njohnston> do we depend on the logic rbac uses in this case? 14:34:08 <xgerman> unless we do our own DB queries - yes 14:34:14 <njohnston> ok 14:34:24 <xgerman> but I am not sure why this would bomb update? 14:34:34 <yushiro> njohnston, I think so. now, this patch are missing for rbac feature. 14:35:13 <yushiro> Currently, rbac feature does not support fwaas. So, in order to verify this behavior, following procedures are necessary.(IMO) 14:35:37 <xgerman> also I forgot what the difference between shared and public was… 14:35:44 <yushiro> 1. need to apply German's patch. 2. Enable to load neutron-fwaas.json for UT. 14:36:12 <yushiro> xgerman, TBH, I was thinking 'public' is totally same as 'shared'. 14:36:21 <SridarK> xgerman: that is what confuses me on public 14:36:21 <yushiro> s/is/was 14:36:28 <SridarK> yushiro: yes 14:36:33 <SridarK> tht is what i thought 14:36:38 <SridarK> so i am confused here 14:36:49 <xgerman> so kf we rename public -> shared in DB we are good? 14:37:10 <njohnston> it seems like it 14:37:22 <xgerman> that seems like the easiest fix 14:37:29 <SridarK> hmm 14:38:13 <yushiro> xgerman, yes definitely. but I think it seems a little complexity between DB colomn and resource_attribute_map. 14:39:19 <xgerman> well, if we are confused so will be our users 14:39:26 <SridarK> +1 14:39:29 <njohnston> +1 14:39:32 <yushiro> +1 14:39:38 <yushiro> indeed. 14:39:56 <SridarK> i always thought public was the new approach from shared 14:39:57 <njohnston> let's talk about this on #openstack-fwaas after the meeting and sort it out 14:40:03 <SridarK> yes 14:40:07 <yushiro> OK, that's all bug for me. However, there are some bugs in fwaas.https://review.openstack.org/#/q/project:openstack/neutron-fwaas+status:open 14:40:56 <yushiro> But others are not so urgent I think. 14:41:10 <njohnston> #link https://bugs.launchpad.net/neutron/+bugs?field.tag=fwaas launchpad list of fwaas bugs 14:41:49 <yushiro> njohnston, aha, thanks. 14:42:19 <yushiro> Unfortunately, I don't have privilege to mark 'bug priority' on launchpad. 14:42:49 <njohnston> let me know, I can do it 14:43:05 <yushiro> njohnston, thanks. 14:43:16 <njohnston> (benefits of having been neutron bug deputy, I highly recommend it) 14:44:31 <yushiro> so, any other question? 14:44:38 <njohnston> specific bugs I am tracking 14:44:45 <njohnston> #link https://bugs.launchpad.net/neutron/+bug/1658817 14:44:45 <openstack> Launchpad bug 1658817 in neutron "_make_firewall_dict_with_rules gets FW rules one by one from db " [Undecided,In progress] - Assigned to Cedric Brandily (cbrandily) 14:44:59 <njohnston> this looks like a good speed optimization 14:45:18 <njohnston> #link https://review.openstack.org/424361 Optimize _make_firewall_dict_with_rules db queries 14:45:24 <xgerman> +1 14:45:52 <yushiro> ah yes. This patch decrease DB access. I think this is good patch :) 14:46:26 <njohnston> and 14:46:31 <njohnston> #link https://bugs.launchpad.net/neutron/+bug/1618244 14:46:31 <openstack> Launchpad bug 1618244 in neutron "Possible scale issues with neutron-fwaas requesting all tenants with firewalls after RPC failures" [Undecided,In progress] - Assigned to Bertrand Lallau (bertrand-lallau) 14:46:31 <SridarK> yes indeed - took a look at it and is a neat fix - just wanted to give it a more careful look 14:46:49 <njohnston> also being actively worked 14:46:51 <njohnston> #link https://review.openstack.org/424551 14:47:04 <xgerman> Bertrand and Cedric are good guys 14:47:19 <njohnston> indeed, they look to be doing very good work 14:47:34 <yushiro> yes. 14:47:45 <xgerman> they did some stuff for LBaaS… 14:48:31 <njohnston> those both look important and I hope to shepherd them into Ocata 14:48:39 <xgerman> +1 14:48:46 <yushiro> yes. 14:48:50 <SridarK> yes agreed 14:48:58 <njohnston> does anyone else have any bugs they would like to discuss? brenda_? 14:50:56 <njohnston> #topic open discussion 14:51:46 <yushiro> FYI: I dropped travel support program for PTG :( But I'll try to negotiate my manager to go to PTG. 14:51:47 <njohnston> does anyone have anything else they would like to discuss? 14:52:13 <SridarK> I have been pulled into something critical on the work front - so if there is something important any of u have been waiting on from me - pls shoot me an email or ping me. 14:52:15 <njohnston> yushiro: good luck! I hope to see you there 14:52:26 <yushiro> njohnston, me too :) 14:52:28 <njohnston> thanks, SridarK, I hope it goes well for you 14:52:33 <SridarK> yushiro: i hope u can make it 14:52:41 <yushiro> yes. 14:52:59 <SridarK> njohnston: thx hopefully by end of this week should be back to normal 14:53:11 <xgerman> I got approved last Friday for PTG 14:53:14 <yushiro> SridarK, OK. 14:53:22 <njohnston> excellent xgerman! 14:53:26 <SridarK> cool 14:53:26 <yushiro> xgerman, congurat!! 14:53:41 <xgerman> thanks 14:53:59 <xgerman> now we need to think about Boston 14:54:03 <SridarK> I will be there from Wed - morn of Fri 14:54:18 <xgerman> Mon-Fr 14:54:26 <xgerman> need to stop by the ansible team 14:54:34 <yushiro> SridarK, can I discuss https://review.openstack.org/#/c/424068/ at #openstack-fwaas after this meeting? 14:54:39 <njohnston> Wed - Friday, leaving Saturday 14:54:40 <SridarK> njohnston: xgerman: (and hopefully yushiro:) we can try to thrash out some Pike priorities 14:54:46 <SridarK> yushiro: yes 14:54:47 <xgerman> awesome 14:54:53 <njohnston> SridarK: yes 14:54:56 <yushiro> SridarK, sure. 14:54:57 <xgerman> also Boston presentation deadline is 2/6? 14:55:14 <SridarK> yes lets discuss that quickly 14:55:17 <yushiro> ye 14:55:27 <SridarK> how abt at the bare minimum a talk proposal ? 14:55:40 <xgerman> +1 14:55:43 <SridarK> njohnston: u indicated that u are not sure about Boston 14:55:55 <SridarK> but would this help 14:55:55 <njohnston> I don't think I will be approved for Boston 14:56:02 <SridarK> :-( 14:56:06 <xgerman> :-( 14:56:09 <yushiro> wow.. 14:56:15 <SridarK> ok let me put together a talk proposal 14:56:17 <xgerman> and you are east coast! 14:57:05 <njohnston> travel 4x/year is too much, they will do 2x... and I said if I had to pick it'd be the PTGs 14:57:33 <xgerman> makes sense 14:57:40 <SridarK> the 4x travel is not flying well in most places 14:57:53 <SridarK> i am hoping we can go back to the prev format 14:58:11 <xgerman> with the midcycles it always had been 4 times 14:58:33 <SridarK> the midcycles were less formal 14:58:48 <SridarK> and with a more targetted audience 14:59:01 <xgerman> yep 14:59:03 <njohnston> I never got approved to go to the midcycles 14:59:17 <SridarK> 1 min warning 14:59:35 <njohnston> thanks all, we shall continue on the fwaas channel 14:59:38 <brenda_> can I discuss https://review.openstack.org/#/c/423161/ after the meeting? 14:59:50 <SridarK> ok thanks all 14:59:55 <njohnston> sure thing brenda_, on #openstack-fwaas 15:00:04 <yushiro> Thanks all. Bye! 15:00:07 <njohnston> #endmeeting