#openstack-meeting-4 log

14:00:11 <xgerman> #startmeeting fwaas
14:00:13 <yushiro> hi
14:00:15 <openstack> Meeting started Tue Feb 14 14:00:11 2017 UTC and is due to finish in 60 minutes.  The chair is xgerman. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:16 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:18 <chandanc_> Hello All
14:00:19 <xgerman> hi
14:00:20 <openstack> The meeting name has been set to 'fwaas'
14:00:20 <njohnston> o/
14:00:41 <xgerman> #chair njohnston yushiro sridark
14:00:43 <openstack> Warning: Nick not in channel: sridark
14:00:44 <openstack> Current chairs: njohnston sridark xgerman yushiro
14:00:59 <tuhv> hi all
14:01:19 <reedip_> A lot.of.stuff going on,here in proxy
14:01:56 <xgerman> #topic FWaaS v2
14:02:19 <xgerman> Neutron patch below is underway. Complexity with managing UT failures, Chandan is working on it.
14:02:33 <xgerman> #link https://review.openstack.org/348177
14:02:55 <chandanc_> Ya, i have fixed most of the minor comments
14:03:02 <xgerman> +1
14:03:36 <chandanc_> i would like to test the integration with the l2 driver before making changes to the UT to match my expected output
14:03:39 <xgerman> we need to aim to land that before work on #link https://review.openstack.org/#/c/388398/ starts
14:03:55 <xgerman> chandanc_ that sounds sane
14:04:26 <chandanc_> If anyone has some free cycle they can get in to testing too
14:04:41 <xgerman> #chair njohnston yushiro SridarK_
14:04:42 <openstack> Current chairs: SridarK_ njohnston sridark xgerman yushiro
14:04:47 <yushiro> Hi SridarK_
14:04:52 <SridarK_> Hi All sorry to be late - will be lurking as i have a conflict
14:05:00 <xgerman> ok, no worries
14:05:04 <yushiro> No problem :)
14:05:16 <xgerman> chandanc_ I will see if I can give it a spin
14:05:23 <chandanc_> sure xgerman
14:05:33 <SridarK_> chandanc_: ^^ me too will keep u updated
14:05:43 <chandanc_> sure SridarK_
14:06:17 <xgerman> At a logical point will cut over to making sure that the L2 driver – L2 Agent integration works – SridarK to help with a setup to start integration tests.
14:06:32 <xgerman> #action SridarK to help with a setup to start integration tests.
14:06:59 <xgerman> #link  https://review.openstack.org/361071
14:07:26 <xgerman> that would be huge if we can get that working
14:07:30 <chandanc_> I had a discussion with paddu, yushiro and SridarK_
14:07:49 <xgerman> cool
14:08:12 <chandanc_> Paddu had some doubts on the agent extension updates
14:08:19 <xgerman> #link  https://review.openstack.org/323971
14:08:43 <vks1> hi
14:09:19 <chandanc_> we now have a better understanding, i might need to update the patch once paddu comes back
14:09:34 <chandanc_> as of now no update on that patch,
14:09:51 <xgerman> that would be great. I also owe you a better understanding what we do with address-pairs
14:10:15 <xgerman> and the “pseudo-port” since we use the ports IP in our model
14:10:32 <chandanc_> sure, if you will summarize in a mail that will be great :)
14:10:38 <xgerman> k
14:11:24 <xgerman> #link https://review.openstack.org/#/c/425769/
14:11:34 <xgerman> Applying default firewall group logic will add
14:11:53 <xgerman> I think we are close here
14:12:25 <yushiro> xgerman, aha, "applying default firewall group logic" will be added in https://review.openstack.org/323971
14:13:19 <xgerman> ok, so we should add a depends-on tag
14:13:30 <yushiro> xgerman, Yes.
14:14:10 <xgerman> also Cedric said something about quotas
14:14:30 <reedip_> Which patch, xgerman
14:14:37 <reedip_> For quotas
14:14:43 <yushiro> xgerman, yes, we should take care about quotas with default firewall group.
14:15:00 <xgerman> reedip_ https://review.openstack.org/#/c/425769/
14:15:07 <yushiro> In addition, cedric and I are discussing about thread-safe for creating default firewall group.
14:15:17 <xgerman> oh, that, too
14:15:20 <reedip_> Will check that xgerman, thnx
14:15:29 <xgerman> I always forget about that ;-)
14:15:34 <yushiro> reedip_, sounds good :)
14:16:34 <yushiro> So, I need reviews about thread-safe..
14:16:56 <xgerman> there is some oslo_concurrent thing…
14:17:05 <xgerman> but will have a look
14:17:19 <xgerman> #topic Stadium Compliance
14:17:22 <yushiro> xgerman, yeah.  Thanks. It'll be helpful for me.
14:17:56 <xgerman> #link https://review.openstack.org/#/c/394619/
14:18:33 <xgerman> #link https://review.openstack.org/421534
14:18:41 <xgerman> #link https://review.openstack.org/421472
14:18:43 <yushiro> njohnston, Has OSC been released?
14:19:02 <reedip_> No
14:19:14 <yushiro> reedip_, aha, thanks.
14:19:36 <yushiro> So, we should wait for that.
14:19:42 <yushiro> OK, I understand.
14:19:51 <xgerman> should be soon. I think RC-phase ends this week
14:20:08 <njohnston> +1
14:20:41 <reedip_> Have you guys seen the postmortem report from armax
14:20:51 <xgerman> no
14:21:00 <yushiro> No not yet.
14:21:14 <xgerman> reedip_ you have a link?
14:21:16 <reedip_> It highlights whAt need to be done for fwaas and whats done in stadium for
14:21:27 <xgerman> that sounds very relevant for us
14:21:43 <reedip_> xgerman: not right now, shopping :(
14:21:53 <xgerman> ok
14:22:06 <yushiro> https://review.openstack.org/#/c/425990/  this one?
14:22:13 * xgerman things reedip_ is not shopping for himself
14:22:18 <reedip_> You can find it in the pipermail , ocata stadium postmoretm
14:22:38 <xgerman> yushiro looks like it
14:22:48 <xgerman> #link https://review.openstack.org/#/c/425990/
14:22:55 <njohnston> correct
14:23:51 <xgerman> Let’s digest that and then we can talk about next week face2face
14:24:38 <yushiro> Hsure
14:24:40 <yushiro> sure
14:24:47 <xgerman> #action read the post mortem
14:24:56 <xgerman> #topic performance improvement for v2
14:25:17 <xgerman> yushiro you have the floor
14:25:18 <tuhv> Hi
14:25:29 <yushiro> xgerman, OK.
14:25:47 <yushiro> tuhv, Is there some updates?
14:26:00 <tuhv> yushiro, yes
14:26:16 <tuhv> I have updated a patch to make it configurable
14:26:32 <tuhv> so the operators can switch between 2 drivers
14:26:37 <reedip_> xgerman: not for myself, right
14:26:51 <tuhv> https://review.openstack.org/433598
14:27:03 <tuhv> both Cedric and Kevin are active in there,
14:28:11 <tuhv> When we see it is possible, we will have 2 alternatives for deleting conntrack entries in iptables-based firewall
14:28:35 <tuhv> Also, I have another patch about adding functional tests for netlink
14:28:36 <tuhv> https://review.openstack.org/#/c/432183/
14:29:10 <tuhv> It need the sudo privileged, I can run in local, but I don't know why it fails in gat
14:29:25 <tuhv> Maybe it should some more config
14:29:41 <tuhv> yushiro, do you have any comment?
14:30:15 <yushiro> tuhv, hmm, I'll take a look for gate failure.
14:30:25 <yushiro> tuhv, let me discuss about netlink patch in bugs topiic.
14:30:56 <tuhv> yushiro, please go ahead
14:31:22 <yushiro> tuhv, Currently, you reported about configurable patch and try to update, don't you?
14:31:43 <tuhv> yes, configurable patch and functional test patch
14:31:53 <yushiro> OK.
14:32:13 <yushiro> OK, Let's move on
14:32:21 <yushiro> #topic bugs
14:33:04 <yushiro> Today, cedric posted 1 bug-report:
14:33:13 <yushiro> #link https://bugs.launchpad.net/neutron/+bug/1664294:  Netlink solution not enough mature for Ocata (ZZelle)
14:33:13 <openstack> Launchpad bug 1664294 in neutron "Netlink solution not enough mature for Ocata" [Undecided,In progress] - Assigned to Cedric Brandily (cbrandily)
14:33:32 <yushiro> Is cedric(ZZelle) here?
14:34:46 <yushiro> So, current netlink patch for v1, there is no UTs and functional tests.  Therefore, tuhv is try to add some tests now.
14:35:32 <tuhv> yushiro, I would like to add functional tests first
14:36:09 <tuhv> the UTs of netlink_lib only covers the exception expections
14:36:48 <tuhv> because netlink_lib inhereted from some C libraries (nfct, libc) which are currently being used in conntrack-tools
14:37:28 <tuhv> yushiro, things we need now is how to config to get sudo privliged in gate
14:37:46 <xgerman> rootwrap?
14:38:11 <tuhv> xgerman, yes, I have tried to add https://review.openstack.org/#/c/432183/2/tools/deploy_rootwrap.sh
14:38:16 <yushiro> tuhv, hmm I don't think so.  UT is meaningful for return value/argument perspective.  I think UT is important same as functional test.
14:38:29 <xgerman> mmh
14:39:30 <tuhv> yushiro, UT in netlink_lib is not very important like you think. Because some UTs are under iptable_fwaas
14:40:40 <tuhv> xgerman, I think you have experience for deploy_rootwrap, so can you take a look at https://review.openstack.org/#/c/432183/
14:40:58 <xgerman> not really, but I can take a brief look
14:41:11 <tuhv> xgerman, thank you
14:41:28 <yushiro> tuhv, can you discuss later?
14:42:01 <tuhv> yushiro, ok,
14:42:20 <yushiro> OK.  So, anything discuss for other bugs?
14:43:33 <yushiro> OK,     #link https://review.openstack.org/#/c/423229/   Enable to filter correctly with 'public'  (yushiro)
14:44:00 <yushiro> reedip_, and I discussed with this bug.
14:44:18 <reedip_> Yes this is something I wanted to discuss
14:45:31 <yushiro> Currently, my patch will retrieve 'public' same as 'shared'.  However, I was told from reedip_ that these were different meaning.
14:45:48 <njohnston> they are?
14:46:24 <yushiro> njohnston, sorry.  'public' is different meaning for 'shared'.
14:46:44 <njohnston> in what way do they differ?
14:47:29 <hoangcx_> yushiro, reedip_ In my opinion, I think no difference between them.
14:47:33 <xgerman> +1
14:48:01 <hoangcx_> njohnston, +1
14:48:12 <reedip_> Shared means u r providing access to a resource to a grp of people
14:48:29 <reedip_> But its not accessible.to EVERYONE
14:48:42 <reedip_> Public means sharing the item.with everyone
14:49:11 <reedip_> Something like what happened with SHARED attribute of network and rbac implementation
14:49:41 <xgerman> ok, makes sense
14:50:46 <yushiro> reedip_, thanks for your explanation.
14:50:56 <njohnston> I guess I didn't pick up the nuance in the RBAC code that sharing was scoped to a set of those that were being shared to.
14:51:06 <njohnston> yes, thanks reedip_
14:51:10 <xgerman> +1
14:51:46 <hoangcx_> reedip_, +1 I see.
14:51:52 <xgerman> the whole thing might have gotten murky since we moved the different levels out of scope (e.g. cloud admin sets rules, tenant admin, user - and they can’t be changed by lower levels)
14:53:34 <yushiro> OK,
14:54:26 <yushiro> Please let me discuss more in #openstack-fwaas
14:54:34 <yushiro> going on next topic
14:54:41 <yushiro> #topic Open Discussion
14:54:59 <yushiro> PTG is next week(Wed-Fri)
14:55:24 <hoangcx_> Since PTG next week, So will we keep or skip next week team meeting?
14:55:43 <yushiro> hoangcx_, I just wanted to say about that :) thanks.
14:55:49 <reedip_> We can do a virtual meeting
14:55:50 <njohnston> probably makes sense to skip it
14:56:02 <yushiro> njohnston, +1
14:56:29 <xgerman> +1
14:56:40 <hoangcx_> NachoDuck, yushiro Got it :-)
14:57:03 <yushiro> OK, next week will skip.
14:57:07 <njohnston> as far as the stadium work, the main thing outstanding is https://review.openstack.org/421472
14:57:08 <hoangcx_> Oops s/NachoDuck/njohnston
14:57:36 <njohnston> I have had no time to look at why the extensions are not being recognized
14:57:50 <njohnston> but likely when that issue is fixed then it's almost done
14:57:57 <njohnston> if anyone wants to take a look, I invite you to
14:58:26 <yushiro> njohnston, good.
14:58:35 <yushiro> njohnston, will take a look!
14:58:42 <njohnston> thanks yushiro
14:58:50 <yushiro> 2 minutes left.
14:59:16 <yushiro> ZZelle, hi.  Can you discuss after this meeting on #openstack-fwaas ?
14:59:36 <yushiro> Hope to meet you in Atlanta!!  Please take care of yourself :)
14:59:46 * njohnston wishes all those travelling to the PTG great luck and hopes you will have a fun and productive time.
15:00:00 * njohnston wishes he could join you
15:00:01 <ZZelle> yushiro, yes, sorry for being late
15:00:05 <yushiro> njohnston, ++++++1
15:00:14 <yushiro> good
15:00:18 <yushiro> #endmeeting