#openstack-fwaas log

14:02:24 <xgerman_> #startmeeting fwaas
14:02:25 <openstack> Meeting started Thu Oct  5 14:02:24 2017 UTC and is due to finish in 60 minutes.  The chair is xgerman_. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:02:27 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:02:29 <openstack> The meeting name has been set to 'fwaas'
14:02:55 <SridarK> i was curious if there is a convention on which channels are used for meetings
14:03:02 <xgerman_> #chair yushiro SridarK
14:03:03 <openstack> Current chairs: SridarK xgerman_ yushiro
14:03:17 <SridarK> of course scheduling is not an issue here
14:03:23 <xgerman_> #topic Announcements
14:03:33 <xgerman_> We have a new meeting time ;-)
14:03:57 <HoloIRCUser> Hi
14:04:35 <xgerman_> Netwon EOL is next week 10/13
14:04:52 <HoloIRCUser> K
14:04:54 <xgerman_> and Q1 is 10/16-20
14:05:21 <xgerman_> so coming up rapidly - in two weeks if I am keeping track
14:05:40 <xgerman_> #link https://releases.openstack.org/queens/schedule.html
14:05:50 <yushiro> Yes,
14:06:26 <xgerman_> time flies…
14:07:03 <xgerman_> oh, I think next PTG is in Dublin and 2018 Fall OpenStack summit in Berlin
14:07:24 <SridarK> we have a few milestones we should try to get in by Q1
14:07:30 <xgerman_> indeed
14:07:43 <xgerman_> let’s start with our usual topics
14:07:45 <xgerman_> #topic L2 Support
14:08:39 <xgerman_> yushiro pls. go ahead
14:08:54 <yushiro> xgerman_, OK
14:09:13 <yushiro> Inessa and annp, thanks for ur great update.
14:09:18 <xgerman_> +1
14:09:27 <annp> yushiro,  you're welcome.
14:09:30 <yushiro> #link https://review.openstack.org/#/c/323971/
14:09:48 <yushiro> We're much more better in shape now.
14:09:53 <SridarK> +1
14:09:59 <xgerman_> +1
14:10:02 <SridarK> yushiro: shall we target some testing
14:10:07 <SridarK> are we ready for that
14:10:22 <annp> i think yes.
14:10:30 <yushiro> SridarK, Yes
14:10:31 <SridarK> annp: ok
14:10:42 <yushiro> annp, but i think we should update on my comment.
14:10:45 <yushiro> at first.
14:10:50 <annp> But i have once concerning related yushiro comment
14:11:04 <xgerman_> awesome — I think to hit the milestone I am ok with just having unit tests…
14:11:05 <SridarK> ok lets cover integration testing after the driver status
14:11:14 <annp> https://review.openstack.org/#/c/323971/59/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py@267
14:11:24 <annp> could you take a look at it?
14:11:33 <yushiro> annp, would it be possible to discuss after this meeting ??
14:11:52 <annp> ok, lets discuss later.
14:11:58 <xgerman_> ok, sounds good
14:12:00 <yushiro> annp, OK,  thanks.
14:12:08 <annp> please go ahead
14:12:09 <xgerman_> we can always do in Open Discussion if we have time
14:13:01 <yushiro> remaining points are  1. changing status logic  and 2.avoid 'PENDING_xxx' status with some error.
14:13:49 <yushiro> Sorry, I tried to write etherpad for local.conf with devstack, but I couldn't.  SridarK , could you tell me a link for etherpad again?
14:14:12 <yushiro> So, that's all for l2-agent side.  Next is ovs driver side.
14:14:23 <SridarK> #link https://etherpad.openstack.org/p/fwaas-v2-l2
14:14:26 <yushiro> #linkc https://review.openstack.org/#/c/447251/
14:14:31 <yushiro> SridarK, thank you so much!
14:14:39 <SridarK> lets use the etherpad to communicate as well
14:14:43 <SridarK> yushiro: thx
14:16:12 <yushiro> I tested in devstack with ovs driver PS33, it seems to work correctly.
14:16:23 <yushiro> annp, could you try it again with latest devstack?
14:16:59 <xgerman_> try: https://raw.githubusercontent.com/xgerman/devstack_deploy/master/stackme.sh && chmod +x stackme.sh && vi stackme.sh && ./stackme.sh
14:17:24 <yushiro> oops, sorry.  PS34
14:17:27 <annp> actually, I tested it again. But the result same my previous comment
14:18:15 <annp> I have a stupid question, Did you configure firewall_l2_driver = ovs?
14:18:47 <yushiro> Yes, exactly.  I configured firewall_l2_driver = ovs.
14:19:23 <yushiro> OK, please revert PS34 and modify test code.
14:19:25 <HoloIRCUser> : Reedip here
14:19:33 <xgerman_> o/
14:19:48 <annp> Ok, tomorrow, I will try it again.
14:19:51 <yushiro> hi reedip.  I didn't know that :)
14:19:54 <HoloIRCUser> I am driving to a family function so will catch the logs once I reach
14:20:04 <yushiro> chandanc, hi
14:20:09 <chandanc> Hello
14:20:19 <yushiro> good timing, chandanc  :)
14:20:26 <HoloIRCUser> Sorry for the last minute update
14:20:36 <yushiro> we were talking about ovs driver patch.
14:20:38 <chandanc> I just got to know from SridarK
14:20:49 <chandanc> ok yushiro
14:21:02 <chandanc> I saw the changes done
14:21:05 <annp> hi chandanc
14:21:15 <chandanc> did the race condition change done ?
14:21:20 <chandanc> hello annp
14:23:09 <annp> actually, I think we should decide using local vlan idea or keep get_tag_from_other_config same as ovsfw
14:23:54 <yushiro> chandanc and I discussed in previous cycle about that.  I think it's better to use local vlan idea first.
14:23:56 <chandanc> i thought the other_config is not updated by the time we(driver) are called
14:24:05 <annp> Because if we keep get_tag_from_other_config function, we don't need local vlan function
14:24:56 <annp> I think same, chandanc.
14:26:06 <yushiro> sorry, could you tell me which your opinion is?
14:26:44 <xgerman_> if the other_cobfig is not updated in time that doesn’t make it the best way to go forward… guess vlan is safest
14:26:46 <chandanc> annp i just forwarded the old mail thread i had with yushiro
14:26:58 <chandanc> should give some context to you
14:27:05 <annp> From my opinion, I think we should come up with loccal vlan
14:27:34 <yushiro> chandanc, Ah, it's better :)
14:27:36 <annp> chandanc, thanks. i will check it tomorrow.
14:27:39 <chandanc> annp, i think we are not on the same page
14:27:45 <xgerman_> given we only have two weeks until Q-1 we should just run with something and adjust later
14:28:03 <yushiro> +1
14:28:14 <chandanc> anyways, have a look at the mail. We can then quickly converge
14:28:20 <xgerman_> +1
14:28:48 <chandanc> agree
14:29:03 <annp> chandanc, lets me understand the context. Thanks.
14:29:03 <SridarK> chandanc: will sync with u offline but is there a specific workflow that would cause an issue
14:29:49 <chandanc> l2 agent allocates a local vlan, then calls extensions, then updates the ovsdb with the allocated local vlan
14:30:11 <chandanc> by the time extension calls the driver the local vlan is not in the ovsdb
14:31:01 <xgerman_> mmh, I think the l2-agent needs to change to be a bit more accomodating…
14:31:10 <chandanc> workaround is for the extension to directly get the local vlan from l2 agent
14:31:48 <chandanc> need to pass the config to the extensions
14:31:54 <chandanc> xgerman_: +1
14:31:54 <SridarK> ok
14:32:13 <xgerman_> ok, we can propose a patch along those lines to Neutron
14:32:47 <yushiro> OK,
14:32:56 <chandanc> ya we can, the workaround was a shortcut :)
14:33:17 <xgerman_> sounds like a plan…
14:33:51 <yushiro> OK, let's use local vlan initial release.
14:34:02 <SridarK> would it be feasible kick off some integration (fwaas l2 agent and ovs driver) with the workaround
14:34:06 <xgerman_> +1 and propose changes to l2-agent
14:34:18 <annp> +1 yushiro
14:34:44 <chandanc> SridarK: the workaround was part of the patch, we can revert that change
14:35:00 <SridarK> chandanc: ok lets test with that
14:35:26 <xgerman_> yes, let’s continue with what we have and work in. parallel on the l2-agent patch-solution
14:35:37 <chandanc> ok
14:35:48 <yushiro> In my understanding, L2-agent already inmplented local vlan. So, please align with ovs driver part.
14:37:00 <yushiro> anyway, let's discuss after :)
14:37:07 <yushiro> xgerman_, sorry, please go ahead
14:37:15 <annp> yes. l2 agent already implemented local vlan
14:37:44 <xgerman_> ok, moving on
14:37:45 <xgerman_> #topic FWaaS Dashboard
14:38:27 <xgerman_> amotoki yt?
14:38:30 <yushiro> #link https://review.openstack.org/#/c/475840/
14:38:49 <yushiro> Sarath ?
14:39:02 <SridarK> SarathMekala is out today
14:39:11 <yushiro> SridarK, OK thanks.
14:39:12 <SridarK> he sent an email
14:39:13 <amotoki> i was on vacation last week, so I have no information to share
14:39:24 <yushiro> amotoki, nice vacation!!!
14:39:36 <xgerman_> pictures?
14:39:43 <amotoki> I wonder how we can move the work forward.
14:39:53 <SridarK> perhaps we can sync up offline and see what remains
14:39:56 <amotoki> we have several issues now on v2 dasbhoard
14:40:05 <SridarK> when SarathMekala is back too
14:40:20 <SridarK> amotoki: sorry pls go ahead
14:40:28 <yushiro> yes.  I and hoangcx are watching in v2 dashboard.
14:40:35 <amotoki> my suggestion is to merge the current version (with minimum fixes)
14:40:43 <amotoki> and file backlogs as bugs
14:40:50 <amotoki> and fix them
14:40:59 <amotoki> then cut a release
14:41:30 <amotoki> I am afraid it is not easy to track what are remaining and what are fixed already
14:41:38 <xgerman_> well, we should cut Q-1 with whatever we have — it’s better what’s there now
14:42:00 <SridarK> amotoki: ok lets sync up on email with SarathM, and quickly do a final round of tests
14:42:09 <SridarK> so we are aware of the limitations
14:42:17 <amotoki> actually neutron-fwaas-dashboard does uses cycle-with-milestone
14:42:34 <yushiro> OK.
14:42:41 <xgerman_> indeed - so we need to cut a release — question is do we merge it before then or not
14:42:49 <amotoki> so Q-1 is not applied. it is cycle-with-intermediary
14:43:18 <amotoki> cycle-with-intermediary is recommended to cut at least one release before Q-2
14:43:44 <yushiro> OK.
14:43:53 <amotoki> so Q-1 is not a big milestone
14:43:59 <SridarK> ok but if there are only minor issues lets try to get the patch in and fix bugs
14:44:00 <xgerman_> mmh, let’s follow SridarK’s suggestion and sync, catalog bugs, and release?
14:44:12 <xgerman_> SridarK +1
14:44:25 <amotoki> SridarK: +1
14:45:03 <SridarK> ok lets sync with SarathMekala in the next day and try to get it in by early next week
14:45:23 <xgerman_> +1
14:45:26 <yushiro> +1
14:45:38 <amotoki> agree
14:45:40 <amotoki> once the base patch lands, we can fix issues in parallel :)
14:45:41 <SridarK> I will get a round of testing on it tomorrow
14:46:09 <hoangcx_> amotoki: At lease basic functions should be done before landing
14:46:38 <amotoki> hoangcx_: basically yes.
14:46:52 <yushiro> maybe  we should focus on "'Add policy' endless loading bug" and "enable to select L2-port" in v2 dashboard..
14:46:53 <amotoki> precisely, all basic functions should work BEFORE RELEASE :)
14:47:04 <SridarK> hoangcx_: +1 basic things were ok on the last round of tests
14:47:10 <SridarK> yushiro: +1
14:47:17 <SridarK> amotoki: +1
14:47:25 <yushiro> hoangcx_, +1
14:47:47 <hoangcx_> amotoki: I will test it and give feedback by early next week for dashboard patch.
14:48:44 <xgerman_> k
14:49:01 <xgerman_> #topic Open Discussion
14:49:23 <yushiro> Can I have 1 topic?
14:49:27 <xgerman_> sure
14:49:42 <xgerman_> go ahead
14:49:46 <mlavalle> and I also want a few seconds after yushiro
14:49:52 <xgerman_> ok
14:50:07 <yushiro> hoangcx_, and I just posted firewall logging feature spec : https://review.openstack.org/#/c/509725/
14:51:03 <SridarK> ok
14:51:18 <xgerman_> yeah, will have a lokk
14:51:20 <yushiro> In queens-1, let's focus v2 functionality.  After that, I hope to start to extend this feature into fwaas. ( Of course logging feature is targetted on Queens-1)
14:51:22 <SridarK> extend the work u have done for SG ?
14:51:52 <SridarK> yushiro: sounds good
14:52:14 <yushiro> SridarK, not yet.  annp and I are working now but will be finished in Q-1 :
14:52:16 <xgerman_> +1
14:52:22 <yushiro> OK, that's all for me.
14:52:29 <yushiro> mlavalle, please go ahead :)
14:52:34 <xgerman_> +1
14:52:36 <mlavalle> my request is very similar
14:52:53 <mlavalle> would like some eyes on https://review.openstack.org/#/c/461657/
14:53:14 <mlavalle> zhaobo6 is ready to go as soon as the spec is approved
14:53:24 <SridarK> mlavalle: i added my self  - will look at the audit feature
14:53:39 <mlavalle> now tht we are talking post Q-1 milestone
14:53:42 <mlavalle> that's all
14:53:45 <mlavalle> Thanks!
14:53:46 <yushiro> mlavalle, me too.  Thanks for your notification :)
14:54:17 <yushiro> and I have one announce!
14:54:25 <xgerman_> sure
14:54:45 <yushiro> If guys can go sydney summit, please add your name in team etherpad :)
14:54:57 <mlavalle> I'll be there
14:54:57 <SridarK> +1
14:55:09 <amotoki> the team etherpad?
14:55:13 <yushiro> mlavalle, Yeah!
14:55:32 <yushiro> amotoki, oops, fwaas irc meeting's etherpad.
14:55:33 <xgerman_> I will skip (unless a super cheap flight shows up)
14:56:10 <yushiro> https://etherpad.openstack.org/p/fwaas-meeting
14:56:18 <amotoki> thanks
14:56:34 <xgerman_> ok, 4 min left — anyhting else?
14:56:43 <annp> Can We discuss about https://review.openstack.org/#/c/323971/59/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py@267?
14:56:49 <amotoki> seems L.98 of the etherpad (right now)
14:56:54 <yushiro> annp, sure
14:57:10 <annp> I think firewall group behavior quite strange
14:57:11 <yushiro> amotoki, correct!!!
14:57:32 * xgerman_ wonder if we need to stick to the times as we are in our won channel
14:58:22 <amotoki> xgerman_: good point! just a weak timekeeper :)
14:58:25 <SridarK> 24 x 7 fwaas meeting ? ;-)
14:58:30 <yushiro> hahaha
14:58:33 <annp> my question, why we don't rasie a exception some thing like Port in use, if a port already attached to a fwg?
14:59:03 <amotoki> annp: i think it is similar to SG behavior
14:59:22 <amotoki> a port bound to SG(s) can be deleted even it is associated
15:00:17 <amotoki> FWS just defines a behavior of the port, but IMHO the FWG should not block the port deletion.
15:00:21 <amotoki> does it make sense?
15:00:47 <amotoki> or are you talking about deleting FWG?
15:00:59 <annp> yes, It make sense. However, In yushiro case, it make me confused.
15:01:00 <yushiro> amotoki, Yes.  I agree with you.  Port can be deleted even if fwg is associated with.
15:01:27 <annp> I'm taking about firewall group update case
15:01:49 <SridarK> the plugin did have a check to ensure that a port can have only one fwg associated
15:02:15 <hoangcx_> xgerman_: Can we close meeting to not logged evadrop over 1h? Then we can continue discuss as offline :)
15:02:21 <SridarK> xgerman_: we are at time -
15:02:40 <SridarK> #endmeeting fwaas