#openstack-fwaas log

14:00:32 <yushiro> #startmeeting fwaas
14:00:37 <openstack> Meeting started Thu Nov  2 14:00:32 2017 UTC and is due to finish in 60 minutes.  The chair is yushiro. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:38 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:40 <openstack> The meeting name has been set to 'fwaas'
14:01:01 <yushiro> #chair xgerman_ yushiro
14:01:02 <openstack> Current chairs: xgerman_ yushiro
14:01:34 <yushiro> #chair SridarK
14:01:35 <openstack> Current chairs: SridarK xgerman_ yushiro
14:01:39 <SridarK> Hi FWaaS folks
14:01:46 <yushiro> OK folks, let's begin.
14:02:20 <yushiro> #topic Queens
14:03:11 <yushiro> L2-agent:  https://review.openstack.org/#/c/323971/
14:04:04 <xgerman_> o/
14:04:04 <yushiro> Sorry folks, I was in sick this week and there is no update..
14:04:10 <annp_> Regarding to L2 agent: i just added allowed_address_pairs and port_security_enabled to port_details
14:04:33 <yushiro> annp_, Great.  thanks.
14:04:43 <annp_> yushrio, i was in sick also :)
14:04:59 <yushiro> annp_, Really.  Please take care of it.
14:05:17 <SridarK> yushiro: annp_ hope u guys get better soon
14:05:19 <annp_> yushiro, yes. I got stomachache hichic
14:05:37 <yushiro> SridarK, Thank you so much.
14:05:45 <annp_> SridarK, thank so much.
14:05:51 <xgerman_> SridarK: +1
14:05:52 <SridarK> I have started a deployment and will run tests - i have been busy on some internal deadlines
14:05:54 <annp_> SridarK, thanks so much.
14:06:19 <yushiro> SridarK, OK.
14:06:24 <SridarK> yushiro: we can sync on Mon and look thru things and try to merge this next week
14:06:48 <yushiro> SridarK, Sure.  will do.
14:07:25 <yushiro> Hopefully we can meet in Sydney with fine condition :)
14:07:55 <yushiro> OVS based L2 firewall driver https://review.openstack.org/#/c/447251
14:08:51 <yushiro> Is there some update, annp_ ?  I think we're testing in current patch.
14:09:53 <annp_> Regarding to l2 driver, I have a concerning to egress_rules and ingress_rule
14:10:08 <annp_> chandanc, are you here?
14:10:39 <yushiro> SarathMekala, is chandan today ??
14:10:58 <annp_> yushiro, currently, I'm focusing to co-existence between sg and fwg
14:11:00 <SarathMekala> he said he will join..
14:11:11 <yushiro> SarathMekala, Good news. Thanks :)
14:11:35 <SarathMekala> I had a discussion in the morning :)
14:11:38 <annp_> yushiro, SarathMekala, Can you check my comments in l2 driver patch?
14:12:21 <annp_> Regarding to co-existence: i have a problem with conntrack
14:12:34 <yushiro> annp_, You commented that rules are reversing 'ingress -> egress', right?
14:12:50 <annp_> yushiro, yes!
14:13:02 <yushiro> annp_, Is it OVS side issue?  or firewall driver's issue?
14:14:06 <annp_> issue related to co-existence: when i create VM1 is attached to SGA and VM2 is attached to SGB
14:14:16 <annp_> SGA and SGB has icmp rule
14:14:43 <annp_> I attached VM1 to FWGA has icmp-allow,
14:14:57 <annp_> I try to ping from VM2 to VM1 it's ok.
14:15:39 <SridarK> annp_: the SGA & SGB - do they have a permit or deny ?
14:15:47 <SridarK> for icmp
14:16:32 <annp_> But when i delete icmp-allow in FWGA, i try to ping from vm2 to vm1, i expect we couldn't reachout VM1, but result not good\
14:16:58 <annp_> SridraK, in security group all rules are allow.
14:17:15 <SridarK> oh sorry SG ok
14:17:39 <annp_> conntrack state has been changed to +est-rep+rpl,
14:18:31 <annp_> I guess problem related to conntrack change from per port to per network
14:19:16 <annp_> https://github.com/openstack/neutron/commit/4f6aa3ffde2fd68b85bc5dfdaf6c2684931f3f61#diff-9639565b2ec91f2afe0f63f0cd4c189b
14:21:46 <yushiro> annp_, Hmm, OK.  But, is it possible to fix in firewall side?
14:22:05 <xgerman_> yeah, also why would our L2 not work per port?
14:22:32 <annp_> yushiro, I think we can fix that.
14:23:06 <annp_> xgerman_, yes. I'm thinking about that.
14:23:43 <yushiro> 'per port' is suitable I think.
14:24:07 <xgerman_> yeah, my understanding was that FWG and SG worked the same
14:24:12 <xgerman_> in L2
14:25:05 <annp_> xgerman_, yeah, i think so too. But i don't understand, why conntrack state change to OF_STATE_ESTABLISHED_REPLY
14:25:28 <annp_> https://review.openstack.org/#/c/447251/47/neutron_fwaas/services/firewall/drivers/linux/l2/openvswitch_firewall/firewall.py@646
14:26:19 <annp_> This flow made co-existence broken in above case!
14:26:19 <yushiro> annp_, Could you write down how to reproduce into the etherpad?  https://etherpad.openstack.org/p/fwaas-v2-l2
14:27:15 <annp_> yushiro, OK. I will do that now.
14:27:22 <yushiro> annp_, Thanks.
14:27:32 <annp_> Can we comeback this problem later?
14:27:39 <annp_> So Please go ahead
14:28:00 <yushiro> OK, let's move on.
14:28:00 <SridarK> annp_: do u need to pull in chandanc in to the discussion ?
14:28:58 <yushiro> +1, it's better to sync with chandan about that.
14:28:59 <annp_> SridarK, Yes. That's great!
14:29:27 <SarathMekala> annp_, will inform him... please send a mail with him in loop as well
14:29:35 <SridarK> annp_: maybe send an email out and sched a time for discussion
14:29:49 <SridarK> SarathMekala: ditto
14:30:18 <SarathMekala> :)
14:30:22 <yushiro> +1 It's better to paste etherpad link :)
14:30:40 <annp_> SridarK, SarathMekala, I will do on tomorrow. I'm in home now. :)
14:30:45 <SridarK> yushiro: maybe we can discuss on Mon as well - i am not too familiar with the driver changes
14:31:01 <SridarK> annp_: +1
14:31:16 <yushiro> SridarK, yes
14:31:25 <yushiro> #topic Horizon support
14:32:02 <yushiro> All of future improvements migrated into launchpad: https://bugs.launchpad.net/neutron-fwaas-dashboard
14:32:53 <yushiro> And sorry for late.  I've already pushed release for dashboard: https://review.openstack.org/#/c/516549/
14:33:09 <SarathMekala> +1 super
14:33:36 <xgerman_> +1
14:33:42 <SridarK> yushiro: thx
14:33:44 <yushiro> Regarding releasing, thanks for your +1.
14:34:48 <yushiro> Regarding v2 dashboard bugs on launchpad, there are 2 points.  'Bug' and 'improvement'.  as amotoki said, 'improvement' should be migrated into Blueprint.
14:35:12 <SarathMekala> I have started a google doc on the enhancements @ https://docs.google.com/document/d/1yKreFzwHsp-TMhB1xDH-EhGHBTGawFAaG1x6ukGJUK4/edit?usp=sharing
14:35:38 <SarathMekala> its still WIP.. once I get your suggestions will start a blueprint with it
14:35:50 <yushiro> SarathMekala, awesome!!!
14:35:59 <SridarK> SarathMekala: great
14:36:34 <yushiro> SarathMekala, I think it's much more better to refer related bug on launchpad :)
14:37:13 <SarathMekala> yushiro, sure.. I will do that
14:37:48 <yushiro> I'll also comment on your google doc :)
14:38:04 <SarathMekala> sure
14:38:12 <yushiro> SarathMekala, Can I paste google doc link on our weekly etherpad?
14:38:30 <SarathMekala> sure.. go ahead
14:38:35 <SridarK> yushiro: +1
14:39:02 <SarathMekala> even the etherpad needs some clean up.. I created some sections but could not fill them up
14:39:04 <yushiro> SarathMekala, done.
14:39:45 <SarathMekala> +1
14:40:15 <yushiro> OK, anything else to discuss about dashboard?
14:40:39 <SarathMekala> thats for now..
14:40:50 <yushiro> OK, let's move on.
14:40:51 <SarathMekala> amotoki, do you have anything to discuss?
14:41:31 <yushiro> I heard that amotoki has not good condition.  Maybe he is not here..
14:42:00 <SarathMekala> ok.. please carry on
14:42:10 <yushiro> #topic Stadium Compliance
14:43:10 <yushiro> reedip , I think you're busy before summit.  Do you have something to update?
14:43:24 <reedip_> i m late... sorry
14:43:53 <yushiro> reedip, OK.  Anything to discuss about Stadium Compliance?
14:44:56 <reedip_> nope, but I think there needs to be a report for fwaas, isnt it ? There were some migration patches ( where in neutron functions have been migrated to lib and the same are to be incorporated in our repo ) but I think they took a back seat some time back due to L2
14:45:49 <xgerman_> let’s get L2 done unless we get complains
14:45:53 <SridarK> i think most things are done except for the fullstack PS
14:46:03 <xgerman_> +1
14:46:05 <SridarK> and reedip_ started on that
14:46:35 <SridarK> but xgerman_ agreed on L2 priority
14:46:45 <reedip_> but I am stuck in that , needed some assistance a while back ... I havent been able to contrbute for some weeks owing to company work... but will start again on weekends and spare time :)
14:47:23 <xgerman_> any manager we know and can lean on ?
14:47:50 <SridarK> :-)
14:47:58 <reedip_> umm , not here , but dont worry , I have been multi tasking , so will be back from Saturday
14:48:13 <SridarK> reedip_: no worries - i think everyone is kind of in that boat
14:48:13 <reedip_> give me tomorrow :P
14:48:22 <reedip_> yeah, I know :D
14:48:24 <xgerman_> SridarK +1
14:48:34 <yushiro> wow, reedip_ you're preparing Sydney summit presentation, right?  multi-task!!
14:48:47 <reedip_> No , I am not coming to Sydney
14:48:56 <reedip_> travel not supported :(
14:49:04 <xgerman_> BTW: The foundation wants to play a more active role in devs getting support
14:49:11 <reedip_> I talked to mlavalle about someone else taking my session
14:49:31 <xgerman_> reedip
14:49:32 <yushiro> oh, really.  I've seen your presentation.  I see.
14:49:37 <reedip_> xgerman_ I hope so ... because the attrition is getting higher
14:50:08 <reedip_> yushiro : where ? Can you send the link ? I think I may have skipped it :)
14:50:21 <xgerman_> yeah,  if you need travel grants, etc. you can reach out to them
14:50:51 <reedip_> I dont think its possible now :)
14:50:57 <yushiro> https://www.openstack.org/summit/sydney-2017/summit-schedule/global-search?t=reedip
14:50:58 <reedip_> for sydney
14:51:42 <yushiro> You're moderator.
14:52:02 <yushiro> sorry, not prezentation but forum.
14:52:19 <reedip_> yeah, thats the catch :(
14:52:25 <xgerman_> yep — reedip_ give it a try — they might have hotel rooms they haven’t filled
14:53:23 <yushiro> :)
14:53:57 <reedip_> nevermind, next summit/PTG
14:54:27 <reedip_> xgerman_ btw I think the foundation would like to give travel grants to core devs ;)
14:54:28 <yushiro> #topic Open Discussion
14:54:35 <reedip_> for eg. Yushiro got it for PTG :)
14:54:53 <xgerman_> yeah, I got my fair share of grants, too
14:55:03 <xgerman_> but I am funded for Dublin ;-)
14:55:05 <yushiro> reedip_, yes, I was so lucky.
14:55:22 <xgerman_> +1
14:55:26 <yushiro> bzhao, Thanks for your update your audit notification spec.
14:55:38 <yushiro> bzhao, I'll check the latest version of your spec.
14:55:42 <reedip_> yushiro : we are doing open discussion :)
14:56:02 <yushiro> Yes :)
14:56:10 <reedip_> yeah , i need to get back to help bzhao .. he has been doing a lot of work on the specs , and I am not able to help him out
14:56:45 <SarathMekala> I reviewed the firewall audit spec and gave some comments today
14:56:48 <SarathMekala> please take a look
14:56:49 <xgerman_> I am a bit worried about availability zones in the spec.
14:57:01 <xgerman_> If somebody life migrates info becomes stale
14:57:08 <reedip_> hmm... xgerman ny reason
14:57:28 <reedip_> k
14:57:44 <yushiro> xgerman_, Yeah, I don't catch up a correct reason to handle 'availability_zone' either.
14:58:02 <yushiro> SarathMekala, Good :)
14:58:27 <xgerman_> yep,  the whole nova AZ, cell, etc. concept is pretty opaque to me
14:58:43 <yushiro> So, folks, how about next week's IRC meeting?
14:58:47 <xgerman_> and it seems to mean different things to different operators
14:58:57 <xgerman_> yushiro +1
14:59:08 <reedip_> lemme get an opinion on that from a nova core
14:59:28 <xgerman_> reedip_ +1
15:00:30 <SridarK> at time
15:00:31 <yushiro> Oh, it's time
15:00:38 <yushiro> #endmeeting