#openstack-fwaas log

14:01:24 <xgerman_> #startmeeting  fwaas
14:01:25 <openstack> Meeting started Thu Feb 15 14:01:24 2018 UTC and is due to finish in 60 minutes.  The chair is xgerman_. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:26 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:01:28 <openstack> The meeting name has been set to 'fwaas'
14:01:32 <xgerman_> #chair SridarK
14:01:32 <openstack> Current chairs: SridarK xgerman_
14:01:47 <xgerman_> yushiro can’t make it today…
14:02:15 <xgerman_> #topic Announcements
14:02:46 <xgerman_> PTG in Dublin coming up:
14:02:52 <xgerman_> #link https://etherpad.openstack.org/p/fwaas-rocky-planning
14:03:47 <xgerman_> RC1 went out last week - not sure if Neutron does an RC-2
14:04:17 <SridarK> Hopefully there are no critical issues
14:05:05 <xgerman_> +1
14:05:50 <xgerman_> Vancouver is coming up as well
14:05:53 <xgerman_> #link https://www.openstack.org/summit/vancouver-2018/
14:06:31 <chandanc> SridarK: xgerman_ are you goint to attend the summit ?
14:06:50 <SridarK> chandanc: yes i think i will make Vancouver
14:07:07 <chandanc> ok
14:07:08 <xgerman_> I put in two talks — if I get accepted I will be there and worst case self-fund
14:07:22 <SridarK> at least as of now - i did make the booking but who knows
14:07:33 <chandanc> :) all the best
14:07:34 <SridarK> chandanc: do u think u can make it ?
14:07:46 <chandanc> SridarK: i dont think i can
14:08:04 <xgerman_> you can always ask for travel support
14:08:09 <SridarK> ok i think budgets are tight for all
14:08:22 <chandanc> xgerman_: is that open to all ?
14:08:34 <chandanc> i though for Core devs
14:08:44 <xgerman_> I think it’s all
14:08:53 <chandanc> ok will try
14:08:54 <SridarK> chandanc: i think yushiro has used it in the past - so may know some details also
14:09:14 <xgerman_> I did, too, you fill out some form and they give you money or not
14:09:15 <chandanc> let me speak to him and find out
14:09:34 <xgerman_> but I only asked for hotel which is probably easier
14:09:45 <chandanc> let me check
14:09:59 <xgerman_> (since they have a number of rooms they need to fill)
14:10:17 <chandanc> :)
14:10:18 <xgerman_> aka money is already spent; flights are a different story
14:10:24 <chandanc> ok
14:10:46 <xgerman_> definitely worth a try ;-)
14:10:51 <SridarK> +1
14:10:57 <chandanc> ya xgerman_ +1
14:11:31 <xgerman_> #topic FWaaS Dashboard
14:11:49 <xgerman_> #link https://etherpad.openstack.org/p/fwaas-v2-dashboard
14:12:34 <xgerman_> We are still aiming to release a “Queens” version
14:13:22 <SridarK> I think among amotoki: 's list - #link https://review.openstack.org/#/c/541030/ was most important
14:13:43 <SridarK> I looked but will do some tests to understand more
14:14:09 <xgerman_> yes, makes sense
14:14:28 <SridarK> chandanc: if SarathMekala is available can u pls have him look too
14:14:59 <chandanc> SridarK: i spoke to him, he was busy with some work this week, but said he will review them
14:15:06 <SridarK> I think we will also need to support Default FWG
14:15:10 <SridarK> chandanc: ok cool thx
14:15:36 <xgerman_> that was working a while back…
14:16:05 <SridarK> ah so we had support already added in the Dashboard - sorry i had not tested that
14:16:19 <SridarK> will look
14:17:48 <xgerman_> well, it pulls up the groups on the ports — not sure how much changing they allow
14:18:55 <SridarK> ok we probab need something for admin role
14:19:07 <SridarK> let me check too and we can discuss
14:20:01 <xgerman_> +1
14:20:35 <chandanc> SridarK: xgerman_ as we are on the topic of dashboard, i have onne suggestion
14:20:43 <xgerman_> sure
14:21:15 <chandanc> As the creation of FWG by choosing individual ports is difficult, can we cllow creation of FWG based on VM metadata ?
14:21:43 <chandanc> like tags/base os(derived from image)/etc
14:21:43 <SridarK> ah interesting
14:22:03 <xgerman_> yes, we had some vm_name proposal in the Google doc
14:22:08 <chandanc> this is available on vmware for creation of SG
14:23:03 <chandanc> we can start a discussion, i think it is mostly UI change right ?
14:23:21 <chandanc> xgerman_: yes that too
14:24:30 <xgerman_> well, thinking of it that might also be an API thing so you cna have different default FWG based on OS…
14:24:54 <chandanc> yes, can be
14:25:16 <xgerman_> we should probably file an RfE for it and flesh it out further
14:25:31 <SridarK> maybe it can be at ui but u will want the non dasboard approach to also use it
14:25:41 <SridarK> so i am not so sure
14:25:43 <chandanc> only think that need to be verified is how to keep FWG updated
14:25:51 <chandanc> *thing
14:27:17 <xgerman_> When I understand you right if it’s say a WindowsVM you want an other Default FWG as opposed to a Linux VM
14:27:28 <chandanc> but the Default FWG association based on attributes can be done
14:27:37 <chandanc> actually iwas think more simple
14:27:50 <chandanc> now we create a fwg and add ports
14:28:00 <xgerman_> I don’t think we have that — right now we use the same Default FWG for all VM ports
14:28:16 <chandanc> waht i was thinking was to allow auery on vm attributes to gather port snd create FWG
14:28:45 <xgerman_> ah, so not automatically but user needs to do that
14:28:52 <chandanc> yes
14:29:02 <chandanc> just for the creation
14:29:14 <chandanc> but we can take it in steps
14:29:57 <SridarK> but we want this on when the VM comes up
14:30:06 <xgerman_> ok, I see benefits in both
14:30:29 <xgerman_> user wants to apply FWG to all vms with a certian property
14:30:53 <chandanc> SridarK: on boot it can be in Default FWG and then let the user update/create based on attributes for easy port selection
14:31:24 <SridarK> chandanc: yes defn leads to better user experience
14:31:46 <chandanc> ya, i think that part was only UI change
14:31:54 <xgerman_> yeah, as I said we should look into both… they are orthogonal
14:32:02 <xgerman_> chandanc: +1
14:32:06 <chandanc> +1
14:32:08 <SridarK> as it is defn harder for VM ports to go seek out ports
14:32:31 <SridarK> chandanc: may be we can discuss more on a google doc and then file a RFE
14:32:33 <chandanc> yes
14:32:41 <xgerman_> SridarK: +1
14:32:43 <chandanc> sure
14:32:57 <xgerman_> we can add the UI one to the UI doc
14:33:37 <chandanc> yes
14:34:51 <xgerman_> now, If I had the link handy…
14:35:39 <chandanc> I can start a doc with the first draft
14:35:48 <xgerman_> sounds good
14:36:04 <xgerman_> #topic Service Driver Refactor
14:36:22 <xgerman_> trying to track that since it’s our R-1 goal
14:36:46 <xgerman_> I don’t think we have doude…
14:37:43 <SridarK> yes we seem to have lost him
14:38:18 <SridarK> but i think we have a plan and once the release is done - he can take it to drivers
14:38:18 <xgerman_> yeah, maybe next week…
14:38:28 <xgerman_> SridarK: +1
14:38:50 <xgerman_> #topic remote FWG
14:38:55 <xgerman_> #link https://review.openstack.org/#/c/521207/
14:39:16 <xgerman_> now as we have the neutron_lib changes unit tests pass :-)
14:39:52 <xgerman_> I will try to get the other tests to work, too… and then I need to figure out how to get the ports into OVS
14:40:52 <chandanc> xgerman_: for remote FWG, am i correctly in thinking that the RFWG will define the source/dest ip address in a rule
14:41:50 <xgerman_> well, the remote FWG contains ports and ports have the IP — so if we could do port that might be better but is only L2
14:42:34 <xgerman_> I am not sure if ports can change their IP easily
14:42:50 <chandanc> oh ok got it
14:43:11 <SridarK> If i am not mistaken - we are stating "traffic from any port that is a member of the Remote FWG" is allowed
14:43:22 <SridarK> for processing the FWG
14:43:48 <SridarK> * processing in the FWG
14:43:51 <xgerman_> it’s on a rule so the traffic specified in that rule ;-)
14:44:12 <SridarK> oh yes
14:44:20 <SridarK> on the rule
14:44:53 <chandanc> hmm, will have to think 🤔
14:45:30 <xgerman_> yep, I will see how SecurityGroup solves that ;-)
14:45:40 <doude> Hi sorry just realized my irc bouncer was down
14:45:50 <chandanc> xgerman_: +1
14:46:17 <xgerman_> doude: no worries we have time to revisit
14:46:28 <doude> ok
14:46:39 <SridarK> ok i think we can move on this and we dont really need another RFE
14:46:53 <xgerman_> +1
14:46:55 <xgerman_> #topic Service Driver Refactor
14:46:58 <SridarK> xgerman_: since this is part of the spec
14:47:09 <xgerman_> +!
14:48:23 <xgerman_> ok, doude go ahead
14:49:47 <doude> nothing much to say
14:50:00 <doude> I did nt have time to work on FWaaS since last week
14:50:16 <doude> I plan to do the RFE tomorrow
14:50:34 <xgerman_> Sounds good.
14:50:34 <doude> and look on the rebasing work after
14:50:59 <doude> that's all for me
14:51:06 <xgerman_> Ok
14:51:45 <SridarK> doude: sounds good
14:51:47 <xgerman_> #topic Open Discussion
14:52:01 <chandanc> xgerman_: SridarK do we need doc for the service driver
14:52:27 <SridarK> doude: has a google doc already
14:52:39 <chandanc> oh, will take a look
14:53:05 <doude> yes linked in the launchpad bug
14:53:15 <chandanc> sure doude
14:53:26 <doude> http://john.bitsurge.net/public/biglist.p2p.gz
14:53:35 <doude> oops wrong url
14:53:36 <SridarK> doude: maybe all u need to do is to tag ur current bug with RFE ?
14:53:43 <doude> https://docs.google.com/presentation/d/1_9KkNgIbWYE6tucoym8N7J2xfcQ1XwN8Zuu-ALEUD3U/edit#slide=id.p
14:53:54 <doude> may be SridarK
14:54:04 <SridarK> xgerman_: do u think that should do ?
14:54:24 <doude> I have to document to know exactly what is a RFE
14:54:35 <doude> but yes if the bug is enough I can use as RFE
14:54:41 <SridarK> All u need is a tag
14:55:17 <SridarK> look at some neutron drivers mtg logs - and u can see what usually happens
14:55:20 <doude> https://bugs.launchpad.net/neutron/+bug/1702312
14:55:21 <openstack> Launchpad bug 1702312 in neutron "[FWaaS v2] Does not work with core plugin non based on Neutron DB model" [Undecided,In progress] - Assigned to Édouard Thuleau (ethuleau)
14:55:51 <xgerman_> yeah, that should be enough
14:56:30 <doude> ok so I can set the RFE tag myself?
14:56:39 <SridarK> doude: https://bugs.launchpad.net/neutron/+bug/1738738
14:56:40 <openstack> Launchpad bug 1738738 in neutron "[Neutron][Firewall] Extend FWaaS to provide DSCP filtering" [Wishlist,Confirmed] - Assigned to Reedip (reedip-banerjee)
14:57:12 <SridarK> i think u need to the put the tag in the title - maybe bad example
14:57:23 <xgerman_> yes, you cna set the tag and assign to yourself
14:57:34 <SridarK> i think if u look at neutron driver logs u can see some example
14:58:06 <xgerman_> +1
14:58:32 <xgerman_> also not sure when and if Neutron switches to storyboard
14:58:41 <xgerman_> (that’s another thing to watch out for)
14:58:49 <SridarK> oh ok
14:59:26 <doude> I updated it with prefix '[RFE]' in the title and the tag 'rfe'
14:59:31 <xgerman_> +1
14:59:38 <doude> and it was already assigned to me
14:59:38 <SridarK> +1
14:59:40 <xgerman_> that should do it ;-)
15:00:29 <xgerman_> #endmeeting