14:01:24 <xgerman_> #startmeeting fwaas 14:01:25 <openstack> Meeting started Thu Feb 15 14:01:24 2018 UTC and is due to finish in 60 minutes. The chair is xgerman_. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:01:26 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:01:28 <openstack> The meeting name has been set to 'fwaas' 14:01:32 <xgerman_> #chair SridarK 14:01:32 <openstack> Current chairs: SridarK xgerman_ 14:01:47 <xgerman_> yushiro can’t make it today… 14:02:15 <xgerman_> #topic Announcements 14:02:46 <xgerman_> PTG in Dublin coming up: 14:02:52 <xgerman_> #link https://etherpad.openstack.org/p/fwaas-rocky-planning 14:03:47 <xgerman_> RC1 went out last week - not sure if Neutron does an RC-2 14:04:17 <SridarK> Hopefully there are no critical issues 14:05:05 <xgerman_> +1 14:05:50 <xgerman_> Vancouver is coming up as well 14:05:53 <xgerman_> #link https://www.openstack.org/summit/vancouver-2018/ 14:06:31 <chandanc> SridarK: xgerman_ are you goint to attend the summit ? 14:06:50 <SridarK> chandanc: yes i think i will make Vancouver 14:07:07 <chandanc> ok 14:07:08 <xgerman_> I put in two talks — if I get accepted I will be there and worst case self-fund 14:07:22 <SridarK> at least as of now - i did make the booking but who knows 14:07:33 <chandanc> :) all the best 14:07:34 <SridarK> chandanc: do u think u can make it ? 14:07:46 <chandanc> SridarK: i dont think i can 14:08:04 <xgerman_> you can always ask for travel support 14:08:09 <SridarK> ok i think budgets are tight for all 14:08:22 <chandanc> xgerman_: is that open to all ? 14:08:34 <chandanc> i though for Core devs 14:08:44 <xgerman_> I think it’s all 14:08:53 <chandanc> ok will try 14:08:54 <SridarK> chandanc: i think yushiro has used it in the past - so may know some details also 14:09:14 <xgerman_> I did, too, you fill out some form and they give you money or not 14:09:15 <chandanc> let me speak to him and find out 14:09:34 <xgerman_> but I only asked for hotel which is probably easier 14:09:45 <chandanc> let me check 14:09:59 <xgerman_> (since they have a number of rooms they need to fill) 14:10:17 <chandanc> :) 14:10:18 <xgerman_> aka money is already spent; flights are a different story 14:10:24 <chandanc> ok 14:10:46 <xgerman_> definitely worth a try ;-) 14:10:51 <SridarK> +1 14:10:57 <chandanc> ya xgerman_ +1 14:11:31 <xgerman_> #topic FWaaS Dashboard 14:11:49 <xgerman_> #link https://etherpad.openstack.org/p/fwaas-v2-dashboard 14:12:34 <xgerman_> We are still aiming to release a “Queens” version 14:13:22 <SridarK> I think among amotoki: 's list - #link https://review.openstack.org/#/c/541030/ was most important 14:13:43 <SridarK> I looked but will do some tests to understand more 14:14:09 <xgerman_> yes, makes sense 14:14:28 <SridarK> chandanc: if SarathMekala is available can u pls have him look too 14:14:59 <chandanc> SridarK: i spoke to him, he was busy with some work this week, but said he will review them 14:15:06 <SridarK> I think we will also need to support Default FWG 14:15:10 <SridarK> chandanc: ok cool thx 14:15:36 <xgerman_> that was working a while back… 14:16:05 <SridarK> ah so we had support already added in the Dashboard - sorry i had not tested that 14:16:19 <SridarK> will look 14:17:48 <xgerman_> well, it pulls up the groups on the ports — not sure how much changing they allow 14:18:55 <SridarK> ok we probab need something for admin role 14:19:07 <SridarK> let me check too and we can discuss 14:20:01 <xgerman_> +1 14:20:35 <chandanc> SridarK: xgerman_ as we are on the topic of dashboard, i have onne suggestion 14:20:43 <xgerman_> sure 14:21:15 <chandanc> As the creation of FWG by choosing individual ports is difficult, can we cllow creation of FWG based on VM metadata ? 14:21:43 <chandanc> like tags/base os(derived from image)/etc 14:21:43 <SridarK> ah interesting 14:22:03 <xgerman_> yes, we had some vm_name proposal in the Google doc 14:22:08 <chandanc> this is available on vmware for creation of SG 14:23:03 <chandanc> we can start a discussion, i think it is mostly UI change right ? 14:23:21 <chandanc> xgerman_: yes that too 14:24:30 <xgerman_> well, thinking of it that might also be an API thing so you cna have different default FWG based on OS… 14:24:54 <chandanc> yes, can be 14:25:16 <xgerman_> we should probably file an RfE for it and flesh it out further 14:25:31 <SridarK> maybe it can be at ui but u will want the non dasboard approach to also use it 14:25:41 <SridarK> so i am not so sure 14:25:43 <chandanc> only think that need to be verified is how to keep FWG updated 14:25:51 <chandanc> *thing 14:27:17 <xgerman_> When I understand you right if it’s say a WindowsVM you want an other Default FWG as opposed to a Linux VM 14:27:28 <chandanc> but the Default FWG association based on attributes can be done 14:27:37 <chandanc> actually iwas think more simple 14:27:50 <chandanc> now we create a fwg and add ports 14:28:00 <xgerman_> I don’t think we have that — right now we use the same Default FWG for all VM ports 14:28:16 <chandanc> waht i was thinking was to allow auery on vm attributes to gather port snd create FWG 14:28:45 <xgerman_> ah, so not automatically but user needs to do that 14:28:52 <chandanc> yes 14:29:02 <chandanc> just for the creation 14:29:14 <chandanc> but we can take it in steps 14:29:57 <SridarK> but we want this on when the VM comes up 14:30:06 <xgerman_> ok, I see benefits in both 14:30:29 <xgerman_> user wants to apply FWG to all vms with a certian property 14:30:53 <chandanc> SridarK: on boot it can be in Default FWG and then let the user update/create based on attributes for easy port selection 14:31:24 <SridarK> chandanc: yes defn leads to better user experience 14:31:46 <chandanc> ya, i think that part was only UI change 14:31:54 <xgerman_> yeah, as I said we should look into both… they are orthogonal 14:32:02 <xgerman_> chandanc: +1 14:32:06 <chandanc> +1 14:32:08 <SridarK> as it is defn harder for VM ports to go seek out ports 14:32:31 <SridarK> chandanc: may be we can discuss more on a google doc and then file a RFE 14:32:33 <chandanc> yes 14:32:41 <xgerman_> SridarK: +1 14:32:43 <chandanc> sure 14:32:57 <xgerman_> we can add the UI one to the UI doc 14:33:37 <chandanc> yes 14:34:51 <xgerman_> now, If I had the link handy… 14:35:39 <chandanc> I can start a doc with the first draft 14:35:48 <xgerman_> sounds good 14:36:04 <xgerman_> #topic Service Driver Refactor 14:36:22 <xgerman_> trying to track that since it’s our R-1 goal 14:36:46 <xgerman_> I don’t think we have doude… 14:37:43 <SridarK> yes we seem to have lost him 14:38:18 <SridarK> but i think we have a plan and once the release is done - he can take it to drivers 14:38:18 <xgerman_> yeah, maybe next week… 14:38:28 <xgerman_> SridarK: +1 14:38:50 <xgerman_> #topic remote FWG 14:38:55 <xgerman_> #link https://review.openstack.org/#/c/521207/ 14:39:16 <xgerman_> now as we have the neutron_lib changes unit tests pass :-) 14:39:52 <xgerman_> I will try to get the other tests to work, too… and then I need to figure out how to get the ports into OVS 14:40:52 <chandanc> xgerman_: for remote FWG, am i correctly in thinking that the RFWG will define the source/dest ip address in a rule 14:41:50 <xgerman_> well, the remote FWG contains ports and ports have the IP — so if we could do port that might be better but is only L2 14:42:34 <xgerman_> I am not sure if ports can change their IP easily 14:42:50 <chandanc> oh ok got it 14:43:11 <SridarK> If i am not mistaken - we are stating "traffic from any port that is a member of the Remote FWG" is allowed 14:43:22 <SridarK> for processing the FWG 14:43:48 <SridarK> * processing in the FWG 14:43:51 <xgerman_> it’s on a rule so the traffic specified in that rule ;-) 14:44:12 <SridarK> oh yes 14:44:20 <SridarK> on the rule 14:44:53 <chandanc> hmm, will have to think 🤔 14:45:30 <xgerman_> yep, I will see how SecurityGroup solves that ;-) 14:45:40 <doude> Hi sorry just realized my irc bouncer was down 14:45:50 <chandanc> xgerman_: +1 14:46:17 <xgerman_> doude: no worries we have time to revisit 14:46:28 <doude> ok 14:46:39 <SridarK> ok i think we can move on this and we dont really need another RFE 14:46:53 <xgerman_> +1 14:46:55 <xgerman_> #topic Service Driver Refactor 14:46:58 <SridarK> xgerman_: since this is part of the spec 14:47:09 <xgerman_> +! 14:48:23 <xgerman_> ok, doude go ahead 14:49:47 <doude> nothing much to say 14:50:00 <doude> I did nt have time to work on FWaaS since last week 14:50:16 <doude> I plan to do the RFE tomorrow 14:50:34 <xgerman_> Sounds good. 14:50:34 <doude> and look on the rebasing work after 14:50:59 <doude> that's all for me 14:51:06 <xgerman_> Ok 14:51:45 <SridarK> doude: sounds good 14:51:47 <xgerman_> #topic Open Discussion 14:52:01 <chandanc> xgerman_: SridarK do we need doc for the service driver 14:52:27 <SridarK> doude: has a google doc already 14:52:39 <chandanc> oh, will take a look 14:53:05 <doude> yes linked in the launchpad bug 14:53:15 <chandanc> sure doude 14:53:26 <doude> http://john.bitsurge.net/public/biglist.p2p.gz 14:53:35 <doude> oops wrong url 14:53:36 <SridarK> doude: maybe all u need to do is to tag ur current bug with RFE ? 14:53:43 <doude> https://docs.google.com/presentation/d/1_9KkNgIbWYE6tucoym8N7J2xfcQ1XwN8Zuu-ALEUD3U/edit#slide=id.p 14:53:54 <doude> may be SridarK 14:54:04 <SridarK> xgerman_: do u think that should do ? 14:54:24 <doude> I have to document to know exactly what is a RFE 14:54:35 <doude> but yes if the bug is enough I can use as RFE 14:54:41 <SridarK> All u need is a tag 14:55:17 <SridarK> look at some neutron drivers mtg logs - and u can see what usually happens 14:55:20 <doude> https://bugs.launchpad.net/neutron/+bug/1702312 14:55:21 <openstack> Launchpad bug 1702312 in neutron "[FWaaS v2] Does not work with core plugin non based on Neutron DB model" [Undecided,In progress] - Assigned to Édouard Thuleau (ethuleau) 14:55:51 <xgerman_> yeah, that should be enough 14:56:30 <doude> ok so I can set the RFE tag myself? 14:56:39 <SridarK> doude: https://bugs.launchpad.net/neutron/+bug/1738738 14:56:40 <openstack> Launchpad bug 1738738 in neutron "[Neutron][Firewall] Extend FWaaS to provide DSCP filtering" [Wishlist,Confirmed] - Assigned to Reedip (reedip-banerjee) 14:57:12 <SridarK> i think u need to the put the tag in the title - maybe bad example 14:57:23 <xgerman_> yes, you cna set the tag and assign to yourself 14:57:34 <SridarK> i think if u look at neutron driver logs u can see some example 14:58:06 <xgerman_> +1 14:58:32 <xgerman_> also not sure when and if Neutron switches to storyboard 14:58:41 <xgerman_> (that’s another thing to watch out for) 14:58:49 <SridarK> oh ok 14:59:26 <doude> I updated it with prefix '[RFE]' in the title and the tag 'rfe' 14:59:31 <xgerman_> +1 14:59:38 <doude> and it was already assigned to me 14:59:38 <SridarK> +1 14:59:40 <xgerman_> that should do it ;-) 15:00:29 <xgerman_> #endmeeting