#openstack-fwaas log

14:00:11 <SridarK> #startmeeting fwaas
14:00:11 <openstack> Meeting started Thu Mar 22 14:00:11 2018 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:13 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:17 <openstack> The meeting name has been set to 'fwaas'
14:00:29 <SridarK> #chair xgerman_ yushiro
14:00:33 <openstack> Current chairs: SridarK xgerman_ yushiro
14:01:08 <SridarK> lets wait a few mins for more folks to join
14:01:31 <SarathMekala> hi all o/
14:01:40 <yushiro> hi :)
14:01:51 <SarathMekala> hi yushiro
14:02:20 <SridarK> ok lets get started
14:02:37 <yushiro> Yes
14:02:58 <SridarK> #topic announcements
14:03:48 <SridarK> We had some issues with patches merging due to changes in dependencies - thankfully that is fixed and things are good now
14:04:00 <xgerman_> +1
14:04:06 <yushiro> :)
14:04:52 <SridarK> Also thx to Swami to get a longstanding DVR related issue (change to namespace naming) fixed
14:04:54 <SarathMekala> +1
14:05:20 <SridarK> I did not have anything else in particular
14:06:00 <xgerman_> Some cross openstack activities:
14:06:02 <xgerman_> https://review.openstack.org/#/c/531456
14:06:22 <xgerman_> and https://review.openstack.org/#/c/548916/
14:06:41 <xgerman_> One is for a uniform health check and the other chnages the maintenance window
14:07:15 <SridarK> thx xgerman_ for bringing this up for all of us to be aware
14:07:21 <yushiro> Yes.
14:07:35 <yushiro> Maybe it will discuss in Vancouver summit again.
14:07:48 <xgerman_> probably…
14:07:54 <SridarK> so once this is laid out - we will need to add some support for it
14:08:17 <SridarK> Having a uniform health check is great
14:08:24 <xgerman_> +1
14:09:16 <xgerman_> I hope that will extend to agents but we will see…
14:09:33 <amotoki> does anyone help http://lists.openstack.org/pipermail/openstack-operators/2018-March/015012.html?
14:09:42 <SridarK> xgerman_: +1
14:09:47 <amotoki> ahhhh... sorry for the meeting time
14:10:32 <SridarK> amotoki: thx for pointing out
14:10:33 <xgerman_> no, this is good info since I don’t subscribe to operators…
14:10:42 <SridarK> neither do i
14:10:49 <amotoki> let's discuss in open discussion
14:10:55 <xgerman_> +1
14:10:55 <SridarK> we will reach out to him
14:10:57 <yushiro> amotoki, thanks.  I didn't know about that.
14:10:58 <SridarK> amotoki: +1
14:11:05 <SridarK> Also as usual the clock keeps ticking and we keep getting older and R-1 is Apr 16 - 20
14:11:49 <SridarK> lets move on
14:11:59 <SridarK> #topic Rocky priorities
14:12:24 <annp_> may be we should unset port from default fwg first
14:12:52 <SridarK> annp_: possibly - lets pick it up in open discussion
14:13:08 <annp_> yeah.
14:13:13 <annp_> please go ahead
14:13:22 <SridarK> First up is Refactor for service driver pattern
14:13:25 <SridarK> doude:
14:13:29 <SridarK> pls go ahead
14:13:57 <SridarK> doude: i have started looking thru the patch - a bit slow on my part but i am on it
14:14:26 <SridarK> we will target this to get in before R-1
14:14:36 <yushiro> Yes
14:14:38 <xgerman_> +1
14:15:09 <SridarK> doude: anything u would like to add or discuss ?
14:16:03 <SridarK> ok lets move on - i think doude may have stepped away
14:16:37 <SridarK> BTW, I am trying to run thru #link https://etherpad.openstack.org/p/fwaas-rocky-planning
14:17:16 <xgerman_> we probably should make that the channel topic ;-)
14:17:32 <SridarK> xgerman_: +1
14:17:46 <SridarK> #topic tempest
14:18:10 <SridarK> I had volunteered on this - not much update this week
14:19:06 <SridarK> First step is to look at the changes to tempest - once I have a handle on that - will start some scenarios based on the manual testing we have been doing
14:19:44 <SridarK> #topic Remote FWG
14:19:48 <SridarK> xgerman_: pls go ahead
14:20:13 <xgerman_> I haven’t made much progress. Have been busy on urgent LBaaS stuff. I am hoping to get back to it next week…
14:20:37 <SridarK> sounds good xgerman_ - perhaps we can target R-2
14:20:51 <xgerman_> Yes. that’s probably safer
14:20:56 <SridarK> ok
14:21:11 <SridarK> #topic Horizon changes
14:21:30 <SridarK> SarathMekala: amotoki: pls go ahead
14:21:43 <amotoki> SarathMekala: you around?
14:21:52 <SarathMekala> yes amotoki
14:21:57 <SridarK> amotoki: has fixed a number of issues for Queens
14:22:32 <SridarK> so i think we need to validate where we are and see if there some things that are missing or need refactor
14:22:47 <amotoki> I fixed several issues I thought important, but you can still find several bugs
14:23:15 <amotoki> hopefully SarathMekala and others can work on them https://bugs.launchpad.net/neutron-fwaas-dashboard
14:23:26 <SridarK> amotoki: thx
14:23:33 <SarathMekala> amotoki: +1
14:23:34 <amotoki> I am happy to review and make suggestions
14:23:52 <SarathMekala> I will go through the fixes amotoki has done for Queens
14:24:14 <amotoki> SarathMekala: if you have questions, feel free to reach me
14:24:27 <yushiro> will help it !
14:24:31 <SarathMekala> I was looking at enhancing the port details shown in the "Add Port" drop down..
14:24:34 <SridarK> SarathMekala: ok we will need to see how things stand with the L2 support, Default FWG
14:24:38 <amotoki> in addition, please review mox removal https://review.openstack.org/#/q/status:open+project:openstack/neutron-fwaas-dashboard+branch:master+topic:mox-removal
14:25:36 <yushiro> amotoki, +1 OK
14:25:37 <amotoki> it is part of the community goal. you don't need to worry much about them. they are just changes on testing :)
14:25:41 <yushiro> will check it.
14:25:41 <SarathMekala> sure amotoki
14:25:49 <SridarK> amotoki: thx
14:25:57 <amotoki> juts housekeeping things
14:26:13 <SarathMekala> SridarK: will look at the areas you pointed out
14:26:23 <SridarK> ok thx SarathMekala
14:27:06 <SridarK> #topic DSCP filtering
14:27:34 <SridarK> This is something we can target - chandanc had some discussions with me on taking this on
14:27:52 <xgerman_> nice. so redip is not going to do it?
14:28:11 <yushiro> +1
14:28:18 <SridarK> xgerman_: i had mentioned to chandanc to check in with reedip as well
14:28:43 <xgerman_> ok, yes, redip has been quiet here so having some other point person is good
14:28:44 <SarathMekala> chandanc asked me to inform that he wont be albe to join the meeting today
14:28:50 <SridarK> but i think he has been busy with other stuff - since i dont see him in ou rmtgs
14:28:55 <xgerman_> +1
14:29:22 <SridarK> I can help with some of the plugin changes here
14:29:53 <SridarK> Since the RFE is approved - we can work towards a spec and outline the changes
14:30:11 <SridarK> Lets discuss more when chandanc is around
14:30:27 <njohnston_> Let me know how I can help out - DSCP filtering has been something I have been hoping for, for a long time
14:30:27 <xgerman_> +!
14:30:40 <xgerman_> njohnston_:  That would be great and appreciated
14:30:42 <SridarK> njohnston_: ok
14:30:48 <yushiro> :)
14:31:06 <njohnston_> DSCP filtering for firewalls was actually what got me into FWaaS in the first place :-)
14:31:30 <SridarK> njohnston_: same here - too and i filed the earlier bp :-)
14:31:43 <njohnston_> :-)
14:32:02 <yushiro> njohnston_, SridarK That's great! I will also help on that.
14:32:06 <amotoki> DSCP filtering might work, but I think we would like to know how it works from both fwaas and qos perspectives
14:32:15 <SridarK> ok
14:32:44 <SridarK> amotoki: yes and possibly that might be a good use case for the Common Classifier work too
14:32:54 <njohnston_> it definitely will, in the OVS case
14:33:06 <amotoki> yeah, in other words, operator perspective :)
14:33:15 <njohnston_> :-)
14:33:57 <yushiro> Yeah, good CCF case.
14:34:02 <SridarK> ok lets discuss more to outline the work items
14:34:27 <amotoki> do we have progress in CCF meetings or others?
14:34:56 <SridarK> amotoki: i think the last was the discussion at PTG with xgerman_ and yushiro
14:35:15 <xgerman_> yes, it was brief and we basically said yes, do it :-0
14:35:29 <SridarK> with CCF i think once the team is ready we can look at adopting
14:35:41 <amotoki> we haven't tracked it in the neutron team meeting, so I just wonder how we can move it forward in rocky
14:35:42 <SridarK> was qos the first adopter ?
14:36:01 <xgerman_> I think so…
14:36:51 <SridarK> njohnston: are u involved with the qos work ?
14:36:53 <amotoki> okay, it seems we need to raise it to the neutron meeting if we don't have good progress for a while
14:37:26 <njohnston> I've been out of the QoS game for a while, reengaging with them as well.  I'll ping some folks and check on it
14:37:26 <yushiro> OK, so I will try to reach out Isaku and David about current CCF progress.
14:37:38 <amotoki> yushiro: +1
14:37:41 <SridarK> njohnston: ok that will be good
14:37:52 <SridarK> amotoki: yushiro +1
14:37:53 <yushiro> hopefully, I'll invite them to this meeting.
14:38:46 <yushiro> amotoki, +1
14:38:58 <njohnston> I'm planning on going to their meeting next
14:39:16 <yushiro> njohnston, +1
14:39:19 <SridarK> My impression is that we can at least get a spec done in R and have a plan for implementation in S if not sooner
14:39:26 <xgerman_> +1
14:39:38 <SridarK> ok moving on
14:39:48 <amotoki> we seem to need a shared place to discuss it
14:39:51 <amotoki> totally agree
14:40:02 <amotoki> let's move on
14:40:05 <SridarK> #topic FWaaS logging
14:40:16 <SridarK> yushiro: pls go ahead
14:40:29 <yushiro> SridarK, OK
14:41:01 <yushiro> #link https://review.openstack.org/#/q/topic:bug/1720727+(status:open+OR+status:merged)
14:41:38 <yushiro> Cuong, annp_ , hoangcx and I are trying to implement fwaas logging.
14:41:48 <SridarK> +1
14:41:58 <amotoki> yushiro: what is the next stage of this?
14:42:02 <amotoki> yushiro: spec?
14:42:13 <yushiro> Currently, we're just staying until doube's patch.
14:42:25 <amotoki> I'd just to clarify what is the next step/
14:43:04 <annp_> I think spec is first step
14:43:16 <yushiro> amotoki, Ah, now we're ready for review spec.
14:43:33 <yushiro> Just a moment.
14:43:45 <SridarK> ok that is good - we can discuss/review when u are ready
14:43:50 <xgerman_> +1
14:44:01 <annp_> +1
14:44:15 <yushiro> #link https://review.openstack.org/#/c/509725/
14:44:31 <njohnston> +1
14:44:47 <amotoki> yushiro: common understanding helps us focus on important things(s). spec review 509725?
14:45:09 <SridarK> yushiro: thx
14:45:14 <yushiro> amotoki, Yes
14:45:31 <amotoki> yushiro's one seems our focus
14:45:54 <yushiro> Hopefully this spec will be merged until R-1.
14:46:21 <annp_> +1
14:46:28 <SridarK> yushiro: i think that is reasonable
14:46:50 <amotoki> looks good consensus
14:47:00 <yushiro> SridarK, Yes.  In addition, I'm glad to be merged doube's patch :)
14:47:25 <yushiro> during R-1.  That is "nice timing" :-)
14:47:32 <amotoki> yushiro: which do you mean by doube's patch?
14:48:13 <yushiro> amotoki, Sorry.  I mean https://review.openstack.org/#/c/480265/
14:48:39 <yushiro> plugable backend driver
14:48:46 <amotoki> yushiro: got it
14:48:57 <SridarK> yushiro: also i am thinking the fwaas logging will be similar in approach and work to the SG logging
14:49:23 <amotoki> (i haven't got how it is related to the logging spec though)
14:49:42 <SridarK> i am thinking at the driver level u may be able to leverage the SG work
14:49:56 <amotoki> SridarK: +1
14:51:00 <yushiro> SridarK, Yes, same approach.  So, in case of fwaas, our target is  L2 and L3.  L2 is totally similar for SG.
14:51:06 <amotoki> the API level topic and plugable backend driver topics needs to be discussed seperately
14:51:54 <yushiro> amotoki, Yes, there is no relation b/w pluggable backend driver and logging patch.  I just concerned about conflict/rebase work.
14:52:08 <SridarK> +1
14:52:09 <amotoki> yushiro: understandable
14:52:33 <yushiro> :)
14:53:00 <SridarK> ok lets move on
14:53:17 <SridarK> #topic Open Discussion
14:53:31 <amotoki> where do we maintain/collect meeting topics, wiki or etherpad? this is just a question.
14:53:59 <yushiro> amotoki, https://etherpad.openstack.org/p/fwaas-meeting   but currently, not so maintained ...
14:54:12 <SridarK> I dont see ndefigueiredo around so we will skip any discussion on stateless firewalling
14:54:16 <SridarK> yushiro: +1
14:54:35 <amotoki> thanks
14:54:48 <SridarK> amotoki: today i am focussing on some things we prioritized in #link https://etherpad.openstack.org/p/fwaas-rocky-planning
14:55:09 <amotoki> but it matches what http://eavesdrop.openstack.org/ says :)
14:55:16 <xgerman_> Let’s talk about libraries which should support FWaaS V2
14:55:31 <amotoki> go ahead
14:55:39 <SridarK> xgerman_: pls go ahead
14:55:40 <xgerman_> we need to get support into shade, gophercloud, heat, etc.
14:56:12 <amotoki> "libraries" seems to mean "python bindings"
14:56:41 <xgerman_> gophercloud is a Go binding but yes… end users often use automation
14:56:57 <xgerman_> so we need to figure out/track adoption
14:57:11 <njohnston> Fog would be nice as well for Ruby developers, I understand it has quite a wide base of use
14:57:44 <reedip_> Late as usual... :(
14:57:46 <yushiro> xgerman_, Just a question.  In order to support gophercloud for fwaas, do we need to add some codes/libraries into neutron-fwaas?
14:57:56 <amotoki> as you may know, shard has been merged into python-openstacksdk which will be renamed to 'openstacksdk' soon
14:57:57 <yushiro> hi reedip_ :)
14:58:07 <xgerman_> amotoki: +1
14:58:19 <amotoki> s/shard/shade/
14:58:22 <reedip_> Hi yushiro
14:58:27 <xgerman_> yushiro: no. But we need to track adoption and help with it as necessary
14:58:27 <njohnston> yushiro: no.  I've done some gophercloud development work, it's just managing the API calls and unmarshalling the output into go structs
14:58:51 <xgerman_> +1
14:59:05 <yushiro> njohnston, xgerman_ OK, thanks.
14:59:22 <amotoki> so, re: client bindings, we seem to track supports in various clients.
14:59:30 <xgerman_> yes.
14:59:51 <amotoki> for python stuffs, neutron team will cover this. we are planning to support fwaas in SDK in rocky hopefully
15:00:00 <xgerman_> sweet
15:00:10 <amotoki> any volunteers are welcome. feel free to contact me.
15:00:14 <reedip_> Openstack SDK?
15:00:19 <amotoki> yes
15:00:25 <reedip_> Oh cool
15:00:29 <SridarK> we are at time but give our monopoly on this channel - lets take a few mins to wrap up
15:00:29 <amotoki> slawek will support reviews much
15:00:47 <yushiro> amotoki, ping! sdk
15:01:16 <SridarK> xgerman_: can u pls track this as a topic for any work or investigation that is needed
15:01:21 <amotoki> yushiro: it is related to SDK and CLI. let's make good progress
15:01:31 <yushiro> OK
15:01:37 <xgerman_> SridarK: will add to our Rocky etherpad
15:01:54 <SridarK> great thx xgerman_ and we can scope
15:02:13 <xgerman_> yeah, or at least reach out to those communities and make them aware of FWaaS V2
15:02:19 <yushiro> annp_, can we discuss after this meeting about  http://lists.openstack.org/pipermail/openstack-operators/2018-March/015012.html?
15:02:30 <annp_> yes
15:02:32 <xgerman_> +!
15:02:35 <SridarK> amotoki: thx for the pointer to the issue reported on operators
15:02:37 <amotoki> good remindier :
15:02:39 <amotoki> :)
15:02:45 <yushiro> amotoki, Yes, thanks
15:02:50 <SridarK> will reach out
15:03:10 <annp_> I think currently we don't allow associated multiple fwg to a port
15:03:31 <amotoki> perhaps we seem to clarify our concept and what we support now
15:03:41 <SridarK> annp_: yes we dont support that
15:03:42 <yushiro> annp_, Yes, but this error "<port-id> is invalid" is different case I think.
15:04:21 <annp_> aha,
15:04:24 <SridarK> and i dont think it is related to def fwg
15:04:31 <reedip_> You might want to get some debug logs
15:04:31 <SridarK> as he tried with router port as well
15:04:37 <yushiro> I mean FirewallGroupPortInvalid is raised.
15:04:59 <amotoki> your point is correct. perhaps we haven't explained our concept yet :(
15:05:21 <annp_> ok, I got it. I didn't read careful, So sorry. :(
15:05:34 <yushiro> annp_, NP!
15:05:36 <amotoki> we would like to know how he was confused.
15:05:44 <amotoki> it will help us
15:05:50 <yushiro> Yes.
15:06:24 <SridarK> It seems like a fairly straight fwd application
15:06:38 <amotoki> yeah, let's ask him KINDLY :)
15:06:53 <SridarK> Must be something we are missing here
15:06:58 <SridarK> amotoki: ofcourse :-)
15:07:00 <yushiro> I'll track on this mail too.  I wonder he specified "router:gateway" ...  Anyway, yes, it's better to ask him :)
15:07:14 <xgerman_> +!
15:07:27 <annp_> +1
15:07:28 <SridarK> Ok will start a conversation and we can see how we can help
15:07:38 <SridarK> i think we need to get some details
15:07:40 <yushiro> Yes
15:07:45 <amotoki> though not directy related to fwaas, there were interesting posts in openstcak-operators ml recently
15:07:56 <SridarK> and hopefully sort it out quickly
15:08:04 <xgerman_> amotoki: tell us more ;-)
15:08:07 <amotoki> it would be nice if you have chances to subscribe
15:08:17 <xgerman_> yes, I will do so
15:08:22 <SridarK> +1
15:08:29 <yushiro> +1  will do !
15:08:48 <amotoki> surprisely, kevin is active on mailing lists this week :)
15:08:56 <SridarK> oh yes
15:09:00 <SridarK> i was wondering too
15:09:08 <SridarK> ok let me end the mtg
15:09:14 <amotoki> :)
15:09:16 <SridarK> thanks all for joining
15:09:23 <SridarK> we will track the user issue
15:09:28 <SridarK> #endmeeting