#openstack-fwaas log

13:59:39 <SridarK> #startmeeting fwaas
13:59:41 <openstack> Meeting started Thu Mar 29 13:59:39 2018 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:59:42 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:59:44 <openstack> The meeting name has been set to 'fwaas'
13:59:47 <njohnston> o/
13:59:52 <SridarK> #chair xgerman_ yushiro
13:59:53 <openstack> Current chairs: SridarK xgerman_ yushiro
14:00:09 <yushiro> Hi
14:00:12 <doude> o/
14:00:31 <SridarK> hmm oh i think xgerman_ ur turn ?
14:00:45 <yushiro> Yes, but I heard that xgerman_ is PTO.  So, I will.
14:01:01 <SridarK> hmm ok
14:01:08 <SridarK> surely go ahead yushiro
14:01:18 <yushiro> OK,
14:01:30 <yushiro> #topic announcements
14:03:27 <yushiro> I have 1 suggestion for njohnston.  Would it be possible to help chair for fwaas weekly meeting?
14:03:39 <njohnston> Sure!  I can help with that.
14:04:09 <yushiro> njohnston, Thank you so much!  I'll update the etherpad for chair round :)
14:04:15 <njohnston> Thanks!
14:04:19 <SridarK> yushiro: lets work thru this offline
14:04:35 <yushiro> SridarK, OK.
14:04:51 <yushiro> So, anything else to announcement?
14:05:01 <yushiro> s/announcement/announce
14:05:13 <SridarK> hmm nothing specific i can think off
14:05:24 <yushiro> SridarK, OK, thanks.
14:05:35 <yushiro> #topic Rocky
14:06:01 <yushiro> 1. Pluggable backend driver https://review.openstack.org/#/c/480265/
14:06:16 <doude> hi
14:06:30 <SridarK> doude: i am on it - a bit slow as i had to be out this week
14:06:44 <doude> I continued tests and I did not find any issue
14:06:51 <SridarK> i will get u first round of comments early next week
14:06:51 <doude> ok SridarK
14:07:02 <doude> right
14:07:07 <SridarK> doude: are u tracking the testing ?
14:07:23 <yushiro> doude, I'm watching your patch either.  Now, I'm trying to deploy devstack with your patch.
14:07:23 <doude> I used the etherpad
14:07:45 <doude> I can give you my local.conf
14:08:02 <SridarK> doude: can u pls put it somewhere and point us to it
14:08:20 <yushiro> doude, Did you deploy multiple environment?  I mean 2 nodes(controller + compute)
14:08:27 <doude> no
14:08:34 <doude> all-in-one node
14:08:42 <yushiro> I'll try to deploy 1.All-in-one and 2.multi-nodes
14:08:51 <doude> cool
14:09:00 <SridarK> yushiro: great - i think we defn want to cover the multinode
14:09:05 <yushiro> doude, OK, so it will be great if you share your local.conf
14:10:22 <yushiro> SridarK, Yees.  After deployed multi-node, I'll try to run basically fwaas feature.
14:10:47 <SridarK> yushiro: +1 and lets exchange info on the etherpad
14:10:52 <doude> https://etherpad.openstack.org/p/fwaas-pluggable-backend-testing
14:11:15 <yushiro> doude, cool!
14:12:20 <yushiro> doude, OK, I'll try to test in multi-node environment either.
14:12:28 <yushiro> and will update the etherpad.
14:13:01 <yushiro> If all case has passed both All-in-one and multi-nodes, I'm OK to put +2
14:13:23 <SridarK> agreed
14:13:37 <yushiro> doude, Could you please paste your local.conf into https://etherpad.openstack.org/p/fwaas-pluggable-backend-testing  ?
14:14:37 <doude> http://paste.openstack.org/show/717910/
14:14:42 <doude> my local.conf
14:14:50 <SridarK> doude thx
14:15:28 <yushiro> doude, Thanks!
14:16:16 <yushiro> haha, I just opened link  (www.local.conf)  This is hyper link for your comment "my local.conf"
14:16:49 <yushiro> OK, let's move on.
14:17:14 <yushiro> 2. [WIP] Adds remote firewall group: https://review.openstack.org/521207
14:17:43 <yushiro> I think there is no update for this patch as of now.
14:18:09 <yushiro> annp and I will follow.
14:18:24 <yushiro> next
14:18:37 <yushiro> 3. Logging for FWaaS(SPEC): https://review.openstack.org/#/c/509725/
14:18:46 <annp> +1
14:18:59 <SridarK> i think on the Remote fwg - xgerman_ mentioned targetting R-2
14:19:17 <SridarK> but sorry go ahead
14:19:41 <yushiro> SridarK, Yes, R-2  is.
14:20:05 <yushiro> I put some minor comments on this Spec.  hoangcx will update ASAP :)
14:20:05 <njohnston> does that spec need to be refiled from specs/queens to specs/rocky?
14:20:23 <yushiro> njohnston, Ah, yes, correct
14:20:45 <yushiro> good catch :)
14:21:36 <SridarK> yushiro: and the plan is to target the implementation for R ?
14:21:51 <yushiro> njohnston, could you comment it on this spec as a reminder?
14:21:56 <njohnston> just did :-)
14:23:51 <yushiro> SridarK, Yes, will implement it R.  In Rocky cycle, I'll try to focus on L3 logging only.  I think it is possible to achieve...
14:24:15 <SridarK> ok that is good to stage it
14:24:30 <yushiro> Rocky: support L3 logging,  "S" cycle: support L2 logging
14:25:59 <yushiro> OK, so forks please review the spec :)
14:26:17 <njohnston> Will do
14:26:21 <SridarK> +1
14:26:50 <yushiro> njohnston, THX!!
14:27:00 <yushiro> 4. policy-in-code: https://governance.openstack.org/tc/goals/queens/policy-in-code.html
14:28:42 <yushiro> Sorry I'm not sure current status.  Does anyone know about that?
14:29:44 <SridarK> Will take a look
14:30:24 <yushiro> SridarK, thanks
14:32:04 <yushiro> #topic Horizon support
14:32:34 <yushiro> Today, chandan and Sarath aren't here.
14:33:05 <SridarK> yes not sure
14:33:22 <yushiro> amotoki has pushed patch to remove 'mox': https://review.openstack.org/#/q/status:open+project:openstack/neutron-fwaas-dashboard+branch:master+topic:mox-removal
14:33:38 <SridarK> SarathMekala said he will look thru some of the missing pieces and review
14:33:41 <SridarK> lets wait on that
14:33:55 <yushiro> SridarK, Sure.
14:34:52 <yushiro> Regarding to Akihiro's patches, I just rebased and deploy devstack.  It worked and I think there is no pleblem.
14:36:46 <yushiro> OK, let's move on.
14:37:02 <yushiro> #topic bugs
14:37:20 <yushiro> Today, I'd like to discuss about https://bugs.launchpad.net/neutron/+bug/1759773
14:37:21 <openstack> Launchpad bug 1759773 in neutron "FWaaS: Invalid port error on associating L3 ports (Router in HA) to firewall group" [Undecided,Confirmed] - Assigned to Sridar Kandaswamy (skandasw)
14:37:32 <SridarK> thx yushiro
14:37:41 <yushiro> SridarK, plz go ahead.
14:37:59 <SridarK> so have had discussion with the submitter
14:38:22 <SridarK> and got some info from him which pointed to an issue on the validation code
14:38:41 <SridarK> we need to support HA configurations
14:39:08 <SridarK> putting a fix as such is quite straightfwd but will need to think thru the implications of HA
14:39:22 <SridarK> something we have not targetted till now
14:39:50 <SridarK> i mean fixing the validation is easy
14:40:01 <SridarK> but need to consider HA implications
14:40:11 <SridarK> will look thru more and update
14:40:46 <SridarK> once we have an handle we can look at backport strategy
14:41:09 <SridarK> the customer is in Ocata (so no backport is possible) but is willing to look to move to Queens
14:41:19 <SridarK> so they can get L2 support as well
14:41:23 <SridarK> ok i am done
14:41:38 <yushiro> SridarK, Thanks for your announcement!
14:42:22 <yushiro> As SridarK said, fix is so easy but need to verify with L3 HA environment.
14:43:09 <yushiro> Here is definitions of device_owner for L3: https://github.com/openstack/neutron-lib/blob/master/neutron_lib/constants.py
14:43:38 <SridarK> yushiro: +1 and we only validate basic Router interface
14:43:59 <yushiro> We are targetting to handle not only 'network:router_interface' but also 'network:router_ha_interface'
14:44:27 <SridarK> once the customer provided the port attributes - i could immediately see the issue on validation
14:45:11 <yushiro> 'network:ha_router_replicated_interface' is for keepalive interface b/w HA routers I think.
14:45:36 <SridarK> I will propose a patch for fixing the validation - and we can discuss further
14:46:07 <yushiro> SridarK, OK, thanks.
14:47:12 <yushiro> Swami, Hi!  Thanks for backporting https://review.openstack.org/#/c/554294/
14:47:52 <SridarK> Swami: yes thx for taking care of the long standing DVR related fix
14:48:15 <SridarK> Swami: i think we had been out of sync with the ns changes
14:51:14 <Swami> SridarK: no problem
14:51:27 <Swami> yushiro: you are welcome
14:51:32 <yushiro> :)
14:51:56 <yushiro> #topic Open Discussion
14:53:14 <yushiro> ndefigueiredo is not here today..  He proposes stateless firewall: https://bugs.launchpad.net/neutron/+bug/1753466
14:53:15 <openstack> Launchpad bug 1753466 in neutron "[RFE] Support stateless security groups" [Wishlist,Confirmed] - Assigned to Giel Dops (nuage.gieldops)
14:53:39 <SridarK> yes not sure on the approach with another bp in relation to SG
14:54:09 <yushiro> Yes,,
14:54:21 <SridarK> but last time ndefigueiredo felt that his thought was more in line with fwaas
14:55:07 <yushiro> +1
14:57:41 <njohnston> Is there much left as far as moving to neutron-lib?
14:58:32 <SridarK> njohnston: I am not sure much happened after u left
14:58:51 <njohnston> Ok, I may take a look
14:59:02 <SridarK> njohnston: but good point to do a scan, u had defnitely taken care of a lot of that
14:59:22 <yushiro> njohnston, I think this exception should move into neutron-lib :)  https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/common/exceptions.py
15:00:03 <njohnston> I’ll take a look, thanks yushiro!
15:00:10 <yushiro> NP :)
15:00:22 <yushiro> Oh, this is our timelimit
15:00:25 <yushiro> #endmeeting