13:59:39 #startmeeting fwaas 13:59:41 Meeting started Thu Mar 29 13:59:39 2018 UTC and is due to finish in 60 minutes. The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:59:42 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:59:44 The meeting name has been set to 'fwaas' 13:59:47 o/ 13:59:52 #chair xgerman_ yushiro 13:59:53 Current chairs: SridarK xgerman_ yushiro 14:00:09 Hi 14:00:12 o/ 14:00:31 hmm oh i think xgerman_ ur turn ? 14:00:45 Yes, but I heard that xgerman_ is PTO. So, I will. 14:01:01 hmm ok 14:01:08 surely go ahead yushiro 14:01:18 OK, 14:01:30 #topic announcements 14:03:27 I have 1 suggestion for njohnston. Would it be possible to help chair for fwaas weekly meeting? 14:03:39 Sure! I can help with that. 14:04:09 njohnston, Thank you so much! I'll update the etherpad for chair round :) 14:04:15 Thanks! 14:04:19 yushiro: lets work thru this offline 14:04:35 SridarK, OK. 14:04:51 So, anything else to announcement? 14:05:01 s/announcement/announce 14:05:13 hmm nothing specific i can think off 14:05:24 SridarK, OK, thanks. 14:05:35 #topic Rocky 14:06:01 1. Pluggable backend driver https://review.openstack.org/#/c/480265/ 14:06:16 hi 14:06:30 doude: i am on it - a bit slow as i had to be out this week 14:06:44 I continued tests and I did not find any issue 14:06:51 i will get u first round of comments early next week 14:06:51 ok SridarK 14:07:02 right 14:07:07 doude: are u tracking the testing ? 14:07:23 doude, I'm watching your patch either. Now, I'm trying to deploy devstack with your patch. 14:07:23 I used the etherpad 14:07:45 I can give you my local.conf 14:08:02 doude: can u pls put it somewhere and point us to it 14:08:20 doude, Did you deploy multiple environment? I mean 2 nodes(controller + compute) 14:08:27 no 14:08:34 all-in-one node 14:08:42 I'll try to deploy 1.All-in-one and 2.multi-nodes 14:08:51 cool 14:09:00 yushiro: great - i think we defn want to cover the multinode 14:09:05 doude, OK, so it will be great if you share your local.conf 14:10:22 SridarK, Yees. After deployed multi-node, I'll try to run basically fwaas feature. 14:10:47 yushiro: +1 and lets exchange info on the etherpad 14:10:52 https://etherpad.openstack.org/p/fwaas-pluggable-backend-testing 14:11:15 doude, cool! 14:12:20 doude, OK, I'll try to test in multi-node environment either. 14:12:28 and will update the etherpad. 14:13:01 If all case has passed both All-in-one and multi-nodes, I'm OK to put +2 14:13:23 agreed 14:13:37 doude, Could you please paste your local.conf into https://etherpad.openstack.org/p/fwaas-pluggable-backend-testing ? 14:14:37 http://paste.openstack.org/show/717910/ 14:14:42 my local.conf 14:14:50 doude thx 14:15:28 doude, Thanks! 14:16:16 haha, I just opened link (www.local.conf) This is hyper link for your comment "my local.conf" 14:16:49 OK, let's move on. 14:17:14 2. [WIP] Adds remote firewall group: https://review.openstack.org/521207 14:17:43 I think there is no update for this patch as of now. 14:18:09 annp and I will follow. 14:18:24 next 14:18:37 3. Logging for FWaaS(SPEC): https://review.openstack.org/#/c/509725/ 14:18:46 +1 14:18:59 i think on the Remote fwg - xgerman_ mentioned targetting R-2 14:19:17 but sorry go ahead 14:19:41 SridarK, Yes, R-2 is. 14:20:05 I put some minor comments on this Spec. hoangcx will update ASAP :) 14:20:05 does that spec need to be refiled from specs/queens to specs/rocky? 14:20:23 njohnston, Ah, yes, correct 14:20:45 good catch :) 14:21:36 yushiro: and the plan is to target the implementation for R ? 14:21:51 njohnston, could you comment it on this spec as a reminder? 14:21:56 just did :-) 14:23:51 SridarK, Yes, will implement it R. In Rocky cycle, I'll try to focus on L3 logging only. I think it is possible to achieve... 14:24:15 ok that is good to stage it 14:24:30 Rocky: support L3 logging, "S" cycle: support L2 logging 14:25:59 OK, so forks please review the spec :) 14:26:17 Will do 14:26:21 +1 14:26:50 njohnston, THX!! 14:27:00 4. policy-in-code: https://governance.openstack.org/tc/goals/queens/policy-in-code.html 14:28:42 Sorry I'm not sure current status. Does anyone know about that? 14:29:44 Will take a look 14:30:24 SridarK, thanks 14:32:04 #topic Horizon support 14:32:34 Today, chandan and Sarath aren't here. 14:33:05 yes not sure 14:33:22 amotoki has pushed patch to remove 'mox': https://review.openstack.org/#/q/status:open+project:openstack/neutron-fwaas-dashboard+branch:master+topic:mox-removal 14:33:38 SarathMekala said he will look thru some of the missing pieces and review 14:33:41 lets wait on that 14:33:55 SridarK, Sure. 14:34:52 Regarding to Akihiro's patches, I just rebased and deploy devstack. It worked and I think there is no pleblem. 14:36:46 OK, let's move on. 14:37:02 #topic bugs 14:37:20 Today, I'd like to discuss about https://bugs.launchpad.net/neutron/+bug/1759773 14:37:21 Launchpad bug 1759773 in neutron "FWaaS: Invalid port error on associating L3 ports (Router in HA) to firewall group" [Undecided,Confirmed] - Assigned to Sridar Kandaswamy (skandasw) 14:37:32 thx yushiro 14:37:41 SridarK, plz go ahead. 14:37:59 so have had discussion with the submitter 14:38:22 and got some info from him which pointed to an issue on the validation code 14:38:41 we need to support HA configurations 14:39:08 putting a fix as such is quite straightfwd but will need to think thru the implications of HA 14:39:22 something we have not targetted till now 14:39:50 i mean fixing the validation is easy 14:40:01 but need to consider HA implications 14:40:11 will look thru more and update 14:40:46 once we have an handle we can look at backport strategy 14:41:09 the customer is in Ocata (so no backport is possible) but is willing to look to move to Queens 14:41:19 so they can get L2 support as well 14:41:23 ok i am done 14:41:38 SridarK, Thanks for your announcement! 14:42:22 As SridarK said, fix is so easy but need to verify with L3 HA environment. 14:43:09 Here is definitions of device_owner for L3: https://github.com/openstack/neutron-lib/blob/master/neutron_lib/constants.py 14:43:38 yushiro: +1 and we only validate basic Router interface 14:43:59 We are targetting to handle not only 'network:router_interface' but also 'network:router_ha_interface' 14:44:27 once the customer provided the port attributes - i could immediately see the issue on validation 14:45:11 'network:ha_router_replicated_interface' is for keepalive interface b/w HA routers I think. 14:45:36 I will propose a patch for fixing the validation - and we can discuss further 14:46:07 SridarK, OK, thanks. 14:47:12 Swami, Hi! Thanks for backporting https://review.openstack.org/#/c/554294/ 14:47:52 Swami: yes thx for taking care of the long standing DVR related fix 14:48:15 Swami: i think we had been out of sync with the ns changes 14:51:14 SridarK: no problem 14:51:27 yushiro: you are welcome 14:51:32 :) 14:51:56 #topic Open Discussion 14:53:14 ndefigueiredo is not here today.. He proposes stateless firewall: https://bugs.launchpad.net/neutron/+bug/1753466 14:53:15 Launchpad bug 1753466 in neutron "[RFE] Support stateless security groups" [Wishlist,Confirmed] - Assigned to Giel Dops (nuage.gieldops) 14:53:39 yes not sure on the approach with another bp in relation to SG 14:54:09 Yes,, 14:54:21 but last time ndefigueiredo felt that his thought was more in line with fwaas 14:55:07 +1 14:57:41 Is there much left as far as moving to neutron-lib? 14:58:32 njohnston: I am not sure much happened after u left 14:58:51 Ok, I may take a look 14:59:02 njohnston: but good point to do a scan, u had defnitely taken care of a lot of that 14:59:22 njohnston, I think this exception should move into neutron-lib :) https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/common/exceptions.py 15:00:03 I’ll take a look, thanks yushiro! 15:00:10 NP :) 15:00:22 Oh, this is our timelimit 15:00:25 #endmeeting