#openstack-fwaas log

14:00:01 <SridarK> #startmeeting fwaas
14:00:01 <openstack> Meeting started Thu Apr  5 14:00:01 2018 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:02 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:04 <openstack> The meeting name has been set to 'fwaas'
14:00:10 <SridarK> #chair xgerman_ yushiro
14:00:11 <openstack> Current chairs: SridarK xgerman_ yushiro
14:00:32 <xgerman_> o/
14:00:40 <SridarK> yushiro: i see u are on sched but u ran the mtg last time too
14:00:55 <xgerman_> yeah. it’s my turn
14:01:01 <SridarK> ah ok
14:01:06 <SridarK> pls go ahead xgerman_
14:01:08 <xgerman_> #topic Announcements
14:01:11 <yushiro> Ah, Thanks SridarK and xgerman_
14:01:29 <xgerman_> So R-1 is in two weeks
14:01:36 <xgerman_> time flies —
14:01:42 <SridarK> :-)
14:02:12 <xgerman_> Also if you like to use your PTG code/speaker code for Vancouver registration - deadline is 5/11
14:04:04 <SridarK> Hope a few folks can make it to the summit
14:04:24 <xgerman_> there is some new proposal by keystone on how to do policies
14:04:31 <xgerman_> https://review.openstack.org/#/c/523973/
14:04:53 <xgerman_> with the goal to make it a community goal
14:05:51 <xgerman_> #topic AddressGroups
14:06:14 <doude> hi o/
14:06:21 <SridarK> I wonder if any of the submitters are here
14:06:49 <SridarK> I was hoping to see them here as in the response to the email
14:07:01 <xgerman_> We got approached by the OpenStack Financial Group and for them Address Groups are of uttermost importance and they filed spec
14:07:04 <xgerman_> #link https://review.openstack.org/#/c/557137
14:07:17 <wkite> i am here
14:07:26 <xgerman_> welcome
14:07:43 <yushiro> wkite, Hi.  Welocome to fwaas :)
14:07:52 <SridarK> ah great hi wkite
14:07:56 <xgerman_> Now we already had address groups in our original spec so I am questioning if we need a new spec - thoughts?
14:08:28 <SridarK> I think fundamentally we are in agreement on the feature
14:08:41 <SridarK> which is why we put it in the orig spec
14:08:46 <SridarK> but was lower priority
14:09:09 <SridarK> i think to xgerman_'s point we only need to figure out the process
14:09:24 <yushiro> SridarK, xgerman_ +1
14:09:28 <chandanc> +1
14:09:54 <SridarK> would a RFE be simpler to adapt the orig proposal
14:10:45 <wkite> the address of the orion spec does not support ip range objects and multi address groups in a rule.
14:11:32 <SridarK> wkite: agreed, that would be diffence with the new proposal
14:12:27 <xgerman_> well, our orig. spec is two years old so having a new one puts it top of mind
14:12:48 <wkite> should I modify the original spec?
14:13:46 <xgerman_> I think we can either do the RfE or a new spec — just wanted to get consensus what works best for everybody
14:14:09 <SridarK> An RFE will be simpler with the deviation proposed
14:14:21 <SridarK> but we should discuss the additional support
14:14:41 <SridarK> wkite: when do u want to target the feature implementation ?
14:15:26 <xgerman_> well, there is the R-2 deadline
14:16:06 <wkite> i wrote some codes for this implementation last two months.
14:16:42 <SridarK> wkite: ok but are u targetting to be in the R release or in the S after this cycle ?
14:17:09 <xgerman_> I would like to see it in R if possible
14:17:55 <xgerman_> but with Horizon/client/neutron-lib might be too many moving parts
14:18:03 <SridarK> xgerman_: +1
14:18:15 <yushiro> xgerman_, +1  Yes, it is not so small..
14:18:22 <wkite> xgerman_: +1
14:18:28 <SridarK> atlease will need to have OSC
14:18:40 <yushiro> SridarK, +1
14:18:52 <SridarK> wkite: also we will need to evaluate the driver side of things
14:19:10 <wkite> SridarK, +1
14:19:14 <chandanc> +1
14:19:16 <SridarK> maybe for now shall we continue the conversation on the spec
14:19:47 <xgerman_> +1
14:19:54 <SridarK> It seems the spec may be a better place to capture the comments than an RFE
14:20:03 <xgerman_> #action cores will review spec
14:20:11 <SridarK> xgerman_: +1
14:20:15 <yushiro> +1+1
14:21:03 <SridarK> wkite: lets do that then - we can continue on the spec
14:21:04 <wkite> +1
14:21:10 <njohnston> +1
14:21:20 <xgerman_> #topic Rocky
14:21:23 <SridarK> wkite: will u be able to attend this mtg going fwd ?
14:22:27 <wkite> mtg?
14:22:44 <xgerman_> our Thursday FWaaS meeting
14:22:51 <SridarK> xgerman_: +1
14:23:30 <wkite> no problem
14:23:35 <SridarK> ok great
14:23:37 <yushiro> wkite, http://eavesdrop.openstack.org/#Firewall_as_a_Service_(FWaaS)_Team_Meeting
14:24:18 <annp> +1
14:24:39 <xgerman_> 1. Pluggable backend driver https://review.openstack.org/#/c/480265/
14:24:45 <xgerman_> I have seen doude
14:24:55 <xgerman_> posting a new revision
14:25:11 <SridarK> doude: I will publish some comments soon - i am on the review
14:25:56 <yushiro> I've tested doube's patch with multi-nodes
14:26:06 <xgerman_> nice
14:26:14 <SridarK> yushiro: great, things good ?
14:27:07 <yushiro> SridarK, Yeah, but I found that there was an issue about devstack plugin.  Some configuration didn't set correctly in compute-node.
14:27:37 <doude> ok xgerman_
14:27:40 <SridarK> yushiro: hmm should we address that separately ?
14:28:00 <yushiro> SridarK, Yes, there is no relation with this patch.
14:28:09 <doude> yushiro: I saw you post some error log in the etherpad, did you find issues?
14:29:02 <yushiro> doude, Now I'm finding but I think there is no relation with this patch.
14:29:37 <doude> #link https://etherpad.openstack.org/p/fwaas-pluggable-backend-testing
14:29:48 <yushiro> chandanc, annp Did you remember this error message??  I think that was race:  OVSFWaaSPortNotFound: Port d74ff04c-4f81-459c-9f18-0b96f81a8c3c is not managed by this agent.
14:30:28 <chandanc> yushiro: sorry i dont remember, but can get back
14:30:41 <doude> ok yushiro
14:31:40 <yushiro> annp, Can you try to deploy multi-node with master branch?  I'd like to verify this error doesn't relate to doube's patch.
14:32:01 <annp> Yushiro, sure. I'll do it.
14:32:28 <annp> Yushiro, let's discuss tomorrow.  :-)
14:34:17 <xgerman_> 2. [WIP] Adds remote firewall group: https://review.openstack.org/521207
14:34:38 <yushiro> SridarK, in multi-node case, there was OVSFWaaSPortNotFound and changed "ERROR" status for fwg but finally will change "ACTIVE".  So, please let me check more..
14:35:03 <SridarK> yushiro: ok
14:37:47 <xgerman_> I am still aiming for R-2 but things have been busy
14:38:21 <SridarK> xgerman_: sounds good
14:38:30 <yushiro> +1
14:38:38 <xgerman_> 3. Logging for FWaaS(SPEC): https://review.openstack.org/#/c/509725/
14:39:21 <xgerman_> annp: and njohnston commented on that
14:39:35 <yushiro> annp, njohnston Thanks.
14:39:41 <xgerman_> +1
14:39:52 <xgerman_> it looks like we are close
14:40:04 <yushiro> annp, You specified iptables format by using NFLOG ?
14:40:14 <annp> yushiro,  you're welcome. :-)
14:40:59 <SridarK> and the plan is support L3 first ?
14:41:00 <annp> Yushiro,  yes. What do you think about iptables structure?
14:41:51 <yushiro> annp, I have some opinion.  But let's discuss after or tomorrow.
14:42:01 <annp> Sridark,  yes, we intend to support L3 first.
14:42:11 <SridarK> annp: thx
14:42:44 <annp> Yushiro, ok. Let's discuss in tomorrow.
14:42:53 <yushiro> If necessary, do we need to describe "L3 first" on the spec?
14:43:56 <annp> I think it should be mentioned in spec as our target in rocky
14:44:27 <SridarK> yushiro: annp: i will add a comment
14:44:27 <yushiro> OK
14:44:27 <annp> Do you think so?:)
14:44:35 <yushiro> SridarK, Thanks :)
14:44:49 <hoangcx_> I don't think we need to mention that in the spec
14:44:49 <annp> Sridark, thanks.
14:45:04 <SridarK> I think it will be good to call out the implementation phases
14:45:18 <SridarK> and then we can have reno cover some of it
14:45:18 <hoangcx_> +1
14:45:27 <xgerman_> +1
14:45:51 <SridarK> so we dont have to have a new spec for L2
14:46:00 <yushiro> Aha, OK.  Thanks hoangcx_
14:46:09 <hoangcx_> xgerman_: right, that is my opinion
14:47:12 <yushiro> OK, we can define "community decision".  Anyway, let's focus on L3 logging first :)
14:47:23 <xgerman_> +1
14:47:29 <xgerman_> code talks
14:47:36 <SridarK> :-)
14:48:52 <njohnston> :-)
14:50:01 <yushiro> welcome
14:50:27 <annp__> sorry, my connection is lost suddently. :(
14:50:36 <xgerman_> 4. policy-in-code: https://governance.openstack.org/tc/goals/queens/policy-in-code.html
14:50:56 <xgerman_> I think this relates to the link I posted earlier
14:51:14 <yushiro> yes
14:52:08 <xgerman_> so if we can defer until the dust settles that would be good — otherwise we might face rework
14:53:55 <xgerman_> ok, with 7 min left let’s move to
14:54:00 <xgerman_> #OpenDiscussion
14:54:11 <xgerman_> #topic OpenDiscussion
14:56:18 <yushiro> doude, I'll comment your patch ASAP if I finished multi-node testing.
14:56:57 <doude> great yushiro
14:57:01 <SridarK> doude: same here - just give me a day to finish
14:57:17 <doude> ok next week will be a busy week for me :)
14:57:17 <SridarK> Do folks have clarity on if they can make the summit
14:57:34 <SridarK> doude: :-) yes we will push for R-1
14:57:45 <yushiro> doude, +busy +1 :)
14:58:06 <xgerman_> I will be there at the summit
14:58:23 <yushiro> Next week, we can get reply from TSP.  Hopefully I can go there but not sure now...
14:58:52 <xgerman_> fingers crossed
14:59:33 <SridarK> that seems to be for everything now a days, my fingers are now realigned :-)
14:59:36 <yushiro> I wish!!
15:00:23 <xgerman_> yeah, they rebranded the local OpenStack meeting here as OpenInfrastructure
15:00:40 <SridarK> hmm very interesting
15:01:07 <xgerman_> time —
15:01:08 <yushiro> :)
15:01:10 <xgerman_> #endmeeting