#openstack-fwaas log

14:01:42 <SridarK> #startmeeting fwaas
14:01:43 <openstack> Meeting started Thu Jun 21 14:01:42 2018 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:44 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:01:47 <openstack> The meeting name has been set to 'fwaas'
14:01:54 <SridarK> #chair xgerman_
14:01:55 <openstack> Current chairs: SridarK xgerman_
14:02:33 <yushiro> Hi
14:02:40 <yushiro> Sorry I was late.
14:02:51 <xgerman_> #chairs yushiro
14:02:58 <xgerman_> #chair yushiro
14:02:59 <openstack> Current chairs: SridarK xgerman_ yushiro
14:03:16 <SridarK> ok lets get started
14:03:23 <SridarK> yushiro: ur turn today ?
14:03:38 <yushiro> Yes, SridarK .
14:03:46 <SridarK> yushiro: pls go ahead :-)
14:03:50 <yushiro> #topic announcements
14:04:42 <yushiro> Does anyone have any announcement?
14:04:57 <xgerman_> travel support for PTG ends 6/30 or so
14:05:33 <xgerman_> Programming Comittee nomination for Berlin end 6/28
14:05:40 <yushiro> xgerman_, +1 :)
14:05:48 <yushiro> #link https://www.openstack.org/ptg/#tab_travel
14:06:01 <annp> +1
14:06:14 <xgerman_> CfP for Berlin ends 7/17
14:06:32 <njohnston> o/
14:06:40 <xgerman_> and R3 is near
14:06:57 <yushiro> Ah, Yes.  That's a good information.  > CFP (7/17)
14:08:08 <yushiro> We're R-10 now : https://releases.openstack.org/rocky/schedule.html
14:08:32 <yushiro> OK
14:08:41 <yushiro> #topic Rocky
14:09:09 <yushiro> [WIP] Adds remote firewall group: https://review.openstack.org/521207
14:09:43 <yushiro> xgerman_, Please go ahead :)
14:10:25 <xgerman_> didn’t do much progress (internal priorities) but deployed FWaaS V2 with it and it ddn’t blow up
14:10:55 <yushiro> OK
14:11:59 <yushiro> In Japan, Jun is also very busy with another task(writing report and presentation to our boss or something...)
14:12:21 <yushiro> Haha, so, I'm glad to join today's meeting :p
14:12:43 <annp> yushiro, you're boss :D
14:12:44 <xgerman_> ;-)
14:12:50 <yushiro> Next.  Logging for FWaaS v2
14:13:04 <longkb> yushiro. I saw it. There is holiday this week in Japan
14:13:21 <yushiro> annp, Please go ahead
14:13:36 <yushiro> longkb, Yes,  Please keep in you mind :p
14:13:41 <longkb> hi folks, I am a new comer in fwaas, from Fujitsu Vietnam Limitted.
14:13:52 <SridarK> longkb: welcome
14:14:10 <longkb> SridarK, thanks
14:14:19 <annp> regards to logging, we're making progress.
14:15:04 <xgerman_> welcome
14:15:15 <longkb> thanks xgerman :)
14:15:45 <yushiro> welcome!! ( I knew it :p
14:15:49 <annp> I'd like to get your eyes in https://review.openstack.org/#/c/529814/ as first of serial logging
14:16:59 <annp> here is list patch for logging https://review.openstack.org/#/q/topic:bug/1720727+(status:open)
14:17:51 <annp> I'd like to get more review on https://review.openstack.org/#/c/574683/
14:18:11 <longkb> annp +1
14:18:20 <yushiro> Today, I had bandwidth for reviewing.  I'll review them.
14:18:41 <annp> yushiro, thank you so much .
14:18:57 <annp> That's all for firewall logging.
14:19:21 <annp> yushiro, please go ahead.
14:19:30 <yushiro> Again, we're targeting fwg L3 logging in this cycle(Rocky).
14:19:38 <yushiro> OK, thanks annp
14:19:48 <annp> yushiro, +1
14:19:54 <yushiro> #topic specs
14:20:06 <yushiro> (wkite) fwaas 2.0 address groups support  https://review.openstack.org/557137
14:20:34 <wkite> ok
14:21:27 <wkite> i have pushed some patches to gerrit.All the questions raised have been resolved.
14:21:39 <annp> wkite +1.
14:22:04 <yushiro> wkite, Could you reply my comments?
14:22:13 <yushiro> wkite, Thanks for your update.
14:22:38 <wkite> yushiro: All right. I'll get back to you as soon as possible.
14:22:45 <annp> wkite: will we start with l2 ovs reference implementation, right?
14:22:50 * mlavalle would like to bring up a point in the bugs section (if there is one) or in the open discussion section
14:23:24 <SridarK> wkite: thx once the comments are addressed - i think we can move fwd
14:24:17 <wkite> annp: I'm not sure ether I can do it.
14:24:24 <yushiro> mlavalle, Of course!!!!
14:24:33 <mlavalle> :-)
14:25:42 <yushiro> Let's review more on this SPEC>
14:25:57 <yushiro> #topic Horizon support
14:26:21 <annp> wkite: Let's discuss on gerrit. :)
14:26:23 <wkite> SridarK: +1
14:26:33 <SridarK> Oh looks like SarathMekala is not on today
14:26:34 <wkite> annp: ok
14:26:42 <yushiro> Sarath is not here today.  SridarK,did you get any reply from him?
14:26:52 <SridarK> yushiro: he did attend last week
14:27:12 <yushiro> SridarK, wow, sorry.  I missed it.
14:27:13 <SridarK> he is evaluating any gaps to be addressed in R
14:27:15 <amotoki> what are expected as feature gaps in the current v2.0 dashboard?
14:27:43 <SridarK> amotoki: i think we need to validate with L2 support - something Sarath was investigating
14:28:15 <SridarK> He mentioned he was in the tail end of an internal release - will follow up on this
14:28:20 <amotoki> yeah, L2 support is one of gaps. I am not sure we have others or not.
14:28:39 <SridarK> amotoki: i think most others u have squashed too
14:28:42 <longkb> SridarK: +1
14:29:09 <amotoki> I have no actual list of such gaps.
14:29:21 <SridarK> anyways let me check in and see if he can attend next week or provide an update on email
14:29:43 <amotoki> it would be nice if we have an up-to-date list :)
14:29:52 <SridarK> amotoki: +1
14:29:53 <yushiro> Aha.  Currently, fwaas dashboard can filter L2 port.  I cannot catch up the latest state for dashboard.  We need to enhance more regarding L2 port?
14:30:22 <xgerman_> we should show the compute name/id along port if available
14:30:32 <longkb> yushiro: IMO, we cannot add fwg to l2 port
14:30:41 <longkb> from Horizon
14:30:43 <yushiro> xgerman_, Aha. Thanks.
14:30:59 <xgerman_> I just did yesterday
14:31:15 <yushiro> longkb, Oh, really?  I just fixed to filter L2 port...( Am I missing something..)
14:31:17 <amotoki> I tend to avoid writing patches by myself as I usually fail to get reviews :( and :)
14:32:22 <yushiro> amotoki, yeeeees.  I always think it is very helpful and so sorry for lack of review...
14:32:35 <xgerman_> +1
14:32:43 <SridarK> longkb: maybe u can capture into a bug - so we can track
14:33:10 <annp> SridarK +1
14:33:21 <yushiro> I'D LIKE TO REVIEW/WRITE PATCHES!!!  I hope I had a 4 hands and 2 keyboards... :P
14:33:21 <SridarK> I did not think we had an issue here either from the CLI
14:33:34 <longkb> SridarK +1 I will report this bug asap
14:33:39 <njohnston> yushiro +100
14:33:58 <xgerman_> I sleep too much, but that’s me
14:34:01 <annp> yushiro ++
14:34:03 <yushiro> njohnston, now I'm only 2 hands. Haha
14:34:13 <SridarK> yushiro: :-) i think u can add stand up comedy to ur many talents :-)
14:34:38 <yushiro> SridarK, Hahaha
14:35:00 <yushiro> OK, next topic.
14:35:03 <yushiro> #topic bugs
14:35:08 <yushiro> mlavalle, Hi :)
14:35:14 <mlavalle> hi
14:35:32 <SridarK> yushiro: we shd do a triage
14:35:50 <yushiro> SridarK, Ah, yes.
14:35:50 <SridarK> lets defn get this done early next week
14:35:52 <xgerman_> +1
14:36:00 <SridarK> maybe Mon ?
14:36:04 <xgerman_> sure
14:36:05 <SridarK> but pls go ahead
14:36:05 <mlavalle> I just want to make sure this bug is in the radar screen of the team: https://bugs.launchpad.net/neutron/+bug/1762454
14:36:06 <openstack> Launchpad bug 1762454 in neutron "FWaaS: Invalid port error on associating ports (distributed router) to firewall group" [Medium,Triaged] - Assigned to Sridar Kandaswamy (skandasw)
14:36:18 <SridarK> mlavalle: yes
14:36:27 <mlavalle> It was discussed last week in the L3 sub-team meeting
14:36:40 <mlavalle> and I took the action of item of bringing it up here
14:36:59 <SridarK> mlavalle: i have discussed it with Swami
14:37:20 <mlavalle> Thank you SridarK
14:37:49 <SridarK> will get some traction on it - adding the validation fix is easy - we need to evaluate if the namespace mappings etc dont mess up the datapath
14:38:08 <mlavalle> thanks for the update
14:38:15 <SridarK> mlavalle: thx for the kick to remind :-) will sync up with Swami and get it moving
14:38:47 <mlavalle> :-)
14:38:52 <yushiro> :)))
14:39:19 <SridarK> as u can see, i am trying to get together with yushiro on his act :-)
14:39:31 <njohnston> Should I bring up the issue with debian/wsgi/l3 agent/fwaas in the bugs section, or wait to see if there is time in the open discussion section?
14:39:39 <SridarK> njohnston: pls yes
14:39:46 <yushiro> SridarK, Sure.
14:39:54 <yushiro> njohnston, Yes, please!
14:39:56 <SridarK> njohnston: thx for the detailed email
14:40:27 <yushiro> SridarK, njohnston ++1  Your mail is so helpful for sync up with current state.
14:40:34 <SridarK> so it seems agent rpc is lost on debian
14:40:52 <njohnston> It does, yes, but I cannot pinpoint why that would be happening
14:41:13 <njohnston> and why it would only happen with the specific combination of wsgi, debian, and fwaas
14:41:22 <njohnston> it occurs regardless of fwaas v1 or v2
14:41:37 <njohnston> but it does not happen when wsgi is not engaged
14:41:45 <njohnston> and it does not happen on centos or ubuntu
14:41:47 <SridarK> njohnston: do u think it is something on some package versions across the distros
14:41:50 <yushiro> annp, Did you reproduce njohnston's situation?? I thought that you used to deploy with Debian.
14:42:09 <njohnston> I only sent the email to the cores, but perhaps I should sent to openstack-dev
14:42:31 <xgerman_> yeah, I am no debian expert — test on ubuntu
14:42:38 <SridarK> njohnston: +1
14:42:43 <xgerman_> so broader audience is useful
14:42:55 <annp> yushiro, yes. I did.
14:43:10 <yushiro> njohnston, I'll also try to deploy on Ubuntu16.04 and will share the state.
14:44:18 <njohnston> Just to note, wsgi is essential because zigo is attempting to package an all-python 3 set of packages, and eventlet has some kind of issue with python 2 IIRC
14:44:21 <yushiro> annp, OK, so, could you reply njohnston's mail with your detail situation?
14:44:40 <njohnston> Let me send it to openstack-dev and annp then perhaps you can reply to that
14:45:24 <annp> njohnston, yushiro, yes. I will.
14:46:40 <yushiro> njohnston, +1
14:47:42 <annp> njohnston: +1
14:47:50 <zigo> njohnston: The issue is SSL + Python 3 + Eventlet == SSL handshake crash.
14:47:54 <zigo> This is known since 2015...
14:48:35 <yushiro> zigo, Oh, it is potential bug..
14:48:37 <njohnston> Ah, thanks for refreshing my memory zigo
14:48:44 <zigo> I don't think the issue is Debian specific.
14:49:04 <zigo> It is specific to using neutron-api and neutron-rpc-server, maybe also python 3 ...
14:49:04 <njohnston> yushiro: the SSL handshake crash is relevant to why wsgi is important, but not relevant to the issue in question
14:49:41 <yushiro> njohnston, OK.
14:50:06 <njohnston> OK, mail sent to openstack-dev, so we can all pool our info there
14:50:24 <yushiro> njohnston, Thanks!!
14:50:32 <annp> zigo, How can I update fwaas source with up-to-date in the vm?
14:51:26 <yushiro> #topic Open Discussion
14:51:39 <annp> zigo, because I saw fwaas source in the vm not update to date.
14:52:09 <zigo> annp: You mean with HEAD of git?
14:52:25 <zigo> annp: Well, it's just in /usr/lib/python3/dist-packages ...
14:52:33 <zigo> annp: I guess you could simply replace the code there.
14:52:48 <zigo> Quick and dirty rm -r and a cp -r should do.
14:52:53 <yushiro> Today, ndefigueiredo is not here.  So, let's skip Stateless security
14:52:59 <xgerman_> +1
14:53:07 <annp> zigo, thanks. I got it. :)
14:54:23 <zigo> yushiro: njohnston: The thing is, in the Py3 + SSL situation, we have no choice but to use neutron-api + neutron-rpc-server instead of neutron-server daemon, and that may be source of new bugs. annp already fixed one with the ovn driver ...
14:54:42 <zigo> Not sure, just double-guessing what's possible.\
14:55:17 <njohnston> zigo: When you deploy on centos or ubuntu you're using the same setup, though, right?  I would expect that if that was the issue, it would manifest on ubuntu and centos as well.
14:55:44 <zigo> njohnston: No you're not. neutron-server runs instead of neutron-api and neutron-rpc-server.
14:55:57 <njohnston> ah, ok
14:55:59 <zigo> Because they're using Python 2, then can run neutron-server using Eventlet and SSL.
14:56:01 <zigo> I can't...
14:56:35 <zigo> So, instead, in Debian, neutron-api does the requests over uwsgi, and rpc-server does the rabbitmq stuff.
14:57:08 <yushiro> zigo, could you reply e-mail that your local.conf of devstack?  I'll try it.
14:57:39 <zigo> yushiro: I'm not using devstack, I'm using Debian packages.
14:57:55 <xgerman_> packaging is downstream from us
14:57:56 <yushiro> zigo, Aha.  OK.
14:57:56 <annp> njohnston: I also have a patch in devstack for deploy neutron-api in uwsgi and rpc-server in eventlet at https://review.openstack.org/#/c/473718/
14:58:00 <zigo> yushiro: What you could do is run puppet-openstack to get it installed.
14:58:08 <zigo> That's very easy.
14:58:20 <yushiro> zigo, Thanks.  puppet-openstack.
14:58:22 <zigo> yushiro: I can reply with the way to do it with puppet-openstack if you like?
14:58:23 <annp> njohnston: you can ./stack with the patch.
14:58:41 <njohnston> Thanks annp that is very helpful
14:59:08 <yushiro> zigo, Please send us !! It is very helpful.
14:59:37 <SridarK> time check
14:59:41 <yushiro> annp's patch can reproduce similar environment by using devstack,.
14:59:45 <yushiro> Wow, 1 minutes.
15:00:04 <njohnston> Thanks everyone
15:00:10 <zigo> I need to go back home now (2 hours driving from Geneva), but I'll reply tonight.
15:00:16 <yushiro> OK guys,  that's good discussion.  will sync up e-mail more.  Thanks!!
15:00:20 <SridarK> thx all
15:00:21 <xgerman_> +1
15:00:22 <yushiro> #endmeeting