14:02:25 #startmeeting fwaas 14:02:25 Meeting started Thu Aug 23 14:02:25 2018 UTC and is due to finish in 60 minutes. The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:02:26 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:02:28 The meeting name has been set to 'fwaas' 14:02:36 o/ 14:03:56 I seemed to have gotten knocked off 14:04:24 I am not sure what quorom we have 14:04:49 i have one thing to ask you about the need for fwaas RC2 14:05:08 sure amotoki go ahead 14:05:34 acording to https://review.openstack.org/#/q/status:open+project:openstack/neutron-fwaas+branch:stable/rocky 14:05:36 i see an email from yushiro that he will not make it 14:05:43 there is one patch proposed to stable/rocky 14:05:45 and xgerman is out 14:06:01 I heard yushiro cannot join today's meeting 14:06:31 u mean this: #link https://review.openstack.org/#/c/593990/ 14:06:41 yes, that one 14:07:38 IIRC there was an issue found in testing to check for regression 14:08:25 we had discussed validating any impacts from the logging code 14:08:44 there was no issue as such with baseline but i belive this issue was found 14:09:41 I see. this only affects the fwaas logging feature, so this sounds like best-effort fix. 14:10:04 amotoki: yes this only impacts the logging feature 14:10:21 longkb_: can u add ur thoughts on this fix as well 14:10:41 Sorry. Am I missed something? My network is too slow :( 14:11:17 longkb_: amotoki is asking abt #link https://review.openstack.org/#/c/593990/ 14:12:53 longkb_: I'd like to know how it is important from the fwaas logging point of view. 14:13:59 amotoki: could you give me the title of this patch. I cannot reach this URL https://review.openstack.org/#/c/593990/ 14:14:06 My network is too slow now 14:14:17 amotoki: are u validating if we can live with this issue as a release note ? 14:14:25 longkb_: the title is "Remove remaining NFLOG rules on deleting log resource" 14:14:37 Remove remaining NFLOG rules on deleting log resource 14:14:44 longkb_: ^^ 14:14:45 Thanks. amotoki, SridarK :) 14:14:51 SridarK_: no. I try to validate the need for RC2. 14:15:02 amotoki: yes got it 14:15:06 SridarK_: if the fwaas logging is broken without this, it is worth for RC2 14:15:20 This patch aims to fix a bug related to Log resource deletion 14:15:22 amotoki: yes agreed 14:15:32 If we delete Log resource with event=ALL. It works 14:15:48 longkb_: ok so there is a workaround 14:16:29 longkb_: do you mean we need to use log event=ALL to make the fwaas logging work? 14:17:35 if someone use event=ACCEPT or DROP, iptable entries are not cleanup, right? 14:19:01 amotoki: as i understand that is correct - so basically a clean up issue 14:19:02 o/ 14:19:44 seems like longkb_ has connectivity issues 14:20:09 from my understanding so far, we can land it as usual fix (as it is a resource leak in an optional feature) 14:20:30 but I will ping mlavalle and haleyb. if it lands soon we can consider fwaas rc2. 14:21:00 amotoki: ok - i will sync up with yushiro and fujitsu folks as well 14:21:24 amotoki: also it seems there is a workaround as well 14:22:16 amotoki: hopefully we can get clarification by ur morning time 14:22:37 SridarK_: totally agree. 14:23:15 amotoki: ok - i will have an email out for fujitsu folks as well 14:23:31 I pinged them in #-neutron. let's see what happens and wait their opinions. 14:23:38 amotoki: ok 14:23:46 amotoki: anything else for discussion 14:23:53 SridarK_: nothing from me 14:24:11 Yea, I'd like your advice on the fwaas v2 implementation in openstacksdk 14:24:17 amotoki: thx - ok i will close out the mtg due to lack of quorom 14:24:31 ml: hi 14:24:34 hi 14:25:02 ml: pls go ahead 14:25:19 I've been working on ansible modules to manage fwaas services and had to touch openstacksdk 14:25:24 my change: https://review.openstack.org/#/c/591650/ 14:26:00 around the same time, there was another change which had something similar in mind: https://review.openstack.org/#/c/592303/ 14:27:05 In my understanding, both are needed. it looks better to merge these two. 14:27:12 the second approach is using resource.Resource for the communication with the API 14:27:14 openstacksdk provides two interfaces 14:27:22 ml ok 14:27:58 amotoki: thx for chiming in i am not too familiar on the sdk 14:28:05 so there is no need to, for example, adjust my changes to use the implementation of Wang Weijia? 14:28:21 ml: i will certainly look thru the patches 14:28:33 ml: my suggestion is to talk with the author of the other patch 14:28:35 SridarK_: thanks, appreciate it 14:28:44 and discuss how you two can coordinate the effort. 14:28:56 amotoki: +1 14:29:01 amotoki: I already contacted him. The communication is slow, but I think we're getting there 14:29:37 ml: if you have questions on the direction, you can also ask them in #openstack-sdks irc channels. 14:29:53 alright, noted 14:30:05 mordred and other active members are there. 14:30:31 Sorry. I am just come back. My network connection is terrible :( 14:30:37 ml: and feel free to raise any fwaas related support u may need here in this forum 14:30:42 longkb: dont worry 14:30:56 longkb: i will summarize in an email to u & team 14:31:10 Thanks SridarK :D 14:32:47 amotoki: thx for pointing out the discussion reg RC2 14:32:56 ml: thx 14:33:06 regarding the fwaas dashboard bug mentioned in the last meeting, https://bugs.launchpad.net/neutron-fwaas-dashboard/+bug/1787518 was filed 14:33:06 Launchpad bug 1787518 in Neutron FWaaS dashboard "Update Firewall rule incorrectly by FW Dashboard" [High,Confirmed] 14:33:33 and I confirmed it is reproduceable. 14:33:51 i haven't looked into the detail but it seeems fwaas dashboard only somehow. 14:34:18 it seems to occurs in fwaas dashboard only... 14:34:24 amotoki: thx ok and i see ur evaluation as backport potential 14:35:25 amotoki: let me check if SarathMekala has bandwidth to pick it up or perhaps yushiro as someone in mind to work on dashboard 14:35:44 SridarK_: thanks 14:35:59 amotoki: thx 14:37:51 ok if nothing else will end, next week we should be back to normal quorum 14:38:00 About https://review.openstack.org/#/c/593990/. This patch aims to fix a bug related to log resource deletion. 14:38:01 If we delete log resource with event = ALL, it works. However, if we delete log resource with event=ACCEPT or event=DROP, it will raise an error. 14:38:01 So I think it could be a critical bug for logging feature, and it should be backport to Rocky. 14:39:03 longkb: ok, deleting with event = ALL is the currently available workaround 14:39:35 but it has a side effect of deleting for all events even if we did not want to 14:40:00 No, I don't think so 14:41:46 longkb: hmm ok pls clarify 14:41:46 deleting with event=ALL mean: deleting with event=ACCEPT and event=DROP. 14:42:54 longkb: yes so we will delete both ACCEPT and DROP events 14:43:06 If we have 02 log: a log with event=ALL and a log with event=ACCEPT. And you delete log with event=ALL. 14:43:07 Only NFLOG rules for event=DROP is deleted 14:43:56 The NFLOG rules for event=ACCEPT will be kept until log with event=ACCEPT is deleted. 14:45:15 longkb: oh ok 14:46:14 SridarK_ +1. Please go ahead :D 14:47:09 longkb: ok i think i understand 14:47:52 +1 SridarK_ :) 14:48:13 longkb: so the workaround is u will need to check if something is not cleaned up 14:48:22 and then delete it explicitly 14:49:00 SridarK_: I got it 14:50:09 longkb: so i will send an email and we can clarify so we can list the effects, possible workarounds - that helps justification for RC2 14:51:47 +1 SridarK_ :d 14:53:05 longkb: thx u can clarify and add any specifics. I think during ur morning time we can reach for a decision. 14:53:13 longkb: thx 14:53:30 I will end the mtg 14:53:36 #endmeeting 14:54:00 Bye folks :d 14:54:30 #endmeeting