14:05:19 #startmeeting fwaas 14:05:20 Meeting started Thu Oct 4 14:05:19 2018 UTC and is due to finish in 60 minutes. The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:05:21 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:05:24 The meeting name has been set to 'fwaas' 14:05:41 o/ 14:06:30 mmh, we prob. loast control 14:06:40 xgerman_: back 14:06:43 got bounced 14:06:50 ok 14:07:07 dont see much in terms of quorum 14:07:13 yeah 14:07:14 perhaps some local holiday 14:07:37 may be we can wait for a few mins 14:07:41 maybe - people told me Monday is a holiday in UT 14:08:44 there was nothing major to go thru anyways 14:09:48 yeah, makes sense. Wanted to let people know that I need to cut back my OpenStack involvements a bit… 14:10:22 I need to see how that k8s stuff shakes out… 14:10:23 oops bounced again 14:10:28 ok 14:10:33 xgerman_: +1 14:10:44 xgerman_: Good luck in k8s land, they are lucky to have you :-) 14:10:57 well, you made it back — so there is hope 14:11:20 xgerman_: so pls what happened - i think i missed something as i got bounced 14:11:46 ah, RAX is emphasizing k8s a lot and wnats me to focus more on that and less on OpenStack 14:11:48 Hi 14:11:54 Sorry I'm late 14:12:14 xgerman_: ah yes ok - u have been on that path for some time now anyways 14:12:23 annp: hi 14:12:33 no worries - not much quorum today 14:12:43 Hi SridarK, thanks. :-) 14:12:44 yep, and they are now more looking into k8s on AWS, Azure, GKE p less on OpenStack 14:13:18 xgerman_: i think a bit of that is in the air everywhere 14:13:42 yeah, I think Redhat/Suse/Huawei are the last bullwark 14:14:07 it seems that the SPs and the Edge Cloud folks are driving OpenStack more and more 14:14:15 xgerman_: +1 14:14:39 annp: we are just chatting 14:14:50 annp: anything specific u would like to discuss ? 14:15:16 SridarK, I want to mention Firewall group with L3HA 14:15:23 ok 14:15:32 ok lets run thru the topics 14:15:38 #chair xgerman_ 14:15:39 Current chairs: SridarK xgerman_ 14:16:04 #topic Bugs : FWG and L3HA 14:16:08 go ahead annp 14:16:08 https://review.openstack.org/#/c/580552/ 14:16:14 how is that looking 14:16:44 Regards this bug: I've tested the patch, it's work fine. 14:17:03 annp: ok 14:17:09 I guess that yushiro was missing configure enable fwaas_v2 in network node 14:17:29 and did u verify that conntrack entries are replicated by HA infra ? 14:17:30 so there no firewall rule is applied on active router. 14:17:34 that was my concern 14:18:10 SridarK, From my understanding, we no need to migrate conntrack entries 14:18:11 ah ok - this was something that was puzzling initially as to why it was not applied correctly 14:18:36 annp: yes we dont have to but i thought they are migrated automatically ? 14:18:39 SridarK, Have you check my comment in gerrit? 14:18:46 sorry not yet 14:19:36 Because the first packet in router HA is not SYN sent, so It will not marked as INVALID 14:19:54 So it will be accepted by firewall rule in router HA 14:20:05 This is my understanding. 14:20:20 Hmm 14:20:28 So: 14:21:04 1) We have an active connection - with the 3 way handshake happened on the ACTIVE 14:21:19 2) after some time the switchover happens 14:21:45 3) Now this flow is seen on the new ACTIVE (which has not seen the 3 way handshake) 14:22:11 what is the behavior on this new ACTIVE ? 14:22:41 you mean first packet in new session? 14:22:51 yes 14:23:10 it's will be accept or drop by firewall rule in router ACTIVE 14:23:10 is it a new session ? 14:23:41 Is an ICMP sent back to trigger a new session 14:23:47 Yes. I think so. 14:23:51 or is it the old session continued 14:24:02 oh so it will be a new session ? 14:24:15 I think it will be a new session 14:25:06 ok - i thought conntrack entries are migrated by the HA code (just that we dont need to do it). yushiro spoke to some folks at the PTG - atleast this is how i understood him 14:25:12 ok 14:25:15 But, actually I'm not sure. Let's me check it and will confirm to you 14:25:35 annp: ok - we can discuss with yushiro and close this i believe 14:25:43 thx annp for debugging further 14:26:08 SridarK, you're always welcome. :-) 14:26:16 ok lets move on 14:26:36 #topic Remote FWG 14:26:47 xgerman_: anything u would like to bring up 14:30:11 ok perhaps xgerman_ walked away 14:30:19 MO, STILL HERE 14:30:27 ouch sorry 14:30:30 :-) 14:30:35 pls go ahead 14:30:36 caps lock got stuck 14:30:43 sorry 14:30:43 :-) 14:30:57 new Mac keyboard ? 14:31:02 :-) 14:31:31 no, I have one of those tiny external mac BT keyboards 14:31:38 missing keys half the time 14:32:13 anyhow, didn’t do much. I am hoping to get a minute here and there but if someone has cycles 14:32:14 ok 14:32:25 xgerman_: understand 14:33:19 ok 14:33:27 #topic Open Discussion 14:33:40 TC got elected… 14:33:45 +1 14:34:26 +1 14:34:54 also never heard criticism of deleting FWaaS V1 - so if someone could prepare a patch 14:35:47 in the neutron ci meeting we are talking about the transition to zuul v3 jobs and python3-first patches. One thing that has not really been talked about is that according to governance, we should be testing on the latest LTS release available as fo the start of the cycle 14:36:01 yes so it seems - someone will ask most likely after it is removed 14:36:09 ;-) 14:36:15 :-) 14:36:22 which in this case is now ubuntu-bionic, so that transition will start to get rolling and will take some CI sensitivity because the transition may not be smooth 14:36:38 njohnston: thx for the heads up 14:36:47 yep, johnso(m) was having trouble with bionic and multinode 14:37:05 it's definitely not something you can take for granted 14:37:36 no, but I am hoping this will clean up our tests — still thinking we don’t pull in the latest neutron somehow 14:39:58 ok 14:40:11 ok if nothing else we can end and hopefully next week will have more quorum 14:40:24 +! 14:40:37 Ok all thx for joining and have a great week. 14:40:43 #endmeeting