#openstack-meeting-4 log

16:00:49 <Sukhdev> #startmeeting ironic_neutron
16:00:50 <openstack> Meeting started Mon Sep 19 16:00:49 2016 UTC and is due to finish in 60 minutes.  The chair is Sukhdev. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:51 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:54 <openstack> The meeting name has been set to 'ironic_neutron'
16:01:19 <Sukhdev> who is here to attend Ironic-neutron meeting?
16:01:22 <mjturek> o/
16:01:58 <Sukhdev> mjturek : Hi
16:02:15 <mjturek> hey Sukhdev, happy monday :)
16:02:33 <Sukhdev> I am on vacation for two weeks - did not have time to prepare the agenda - so, will use the last week's
16:02:53 <Sukhdev> #topic: Agenda
16:03:01 <Sukhdev> #link: https://wiki.openstack.org/wiki/Meetings/Ironic-neutron#Meeting_September_12.2C_2016
16:03:07 <sambetts> o/
16:03:45 <hshiina> o/
16:04:20 <Sukhdev> I am on the road with limited access to internet - thought I run it quickly
16:04:52 <Sukhdev> #topic: Announcements
16:05:06 <Sukhdev> So, the port groups are pushed to next release
16:05:25 <Sukhdev> does anybody know about the Security Groups?
16:05:48 <Sukhdev> https://review.openstack.org/#/c/361451 - this has not gone anywhere
16:06:19 <Sukhdev> jroll : so, did we decide to push the SG to next release as well - or is it still up for discussion?
16:06:23 <sambetts> I think its a similar story, however we did notice that we need to document correcting the default security groups if we don't merge that code
16:07:06 <sambetts> I think jroll added a node to our install guide about it
16:07:31 <sambetts> I think the patch might be still up for review
16:08:01 <sambetts> Sukhdev: https://review.openstack.org/#/c/369385/
16:08:05 <Sukhdev> sambetts : as long as neutron networks are used, the default SG are in play and those are documented as part of neutron docs
16:08:41 <sambetts> Sukhdev: right but we need to document what ports etc you have to enable to make Ironic work
16:08:50 <Sukhdev> #link: https://review.openstack.org/#/c/369385/
16:09:03 <Sukhdev> sambetts : right
16:09:24 <Sukhdev> I will review the patch later in the day when I have some free moments
16:10:05 <hshiina> Ironic cores seems to have decided to push the SG in Ocata at last week ironic meeting.
16:10:21 <sambetts> if we don't have that doc patch and we don't merge the sec group support then I envision many support calls asking why the ramdisk can't talk to ironic
16:10:39 <Sukhdev> hshiina : thanks for the update
16:11:22 <Sukhdev> sambetts : actually, it may not be that bad - as long ML2 drivers are doing the right thing
16:12:06 <Sukhdev> default SG allow the DHCP to work - so, that instance get the IP address - even when no SG specified -
16:12:13 <sambetts> Sukhdev: if Ml2 drivers are supporting sec groups then the default sec group will lock the network down won't it? The default rules are very strict
16:12:17 <sambetts> I though
16:12:19 <sambetts> thought*
16:12:22 <Sukhdev> however, the tftp of image may be problematic
16:13:15 <Sukhdev> right - the instance probably will get IP address - but, may not progress any further -
16:13:39 <sambetts> and things like the ISCSI / http communications, so they are all mentioned in jroll's patch :)
16:13:44 <Sukhdev> so, the right course of action is the operator updates the default SG and launches the BM -
16:14:23 <Sukhdev> update the default SG - means add ingress rules to the SG
16:15:18 <sambetts> yeah there are a few different rules to add, including ingress and egress for certain communications
16:15:50 <Sukhdev> default SG rules (I believe) are allow all egress TCP/UDP
16:16:30 <Sukhdev> I will look at jroll's patch and make a comment about this -
16:16:31 <sambetts> ah cool! that makes things a little simpler then
16:18:12 <Sukhdev> Do we need to discuss anything else today?
16:19:04 <sambetts> nothing from me
16:19:29 <Sukhdev> If not, lets wrap it up - I can go back to my breakfast - I am on vacation :-):-)
16:19:41 <Sukhdev> BTW, I am off next week as well
16:19:55 <Sukhdev> shall we cancel next week's meeting?
16:20:02 <Sukhdev> Or sambetts can you run it?
16:20:20 <sambetts> I can run it if we have stuff to talk about
16:20:43 <Sukhdev> sambetts : I am sure you can think about stuff to discuss :-)
16:20:50 <sambetts> :)
16:20:59 <Sukhdev> thanks for volunteering, sambetts
16:21:35 <Sukhdev> hshiina : anything you would like to discuss?
16:21:50 <hshiina> nothing
16:22:03 <Sukhdev> cool - thanks
16:22:12 <Sukhdev> OK - we are done then
16:22:12 <Sukhdev> Thanks folks
16:22:15 <hshiina> thanks
16:22:19 <Sukhdev> see you in two weeks
16:22:22 <Sukhdev> bye
16:22:23 <sambetts> enjoy your vacation!
16:22:26 <sambetts> o/
16:22:31 <Sukhdev> #endmeeting