16:00:49 #startmeeting ironic_neutron 16:00:50 Meeting started Mon Sep 19 16:00:49 2016 UTC and is due to finish in 60 minutes. The chair is Sukhdev. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:51 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:54 The meeting name has been set to 'ironic_neutron' 16:01:19 who is here to attend Ironic-neutron meeting? 16:01:22 o/ 16:01:58 mjturek : Hi 16:02:15 hey Sukhdev, happy monday :) 16:02:33 I am on vacation for two weeks - did not have time to prepare the agenda - so, will use the last week's 16:02:53 #topic: Agenda 16:03:01 #link: https://wiki.openstack.org/wiki/Meetings/Ironic-neutron#Meeting_September_12.2C_2016 16:03:07 o/ 16:03:45 o/ 16:04:20 I am on the road with limited access to internet - thought I run it quickly 16:04:52 #topic: Announcements 16:05:06 So, the port groups are pushed to next release 16:05:25 does anybody know about the Security Groups? 16:05:48 https://review.openstack.org/#/c/361451 - this has not gone anywhere 16:06:19 jroll : so, did we decide to push the SG to next release as well - or is it still up for discussion? 16:06:23 I think its a similar story, however we did notice that we need to document correcting the default security groups if we don't merge that code 16:07:06 I think jroll added a node to our install guide about it 16:07:31 I think the patch might be still up for review 16:08:01 Sukhdev: https://review.openstack.org/#/c/369385/ 16:08:05 sambetts : as long as neutron networks are used, the default SG are in play and those are documented as part of neutron docs 16:08:41 Sukhdev: right but we need to document what ports etc you have to enable to make Ironic work 16:08:50 #link: https://review.openstack.org/#/c/369385/ 16:09:03 sambetts : right 16:09:24 I will review the patch later in the day when I have some free moments 16:10:05 Ironic cores seems to have decided to push the SG in Ocata at last week ironic meeting. 16:10:21 if we don't have that doc patch and we don't merge the sec group support then I envision many support calls asking why the ramdisk can't talk to ironic 16:10:39 hshiina : thanks for the update 16:11:22 sambetts : actually, it may not be that bad - as long ML2 drivers are doing the right thing 16:12:06 default SG allow the DHCP to work - so, that instance get the IP address - even when no SG specified - 16:12:13 Sukhdev: if Ml2 drivers are supporting sec groups then the default sec group will lock the network down won't it? The default rules are very strict 16:12:17 I though 16:12:19 thought* 16:12:22 however, the tftp of image may be problematic 16:13:15 right - the instance probably will get IP address - but, may not progress any further - 16:13:39 and things like the ISCSI / http communications, so they are all mentioned in jroll's patch :) 16:13:44 so, the right course of action is the operator updates the default SG and launches the BM - 16:14:23 update the default SG - means add ingress rules to the SG 16:15:18 yeah there are a few different rules to add, including ingress and egress for certain communications 16:15:50 default SG rules (I believe) are allow all egress TCP/UDP 16:16:30 I will look at jroll's patch and make a comment about this - 16:16:31 ah cool! that makes things a little simpler then 16:18:12 Do we need to discuss anything else today? 16:19:04 nothing from me 16:19:29 If not, lets wrap it up - I can go back to my breakfast - I am on vacation :-):-) 16:19:41 BTW, I am off next week as well 16:19:55 shall we cancel next week's meeting? 16:20:02 Or sambetts can you run it? 16:20:20 I can run it if we have stuff to talk about 16:20:43 sambetts : I am sure you can think about stuff to discuss :-) 16:20:50 :) 16:20:59 thanks for volunteering, sambetts 16:21:35 hshiina : anything you would like to discuss? 16:21:50 nothing 16:22:03 cool - thanks 16:22:12 OK - we are done then 16:22:12 Thanks folks 16:22:15 thanks 16:22:19 see you in two weeks 16:22:22 bye 16:22:23 enjoy your vacation! 16:22:26 o/ 16:22:31 #endmeeting