#openstack-neutron log

14:00:39 <ralonsoh> #startmeeting networking
14:00:39 <opendevmeet> Meeting started Tue Nov 15 14:00:39 2022 UTC and is due to finish in 60 minutes.  The chair is ralonsoh. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:39 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:39 <opendevmeet> The meeting name has been set to 'networking'
14:00:41 <mlavalle1> o/
14:00:42 <ralonsoh> hello all
14:00:56 <obondarev> hi
14:01:00 <rubasov> o/
14:01:42 <lajoskatona> o/
14:02:04 <ralonsoh> slaweq, bcafarel hi!
14:02:31 <bcafarel> o/
14:02:39 <elvira> o/
14:02:42 <ralonsoh> ok, I think we can start
14:02:47 <ralonsoh> #topic announcements
14:02:54 <ralonsoh> Antelope / 2023.1 schedule: https://releases.openstack.org/antelope/schedule.html
14:03:02 <ralonsoh> we are in week R-18
14:03:15 <ralonsoh> that means m-1
14:03:15 <ralonsoh> https://releases.openstack.org/antelope/schedule.html#a-1
14:03:36 <ralonsoh> next one (important one) will be the first week of january
14:04:00 <ralonsoh> and as usual, the recommendation
14:04:01 <ralonsoh> OpenInfra Live event - https://openinfra.dev/live/#all-episodes
14:04:07 <ralonsoh> please check the videos
14:04:33 <ralonsoh> ok, let's move to the next topic
14:04:38 <ralonsoh> #topic bugs
14:04:52 <ralonsoh> last week the bug report was on me
14:04:55 <ralonsoh> #link https://lists.openstack.org/pipermail/openstack-discuss/2022-November/031179.html
14:05:05 <ralonsoh> I have some bugs to highlight
14:05:13 <ralonsoh> Bugs without assignee
14:05:25 <ralonsoh> #link https://bugs.launchpad.net/neutron/+bug/1995972
14:05:39 <ralonsoh> L3 router is doing schedule_routers when adding/removing external gateway
14:05:59 <ralonsoh> it is reported in Stein
14:06:13 <ralonsoh> but I think this could be reproducible in master too (that's what I think)
14:06:19 <ralonsoh> does anyone have time for this?
14:06:37 <slaweq> o/
14:06:40 <slaweq> sorry for being late
14:06:43 <ralonsoh> np
14:07:08 <ralonsoh> ok, I'll try to take a look at this bug this week
14:07:30 <ralonsoh> next one
14:07:33 <ralonsoh> #link https://bugs.launchpad.net/neutron/+bug/1996241
14:07:39 <ralonsoh> ow-hanging-fruit
14:07:41 <ralonsoh> low-hanging-fruit
14:08:23 <ralonsoh> I also want to talk about this one
14:08:25 <ralonsoh> #link https://bugs.launchpad.net/neutron/+bug/1996421
14:08:38 <ralonsoh> I already talked about it with slaweq this morning
14:08:44 <mlavalle1> is this the low hanging fruit?
14:08:54 <ralonsoh> no, the previous one
14:09:08 <mlavalle1> ack
14:09:11 * haleyb can't get to launchpad at the moment to see either one
14:09:14 <ralonsoh> hmmmm sorry, wrong links
14:09:22 <ralonsoh> one sec
14:09:33 <slaweq> links are good IMO
14:09:55 <ykarel> both links are same
14:10:04 <ykarel> sorry mis read :)
14:10:06 <ralonsoh> now
14:10:07 <ralonsoh> no
14:10:13 <ralonsoh> 241 and 412
14:10:16 <ralonsoh> very similar
14:10:18 <ralonsoh> so I'll repeat
14:10:30 <ralonsoh> low-hanging fruit one: https://bugs.launchpad.net/neutron/+bug/1996241
14:10:45 <haleyb> my old eyes saw them the same too
14:10:46 <ralonsoh> and the one I would like to talk about
14:10:50 <ralonsoh> #link https://bugs.launchpad.net/neutron/+bug/1996421
14:10:58 <ralonsoh> ^^ please open this one
14:11:16 <ralonsoh> I talked to slaweq about this one this morning
14:11:30 <ralonsoh> and in c#5 I'm confirming what slaweq stated
14:11:57 <ralonsoh> in a nutshell: neutron is working fine, the RBAC policies are working as expected
14:12:17 <ralonsoh> if the user wants to limit the "port list", he/she can use the rule
14:12:17 <ralonsoh> "get_port": "rule:admin_or_owner"
14:12:46 <ralonsoh> ^^ with that rule you'll skip the port belonging to the other project (that is what is triggering this issue)
14:12:58 <obondarev> makes sense to me
14:13:32 <mlavalle1> yeap, makes sense
14:13:38 <slaweq> ++
14:13:40 <haleyb> +1
14:13:50 <lajoskatona> +1
14:13:51 <ralonsoh> thanks folks
14:14:00 <mlavalle1> just adapt the default policy to suit your needs
14:14:03 <lajoskatona> agree, messing in code with it can cause more trouble
14:14:35 <ralonsoh> exactly (although we can discuss with Nova folks enabling the possibility of using other project ports)
14:14:40 <ralonsoh> but for the next PTG
14:15:23 <ralonsoh> and this week bcafarel is the bug deputy, next week will be lajoskatona
14:15:37 <frickler> well a user cannot change the policy, can they?
14:15:47 <ralonsoh> no, that should be the admin
14:16:29 <lajoskatona> ack
14:16:40 <slaweq> frickler: it's in the policy.yaml file so only operator can change that
14:16:44 <frickler> so if a cloud deployment wants to cater for different user requirements, this might still be an issue?
14:17:28 <ralonsoh> why? if you want to allow RBACs and you want to skip this issue using horizon, you'll need this policy change
14:17:30 <frickler> but I also don't think the api should be changed
14:17:46 <ralonsoh> that's the point, the API is working as expected
14:17:54 <ralonsoh> the interaction with other projects should be updated
14:18:01 <frickler> some users may want to see all ports, some may only want to see those in their project
14:18:32 <slaweq> from the other side I think that our default behavior is good as network's owner should IMO know about ports created in his/her network
14:18:34 <ralonsoh> I would limit this issue to what is described: the horizon por list
14:18:58 <ralonsoh> anything else could be filtered using the CLI
14:19:16 <frickler> then an option in horizon filter by project might be needed. ack. or check whether skyline does this better ;)
14:19:56 <frickler> fine for me, then, feel free to go on
14:20:01 <ralonsoh> thanks
14:20:12 <ralonsoh> let's move to the next topic
14:20:16 <ralonsoh> #topic os-ken
14:20:21 <ralonsoh> Story board to track ryu backports: https://storyboard.openstack.org/#!/story/2009283
14:20:33 <ralonsoh> I've detected some new patches not included in os-ken
14:20:51 <ralonsoh> the first 4 are msgpack related
14:20:52 <ralonsoh> https://github.com/faucetsdn/ryu/commit/8990ed47edc82fb2b7600bf37029d6f770ef1a41
14:20:52 <ralonsoh> https://github.com/faucetsdn/ryu/commit/aa10cac1db026c8c77354f257300440b55266c9c
14:20:52 <ralonsoh> https://github.com/faucetsdn/ryu/commit/dc7aa0abef38f3974d0e6fd7d80de5f5a6a03bf0
14:20:52 <ralonsoh> https://github.com/faucetsdn/ryu/commit/045eca0592680d99b3b03c20b965b88ff126bff9
14:21:08 <ralonsoh> and there are other 2 missing too
14:21:10 <ralonsoh> https://github.com/faucetsdn/ryu/commit/5b1343d7bc13026b85514515c60dd1aeb0a711a4
14:21:14 <ralonsoh> https://github.com/faucetsdn/ryu/commit/fe1ca30fd40b215ff7e1a256b2f15757456a2229
14:21:36 <ralonsoh> today I'll open the corresponding tasks in storyboard in order to track the backports
14:21:45 <lajoskatona> cool
14:22:11 <ralonsoh> and that's all for now
14:22:13 <lajoskatona> I missed these
14:22:13 <ralonsoh> next topic
14:22:28 <ralonsoh> nah, I don't think those are affecting Neutron
14:22:31 <ralonsoh> but just in case
14:22:50 <ralonsoh> #topic specs
14:22:52 <ralonsoh> #link https://review.opendev.org/q/project:openstack%252Fneutron-specs+status:open
14:22:59 <ralonsoh> First one
14:23:01 <ralonsoh> #link https://review.opendev.org/c/openstack/neutron-specs/+/862133
14:23:12 <ralonsoh> I'm finishing the review, IMO it's +2
14:23:21 <ralonsoh> please check it, is almost done
14:23:49 <ralonsoh> next one
14:23:52 <ralonsoh> #link https://review.opendev.org/c/openstack/neutron-specs/+/857858
14:23:58 <ralonsoh> slaweq, addressed the latest comments
14:23:58 * mlavalle1 will review after the meetings
14:24:13 <ralonsoh> IMO this one is ready too
14:24:15 <lajoskatona> +1
14:24:39 <ralonsoh> the last active one is
14:24:43 <ralonsoh> #link https://review.opendev.org/c/openstack/neutron-specs/+/860859
14:24:53 <ralonsoh> I'll address today Bence's comments
14:25:05 <ralonsoh> yestarday I had a 1:1 with Sean to talk about i
14:25:12 <ralonsoh> he left the feedback on the spec
14:25:26 <rubasov> last patch set I only had nits and left a +1
14:25:31 <mlavalle1> so, would it be better to wait for an updated patch?
14:25:37 <ralonsoh> I'll push a new PS today to address those nits
14:25:42 <ralonsoh> rubasov, thanks
14:25:47 <ralonsoh> mlavalle1, yes
14:25:52 <mlavalle1> ack
14:26:09 <ralonsoh> and that's all in this topic
14:26:24 <ralonsoh> I would say that we have just a few specs but very well attended
14:26:28 <ralonsoh> thank you all for this
14:27:09 <ralonsoh> #topic comminity_goals
14:27:12 <ralonsoh> Consistent and Secure Default RBAC
14:27:20 <ralonsoh> 2 hours ago https://review.opendev.org/c/openstack/devstack/+/861930 was merged
14:27:28 <ralonsoh> so I think we can recheck https://review.opendev.org/c/openstack/tempest/+/614484
14:27:38 <ralonsoh> all dependencies are done
14:28:03 <ralonsoh> slaweq, any update on this topic?
14:28:09 <slaweq> yeah, short one
14:28:25 <slaweq> gmann recently found an issue with those new RBAC policies in neutron
14:29:00 <slaweq> there is bug reported and patch https://review.opendev.org/c/openstack/neutron-lib/+/864213
14:29:14 <slaweq> we will need to release new neutron-lib once this will be merged
14:29:26 <slaweq> and that's all from me
14:29:40 <slaweq> I didn't yet started any other work related to this topic
14:29:55 <ralonsoh> do we need that in Zed?
14:30:51 <slaweq> if someone will want to use new policies in Zed then it should be there
14:31:04 <slaweq> but actually there is possible workaround
14:31:04 <ralonsoh> ok, so we need it in master and Zed too
14:31:12 <lajoskatona> is that now a community goal to pass tempest with new roles?
14:31:20 <slaweq> if "enforce_scope" will not be enabled, it should works fine
14:31:42 <slaweq> in devstack there is one config knob to switch both "enforce_new_defaults" and "enforce_scope"
14:31:51 <ralonsoh> lajoskatona, yes, that was the goal of this release
14:31:53 <slaweq> but actually we are not using scopes other than project for now
14:31:55 <ralonsoh> if I'm not wrong
14:32:18 <slaweq> so if I think about it a bit longer, I don't think we need to backport it to Zed
14:32:26 <slaweq> we can but it's not critical IMO
14:32:26 <ralonsoh> right
14:32:37 <ralonsoh> better then, just for A
14:32:47 <lajoskatona> ok, thanks
14:33:11 <ralonsoh> the next topic we have is the migration to Ubuntu 22.04
14:33:15 <ralonsoh> #link https://review.opendev.org/c/openstack/neutron/+/862492
14:33:25 <ralonsoh> still some dependencies not merged
14:33:27 <ralonsoh> and this patch
14:33:36 <ralonsoh> #link https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/857031
14:34:06 <ralonsoh> (I need to review it today)
14:35:10 <ralonsoh> the next topic, that I didn't add to the agenda, is the devstack neutron legacy removal
14:35:22 <slaweq> ralonsoh: it's in my todo list
14:35:24 <ralonsoh> I'll open (or re-open) a LP bug to track it and add it to the agenda
14:35:32 <ralonsoh> do you have a link?
14:35:32 <slaweq> but I didn't had time to get to this yet
14:35:44 <slaweq> ralonsoh: no, I don't have any link for that
14:35:46 <ralonsoh> np, in any case I'll create a new topic
14:35:49 <slaweq> I will open LP today
14:35:50 <ralonsoh> and thanks!
14:35:56 <slaweq> thx
14:36:35 <ralonsoh> and the last one (neither added to the agenda yet)
14:36:42 <ralonsoh> is the zuul config errors
14:36:59 <ralonsoh> I didn't start digging into this problem
14:37:09 <ralonsoh> I'll add the corresponding links and progress in the agenda
14:37:25 <ralonsoh> once we have this, we'll be able to share the work between the Neutron community
14:37:32 <lajoskatona> I can work on that too, most of them I suppose from stadiums anyway :P
14:37:38 <ralonsoh> (there are many old CI jobs failing)
14:37:47 <ralonsoh> yeah, most of them stadiums
14:37:56 <ralonsoh> lajoskatona, do you mind adding this topic to the agenda?
14:37:59 <ralonsoh> https://wiki.openstack.org/wiki/Network/Meetings#Community_Goals
14:38:04 <ralonsoh> and the corresponding links?
14:38:08 <frickler> let me know if I should force merge anything
14:38:16 <ralonsoh> frickler, thanks a lot
14:38:54 <ralonsoh> and that's all in this topic, let's move to the last one
14:38:55 <lajoskatona> yeah lets do it, and track
14:38:58 <frickler> although mostly making failing jobs n-v should be the better option
14:39:09 <ralonsoh> lajoskatona, thanks!
14:39:36 <ralonsoh> #topic on-demand
14:39:39 <ralonsoh> one topic only
14:39:42 <ralonsoh> #link https://review.opendev.org/c/openstack/releases/+/862937
14:39:54 <ralonsoh> that's has been reviewed by 4 people
14:39:59 <bcafarel> Autumn cleanup time
14:40:13 <ralonsoh> and we didn't receive any feedback (good or bad) related
14:40:18 <haleyb> i need one review on this to fix py 3.11
14:40:18 <ralonsoh> so i think we should merge it
14:40:19 <haleyb> https://review.opendev.org/c/openstack/neutron/+/864448
14:40:44 <ralonsoh> haleyb, thanks!
14:40:49 <frickler> one comment related to the docs bugs you mentioned earlier
14:41:02 <frickler> the "normal" install guide still uses linuxbridge
14:41:03 <ralonsoh> ah this is my patch hehehe
14:41:17 <haleyb> ralonsoh: well, it's a follow-on with same commit message
14:41:43 <frickler> so you may want to consider to switch that to ovn directly. or switch to ovs and keep ovn guide separate
14:42:11 <ralonsoh> frickler, do you have the link?
14:42:19 <ralonsoh> that is referring to linuxbridge
14:42:29 <frickler> https://docs.openstack.org/neutron/latest/install/
14:42:48 <frickler> "Install and configure for *"
14:42:57 <frickler> where suse might also be obsolete
14:43:40 <ralonsoh> well, at least not mantained or tested
14:43:56 <frickler> and then in there e.g. https://docs.openstack.org/neutron/latest/install/controller-install-option1-ubuntu.html#configure-the-modular-layer-2-ml2-plug-in
14:43:58 <ralonsoh> but I'm reluctant to remove a whole section
14:44:43 <ralonsoh> hmm this is indeed an old manual section
14:45:00 <ralonsoh> ok, I'll check it. We have a whole section for OVN
14:45:13 <ralonsoh> maybe we can just refer to OVS on these other sections
14:45:50 <frickler> https://docs.openstack.org/install-guide/overview.html#example-architecture is also very old
14:46:04 <frickler> networking for pike, queens or rocky ...
14:46:47 <lajoskatona> frickler: where the repo for this?
14:47:33 <frickler> I'm not sure. somewhere in openstack-manuals probably
14:47:43 <ralonsoh> duplicated in Nova and Neutron
14:47:47 <ralonsoh> (almost duplicated)
14:48:06 <frickler> https://opendev.org/openstack/openstack-manuals/src/branch/master/doc/install-guide/source/overview.rst
14:48:11 <lajoskatona> thanks
14:49:20 <ralonsoh> ok, we should probably remove this from our repo
14:49:33 <ralonsoh> and just refer to the openstack-manuals only
14:49:50 <frickler> the manuals refer to the neutron docs afaict
14:49:56 <frickler> just to outdated ones
14:50:05 <ralonsoh> this is also duplicated in Nova
14:50:14 <ralonsoh> so I'm not sure what is the source
14:51:42 <ralonsoh> I'll check the docs this week
14:51:46 <ralonsoh> any other topic?
14:52:18 <ralonsoh> thank you all and see you in some mins in the CI meeting
14:52:22 <ralonsoh> #endmeeting