#openstack-meeting log

18:02:12 <SumitNaiksatam> #startmeeting Networking FWaaS
18:02:12 <openstack> Meeting started Wed Jan 29 18:02:12 2014 UTC and is due to finish in 60 minutes.  The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:02:13 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:02:16 <openstack> The meeting name has been set to 'networking_fwaas'
18:02:35 <SumitNaiksatam> #info feature proposal freeze deadline is Feb 18th
18:03:16 <SumitNaiksatam> any thoughts/questions on that?
18:03:23 <SridarK> so all BP's shd be in approved state
18:03:28 <SridarK> by then ?
18:03:51 <SumitNaiksatam> SridarK: i think patches have to land by then
18:04:04 <SridarK> ok so the patch shd be in review
18:04:19 <SumitNaiksatam> SridarK: yeah, nicer way to put it :-)
18:04:27 <SridarK> and we have until Mar 6 (or couple of days b4) to get it merged
18:04:29 <SridarK> :-)
18:04:35 <SumitNaiksatam> SridarK: yeah
18:05:23 <SridarK> I will need to get the CLI for service insertion (complement to RajeshMohan's patch) out for review soon
18:05:55 <SridarK> Will sync up with u guys offline and push it out possibly by end of the week
18:06:05 <SumitNaiksatam> SridarK: ok good
18:06:21 <SumitNaiksatam> lets get that as a part of the particular topic as well
18:06:28 <SridarK> ok sorry
18:06:41 <SumitNaiksatam> SridarK: oh on worries, thanks for brining it up
18:07:17 <SumitNaiksatam> SridarK: since you are around, lets start with the tempest updated
18:07:24 <SridarK> ok
18:07:35 <SumitNaiksatam> #topic temptest testing
18:07:45 <SumitNaiksatam> SridarK: whats the latest on this?
18:07:51 <SridarK> even b4 tempest - basic manual testing of VPNaaS and FWaaS looks good
18:08:09 <SumitNaiksatam> SridarK: yeah, good, we would like to know :-)
18:08:16 <SumitNaiksatam> beyounn: hi
18:08:18 <SridarK> want to try a few more and will wrap it up with a log/doc
18:08:27 <beyounn> hello
18:08:30 <SumitNaiksatam> SridarK: ok
18:08:44 <SumitNaiksatam> SridarK: but can we spin off a tempest run in parallel?
18:09:01 <SridarK> on tempest, see many failures, then disabled fwaas & vpnaas and see similar kind of issues
18:09:34 <SridarK> failures are in many other components not quite related
18:09:49 <SumitNaiksatam> SridarK: ok, do those correlate to existing issues in recheck?
18:09:49 <SridarK> so checking to see if i need to set up the conf any differently
18:09:58 <SridarK> i am checking on that
18:10:05 <SridarK> could possibly be the same
18:10:27 <SridarK> given that base line also has issues - i dont think we are introducing any additional failures
18:10:35 <SridarK> but need to validate that to be sure
18:10:44 <SridarK> then we can put out a report
18:11:16 <beyounn> I had the same problem when I run tempest for my service group
18:11:26 <SumitNaiksatam> beyounn: ok
18:11:53 <SumitNaiksatam> SridarK: just so that we are on the same page, how are you running the tempest tests?
18:11:58 <SridarK> I was hoping to get a summary report so it will be easier to verify - have not figured out how to do tht yet
18:12:15 <SridarK> i use the run_tempest script
18:12:29 <SridarK> and am using the default conf that is present
18:12:33 <SumitNaiksatam> SridarK: so, you are not using tester?
18:12:44 <SumitNaiksatam> *testr
18:12:50 <SridarK> i was not sure abt this so have asked for some local clarifications
18:12:59 <SridarK> i thought this is a wrapper over that
18:13:14 <SridarK> perhaps i am wrong
18:14:26 <SridarK> SumitNaiksatam: I could also sync up with u more on this offline
18:14:29 <SumitNaiksatam> SridarK: ok, but you are not still seeing the summarized information on the tests, right?
18:15:02 <SridarK> no i did not - i do see results but have not seen summary
18:15:23 <SumitNaiksatam> SridarK: ok, we sync up offline
18:15:34 <SridarK> SumitNaiksatam: Ok will do
18:18:01 <SumitNaiksatam> SridarK: by next week we want to give an firm update on whether the gate can turn on fwaas
18:18:35 <SumitNaiksatam> SridarK: this is independent of the tempest test failures that are already known
18:18:45 <SridarK> SumitNaiksatam: Yes will have this wrapped up in the next day or two
18:19:16 <SridarK> So as long as we are not introducing anything new we are good and can provide that update for the next neutron mtg
18:19:38 <SumitNaiksatam> SridarK: ok, i think documenting your findings is a good idea
18:19:42 <SridarK> * new failures
18:19:59 <SridarK> SumitNaiksatam: Sounds good - we can review b4 the mtg
18:20:09 <SumitNaiksatam> SridarK: as you were planning, if you can create a new child page on the fwaas wiki, we can point the rest of the community to it
18:20:22 <SridarK> SumitNaiksatam: Will do
18:21:24 <SumitNaiksatam> SridarK: any chance that we can have this info by friday?
18:22:21 <SridarK> SumitNaiksatam: Yes should not be a problem
18:22:34 <SumitNaiksatam> SridarK: great, thanks
18:23:52 <SumitNaiksatam> ok so moving on
18:24:00 <SumitNaiksatam> is garyduan around?
18:24:39 <beyounn> no, here is not in yet
18:24:43 <SumitNaiksatam> ah ok
18:24:58 <SumitNaiksatam> #topic service_type framework
18:26:27 <SumitNaiksatam> beyounn: do you know if garyduan is planning to rebase?
18:26:37 <beyounn> yes
18:26:38 <SumitNaiksatam> #link https://review.openstack.org/#/c/60699/
18:26:43 <beyounn> he will do that
18:27:00 <beyounn> I will follow up with him and see if he can have time to do it today
18:27:20 <SumitNaiksatam> beyounn: great
18:27:40 <SumitNaiksatam> beyounn: at this point just a rebase, and that should trigger another build
18:27:49 <beyounn> ok
18:28:01 <SumitNaiksatam> beyounn: are there any other blockers for him that you are aware of?
18:28:35 <beyounn> I don't know, but I will check with him
18:28:58 <SumitNaiksatam> beyounn: ok thanks
18:29:08 <SumitNaiksatam> #topic Service Insertion and Firewall
18:29:15 <SumitNaiksatam> #link https://review.openstack.org/#/c/62599/
18:29:19 <SumitNaiksatam> RajeshMohan: hi
18:29:47 <SumitNaiksatam> RajeshMohan: i know you are blocked a little bit by the service type patch
18:29:48 <RajeshMohan> hi
18:30:14 <RajeshMohan> If we are confident that it will be merged - then I can move my changes to Gary's patch
18:30:24 <SumitNaiksatam> RajeshMohan: i think we should do that
18:30:56 <SumitNaiksatam> RajeshMohan: at this point its matter of when versus if
18:31:20 <SumitNaiksatam> RajeshMohan: but what about the other changes we were planning
18:31:38 <RajeshMohan> SumitNaiksatam: In that case, I will move to his patch first
18:31:45 <SumitNaiksatam> RajeshMohan: ok
18:32:02 <SumitNaiksatam> RajeshMohan: so you will first rebase off his patch, and then make the earlier planned changes?
18:32:19 <RajeshMohan> SumitNaiksatam:I am already looking at his patch but developing my code on trunk
18:32:52 <RajeshMohan> SumitNaiksatam: Yes, I will move to his patch first and then make the planned changes
18:32:53 <SumitNaiksatam> RajeshMohan: ok
18:33:02 <SumitNaiksatam> RajeshMohan: thanks
18:33:09 <SumitNaiksatam> so while SridarK is still here
18:33:24 <SumitNaiksatam> I believe we need have to sync up on the CLI?
18:33:27 <SridarK> I am here :-)
18:33:30 <SumitNaiksatam> SridarK RajeshMohan?
18:33:33 <SridarK> Yes
18:33:39 <RajeshMohan> SumitNaiksatam:Yes
18:34:24 <SumitNaiksatam> you guys already have a plan?
18:34:38 <SumitNaiksatam> else we can set aside some time for a meeting
18:34:58 <RajeshMohan> SumitNaiksatam:we (Sridar & myself) will synch up offline
18:35:04 <SridarK> SumitNaiksatam: RajeshMohan: Yes that was our thought to meet to run thru the changes
18:35:23 <RajeshMohan> SumitNaiksatam: we will update in the next meeting
18:35:31 <SridarK> We can discuss offline to sched a time
18:35:47 <SumitNaiksatam> #action SridarK to set up offline meeting to discuss insertion CLI
18:36:15 <SumitNaiksatam> RajeshMohan: any thoughts on Horizon integration
18:36:33 <SumitNaiksatam> RajeshMohan: we need the client before that, but we need that as well
18:37:51 <RajeshMohan> SumitNaiksatam:I think it will be useful to start on Horizon after we post some initial patch of CLI
18:37:59 <garyduan> sorry, I am late
18:38:08 <SumitNaiksatam> RajeshMohan: ok, only thing is the timing
18:38:12 <SumitNaiksatam> garyduan: hi
18:38:27 <SumitNaiksatam> garyduan: we can circle back to you once we are done with the other topics
18:38:49 <SumitNaiksatam> RajeshMohan: i am not sure if we will have enough time to post the patch before I3
18:38:53 <garyduan> ok
18:38:57 <RajeshMohan> SumitNaiksatam:I understand. In the worst case, the horizon will not be broken
18:38:58 <SumitNaiksatam> RajeshMohan SridarK: what do you think?
18:39:09 <SridarK> SumitNaiksatam: So will definitely try to get the CLI out as quickly as possible
18:39:20 <SumitNaiksatam> RajeshMohan SridarK: also what is our contingency?
18:39:40 <SridarK> I guess we defn need to have this correct ?
18:39:49 <SumitNaiksatam> SridarK: yeah
18:39:50 <RajeshMohan> SumitNaiksatam: The horizon will not pass insertion-context and we will make sure the code works as before
18:40:20 <SumitNaiksatam> RajeshMohan: ok, but that would mean applying the changes on all routers
18:40:43 <SumitNaiksatam> RajeshMohan: i think we should have the horizon patch at least
18:41:08 <SumitNaiksatam> RajeshMohan: lets discuss during CLI meeting
18:41:13 <RajeshMohan> SumitNaiksatam: What I am saying is, if we cannot meet the I3 timeline, we will not break Horizon with this new feature
18:41:25 <SumitNaiksatam> RajeshMohan: agree
18:41:48 <SumitNaiksatam> RajeshMohan: ok, anything more on this topic?
18:42:07 <RajeshMohan> SumitNaiksatam:Just to confirm, to merge, is Horizon a must?
18:42:32 <SumitNaiksatam> RajeshMohan: not that i am aware of
18:42:32 <garyduan> One more question, not sure if it's discussed today
18:42:41 <SumitNaiksatam> RajeshMohan: we would would need CLI/client though
18:42:44 <garyduan> about if we need source/dest context?
18:42:51 <RajeshMohan> SumitNaiksatam:I do not want to write some code and not merge. Horizon looks difficult at this stage.
18:43:05 <RajeshMohan> SumitNaiksatam:Yes - agree on CLI
18:43:14 <SumitNaiksatam> RajeshMohan: you mean write code for Horizon which does not merge?
18:43:23 <RajeshMohan> garyduan: Zones is planned for Firewall
18:43:49 <RajeshMohan> garyduan: I think zones are the way to attach semantics to ports
18:44:14 <SumitNaiksatam> garyduan RajeshMohan sorry, lets wrap up the discussion on horizon support
18:44:24 <RajeshMohan> garyduan: the insertion context solves the problem of reference implementation - we insert firewall on all routers which is really bad
18:44:42 <RajeshMohan> SumitNaiksatam:ok
18:44:52 <garyduan> RajeshMohan: let's discuss later
18:45:00 <SumitNaiksatam> : RajeshMohan: you mean write code for Horizon which does not merge?
18:45:23 <RajeshMohan> SumitNaiksatam:No write code for insertion-context and not merge
18:45:37 <SumitNaiksatam> RajeshMohan: ah, on account of horizon dependency?
18:45:38 <RajeshMohan> SumitNaiksatam:I am ok if Horizon code does not merge
18:45:49 <RajeshMohan> SumitNaiksatam: Yes
18:46:02 <SumitNaiksatam> RajeshMohan: i have not seen that to be a requirement before
18:46:15 <RajeshMohan> SumitNaiksatam:if it is only dependent on CLI, then we have good chance to get in by I3
18:46:17 <SumitNaiksatam> RajeshMohan: i don't think anything has changed
18:46:28 <SumitNaiksatam> RajeshMohan: yeah
18:47:07 <SumitNaiksatam> RajeshMohan: so we are good, lets focus first as planned on your patch and the CLI, but at the side also explore what needs to be done for Horizon
18:47:43 <RajeshMohan> SumitNaiksatam: will do; did we decide who will work on it?
18:48:19 <SumitNaiksatam> RajeshMohan: no specific person assigned for Horizon yet, thinking was that we will discuss and see how we can share it
18:48:20 <RajeshMohan> SumitNaiksatam: who will work on Horizon - I can help with whatever I know but I am not planning to code that part
18:48:51 <SumitNaiksatam> RajeshMohan: ok we can take it offline and see how we can handle that
18:49:05 <SumitNaiksatam> garyduan: your question about source/dest
18:49:13 <garyduan> Yes
18:49:22 <SumitNaiksatam> garyduan: one point is what RajeshMohan mentioned regarding zones
18:49:26 <garyduan> I understand Router context doesn't require s/d
18:49:43 <SumitNaiksatam> garyduan: i also commented regarding there being a list of resource ids
18:49:58 <SumitNaiksatam> garyduan: so you can specify multiple
18:50:09 <SridarK> Guys sorry i need to bail now - will sync up later offline
18:50:27 <SumitNaiksatam> SridarK: thanks much for joining, later
18:50:41 <SumitNaiksatam> garyduan: does that not sound okay?
18:50:42 <SridarK> lter bye
18:51:20 <garyduan> SumitNaiksatam: my understanding is subnet/port does need source and dest
18:51:48 <RajeshMohan> garyduan: the insertion-context is common for all services
18:52:03 <SumitNaiksatam> RajeshMohan: thats correct
18:52:07 <RajeshMohan> garyduan: source-dest makes sense for firewall
18:52:55 <SumitNaiksatam> garyduan: ok lets take this discussion offline
18:53:13 <garyduan> RajeshMohan: ok. so firewall, we only use router for insertion
18:53:16 <SumitNaiksatam> #action garyduan to initiate offline discussion on source/dest for subnets/ports
18:53:20 <garyduan> RajeshMohan: until we have chain
18:53:38 <SumitNaiksatam> since beyounn has been waiting lets give him some time :-)
18:53:48 <SumitNaiksatam> #topic Service Objects
18:53:59 <beyounn> Mine will be quick
18:54:01 <RajeshMohan> garyduan: I would like to discuss this in more depth with you; let's do it offline
18:54:12 <beyounn> I sent email, please help to review
18:54:18 <beyounn> and here are links
18:54:26 <beyounn> https://review.openstack.org/#/c/69171/
18:54:35 <beyounn> https://review.openstack.org/#/c/67784/
18:54:46 <beyounn> Done, thanks :-)
18:55:13 <beyounn> BTW-- the CLI unit testing is coming too
18:55:19 <beyounn> And one more question
18:55:22 <SumitNaiksatam> beyounn: sweet
18:55:35 <beyounn> If I have unit test  cases, do I still need to write separate tempest?
18:55:36 <SumitNaiksatam> #link https://review.openstack.org/#/c/69171/
18:55:43 <SumitNaiksatam> #link https://review.openstack.org/#/c/67784/
18:56:13 <SumitNaiksatam> beyounn: we will eventually need to write tempest tests for every feature
18:56:16 <SumitNaiksatam> beyounn: so yes
18:56:20 <beyounn> ok
18:56:26 <beyounn> All done from me
18:56:28 <beyounn> :-)
18:56:31 <SumitNaiksatam> beyounn: i don't know that it's a requirement for the neutron patch
18:56:40 <SumitNaiksatam> beyounn: i don't think so
18:56:57 <SumitNaiksatam> beyounn: so you are not blocked on anything, right?
18:57:05 <beyounn> just code review
18:57:07 <RajeshMohan> beyounn: How is this mapped to IPTables - the reference implementation?
18:57:34 <beyounn> Rajesh: Let's talk about this after I finished CLI unit test
18:57:42 <RajeshMohan> beyounn: Is IPTables aware of service-objects or it still works with protocol and port numbers?
18:57:59 <RajeshMohan> beyounn:OK, thanks.
18:58:07 <beyounn> Rajesh:At this stage, no one known service-object test
18:58:17 <SumitNaiksatam> beyounn: yeah, we would need the backend driver implementation for the APIs to go in
18:58:18 <beyounn> the service-object is just a separated resource
18:58:33 <beyounn> Sumit: all right
18:58:48 <SumitNaiksatam> beyounn: no rush, you have marked it as WIP
18:59:07 <beyounn> Sumit: right, but please do take a look and give feedbacks
18:59:17 <SumitNaiksatam> beyounn: when we move it out of WIP, we will need an end-to-end flow working
18:59:19 <RajeshMohan> beyounn:is this feature for Icehouse?
18:59:32 <SumitNaiksatam> beyounn: yes sure, not saying that we should not review
18:59:48 <beyounn> Rajesh, I'm not rush it for I release at the moment
19:00:03 <RajeshMohan> beyounn: ok, then we have lot of time :-)
19:00:06 <SumitNaiksatam> beyounn: but you will unfortunately not get too many cores looking at it until there is end to end flow work
19:00:08 <beyounn> Rajesh, but it we can catch on the I train, that is greate
19:00:18 <beyounn> s/it/if/
19:00:29 <RajeshMohan> beyounn:ok
19:00:53 <garyduan> BTW, I just rebased and submitted path for service type framework.
19:00:54 <beyounn> Sumit, understood, and I will work on it after the cli unit test
19:01:47 <SumitNaiksatam> beyounn: great thanks
19:01:50 <SumitNaiksatam> we are out time
19:01:54 <SumitNaiksatam> thanks all for attending
19:02:03 <SumitNaiksatam> more follow up over emails and mailers
19:02:07 <SumitNaiksatam> thanks all!
19:02:10 <SumitNaiksatam> #endmeeting