18:02:12 #startmeeting Networking FWaaS 18:02:12 Meeting started Wed Jan 29 18:02:12 2014 UTC and is due to finish in 60 minutes. The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:02:13 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:02:16 The meeting name has been set to 'networking_fwaas' 18:02:35 #info feature proposal freeze deadline is Feb 18th 18:03:16 any thoughts/questions on that? 18:03:23 so all BP's shd be in approved state 18:03:28 by then ? 18:03:51 SridarK: i think patches have to land by then 18:04:04 ok so the patch shd be in review 18:04:19 SridarK: yeah, nicer way to put it :-) 18:04:27 and we have until Mar 6 (or couple of days b4) to get it merged 18:04:29 :-) 18:04:35 SridarK: yeah 18:05:23 I will need to get the CLI for service insertion (complement to RajeshMohan's patch) out for review soon 18:05:55 Will sync up with u guys offline and push it out possibly by end of the week 18:06:05 SridarK: ok good 18:06:21 lets get that as a part of the particular topic as well 18:06:28 ok sorry 18:06:41 SridarK: oh on worries, thanks for brining it up 18:07:17 SridarK: since you are around, lets start with the tempest updated 18:07:24 ok 18:07:35 #topic temptest testing 18:07:45 SridarK: whats the latest on this? 18:07:51 even b4 tempest - basic manual testing of VPNaaS and FWaaS looks good 18:08:09 SridarK: yeah, good, we would like to know :-) 18:08:16 beyounn: hi 18:08:18 want to try a few more and will wrap it up with a log/doc 18:08:27 hello 18:08:30 SridarK: ok 18:08:44 SridarK: but can we spin off a tempest run in parallel? 18:09:01 on tempest, see many failures, then disabled fwaas & vpnaas and see similar kind of issues 18:09:34 failures are in many other components not quite related 18:09:49 SridarK: ok, do those correlate to existing issues in recheck? 18:09:49 so checking to see if i need to set up the conf any differently 18:09:58 i am checking on that 18:10:05 could possibly be the same 18:10:27 given that base line also has issues - i dont think we are introducing any additional failures 18:10:35 but need to validate that to be sure 18:10:44 then we can put out a report 18:11:16 I had the same problem when I run tempest for my service group 18:11:26 beyounn: ok 18:11:53 SridarK: just so that we are on the same page, how are you running the tempest tests? 18:11:58 I was hoping to get a summary report so it will be easier to verify - have not figured out how to do tht yet 18:12:15 i use the run_tempest script 18:12:29 and am using the default conf that is present 18:12:33 SridarK: so, you are not using tester? 18:12:44 *testr 18:12:50 i was not sure abt this so have asked for some local clarifications 18:12:59 i thought this is a wrapper over that 18:13:14 perhaps i am wrong 18:14:26 SumitNaiksatam: I could also sync up with u more on this offline 18:14:29 SridarK: ok, but you are not still seeing the summarized information on the tests, right? 18:15:02 no i did not - i do see results but have not seen summary 18:15:23 SridarK: ok, we sync up offline 18:15:34 SumitNaiksatam: Ok will do 18:18:01 SridarK: by next week we want to give an firm update on whether the gate can turn on fwaas 18:18:35 SridarK: this is independent of the tempest test failures that are already known 18:18:45 SumitNaiksatam: Yes will have this wrapped up in the next day or two 18:19:16 So as long as we are not introducing anything new we are good and can provide that update for the next neutron mtg 18:19:38 SridarK: ok, i think documenting your findings is a good idea 18:19:42 * new failures 18:19:59 SumitNaiksatam: Sounds good - we can review b4 the mtg 18:20:09 SridarK: as you were planning, if you can create a new child page on the fwaas wiki, we can point the rest of the community to it 18:20:22 SumitNaiksatam: Will do 18:21:24 SridarK: any chance that we can have this info by friday? 18:22:21 SumitNaiksatam: Yes should not be a problem 18:22:34 SridarK: great, thanks 18:23:52 ok so moving on 18:24:00 is garyduan around? 18:24:39 no, here is not in yet 18:24:43 ah ok 18:24:58 #topic service_type framework 18:26:27 beyounn: do you know if garyduan is planning to rebase? 18:26:37 yes 18:26:38 #link https://review.openstack.org/#/c/60699/ 18:26:43 he will do that 18:27:00 I will follow up with him and see if he can have time to do it today 18:27:20 beyounn: great 18:27:40 beyounn: at this point just a rebase, and that should trigger another build 18:27:49 ok 18:28:01 beyounn: are there any other blockers for him that you are aware of? 18:28:35 I don't know, but I will check with him 18:28:58 beyounn: ok thanks 18:29:08 #topic Service Insertion and Firewall 18:29:15 #link https://review.openstack.org/#/c/62599/ 18:29:19 RajeshMohan: hi 18:29:47 RajeshMohan: i know you are blocked a little bit by the service type patch 18:29:48 hi 18:30:14 If we are confident that it will be merged - then I can move my changes to Gary's patch 18:30:24 RajeshMohan: i think we should do that 18:30:56 RajeshMohan: at this point its matter of when versus if 18:31:20 RajeshMohan: but what about the other changes we were planning 18:31:38 SumitNaiksatam: In that case, I will move to his patch first 18:31:45 RajeshMohan: ok 18:32:02 RajeshMohan: so you will first rebase off his patch, and then make the earlier planned changes? 18:32:19 SumitNaiksatam:I am already looking at his patch but developing my code on trunk 18:32:52 SumitNaiksatam: Yes, I will move to his patch first and then make the planned changes 18:32:53 RajeshMohan: ok 18:33:02 RajeshMohan: thanks 18:33:09 so while SridarK is still here 18:33:24 I believe we need have to sync up on the CLI? 18:33:27 I am here :-) 18:33:30 SridarK RajeshMohan? 18:33:33 Yes 18:33:39 SumitNaiksatam:Yes 18:34:24 you guys already have a plan? 18:34:38 else we can set aside some time for a meeting 18:34:58 SumitNaiksatam:we (Sridar & myself) will synch up offline 18:35:04 SumitNaiksatam: RajeshMohan: Yes that was our thought to meet to run thru the changes 18:35:23 SumitNaiksatam: we will update in the next meeting 18:35:31 We can discuss offline to sched a time 18:35:47 #action SridarK to set up offline meeting to discuss insertion CLI 18:36:15 RajeshMohan: any thoughts on Horizon integration 18:36:33 RajeshMohan: we need the client before that, but we need that as well 18:37:51 SumitNaiksatam:I think it will be useful to start on Horizon after we post some initial patch of CLI 18:37:59 sorry, I am late 18:38:08 RajeshMohan: ok, only thing is the timing 18:38:12 garyduan: hi 18:38:27 garyduan: we can circle back to you once we are done with the other topics 18:38:49 RajeshMohan: i am not sure if we will have enough time to post the patch before I3 18:38:53 ok 18:38:57 SumitNaiksatam:I understand. In the worst case, the horizon will not be broken 18:38:58 RajeshMohan SridarK: what do you think? 18:39:09 SumitNaiksatam: So will definitely try to get the CLI out as quickly as possible 18:39:20 RajeshMohan SridarK: also what is our contingency? 18:39:40 I guess we defn need to have this correct ? 18:39:49 SridarK: yeah 18:39:50 SumitNaiksatam: The horizon will not pass insertion-context and we will make sure the code works as before 18:40:20 RajeshMohan: ok, but that would mean applying the changes on all routers 18:40:43 RajeshMohan: i think we should have the horizon patch at least 18:41:08 RajeshMohan: lets discuss during CLI meeting 18:41:13 SumitNaiksatam: What I am saying is, if we cannot meet the I3 timeline, we will not break Horizon with this new feature 18:41:25 RajeshMohan: agree 18:41:48 RajeshMohan: ok, anything more on this topic? 18:42:07 SumitNaiksatam:Just to confirm, to merge, is Horizon a must? 18:42:32 RajeshMohan: not that i am aware of 18:42:32 One more question, not sure if it's discussed today 18:42:41 RajeshMohan: we would would need CLI/client though 18:42:44 about if we need source/dest context? 18:42:51 SumitNaiksatam:I do not want to write some code and not merge. Horizon looks difficult at this stage. 18:43:05 SumitNaiksatam:Yes - agree on CLI 18:43:14 RajeshMohan: you mean write code for Horizon which does not merge? 18:43:23 garyduan: Zones is planned for Firewall 18:43:49 garyduan: I think zones are the way to attach semantics to ports 18:44:14 garyduan RajeshMohan sorry, lets wrap up the discussion on horizon support 18:44:24 garyduan: the insertion context solves the problem of reference implementation - we insert firewall on all routers which is really bad 18:44:42 SumitNaiksatam:ok 18:44:52 RajeshMohan: let's discuss later 18:45:00 : RajeshMohan: you mean write code for Horizon which does not merge? 18:45:23 SumitNaiksatam:No write code for insertion-context and not merge 18:45:37 RajeshMohan: ah, on account of horizon dependency? 18:45:38 SumitNaiksatam:I am ok if Horizon code does not merge 18:45:49 SumitNaiksatam: Yes 18:46:02 RajeshMohan: i have not seen that to be a requirement before 18:46:15 SumitNaiksatam:if it is only dependent on CLI, then we have good chance to get in by I3 18:46:17 RajeshMohan: i don't think anything has changed 18:46:28 RajeshMohan: yeah 18:47:07 RajeshMohan: so we are good, lets focus first as planned on your patch and the CLI, but at the side also explore what needs to be done for Horizon 18:47:43 SumitNaiksatam: will do; did we decide who will work on it? 18:48:19 RajeshMohan: no specific person assigned for Horizon yet, thinking was that we will discuss and see how we can share it 18:48:20 SumitNaiksatam: who will work on Horizon - I can help with whatever I know but I am not planning to code that part 18:48:51 RajeshMohan: ok we can take it offline and see how we can handle that 18:49:05 garyduan: your question about source/dest 18:49:13 Yes 18:49:22 garyduan: one point is what RajeshMohan mentioned regarding zones 18:49:26 I understand Router context doesn't require s/d 18:49:43 garyduan: i also commented regarding there being a list of resource ids 18:49:58 garyduan: so you can specify multiple 18:50:09 Guys sorry i need to bail now - will sync up later offline 18:50:27 SridarK: thanks much for joining, later 18:50:41 garyduan: does that not sound okay? 18:50:42 lter bye 18:51:20 SumitNaiksatam: my understanding is subnet/port does need source and dest 18:51:48 garyduan: the insertion-context is common for all services 18:52:03 RajeshMohan: thats correct 18:52:07 garyduan: source-dest makes sense for firewall 18:52:55 garyduan: ok lets take this discussion offline 18:53:13 RajeshMohan: ok. so firewall, we only use router for insertion 18:53:16 #action garyduan to initiate offline discussion on source/dest for subnets/ports 18:53:20 RajeshMohan: until we have chain 18:53:38 since beyounn has been waiting lets give him some time :-) 18:53:48 #topic Service Objects 18:53:59 Mine will be quick 18:54:01 garyduan: I would like to discuss this in more depth with you; let's do it offline 18:54:12 I sent email, please help to review 18:54:18 and here are links 18:54:26 https://review.openstack.org/#/c/69171/ 18:54:35 https://review.openstack.org/#/c/67784/ 18:54:46 Done, thanks :-) 18:55:13 BTW-- the CLI unit testing is coming too 18:55:19 And one more question 18:55:22 beyounn: sweet 18:55:35 If I have unit test cases, do I still need to write separate tempest? 18:55:36 #link https://review.openstack.org/#/c/69171/ 18:55:43 #link https://review.openstack.org/#/c/67784/ 18:56:13 beyounn: we will eventually need to write tempest tests for every feature 18:56:16 beyounn: so yes 18:56:20 ok 18:56:26 All done from me 18:56:28 :-) 18:56:31 beyounn: i don't know that it's a requirement for the neutron patch 18:56:40 beyounn: i don't think so 18:56:57 beyounn: so you are not blocked on anything, right? 18:57:05 just code review 18:57:07 beyounn: How is this mapped to IPTables - the reference implementation? 18:57:34 Rajesh: Let's talk about this after I finished CLI unit test 18:57:42 beyounn: Is IPTables aware of service-objects or it still works with protocol and port numbers? 18:57:59 beyounn:OK, thanks. 18:58:07 Rajesh:At this stage, no one known service-object test 18:58:17 beyounn: yeah, we would need the backend driver implementation for the APIs to go in 18:58:18 the service-object is just a separated resource 18:58:33 Sumit: all right 18:58:48 beyounn: no rush, you have marked it as WIP 18:59:07 Sumit: right, but please do take a look and give feedbacks 18:59:17 beyounn: when we move it out of WIP, we will need an end-to-end flow working 18:59:19 beyounn:is this feature for Icehouse? 18:59:32 beyounn: yes sure, not saying that we should not review 18:59:48 Rajesh, I'm not rush it for I release at the moment 19:00:03 beyounn: ok, then we have lot of time :-) 19:00:06 beyounn: but you will unfortunately not get too many cores looking at it until there is end to end flow work 19:00:08 Rajesh, but it we can catch on the I train, that is greate 19:00:18 s/it/if/ 19:00:29 beyounn:ok 19:00:53 BTW, I just rebased and submitted path for service type framework. 19:00:54 Sumit, understood, and I will work on it after the cli unit test 19:01:47 beyounn: great thanks 19:01:50 we are out time 19:01:54 thanks all for attending 19:02:03 more follow up over emails and mailers 19:02:07 thanks all! 19:02:10 #endmeeting