#openstack-meeting log

18:02:50 <SumitNaiksatam> #startmeeting Networking FWaaS
18:02:51 <openstack> Meeting started Wed Feb 12 18:02:50 2014 UTC and is due to finish in 60 minutes.  The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:02:52 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:02:55 <openstack> The meeting name has been set to 'networking_fwaas'
18:03:06 <SumitNaiksatam> garyduan: hi
18:03:10 <SumitNaiksatam> lets start with your patch
18:03:15 <RajeshMohan> Hi all
18:03:25 <SumitNaiksatam> #topic service_type framework
18:03:46 <garyduan> Regarding Eugene's comment
18:04:14 <SumitNaiksatam> garyduan: i think we are stuck with enikanorov's comment
18:04:36 <SumitNaiksatam> garyduan: can you ping him again?
18:04:45 <garyduan> SumitNaiksatam: I can
18:04:48 <SumitNaiksatam> garyduan: we really need to move on now
18:05:12 <SumitNaiksatam> garyduan: gate is also doing better now, and RajeshMohan is waiting on this patch
18:05:20 <garyduan> SumitNaiksatam: another option is to add upgrade to associate existing fw to default provider
18:05:47 <SumitNaiksatam> garyduan: can you set up an IRC meeting with enikanorov to discuss this?
18:06:00 <garyduan> SumitNaiksatam: OK
18:06:22 <SumitNaiksatam> did the other folks get a chance to review garyduan's patch?
18:07:09 <SumitNaiksatam> lets give our suggestions at the earliest so we wrap up the patch
18:07:58 <SumitNaiksatam> garyduan: separately lets try to ping nachi again as well
18:08:09 <garyduan> SumitNaiksatam: sure
18:08:31 <SumitNaiksatam> garyduan: he has a similar patch for VPNaaS, so as long as we are in sync he should be fine for this as well
18:08:59 <garyduan> SumitNaiksatam: right
18:09:10 <SumitNaiksatam> sorry forgot to add link to patch
18:09:16 <ivoks> dem doma
18:09:20 <pcm_> I have a client side patchf or STF
18:09:30 <SumitNaiksatam> #link https://review.openstack.org/#/c/60699
18:09:32 <ivoks> sigh :)
18:09:33 <pcm_> to go with Nachi's patch
18:09:41 <SumitNaiksatam> pcm_: ok
18:10:06 <SumitNaiksatam> pcm_: are you find with garyduan's patch ^^^
18:10:11 <SumitNaiksatam> *fine
18:10:33 <pcm_> Just joined in, what's the link(sorry)?
18:11:00 <enikanorov> SumitNaiksatam: garyduan hi
18:11:16 <enikanorov> i'm just walking by. how can i help?
18:11:21 <garyduan> pcm_: https://review.openstack.org/#/c/60699
18:11:51 <SumitNaiksatam> enikanorov: thanks for joining, we are waiting on you for: #link https://review.openstack.org/#/c/60699
18:11:58 <garyduan> enikanorov: we are talking about the fwaas service framework patch
18:12:06 <pcm_> garyduan: thanks. I'll look at it.
18:12:10 <enikanorov> ah, ok, yep, I have to say something on this
18:12:16 <enikanorov> let me quickly go over the comments
18:12:27 <garyduan> enikanorov: regarding yours and Sumit's comments
18:12:46 <SumitNaiksatam> enikanorov: thanks, we need to make a move on this patch since others a waiting on this
18:12:51 <SumitNaiksatam> *are
18:13:10 <enikanorov> ok, so you think it's fine because of experimental status. i'm ok with that
18:13:16 <enikanorov> i'll remove -1
18:13:42 <SumitNaiksatam> enikanorov: yeah, i dont think this in production anywhere yet (happy to be corrected)
18:13:52 <SumitNaiksatam> enikanorov: so migration would not be a concern to me
18:13:58 <enikanorov> and also we're now discussing flavors with markmcclain and salv-orlando, i think it will eventually take place of providers
18:14:02 <SumitNaiksatam> what does the rest of the FWaaS team think
18:14:21 <SumitNaiksatam> enikanorov: good to know, please include me in that discussion
18:14:25 <pcm_> SumitNaiksatam: is the FWaaS STF in-line with the VPNaaS patches?
18:14:32 <garyduan> enikanorov: just a name change?
18:14:39 <enikanorov> yeah, it has just started but i think it going to have some implications
18:14:43 <enikanorov> garyduan: not really
18:14:49 <SumitNaiksatam> enikanorov: while we still have STF, we would like to make sure FWaaS is compliant
18:14:52 <enikanorov> it's much more flexible and complex thing
18:15:27 <SumitNaiksatam> enikanorov: we can eventually migrate along with the other services whenever they move to the new flavors or whatever it ends up being
18:15:46 <SumitNaiksatam> pcm_: my understanding is yes
18:15:53 <enikanorov> SumitNaiksatam: i understand. I think i'll just write an email with the problem overview and you will decide if you want to move forward with STF or wait for flavors
18:15:58 <pcm_> SumitNaiksatam: cool
18:16:15 <garyduan> enikanorov: I think, it was mentioned in HK meeting, but like to know the detail
18:16:41 <enikanorov> garyduan: flavors is something that was proposed at least a year ago
18:16:43 <SumitNaiksatam> enikanorov: so we have to go with STF, you are +1 for the current patch?
18:16:47 <enikanorov> (with a bit different name may be)
18:16:55 <enikanorov> but no one closely worked on this
18:17:08 <enikanorov> service type fw, 'providers' is a simplistic implementation of this
18:17:53 <enikanorov> SumitNaiksatam: i'll need to look closer to give +1 (i remember i found no issues except migration)
18:18:33 <SumitNaiksatam> enikanorov: ok, if you can take a few minutes at the earliest, would be much appreciated
18:18:41 <enikanorov> sure i will
18:18:48 <SumitNaiksatam> enikanorov: great thanks
18:19:03 <SumitNaiksatam> garyduan: anything else to discuss on this patch?
18:19:21 <garyduan> no
18:19:30 <garyduan> Thanks enikanorov and pcm_
18:19:46 <pcm_> np
18:20:02 <pcm_> do you guys have a corresponding client side change out for review?
18:20:19 <SumitNaiksatam> pcm_: no
18:20:24 <SumitNaiksatam> rather, not yet
18:20:36 <garyduan> pcm_: what is client side change?
18:21:01 <pcm_> For VPNaaS we needed change to neutronclient too... https://review.openstack.org/#/c/53602/1
18:21:12 <garyduan> pcm_: OK
18:21:38 <garyduan> pcm_: not for service framework
18:22:03 <SumitNaiksatam> pcm_: we can add similar functionality for FWaaS as well, once server side patch is in
18:22:24 <pcm_> yeah, just giving heads up
18:22:29 <SumitNaiksatam> pcm_: thanks
18:22:53 <SumitNaiksatam> ok moving on
18:23:24 <SumitNaiksatam> #topic Service Insertion and Firewall
18:23:54 <SumitNaiksatam> #link https://review.openstack.org/#/c/62599
18:24:04 <SumitNaiksatam> RajeshMohan: you rebased the patch
18:24:09 <SumitNaiksatam> thanks!
18:24:32 <RajeshMohan> I am working on the agent and driver side now
18:24:37 <SumitNaiksatam> RajeshMohan: are you on track to respond to the review comments?
18:24:47 <SumitNaiksatam> RajeshMohan: great
18:25:11 <SumitNaiksatam> RajeshMohan: agent and driver side changes are hopefully not too many, right?
18:25:13 <RajeshMohan> I have not closely looked at review comments
18:25:20 <RajeshMohan> (since it is still WIP)
18:25:41 <RajeshMohan> I know I have to add unit tests to remove -2 from you
18:25:50 <SumitNaiksatam> RajeshMohan: i think if the agent and driver side changes are small, they can all be in the same patch, no need to split further
18:25:53 <RajeshMohan> Are there any other major comments
18:26:02 <RajeshMohan> Ofcourse
18:26:11 <RajeshMohan> THat is the plan
18:26:24 <RajeshMohan> Next patch will have agent and driver changes
18:26:33 <SumitNaiksatam> RajeshMohan: nice
18:27:02 <SumitNaiksatam> RajeshMohan: as for comments, I dont think my comments on the validation have been fully addressed
18:27:03 <RajeshMohan> SumitNaiksatam: Can you remove -2 and put -1
18:27:18 <SumitNaiksatam> RajeshMohan: we went back and forth several times on this
18:27:25 <RajeshMohan> SumitNaiksatam: Ok.
18:27:49 <RajeshMohan> SumitNaiksatam: I will go through the comments again. I deferred some to do it as part service-tyep framework
18:28:02 <SumitNaiksatam> RajeshMohan: I believe we left at the point where you were going to fix it (after rebasing)
18:28:09 <SumitNaiksatam> RajeshMohan: yeah
18:28:19 <SumitNaiksatam> ok moving on to the client/CLI
18:28:24 <SumitNaiksatam> SridarK: hi
18:28:50 <SridarK> The thought on the CLI is something like:
18:29:11 <SridarK> neutron firewall-create <policy-id> --service-context routers=<router-uuid- list> networks=<ne-uuid-tlist> subnets=<subnet-uuid-list> ports=<ports-uuid-list>
18:29:39 <SumitNaiksatam> SridarK: that looks okay
18:29:51 <SumitNaiksatam> SridarK: it will be more like:
18:31:08 <SumitNaiksatam> firewall-create <policy-id> [--service-context [routers=<router-uuid- list>] [networks=<ne-uuid-tlist>] [subnets=<subnet-uuid-list> ports=<ports-uuid-list>]]
18:31:22 <SridarK> yes ofcourse
18:31:25 <SumitNaiksatam> SridarK: meant to indicate that the context is optional
18:31:38 <SridarK> absoultely that was the intent
18:31:48 <SumitNaiksatam> SridarK: and that when the context is specified, not all types are required
18:31:55 <SumitNaiksatam> SridarK: yeah i am sure you meant that
18:32:07 <SumitNaiksatam> SridarK: just wanted to clarify my understanding
18:32:08 <SridarK> yes, i have some json dumps from RajeshMohan:
18:32:20 <SumitNaiksatam> RajeshMohan, garyduan: does that look ok?
18:32:27 <SridarK> so will get a patch pushed out in the next couple of days
18:32:39 <RajeshMohan> SumitNaiksatam: Just to highlight - it slightly deviates from outPI design. IN API, the list of insertion types (routers, ports) can be anything by changing validtors (without changing API). But CLI has to change if we introduce a new type of insertion
18:33:08 <RajeshMohan> s/outPI/our API
18:33:09 <garyduan> SumitNaiksatam: looks fine
18:33:26 <SumitNaiksatam> RajeshMohan: thats correct, in the CLI we are more explicit, but that's the client side
18:33:42 <RajeshMohan> SumitNaiksatam: Just wanted to make sure that is ok
18:33:48 <SumitNaiksatam> RajeshMohan: we would ideally like it to be more user friendly
18:34:38 <SumitNaiksatam> RajeshMohan: i believe the other option would be not to have, say, "routers=...", but i think its better to be more explicit
18:35:13 <SumitNaiksatam> SridarK: there used to be some quirks when having to specify a list of values
18:35:25 <RajeshMohan> SumitNaiksatam: I agree with the current CLI. Just wanted to bring it up so that it is recorded that we discussed this.
18:35:34 <SridarK> ok rather than a single value ?
18:35:45 <SridarK> on each option ?
18:36:12 <SumitNaiksatam> SridarK: i think we have some convention when we specifying the firewall rule ids for a firewall policy
18:36:24 <SumitNaiksatam> SridarK: I would tend to think we can follow that convention
18:37:01 <SridarK> ok sounds good - will look at that FW Rules list SumitNaiksatam::
18:37:06 <SridarK> Thanks
18:37:12 <SumitNaiksatam> SridarK: thanks
18:37:31 <SumitNaiksatam> RajeshMohan: do we anticipate devstack changes?
18:37:52 <RajeshMohan> SumitNaiksatam: I am hoping to avoid it
18:38:10 <RajeshMohan> SumitNaiksatam: If insertion type is not specified, then insert it on all
18:38:22 <SumitNaiksatam> RajeshMohan: so default will still be on all routers?
18:38:45 <SumitNaiksatam> i think we discussed that
18:38:48 <RajeshMohan> SumitNaiksatam: If someone can update devstack, htat will be great
18:39:15 <SumitNaiksatam> RajeshMohan: i can update devstack, just let me know what you have in mind
18:39:49 <RajeshMohan> SumitNaiksatam: I am not sure if there is any change required.
18:40:40 <SumitNaiksatam> RajeshMohan: ok good
18:41:07 <RajeshMohan> SumitNaiksatam: Netork issues on my side. I am gettising refresed late
18:41:08 <SumitNaiksatam> i think based on the tempest tests, we might need to, in case we want fwaas to be inserted as a part of the devstack process
18:41:28 <SumitNaiksatam> and don't want to be on all routers
18:41:35 <SumitNaiksatam> RajeshMohan: no worries
18:41:53 <SumitNaiksatam> SridarK: so we will have a CLI patch by friday :-)
18:42:05 <SridarK> Will certainly shoot for that. :-)
18:42:06 <RajeshMohan> SumitNaiksatam: yes, but config tells where it needs to be inserted. So, I am not sure where the  no devstack changes
18:42:38 <SumitNaiksatam> RajeshMohan: also can we remove the WIP on your patch by this friday?
18:43:03 <RajeshMohan> SumitNaiksatam: I will try. Unit tests will most likely not be complete
18:43:33 <SumitNaiksatam> RajeshMohan: as long as you have some UT, it should be fine, there will always be a case for adding more
18:43:33 <RajeshMohan> SumitNaiksatam: But I will do my best to get it done by Friday
18:43:47 <RajeshMohan> SumitNaiksatam: Ok.
18:44:09 <SumitNaiksatam> RajeshMohan: with some UTs, and the patch out of WIP, people will feel more comfortable about reviewing
18:44:29 <RajeshMohan> SumitNaiksatam: and without -2 :-)
18:44:39 <SridarK> :-)
18:45:03 <SumitNaiksatam> RajeshMohan: yeah, i will remove, i wanted to make sure that the comment regarding the validation etc are not missed
18:45:15 <SridarK> it seems RajeshMohan: is hurt by the -2 ;-)
18:45:17 <RajeshMohan> SumitNaiksatam: I will add validators in reference implementation context and then you can remove that
18:45:29 <SumitNaiksatam> RajeshMohan: thanks
18:45:50 <SumitNaiksatam> SridarK: i will be more careful :-P
18:45:57 <SridarK> :-)
18:46:34 <SumitNaiksatam> anything else on this?
18:47:09 <SumitNaiksatam> ok moving on
18:47:27 <SumitNaiksatam> #topic Service Objects
18:47:41 <beyounn> ok
18:47:52 <SumitNaiksatam> beyounn: hi
18:47:52 <beyounn> I'm working on the FW side of changes
18:47:59 <SumitNaiksatam> beyounn: great
18:48:07 <beyounn> I may need to ping Rajesh for help when I update iptable part
18:48:24 <beyounn> but for now, I removed WIP from current review request
18:48:31 <SumitNaiksatam> beyounn: ok, do we have a chance of targeting this for I3?
18:48:39 <beyounn> since it has passed both unit test and tempest
18:48:46 <RajeshMohan> beyounn: you can send me email and we can discuss
18:48:54 <beyounn> Sumit:When will be I3?
18:48:57 <SumitNaiksatam> beyounn: ok cool, i saw the update a few days back
18:49:00 <beyounn> Rajesh: Thanks
18:49:41 <SumitNaiksatam> beyounn: lets keep at least the rest of the team also in the loop on that discussion
18:49:51 <beyounn> Sumit:sure
18:49:55 <beyounn> Also,
18:50:17 <beyounn> enikanorov has reviewed it, for everyone else, please also help to take a look
18:50:33 <beyounn> Since this is the first time I'm writing python, so more feedback is better
18:50:42 <SumitNaiksatam> beyounn: milestones: #link https://wiki.openstack.org/wiki/Icehouse_Release_Schedule
18:50:49 <SumitNaiksatam> i believe its march 4th
18:51:04 <beyounn> Sumit: That could be hard
18:51:18 <SumitNaiksatam> beyounn: ok
18:51:26 <beyounn> Ok, I'm done
18:51:32 <SumitNaiksatam> beyounn: whatever you are comfortable with
18:51:54 <beyounn> Sumit: thanks
18:52:12 <SumitNaiksatam> beyounn: we would need corresponding CLI/client patch also for this (eventually)
18:52:26 <beyounn> I had CLI as well
18:52:26 <SumitNaiksatam> #topic general discussion
18:52:40 <SumitNaiksatam> beyounn: ok
18:52:42 <beyounn> https://review.openstack.org/#/c/69171/
18:52:51 <SumitNaiksatam> oh thanks, i missed that
18:52:59 <beyounn> Sumit: Please take a look
18:53:06 <beyounn> Since no one has review it yet
18:53:40 <SumitNaiksatam> beyounn: but i think we first need to review and feel more comfortable about the server side patch
18:53:53 <beyounn> Sumit: Sure
18:53:59 <beyounn> enikanorov: are you still there?
18:54:09 <enikanorov> beyounn: yes
18:54:09 <SumitNaiksatam> so in terms of order of priority of reviews for our team, can i request that we first review garyduan's patch:
18:54:18 <enikanorov> what is it (sorry, i'm not following the meeting)
18:54:31 <SumitNaiksatam> #link https://review.openstack.org/#/c/60699
18:54:47 <beyounn> enikanorov: could you take a look at https://review.openstack.org/#/c/67784/ again
18:54:49 <beyounn> thanks
18:55:09 <SumitNaiksatam> can i request all FWaaS team members to review garyduan's patch first?
18:55:25 <beyounn> Sumit: Sure
18:55:26 <SridarK> will do
18:55:29 <SumitNaiksatam> second priority will be RajeshMohan's service insertion patch:
18:55:41 <SumitNaiksatam> #link https://review.openstack.org/#/c/62599
18:56:17 <SumitNaiksatam> meanwhile hopefully SridarK will have his CLI patch as well, and we can review that
18:56:36 <SumitNaiksatam> subsequently, we beyounn should be ready with his patch:
18:56:51 <SumitNaiksatam> #link  https://review.openstack.org/#/c/67784
18:56:58 <SumitNaiksatam> and we can review that
18:57:30 <SumitNaiksatam> i am not suggesting that we do this sequentially, but in terms of priority i am proposing this as the plan to requests patches getting merged
18:58:01 <SumitNaiksatam> we have pretty much been working on these lines just restating it
18:58:12 <SumitNaiksatam> thats pretty much it from me
18:58:31 <SumitNaiksatam> #info feature proposal freeze deadline is feb 18th
18:59:04 <SumitNaiksatam> everyone is good otherwise?
18:59:53 <SumitNaiksatam> ok seems like :-)
18:59:57 <SumitNaiksatam> lets wrap up
19:00:02 <SumitNaiksatam> bye
19:00:04 <SridarK> ok bye all
19:00:09 <RajeshMohan> Bye all
19:00:12 <pcm_> bye
19:00:13 <SumitNaiksatam> #endmeeting