#openstack-meeting log

18:03:55 <SumitNaiksatam> #startmeeting Networking FWaaS
18:03:56 <openstack> Meeting started Wed Feb 19 18:03:55 2014 UTC and is due to finish in 60 minutes.  The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:03:57 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:03:59 <openstack> The meeting name has been set to 'networking_fwaas'
18:04:11 <SumitNaiksatam> #topic gate and temptest testing
18:04:33 <SumitNaiksatam> last week we again brought up the enabling FWaaS at the gate with the PTL
18:05:05 <SumitNaiksatam> the current plan is that we are waiting for a final nod from the PTL on this thursday
18:05:41 <SridarK> So after that the tempest tests can get pushed up ?
18:06:18 <SumitNaiksatam> SridarK: yeah, we need this to be enabled so that the FWaaS tempest tests can be run in the gate
18:06:26 <SumitNaiksatam> EmilienM: there?
18:06:35 <RajeshMohan> Hi al
18:06:47 <SumitNaiksatam> RajeshMohan: hi, thanks for joining
18:07:01 <SumitNaiksatam> EmilienM: posted the patch #link https://review.openstack.org/#/c/65744
18:07:02 <SridarK> Hi RajeshMohan:
18:07:12 <SumitNaiksatam> which targets the FWaaS API
18:07:46 <SumitNaiksatam> however there was already a patch posted by yair: #link https://review.openstack.org/#/c/64362
18:08:16 <SridarK> Hmm! yes that is what confused me
18:09:09 <SumitNaiksatam> just wanted to check with EmilienM if his patch supersedes the other one
18:10:20 <SumitNaiksatam> #action SumitNaiksatam to check with EmilienM, Yair and mlavalle regarding the FWaaS API patch
18:10:25 <SumitNaiksatam> #undo
18:10:26 <openstack> Removing item from minutes: <ircmeeting.items.Action object at 0x2d46910>
18:10:44 <SumitNaiksatam> : #action SumitNaiksatam to check with EmilienM, Yair and mlavalle regarding the tempest FWaaS API patch
18:11:24 <SumitNaiksatam> in addition we would need to add scenario tests as well
18:11:35 <SumitNaiksatam> let me know if there is interest
18:11:53 <SumitNaiksatam> and we can coordinate accordingly
18:12:08 <SridarK> Are we time barred for this already ?
18:12:21 <SumitNaiksatam> SridarK: not that i am not aware of
18:12:31 <SumitNaiksatam> SridarK: i think earlier is always better
18:12:54 <SridarK> ok so for tests the review cut off of Feb 18 does not apply ?
18:13:21 <SumitNaiksatam> #action SumitNaiksatam to also check if there are cut off dates for tempests tests
18:15:00 <SumitNaiksatam> anything more on gate or tempest tests?
18:15:32 <SumitNaiksatam> SridarK RajeshMohan garyduan: once we enable fwaas in the gate, we will have to be on the lookout of any issues that may crop up and break the gate
18:16:11 <SridarK> ok will do
18:16:18 <SumitNaiksatam> SridarK: thanks
18:16:20 <RajeshMohan> ok
18:17:00 <SumitNaiksatam> SridarK: so we need to be watching closely on the day we turn it on, and at least a couple of days after
18:17:11 <SumitNaiksatam> garyduan: there?
18:17:43 <SridarK> ok - is there an email list or some thing to subscribe to to know if there is an issue
18:18:06 <SumitNaiksatam> SridarK: not that i am aware of
18:18:27 <SridarK> ok
18:18:36 <SumitNaiksatam> i think we should join the openstack-ci IRC channel
18:18:58 <SridarK> ok thanks SumitNaiksatam:
18:19:10 <SumitNaiksatam> or rather chat room
18:19:14 <RajeshMohan> SumitNaiksatam: Is there a way to run these tests manually - so that we know how to debug
18:19:28 <SumitNaiksatam> RajeshMohan: good question
18:19:40 <SumitNaiksatam> SridarK: i believe you documented at least some of this, right?
18:20:11 <SridarK> SumitNaiksatam: RajeshMohan: we can do the tempest runs manually
18:20:23 <SridarK> yes i had sent out an email to all on that
18:20:42 <SridarK> but now figuring out and debugging is some deep magic. :-)
18:21:03 <SridarK> I will invest some time on this
18:22:02 <SumitNaiksatam> SridarK: thanks, can you post the wiki page link again?
18:22:41 <SridarK> https://wiki.openstack.org/wiki/Quantum/FWaaS/Testing
18:23:13 <SumitNaiksatam> #link https://wiki.openstack.org/wiki/Quantum/FWaaS/Testing
18:23:18 <SumitNaiksatam> SridarK: thanks
18:23:19 <SridarK> will keep updating that as we add more things into tempest with some of these new patches
18:23:50 <SridarK> np SumitNaiksatam:
18:24:27 <SumitNaiksatam> ok next topic
18:24:43 <SumitNaiksatam> i don't see garyduan so let's go to the fwaas insertion
18:24:51 <SumitNaiksatam> #topic Service Insertion and Firewall
18:25:00 <SumitNaiksatam> #link https://review.openstack.org/#/c/62599/
18:25:10 <SumitNaiksatam> RajeshMohan: thanks for updating the patch
18:25:13 <RajeshMohan> I added unit tests to the patch
18:25:36 <SumitNaiksatam> RajeshMohan: do we have the end to end flow working?
18:25:36 <RajeshMohan> I believe I have good coverage - if not let me know
18:25:58 <RajeshMohan> Yes - tested with service context and verified
18:26:05 <SumitNaiksatam> RajeshMohan: nice
18:26:08 <RajeshMohan> SumitNaiksatam: I will do more testing
18:26:11 <SumitNaiksatam> tanks
18:26:19 <SumitNaiksatam> *thanks
18:26:35 <SumitNaiksatam> RajeshMohan: I had one suggestion on the validation
18:26:43 <RajeshMohan> SumitNaiksatam: yes
18:26:57 <SumitNaiksatam> RajeshMohan: currently we are passing the key_specs
18:27:07 <SumitNaiksatam> routers, networks, etc
18:27:13 <RajeshMohan> SumitNaiksatam: yes
18:27:29 <SumitNaiksatam> this is good in a way since its flexible
18:27:58 <SumitNaiksatam> however, it also introduces the possibility of some service introducing a context that is different from the others
18:28:24 <RajeshMohan> SumitNaiksatam: ok
18:28:30 <SumitNaiksatam> i was thinking that if we don't pass the key_specs but embed the validation inside the validation method, it will be good
18:28:52 <SumitNaiksatam> that way, if some service wants to pass something else, they will have to modify the validation method
18:28:59 <SumitNaiksatam> and is more apparent during the reviews
18:29:20 <SumitNaiksatam> and also we have one place which clearly enumerates all the supported contexts
18:29:31 <RajeshMohan> SumitNaiksatam: when you some other service - you mean like vpnaas, lbaas?
18:29:43 <SumitNaiksatam> yeah, or any others in the future
18:30:12 <SridarK> SumitNaiksatam:  so u mean that the keyspecs is just a string
18:30:13 <SumitNaiksatam> perhaps, the key specs can be defined as constants in the attributes module
18:30:19 <RajeshMohan> SumitNaiksatam: I am ok with that - I did this foe flexibility (as you mentioned)
18:30:38 <SumitNaiksatam> the key specs is optional right?
18:30:46 <RajeshMohan> SumitNaiksatam: Yes
18:31:03 <SumitNaiksatam> so i was thinking that we don't use it
18:31:32 <SumitNaiksatam> instead always check against a fixed list of strings (routers, networks, subnets, ports)
18:31:36 <RajeshMohan> SumitNaiksatam: I thought -not requiring to change attribute file - will be a good thing
18:31:49 <RajeshMohan> SumitNaiksatam: but if you think it helps in reviews, I can make the change
18:32:23 <SumitNaiksatam> RajeshMohan: at this point i am not sure what others think, i am coming from the perspective of there being a standard contract for all services
18:32:46 <SumitNaiksatam> it makes it easier from the user's standpoint to understand the semantics
18:33:47 <SumitNaiksatam> do you guys agree?
18:34:00 <SridarK> Hmm i still a bit on the wall
18:34:11 <SridarK> it is more flexible for sure
18:34:33 <SridarK> but potentially some anbiguity for the end user
18:34:57 <RajeshMohan> SumitNaiksatam: in service context chain - some common definition of all possible service context makes sense
18:35:08 <SumitNaiksatam> RajeshMohan: thats a good point
18:35:15 <SumitNaiksatam> SridarK: yeah
18:36:46 <SumitNaiksatam> SridarK: thanks for posting the CLI patch
18:37:08 <SumitNaiksatam> RajeshMohan: you had some issues with using the CLI?
18:37:41 <SridarK> SumitNaiksatam: No worries -  i am doing the validation for now - but we can discuss ur suggestion to defer resource validation to the backend
18:37:43 <RajeshMohan> SumitNaiksatam: yes I tried and it did not work for me - send email to Sridar
18:37:58 <SumitNaiksatam> okay
18:38:18 <SumitNaiksatam> RajeshMohan: before that, garyduan had some concerns on the terminology and the db model
18:38:24 <SridarK> SumitNaiksatam: RajeshMohan: I tried to check on the msg formatting to make sure that it is aligned with the backend
18:38:31 <SridarK> still debugging some UT issue
18:38:49 <SumitNaiksatam> SridarK: thanks, let us know when you think its working
18:38:57 <SridarK> will sync with RajeshMohan: on this patch and then make sure it works
18:39:01 <SumitNaiksatam> RajeshMohan: earlier question
18:39:04 <SridarK> *his
18:40:23 <RajeshMohan> SumitNaiksatam: you mean the review comments from Gary
18:40:35 <RajeshMohan> SumitNaiksatam: or was there some offline comments?
18:40:36 <SumitNaiksatam> as regarding service_context versus insertion_context, that evolved from a discussion with nati_ueno
18:41:12 <RajeshMohan> SumitNaiksatam: yes
18:42:19 <RajeshMohan> SumitNaiksatam: I saw the review comments  - I will follow up with Gary. Was busy with unit tests
18:42:26 <SumitNaiksatam> RajeshMohan: ok
18:42:52 <SumitNaiksatam> i believe service_context terminology should be good
18:43:41 <SumitNaiksatam> there was a suggestion on reducing the number of tables
18:43:57 <RajeshMohan> SumitNaiksatam: I liek service_context
18:44:29 <RajeshMohan> SumitNaiksatam: there is many-to-one relation. THat was one of the reasons for multiple table
18:44:55 <RajeshMohan> SumitNaiksatam: Gary's comments were not complete - atleast I could not see how it would be done with one table
18:45:02 <SumitNaiksatam> RajeshMohan: yeah, i am not sure we can group everything into the same table
18:45:06 <RajeshMohan> SumitNaiksatam: I will get more information from him
18:45:10 <SumitNaiksatam> RajeshMohan: let me think about it as well
18:45:12 <SumitNaiksatam> RajeshMohan: thanks
18:45:43 <SumitNaiksatam> #action RajeshMohan to follow up on garyduan's comments on reducing the number of tables
18:46:04 <SumitNaiksatam> RajeshMohan: we don't need any devstack changes, right?
18:46:13 <SumitNaiksatam> RajeshMohan: default is still all routers
18:46:15 <RajeshMohan> SumitNaiksatam: yes - not changes
18:46:24 <RajeshMohan> SumitNaiksatam: I mean, no changes
18:46:25 <SumitNaiksatam> RajeshMohan: ok
18:46:33 <SumitNaiksatam> anything more to discuss on this?
18:47:20 <SumitNaiksatam> #topic service_type framework
18:47:30 <SumitNaiksatam> #link https://review.openstack.org/#/c/60699
18:47:40 <SumitNaiksatam> i believe garyduan is still not around
18:47:47 <SumitNaiksatam> he posted a new patch with more UTs
18:48:01 <SumitNaiksatam> SridarK RajeshMohan can you take a quick look at his patch?
18:48:22 <SumitNaiksatam> RajeshMohan: you might also need to rebase your patch (it shows that its out of sync)
18:48:35 <RajeshMohan> I rebased last night
18:48:41 <RajeshMohan> let me check
18:48:43 <SridarK> SumitNaiksatam: will do - was tied up with the CLI stuff but will review now
18:48:45 <SumitNaiksatam> RajeshMohan: ah ok, i probably checked before that
18:49:08 <SumitNaiksatam> RajeshMohan: it currently says outdated
18:49:14 <SumitNaiksatam> SridarK: np
18:49:21 <RajeshMohan> SumitNaiksatam: It is current
18:49:38 <RajeshMohan> SumitNaiksatam: oh
18:49:45 <RajeshMohan> SumitNaiksatam: I did not refresh
18:49:49 <SumitNaiksatam> on gerrit it says outdated
18:50:09 <RajeshMohan> SumitNaiksatam: I will rebase in next 30 min
18:50:16 <SumitNaiksatam> RajeshMohan: np, take your time
18:50:29 <SumitNaiksatam> RajeshMohan: amotoki has some comments on garyduan's patch
18:50:55 <SumitNaiksatam> RajeshMohan: perhaps we can expect the same for your patch as well, so we can preempt those
18:51:25 <RajeshMohan> SumitNaiksatam: I will look at those comments
18:51:31 <SumitNaiksatam> RajeshMohan: thanks
18:51:53 <SumitNaiksatam> i don't think Yi is here either
18:52:04 <SumitNaiksatam> #topic Open Discussion
18:52:28 <SumitNaiksatam> anything more to discuss today?
18:52:36 <SumitNaiksatam> or we can get a few minutes back
18:54:32 <SumitNaiksatam> btw, there are some discussions going on in the context of group policy that require service insertion/chaining
18:54:44 <SumitNaiksatam> i have pointed to RajeshMohan's patch
18:54:53 <SumitNaiksatam> you guys can also chime in
18:55:04 <SumitNaiksatam> ok thanks guys, bye!
18:55:12 <SumitNaiksatam> #endmeeting