18:30:45 <SumitNaiksatam> #startmeeting Networking FWaaS 18:30:46 <openstack> Meeting started Wed Feb 18 18:30:45 2015 UTC and is due to finish in 60 minutes. The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:30:48 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:30:50 <openstack> The meeting name has been set to 'networking_fwaas' 18:30:55 <SridarK> SumitNaiksatam: , vishwanathj badveli hi 18:31:03 <SumitNaiksatam> #info metting agenda https://wiki.openstack.org/wiki/Meetings/FWaaS#Agenda_for_Next_Meeting 18:31:07 <vishwanathj> SridarK, badveli, Hi 18:31:48 <SumitNaiksatam> #info we are in Kilo-3 (last milestone to get features merged) 18:32:05 <badveli> hello all 18:32:35 <SumitNaiksatam> #info kilo-3 is March 19th 18:33:01 <SumitNaiksatam> anything else anyone wants to share? 18:33:08 <vishwanathj> SumitNaiksatam, I thought it was March 5th, maybe I mistaken 18:33:30 <SumitNaiksatam> vishwanathj: you might as well treat it as March 5th ;-) 18:33:49 <SridarK> :-) 18:34:14 <vishwanathj> :) 18:34:25 <SumitNaiksatam> patches have to posted by march 5th 18:34:35 <vishwanathj> oh, I see 18:34:45 <SumitNaiksatam> and merged by march 19th (barring exceptions) 18:35:12 <SumitNaiksatam> #topic Bugs 18:36:10 <SumitNaiksatam> i just noticed this: #lik https://bugs.launchpad.net/neutron/+bug/1418196 18:36:11 <openstack> Launchpad bug 1418196 in neutron "fwaas: driver base class is stale" [Undecided,In progress] - Assigned to yalei wang (yalei-wang) 18:36:57 <SumitNaiksatam> and i think there is a patch: #link https://review.openstack.org/#/c/153930/ 18:37:32 <SridarK> SumitNaiksatam: hmm - i saw the bug 18:37:39 <SridarK> SumitNaiksatam: but missed the review 18:37:52 <SridarK> SumitNaiksatam: i am not sure we need to do this 18:38:00 <SridarK> SumitNaiksatam: i will comment 18:38:03 <SumitNaiksatam> SridarK: okay 18:38:33 <SumitNaiksatam> there is a new doc bug: #link https://bugs.launchpad.net/openstack-manuals/+bug/1419498 18:38:35 <openstack> Launchpad bug 1419498 in openstack-manuals "Networking services in OpenStack Security Guide - FWaaS Section Updates" [Undecided,New] 18:39:19 <SumitNaiksatam> any takers? 18:39:29 <vishwanathj> I can take it 18:39:51 <SumitNaiksatam> vishwanathj: thanks! 18:40:05 <vishwanathj> Should I assign it to myself or are you going to assign it? 18:40:21 <SumitNaiksatam> vishwanathj: yes sure 18:40:33 <SumitNaiksatam> vishwanathj: i think you should be able to assign it 18:40:47 <SumitNaiksatam> SridarK: badveli: I dont see any other high priority issues 18:40:50 <vishwanathj> SumitNaiksatam, I was able to, thanks 18:41:05 <SridarK> SumitNaiksatam: yes - there was another review u pointed me to 18:41:08 <SumitNaiksatam> vishwanathj: great 18:41:21 <SridarK> #link https://review.openstack.org/#/c/147396/ 18:41:25 <SumitNaiksatam> SridarK: yeah, i have not been able to get back to that either 18:42:01 <SridarK> SumitNaiksatam: i commented on that, i am okay with that - waiting for Jenkins issues to get fixed 18:42:26 <SridarK> SumitNaiksatam: i requested some additional validation which the author has added 18:42:52 <SumitNaiksatam> SridarK: right, seems to be failing UTs 18:43:07 <SridarK> SumitNaiksatam: yes also had some pep8 18:43:10 <SridarK> earlier 18:43:21 <SumitNaiksatam> SridarK: true 18:43:37 <SumitNaiksatam> lets wait for it to pass Jenkins 18:43:44 <badveli> yes i am not able to check any other bugs 18:43:44 <SridarK> SumitNaiksatam: when i have a bit more cycles will work with him too 18:44:13 <SumitNaiksatam> i believe the author’s claim is that its not breaking the cases we had mentioned 18:44:43 <SumitNaiksatam> there is this general packaging bug: #link https://bugs.launchpad.net/neutron/+bug/1422376 18:44:44 <openstack> Launchpad bug 1422376 in neutron "enable package test suites: dependency on generated egg from git.openstack.org" [Undecided,Incomplete] 18:44:52 <SumitNaiksatam> and there was some discussion in the ML around it 18:45:02 <SumitNaiksatam> i think at this point we are not changing anything 18:45:55 <SumitNaiksatam> anything else in terms of bugs? 18:46:12 <SridarK> SumitNaiksatam: none that i am aware of 18:46:19 <SumitNaiksatam> SridarK: okay, thanks 18:46:30 <SridarK> np at all 18:46:33 <SumitNaiksatam> #topic Firewall Insertion 18:46:41 <SumitNaiksatam> #link https://review.openstack.org/152697 18:46:45 <SumitNaiksatam> SridarK: over to you 18:46:51 <SridarK> SumitNaiksatam: thx 18:47:01 <SridarK> Some basic things begin to work 18:47:12 <SridarK> I am able to do an end to end test with a single router insertion for CRUD. Update is a bit more tricky now as we need to selectively delete or add FW to specific routers. Some cleanup to push patch up. 18:47:42 <SridarK> I am doing testing with a single router insert, update, delete 18:47:45 <SumitNaiksatam> #chairs SridarK vishwanathj badveli 18:47:55 <SumitNaiksatam> #chair 18:47:56 <openstack> Current chairs: SumitNaiksatam 18:48:09 <SumitNaiksatam> #chair SridarK vishwanathj badveli 18:48:10 <openstack> Current chairs: SridarK SumitNaiksatam badveli vishwanathj 18:48:22 <SumitNaiksatam> sorry, anticipating network issues 18:48:23 <SridarK> thus far i have these things working 18:48:30 <SridarK> ok i figured 18:48:42 <SridarK> What remains is to support list of routers on the db side for the access methods. And UT. And i am sure small things here and there. 18:48:54 <SumitNaiksatam> SridarK: nice 18:48:59 <vishwanathj> SumitNaiksatam, what does that mean? Current chairs? pardon my ignorance 18:49:13 <SumitNaiksatam> vishwanathj: in case i drop off, you can close the meeting 18:49:21 <vishwanathj> got it, thanks 18:49:27 <SumitNaiksatam> SridarK: sorry for the distraction 18:49:30 <SridarK> SumitNaiksatam: i have hacks all over the place - want to clean that out and push a patch up 18:49:31 <SridarK> np 18:49:46 <SumitNaiksatam> SridarK: okay, i noticed some comments from other cores 18:49:48 <SridarK> hacks - meaning more debug logs 18:50:54 <SumitNaiksatam> SridarK: okay 18:50:59 <SridarK> SumitNaiksatam: yes on the tempest front, Nikolay will be working on that 18:51:27 <SridarK> i wanted to touch base with pc_m before but today has been mtg day from early am 18:51:34 <SumitNaiksatam> SridarK: awesome, i noticed his patch was abandoned 18:51:48 <SridarK> we can cover the agent refactor here 18:51:59 <SridarK> SumitNaiksatam: yes he will pick this 18:52:03 <pc_m> SridarK: We can chat later, jsut ping me 18:52:20 <SumitNaiksatam> pc_m: thanks 18:52:20 <SridarK> SumitNaiksatam: perhaps some synchronization has to happen with api tests 18:52:32 <SumitNaiksatam> SridarK: can you request him to update: #link https://wiki.openstack.org/wiki/Neutron/FWaaS/KiloPlan as well? 18:52:45 <SridarK> SumitNaiksatam: i think i added him 18:52:59 <SridarK> pc_m: sure 18:53:03 <SumitNaiksatam> SridarK: yeah, i meant gerrit patch 18:53:11 <SridarK> SumitNaiksatam: ok will do 18:53:12 <SumitNaiksatam> reference 18:54:00 <SumitNaiksatam> SridarK: any blocking issues? 18:54:12 <SridarK> SumitNaiksatam: nothing now 18:54:24 <SridarK> SumitNaiksatam: more neurons will help ;-) 18:54:24 <SumitNaiksatam> SridarK: nice 18:54:29 <SumitNaiksatam> SridarK: :-) 18:54:49 <SumitNaiksatam> in my case, its - some neurons will help 18:54:49 <SridarK> Lets discuss a bit on the L3 agent refactor implications 18:54:50 <vishwanathj> SridarK, let me know if there is any way that I can help or contribute to your efforts 18:54:55 <SridarK> :-) 18:55:06 <SridarK> thx vishwanathj 18:55:25 <SridarK> i will discuss more with pc_m also 18:55:26 <SumitNaiksatam> #topic FWaaS L3 agent refactoring/restructuring 18:55:31 <SumitNaiksatam> SridarK: go ahead 18:55:33 <SridarK> ok 18:56:01 <SridarK> so with the new model since router insert and del is driven from the plugin 18:56:12 <SridarK> it simplifies the agent side as we had discussed 18:56:36 <SridarK> so router add/del notification may not be needed on the agent 18:56:47 <SridarK> the plugin can take care of that side 18:56:58 <SridarK> not sure if we want to put a FK constraint 18:57:11 <SridarK> but that will kind of happen on the plugin 18:57:27 <SridarK> the other thing on i/f add/del 18:57:40 <SridarK> since we install the rules on qr* 18:57:53 <SridarK> we may not need to worry about this 18:58:07 <SridarK> this is my current thought 18:58:21 <SridarK> by saying "we need not have to worry" 18:58:30 <SridarK> i have probab jinxed it already :-) 18:58:36 <SumitNaiksatam> SridarK: :-) 18:58:45 <SridarK> sorry too much typing 18:58:57 <SridarK> will discuss this more with pc_m 18:59:05 <SumitNaiksatam> okay so on the FK, this will be on router? 18:59:17 <SridarK> and also once i update the patch it will become easier for folks to see 18:59:27 <SridarK> SumitNaiksatam: i am thinking if we need to do that 18:59:28 <SridarK> yes 18:59:47 <SumitNaiksatam> SridarK: i am thinking it might be better to avoid FK constraints 19:00:08 <SridarK> SumitNaiksatam: yes exactly what i started typing 19:00:09 <SumitNaiksatam> SridarK: since they are not always supported across DBs 19:00:31 <SridarK> SumitNaiksatam: and if a router is deleted then the fw for that is gone 19:00:44 <SridarK> other routers should still have the fw 19:00:59 <SridarK> SumitNaiksatam: and this should work automatically 19:01:25 <SridarK> SumitNaiksatam: thats all i had 19:01:31 <SumitNaiksatam> SridarK: okay, to the extent we can lets implement those constraints in the code 19:01:46 <SridarK> SumitNaiksatam: ok 19:01:59 <badveli> Sridark, i am not able to follow you, could you please help what are we doing 19:02:36 <SridarK> badveli: sure this is with router insertion and l3 agent refactor implications 19:03:10 <SridarK> badveli: with the router insertion model we are changing the fundamental behavior in the agent 19:03:28 <SridarK> badveli: the agent no longer tries to determine the routers on a tenant 19:03:40 <SridarK> badveli: the plugin tells the agent 19:03:58 <SridarK> this becomes part of the fw dict we send from the plugin to the agent 19:04:20 <SridarK> badveli: so we can remove some of that old code 19:04:34 <badveli> thanks sridark, ok the plugin directly sends the fw dict 19:04:36 <badveli> thanks 19:05:00 <SridarK> badveli: yes as before, but now it also send the routers the fw is to be inserted on 19:05:51 <SridarK> badveli: pls ping me if u other questions 19:05:57 <SridarK> *have 19:05:59 <pc_m> With the refactoring... before the device drivers were talking directly to the agent (to get router info) 19:06:17 <pc_m> If you no longer have that need, then may not have refactoring to do. 19:06:32 <pc_m> (need to get router info from device driver) 19:06:41 <SridarK> pc_m: no change on the agent - device driver interface 19:07:04 <SridarK> the agent will still call into the device driver (iptables) with the router list 19:07:31 <SridarK> pc_m: the changes are confined to the agent and the agent - plugin interaction 19:07:45 <pc_m> SridarK: Will device driver need to access the router (calling back to the agent to get router info)? 19:08:08 <SridarK> pc_m: no the device driver is given the router 19:08:22 <badveli> sridark, the agent will not longer be able to access the router info? 19:09:05 <SridarK> badveli: it will get the router-id - using the router-id it gets the ri list 19:09:20 <SridarK> no change there either 19:09:56 <SridarK> the only change is the agent used to get the list of all routers on the tenant 19:10:01 <SumitNaiksatam> SridarK: pc_m: accessing the router info works the same way as before (after the l3 agent refactor)? 19:10:17 <badveli> ok, this change is needed only to update where is the firewall applied, correct? 19:10:19 <SridarK> the plugin did not provide this before now it does 19:10:40 <SridarK> badveli: yes 19:10:57 <SridarK> SumitNaiksatam: yes i believe so 19:11:17 <SridarK> as we are in the inheritance hierarchy 19:11:22 <SridarK> we can access router-info 19:11:28 <SridarK> no change there 19:11:54 <pc_m> SridarK: We can chat off-line to see if there is any refactoring needed for FWaaS. For VPN we needed to break the coupling between driver and agent. 19:12:05 <SridarK> pc_m: yes lets do that 19:13:01 <SridarK> SumitNaiksatam: i think that all i had 19:13:16 <SumitNaiksatam> pc_m: SridarK: it might be good to get the summary of that conversation for the rest of the team 19:13:26 <SridarK> SumitNaiksatam: yes i will do that 19:14:00 <SumitNaiksatam> perhaps an email summary will be good (i think there is some concern here with some of the vendor drivers which are currently leveraging this interaction) 19:14:39 <SumitNaiksatam> also general comment - i am pretty lonely on #openstack-fwaas 19:14:51 <SumitNaiksatam> so might be a good place to have offline conversations ;-) 19:14:58 <SridarK> SumitNaiksatam: yes on the vendor implications 19:15:00 <vishwanathj> SumitNaiksatam, I did visit you there once :) 19:15:01 <SridarK> SumitNaiksatam: :-) 19:15:33 <SumitNaiksatam> vishwanathj: SridarK: ;-) 19:15:40 <SumitNaiksatam> SridarK: thanks much for those two updates 19:15:48 <SridarK> SumitNaiksatam: some rewiring is needed to get to the IRC :-) 19:16:14 <SridarK> SumitNaiksatam: i never ever thought i would ever do anything on a db in my previous life :-) 19:16:23 <SridarK> so i can also hang out on IRC 19:16:25 <SridarK> :-) 19:16:30 <SumitNaiksatam> SridarK: totally understand, i was just joking, please feel free to communicate in whichever is convenient and most effective! 19:16:37 <SumitNaiksatam> SridarK: :-) 19:16:37 <SridarK> :0) 19:17:07 <SumitNaiksatam> #topic Service Objects 19:17:14 <SumitNaiksatam> badveli: over to you 19:17:37 <badveli> yes sumit 19:18:19 <badveli> not yet uploaded the patch, at least i will try to upload the neutron patch 19:18:25 <SumitNaiksatam> badveli: okay 19:19:31 <badveli> should it be accompanied by neutron client patch also? 19:19:46 <badveli> python neutron client patch? 19:20:21 <SumitNaiksatam> badveli: ideally yes 19:20:37 <SumitNaiksatam> badveli: but “accompanied” is pretty subjective 19:21:02 <SumitNaiksatam> i believe it should be posted in a reasonable frame of time so as to allow reviewers an easy way to test 19:21:18 <badveli> ok, thanks sumit 19:22:27 <SumitNaiksatam> badveli: thanks for the update 19:22:28 <badveli> hopefully still my old patches 19:22:29 <SridarK> badveli: so we will have one for neutron (extensions), one for fwaas (backend) and cli 19:22:38 <badveli> yes sumit 19:22:51 <badveli> but planning to start on extensions first 19:22:59 <SumitNaiksatam> #topic FWaaS gate jobs 19:23:26 <SumitNaiksatam> pc_m: fwaas team owes you another big one for getting this enabled 19:23:36 <vishwanathj> +1 19:23:46 <SridarK> +1 19:24:34 <badveli> thanks pcm 19:24:39 <pc_m> np guys! 19:24:40 <SridarK> I will need some guidance on patches with api changes and interaction with gate jobs 19:25:03 <SridarK> i see a chicken and egg type of problem unless i am missing something 19:25:25 <SridarK> SumitNaiksatam: pc_m: i will ping u guys later on this 19:25:46 <SumitNaiksatam> SridarK: sure 19:26:03 <pc_m> sure 19:26:07 <SumitNaiksatam> SridarK: you anticipate tempest tests breaking? 19:26:24 <SridarK> SumitNaiksatam: yes, as we now provide router ids 19:26:36 <SridarK> SumitNaiksatam: or rather have to provide router-ids 19:26:48 <SridarK> earlier was not needed 19:27:03 <SridarK> so on the old test we will be in PENDING_CREATE 19:27:41 <SridarK> we can talk later - as we are running out of time 19:27:43 <SumitNaiksatam> SridarK: okay 19:27:55 <SumitNaiksatam> #topic Open Discussion 19:28:04 <SumitNaiksatam> Anything else we missed today? 19:28:10 <SumitNaiksatam> we have 2 mins 19:28:58 <SumitNaiksatam> the proposed talks for the Vancouver summit are now public 19:29:17 <vishwanathj> Well, the Intel McAfee FWaaS patch needs to be reviewed once they upload a new patch which passes all jenkins test 19:29:22 <SumitNaiksatam> pc_m: and me along with doug have proposed a talk on *aaS 19:29:30 <SumitNaiksatam> vishwanathj: yes 19:29:32 <vishwanathj> cool 19:30:06 <SridarK> SumitNaiksatam: on the cisco patch we are sorting out our vendor repo implications 19:30:24 <SumitNaiksatam> SridarK: okay 19:30:34 <SumitNaiksatam> fyi on the talk - #link https://www.openstack.org/vote-paris/presentation/neutron-mitosis-and-the-l7-services-roadmaps 19:31:09 <SumitNaiksatam> please let the team know if there are any other related talks so that we can express our interest accordingly 19:31:14 <SumitNaiksatam> we are out of time 19:31:18 <SumitNaiksatam> thanks all! 19:31:22 <vishwanathj> bye 19:31:22 <SumitNaiksatam> bye 19:31:23 <SridarK> thanks all 19:31:26 <SridarK> bye 19:31:28 <SumitNaiksatam> #endmeeting