#openstack-meeting-3 log

18:02:29 <SumitNaiksatam> #startmeeting networking_policy
18:02:30 <openstack> Meeting started Thu May  1 18:02:29 2014 UTC and is due to finish in 60 minutes.  The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:02:31 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:02:33 <openstack> The meeting name has been set to 'networking_policy'
18:02:52 <marun> hi
18:03:10 <thinrichs> Hi all
18:03:11 <rkukura> hi
18:03:33 <SumitNaiksatam> #info agenda https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy
18:04:03 <SumitNaiksatam> #topic GP bp spec review
18:04:13 <SumitNaiksatam> #link https://review.openstack.org/#/c/89469/
18:04:29 <SumitNaiksatam> i think a lot of comments were addressed over the last week
18:04:58 <SumitNaiksatam> i think we are making good progress and close to converging
18:05:33 <SumitNaiksatam> questions/thoughts on that?
18:06:27 <SumitNaiksatam> ok we can move on the PoC update
18:06:29 <banix> looking good!
18:06:36 <SumitNaiksatam> banix: ok
18:06:43 <SumitNaiksatam> #topic PoC Status Update
18:07:15 <SumitNaiksatam> we had some folks huddling together last tuesday and spending a few hours brainstorming on the PoC
18:07:45 <SumitNaiksatam> i think a lot of issues got sorted out during that discussion
18:07:52 <SumitNaiksatam> thanks to all those who participated
18:08:43 <SumitNaiksatam> #info PoC branch is: https://github.com/noironetworks/neutron-group-policy/tree/group-policy-poc
18:09:30 <SumitNaiksatam> i made some changes to the model based on the feedback on the gerrit review
18:09:44 <s3wong> SumitNaiksatam: such as?
18:09:57 <SumitNaiksatam> nothing that we did not discuss on tuesday
18:10:06 <SumitNaiksatam> i am referring to whatever i did before tuesday
18:10:34 <SumitNaiksatam> currently we still only have EPG, EP, BD and RD represented in the PoC branch as far as the model is concerned
18:10:38 <SumitNaiksatam> hope to make progress on that
18:10:58 <SumitNaiksatam> i think rkukura has made good progress on the mapping driver
18:11:03 <SumitNaiksatam> rkukura: over to you
18:11:04 <rkukura> SumitNaiksatam: Do those resources in the PoC code all match the current spec?
18:11:14 <SumitNaiksatam> rkukura: i think so
18:11:25 <rkukura> I didn’t make much progress yesteday, but am today
18:11:49 <rkukura> I hope to push an update late today that create the neutron resources when GP resources are created.
18:11:56 <SumitNaiksatam> rkukura: sweet
18:12:06 <Louis_> i noticed that classifier and action are not in db_group_policy.py
18:12:25 <SumitNaiksatam> btw, the group policy to classical neutron resources is being captured in this document (for the PoC): #link https://docs.google.com/a/noironetworks.com/document/d/134P7TJdiIfjPWbmstSTY4vp9E6oRYTFs64ON3thFxhI/edit#
18:12:26 <rkukura> I’ll push that to rkukura/mapping, and we can review and decide when to merge to group-policy-poc
18:12:38 <s3wong_> sorry, disconnect for a moment
18:12:41 <SumitNaiksatam> Louis_: not implemented yet
18:13:16 <SumitNaiksatam> Louis_: we wanted to get an end-to-end flow going with the EP and the EPG
18:13:35 <SumitNaiksatam> Louis_: also waiting for some of the discussion to settle down on gerrit
18:13:50 <SumitNaiksatam> but we should be good to implement those now, its next on my list
18:13:59 <Louis_> thx - is the intent to use ml2 driver mechanisms?
18:14:02 <rkukura> I don’t see any reason progress can’t be made on the other parts of the model in the PoC while the mapping of the EP, EPG, BD, and RD are being completed
18:14:33 <rkukura> Louis_: The GP plugin has a driver API similar to ML2’s driver API
18:14:36 <SumitNaiksatam> rkukura: yes those things are going in parallel
18:15:01 <rkukura> Louis_: And the plan is for the GP plugin to work with the ML2 plugin’s neutron resources when its mapping driver is used
18:15:16 <Louis_> thx
18:15:30 <SumitNaiksatam> rkukura: my earlier comment was not that the progress is waiting for the mapping to happen, it was more like our focus is on getting on flow going first
18:15:49 <SumitNaiksatam> on -> one
18:16:03 <rkukura> SumitNaiksatam: agreed
18:16:11 <SumitNaiksatam> rkukura: anything else?
18:16:19 <rkukura> Not from me
18:16:38 <SumitNaiksatam> rkukura: thanks, great progress
18:16:43 <SumitNaiksatam> s3wong_: over to you
18:16:49 <SumitNaiksatam> for the service redirect part
18:16:56 <Louis_> can you add an example of consumer/provider and role/capab
18:17:14 <SumitNaiksatam> Louis_: sure
18:17:25 <Louis_> thx
18:17:44 <s3wong_> I started looking at it. The idea is to have an UUID passed, and for the PoC, I will assume this is FW, and will then turn on FW on the router between two EPG
18:18:20 <SumitNaiksatam> s3wong_: ok, i know this is a tough one for you, since the discussion on the services’ side is very much evolving
18:18:33 <SumitNaiksatam> s3wong_:  i guess we will need to iterate through this
18:18:57 <s3wong> in the future, of course, the service object would tell us where to put the object can be inserted and traffic could be steered
18:19:18 <s3wong> but for now, we have no way of "redirect" flow to "service" in Neutron
18:19:31 <Louis_> will the redirect action value be a list of service instance uuids or a service chain uuid or either?
18:19:41 <s3wong> so for the PoC, I will just turn on FWaaS on a router :-)
18:19:49 <SumitNaiksatam> s3wong: yes, we will rely on abstractions exposed by the adv services’ framework to do insertion, steering, etc
18:19:54 <SumitNaiksatam> s3wong:  ok
18:20:05 <banix> Louis_: a service chain uuid
18:20:09 <s3wong> Louis_: for now, we agreed on having redirect be the final action
18:20:10 <SumitNaiksatam> Louis_: either one service or a service chain
18:20:12 <banix> Louis_: not implemented yet
18:20:26 <s3wong> and that object can certainly be service chain
18:20:59 <SumitNaiksatam> Louis_: yeah, like banix and s3wong  said abouve, its one single uuid, either service or service chain
18:21:01 <Louis_> what do u mean by "final" action?
18:21:14 <SumitNaiksatam> Louis_: however service chain is currently not represented in neutron
18:21:26 <Louis_> i see
18:22:59 <SumitNaiksatam> any other questions for s3wong or on service redirect?
18:23:08 <SumitNaiksatam> redirect action that is
18:23:10 <Louis_> would order of the list of service uuids be siginifcant?
18:23:33 <SumitNaiksatam> Louis_: the order is significant in the proposed chain resources
18:23:36 <SumitNaiksatam> *resource
18:23:54 <SumitNaiksatam> ideally it would be a graph representation
18:24:02 <SumitNaiksatam> but that is difficult to achieve
18:24:15 <s3wong> SumitNaiksatam: Louis_: are we still talking about 'redirect' or service chaining in Neutron in general?
18:24:18 <SumitNaiksatam> we will be happy if we can get going with a linear ordered chain
18:24:37 <SumitNaiksatam> s3wong: yes, sorry, we are digressing to advanced services discussion in neutron
18:24:40 <Louis_> redirect
18:25:05 <s3wong> Louis_: 'redirect' to only one UUID, and you should only have one 'redirect' action
18:25:17 <s3wong> at least for now
18:25:25 <Louis_> ok
18:25:36 <SumitNaiksatam> Louis_: fyi - we have a different meeting to discuss services chains and other services’ related aspects in neutron: #link https://wiki.openstack.org/wiki/Meetings/AdvancedServices
18:25:54 <Louis_> am aware of that thx
18:26:33 <SumitNaiksatam> hemanthravi: any progress on the Client, CLI?
18:27:14 <hemanthravi> SumitNaiksatam: not much since the last commit, will work on this and should have it done by sun
18:27:27 <SumitNaiksatam> hemanthravi: ok
18:27:40 <SumitNaiksatam> hemanthravi: so what resources are currently implemented?
18:27:51 <hemanthravi> and test it out with rkukura's mapping branch, any config that i need to have?
18:28:07 <hemanthravi> endpoint, endpoint-group are currently impl
18:28:13 <SumitNaiksatam> hemanthravi: we have a PoC branch
18:28:30 <SumitNaiksatam> hemanthravi: are they updated with the latest model?
18:29:00 <hemanthravi> SumitNaiksatam: i think ep, epg didn't change, but will check
18:29:15 <SumitNaiksatam> hemanthravi: ok thanks
18:29:28 <hemanthravi> rkukura: any config that i need to run the gp plugin?
18:29:43 <SumitNaiksatam> hemanthravi: any chance that you can have the EP/EPG by friday?
18:29:47 <rkukura> I haven’t tried it outside the UTs
18:30:07 <SumitNaiksatam> hemanthravi: the service plugin needs to be set to the group policy plugin
18:30:09 <hemanthravi> SumitNaiksatam: most likely sat
18:30:19 <rkukura> You’ll need to configure a core_plugin and list of service_plugins, which should include group_policy plugin
18:30:36 <hemanthravi> rkukura, SumitNaiksatam: ok
18:31:05 <SumitNaiksatam> hemanthravi: there is a noop plugin driver which is used for the UTs
18:31:12 <rkukura> You may need to configure the GP plugin to use the dummy driver for now, or the mapping driver if you want neutron resources to be created (once I push)
18:31:36 <SumitNaiksatam> hemanthravi: yeah rkukura and I are saying the same thing
18:32:00 <hemanthravi> rkukura: ok will try it out and ping you with any qs
18:32:00 <SumitNaiksatam> hemanthravi: i would recommend that you just use the dummy driver to begin with
18:32:09 <hemanthravi> SumitNaiksatam: will do
18:32:19 <rkukura> yes, the noop driver’s name is ‘dummy’
18:32:35 <rkukura> hemanthravi: sure
18:32:40 <SumitNaiksatam> any questions for hemanthravi regarding client/CLI
18:33:50 <SumitNaiksatam> ok moving on
18:34:00 <SumitNaiksatam> ronak here?
18:34:27 <SumitNaiksatam> so ronak bravely stood up to take on the Horizon piece!
18:34:39 * SumitNaiksatam applauds Ronak :-)
18:34:49 <hemanthravi> +1
18:34:52 <SumitNaiksatam> but he doesnt seem to be here to absorb the applause
18:34:53 * mandeep agrees
18:35:30 <nati_ueno> hi I'm writing wireframes
18:35:31 <nati_ueno> for horizon
18:35:36 <nati_ueno> https://docs.google.com/presentation/d/1SmbhY5GTBKFV0U6XmAlaWn2nm-biV5bFVZDURZslNrg/edit#slide=id.g333b16535_0351
18:35:45 <SumitNaiksatam> nati_ueno: oh wow!
18:35:54 * s3wong applauds nati_ueno instead :-)
18:36:03 <SumitNaiksatam> ronak also had captured some of the discussions in his wire frames
18:36:11 <nati_ueno> I'm still struggling to understand gp, but we can use this as basement for discussion
18:36:28 <nati_ueno> so can I have feedback on here?
18:36:29 <mandeep> nati_ueno: roank is also building wireframes for group based policy. Can you follow up with him?
18:36:40 <SumitNaiksatam> nati_ueno: this is very nice and detailed
18:36:43 <nati_ueno> mandeep: yap, interstting
18:36:51 <nati_ueno> is here here?
18:37:13 <nati_ueno> mandeep: could you share his mail address?
18:37:20 <nati_ueno> SumitNaiksatam: thanks
18:37:23 <Swami_> nati_ueno: good work on the UI Prototype
18:37:35 <mandeep> nati_ueno: I will send that tou you by email
18:37:42 <nati_ueno> mandeep: Thnaks
18:37:45 <nati_ueno> Swami_: Thanks
18:37:48 <nati_ueno> so quick question
18:37:52 <nati_ueno> what's filters?
18:37:59 <nati_ueno> I can't figureout, so it is ? in the wireframe
18:38:14 <banix> nati_ueno: thanks for the work; had a quick look; one comment
18:38:24 <SumitNaiksatam> nati_ueno: filters defines who can consume a part of a contract, and who can provide a part of a contract
18:38:29 <mandeep> nati_ueno: filters limit the scope of a specific policy rule to a specific role/capability (if that us desired)
18:38:47 <SumitNaiksatam> nati_ueno: but filters can be optional
18:39:08 <banix> nati_ueno: ahhh i noticed teh answer to the question i was about to ask….
18:39:26 <nati_ueno> hmm filters
18:39:31 <nati_ueno> banix: ok
18:39:35 <SumitNaiksatam> nati_ueno: quickly skimming through the document, i think we can simplify some of the workflow
18:39:54 <nati_ueno> SumitNaiksatam: ok
18:40:09 <nati_ueno> SumitNaiksatam: also, could you update filters part?
18:40:22 <nati_ueno> SumitNaiksatam: may be, I can understand it if I see the UI
18:40:32 <SumitNaiksatam> nati_ueno: sure
18:40:49 <nati_ueno> SumitNaiksatam: I added you as an editor
18:40:55 <SumitNaiksatam> nati_ueno: thanks
18:41:31 <mandeep> nati_ueno: Can you add me and ronal as editors as well
18:41:32 <nati_ueno> SumitNaiksatam: now you should believe me as I'm app guy.. actually, I'm UI guy :P
18:41:58 <mandeep> nati_ueno: Renaissance man ... ;-)
18:41:58 <nati_ueno> mandeep: sure! please share mail address of yours (gmail version)
18:42:00 <SumitNaiksatam> nati_ueno: you are all rolled into one
18:42:12 <Louis_> volunteering my services...
18:42:14 <SumitNaiksatam> nati_ueno: you talented Mr. Rippley!
18:42:21 <mandeep> nati_ueno: I will send you that in the email as well
18:42:32 <nati_ueno> SumitNaiksatam: mandeep: Thanks
18:43:28 <banix> nati_ueno: now that you mentioned you are an app guy, what do you think of terms “provider” and “consumer”?
18:43:52 <banix> nati_ueno: do they sound right? Do people use other terms?
18:43:59 <nati_ueno> banix: honestly, it takes time to figure out the meanings
18:44:35 <nati_ueno> we need some analogies
18:44:41 <SumitNaiksatam> any more questions for on Horizons
18:44:44 <SumitNaiksatam> nati_ueno: good point
18:44:45 <Louis_> need some examples
18:45:20 <mandeep> Louis_: There is a PoC use-case on the wiki. Did you have a chance to look at that?
18:45:44 <Louis_> yes could be clearer
18:46:01 <nati_ueno> so my big concern is there is no resource which shows consumer - provider -contract reationship.
18:46:13 <nati_ueno> it is devised in several resource
18:46:32 <nati_ueno> In UI, we can correlate it, but
18:46:38 <nati_ueno> it sounds like hard in CLI
18:46:49 <SumitNaiksatam> nati_ueno: actually there is are two resources to capture the relationship
18:46:56 <nati_ueno> SumitNaiksatam: yes two
18:47:02 <nati_ueno> SumitNaiksatam: so it is devided
18:47:13 <nati_ueno> SumitNaiksatam: ConsumerScore, ProviderScope, right?
18:47:13 <SumitNaiksatam> nati_ueno: no, one for provider, one for consumer
18:47:22 <SumitNaiksatam> nati_ueno: yes
18:47:32 <nati_ueno> SumitNaiksatam: and ConsumerScope and ProviderScope is linked by selector?
18:47:36 <SumitNaiksatam> nati_ueno: we got a lot of feedback that it was easier to understand that way, then all rolled into one
18:47:59 <nati_ueno> ya,
18:48:11 <nati_ueno> so if we have one single scope object
18:48:14 <SumitNaiksatam> nati_ueno: they both have a selector as an attribute
18:48:26 <nati_ueno> SumitNaiksatam: yes. so they are connected by attribute
18:48:27 <SumitNaiksatam> nati_ueno: i originally had only one
18:48:38 <mandeep> nati_ueno: One important requirement was that these actions be decoupled from each other in time and privilages. This separation enables that
18:49:06 <nati_ueno> mandeep: we can have multiple scopes
18:49:50 <SumitNaiksatam> one thing i wanted to put out there is that the workflow and interface we see in the UI does not have to map the exact resources in the backend
18:49:52 <mandeep> nati_ueno: I am sorry I did not follow that.
18:50:08 <SumitNaiksatam> we can devise the workflow in an easier to consume fashion
18:50:14 <mandeep> nati_ueno: Scope is a property of the relationship (either provider or consumer),
18:50:14 <nati_ueno> SumitNaiksatam: It is better to easy to map
18:50:39 <nati_ueno> Good model is easy to map UI
18:51:09 <SumitNaiksatam> nati_ueno: not necessarily
18:51:14 <SumitNaiksatam> we have 10 mins or less
18:51:29 <mandeep> Is rudra here
18:51:51 <SumitNaiksatam> thanks nati_ueno for the update
18:51:57 <SumitNaiksatam> moving on to heat
18:51:58 <nati_ueno> SumitNaiksatam: Thanks!
18:52:00 <SumitNaiksatam> prasadv: here?
18:52:14 <SumitNaiksatam> i believe prasadv claimed victory here :-P
18:52:17 <banix> nati_ueno: thanks!
18:52:21 <prasadv> yes
18:52:32 <prasadv> I have the classifier template
18:52:50 <prasadv> and rest of them are mostly copy and paste
18:52:56 <nati_ueno> banix: :)
18:53:03 <prasadv> I had a question as to testing these
18:53:18 <SumitNaiksatam> prasadv: go ahead
18:53:19 <prasadv> when do we want to test the first call
18:53:34 <SumitNaiksatam> prasadv: whenever the client is ready
18:53:41 <prasadv> i mean say classifier through the neutron api
18:53:49 <SumitNaiksatam> prasadv: that will be sometime next week
18:53:52 <mandeep> prasadv: Rudra is bringing up an AWS instance with devstack on the integration branch
18:53:53 <prasadv> this is not with the client but with neutron api
18:54:10 <mandeep> prasadv: We will be doing ene-to-end PoC integration on that
18:54:41 <prasadv> ok. meanwhile I will check in the resources..
18:54:50 <SumitNaiksatam> prasadv: please do
18:55:00 <s3wong> prasadv: cool
18:55:07 <SumitNaiksatam> prasadv: thanks, and great progress!
18:55:17 <prasadv> also the template I will be using is what is provided on the preso right?
18:55:41 <Louis_> will there be a gp meeting at summit?
18:55:50 <SumitNaiksatam> Louis_: good question
18:55:55 <SumitNaiksatam> that was the next topic
18:56:01 <banix> thanks prasadv !
18:56:03 <s3wong> Louis_: both conference presentation as well as design summit, yes
18:56:17 <mandeep> Yes, thanks prasadv
18:56:22 <Louis_> date  time?
18:56:25 <SumitNaiksatam> #topic Atlanta summit
18:56:56 <SumitNaiksatam> design summit session #link http://junodesignsummit.sched.org/event/e9dd467daf0cae0cdb29ee97d64bbf56#.U2KMDK1dX3A
18:57:22 <s3wong> Louis_: presentation will be Thurs @13:30; design session keeps on changing :-)
18:57:32 <banix> Thursday at 1:30 for the general talk
18:57:35 <SumitNaiksatam> conference session: #link http://openstacksummitmay2014atlanta.sched.org/event/456a216328d5ff2162e3cefa168eb648#.U2KZE61dX3B
18:58:01 <SumitNaiksatam> we need to prepare for both
18:58:15 <SumitNaiksatam> banix: over to you for the preso
18:58:42 <banix> have a first draft for the conference talk
18:59:09 <SumitNaiksatam> banix: nice
18:59:18 <SumitNaiksatam> i think its coming along very well
18:59:19 <banix> Trying to keep the discussion as simple as possible and then build on it to avoid getting bugged down in details early on
18:59:19 <s3wong> banix: Thanks!
18:59:45 <SumitNaiksatam> banix: thanks!
18:59:53 <SumitNaiksatam> #topic Open Discussion
18:59:57 <SumitNaiksatam> any parting thoughts?
18:59:58 <banix> Sure; Will be working on it in the next 2 weeks :)
19:00:11 <SumitNaiksatam> banix: thanks
19:00:19 <s3wong> banix: up until the morning of the presentation!
19:00:26 <SumitNaiksatam> s3wong: :-)
19:00:28 <banix> s3wong: indeed :)
19:00:31 <s3wong> banix: it is exactly two weeks!
19:00:44 <SumitNaiksatam> s3wong: thats scary!
19:00:57 <mandeep> banix: s3wong: Just wanted to mention that we should have a common devstack server to work on soon
19:00:57 <SumitNaiksatam> anything else?
19:01:10 <SumitNaiksatam> mandeep: thanks for bringing that up
19:01:15 <SumitNaiksatam> rudra, is not here
19:01:19 <banix> mandeep: that would be great
19:01:22 <SumitNaiksatam> he has taken that up
19:01:23 <s3wong> mandeep: great!
19:01:31 * SumitNaiksatam applauds rudra!
19:01:43 <SumitNaiksatam> ok we over time
19:01:46 <SumitNaiksatam> thanks everyone!
19:01:51 <SumitNaiksatam> until next week
19:01:53 <SumitNaiksatam> bye!
19:01:54 <s3wong> thanks!
19:01:55 <banix> bye
19:01:55 <SumitNaiksatam> #endmeeting