18:00:46 <SumitNaiksatam> #startmeeting networking_policy
18:00:47 <openstack> Meeting started Thu Apr 23 18:00:46 2015 UTC and is due to finish in 60 minutes.  The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:49 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:51 <openstack> The meeting name has been set to 'networking_policy'
18:01:03 <SumitNaiksatam> #info agenda https://wiki.openstack.org/wiki/Meetings/GroupBasedPolicy#April_22nd.2C_2015
18:01:33 <SumitNaiksatam> #chair mageshgv ivar-lazzaro igordcard_ s3wong yapeng Yi
18:01:34 <openstack> Current chairs: SumitNaiksatam Yi igordcard_ ivar-lazzaro mageshgv s3wong yapeng
18:01:37 <SumitNaiksatam> in case i drop off like last time
18:01:44 <s3wong> hello
18:01:59 <SumitNaiksatam> s3wong: hi
18:02:10 <SumitNaiksatam> any announcements from anyone upfront?
18:02:32 <SumitNaiksatam> per discussion last week we have pushed out the k-3 release
18:03:05 <SumitNaiksatam> i will probably do it today, and add a k-4 milestone
18:03:14 <SumitNaiksatam> #topic Bugs
18:03:42 <SumitNaiksatam> the one critical that shows open in launchpad is #link https://bugs.launchpad.net/group-based-policy/+bug/1432779
18:03:42 <openstack> Launchpad bug 1432779 in Group Based Policy "redirect actions don't work with external policies" [Critical,In progress] - Assigned to Ivar Lazzaro (mmaleckk)
18:03:51 <SumitNaiksatam> however the patch for this was merged in master
18:04:00 <SumitNaiksatam> ivar-lazzaro: can you confirm that this was completed?
18:04:30 <ivar-lazzaro> SumitNaiksatam: I think we had an action for testing this?
18:04:43 <SumitNaiksatam> ivar-lazzaro: okay
18:05:00 <SumitNaiksatam> ivar-lazzaro: had anyone specifically take that action item?
18:05:24 <SumitNaiksatam> *taken
18:05:34 <ivar-lazzaro> IIRC it was on mageshgv plate
18:05:38 <SumitNaiksatam> okay
18:05:49 <SumitNaiksatam> i dont see it in the meeting logs
18:06:11 <SumitNaiksatam> mageshgv: is this something you are planning or you wont have time?
18:06:40 <mageshgv> SumitNaiksatam: I did test test it once before the patch was merged in master
18:06:57 <SumitNaiksatam> i believe the difficulty was with crafting the right service and the infrastructure to test this
18:07:00 <SumitNaiksatam> mageshgv: thats great
18:07:22 <ivar-lazzaro> mageshgv: thank you!
18:07:27 <SumitNaiksatam> ivar-lazzaro: so perhaps we can close this in launchpad for now
18:07:31 <mageshgv> Sumitnaiksatam, ivar-lazzaro: I would like to bring up another issue here
18:07:41 <ivar-lazzaro> SumitNaiksatam: not sure we have to backport this
18:07:45 <SumitNaiksatam> mageshgv: can you add a note in LP to the effect that you tested it manually?
18:07:51 <mageshgv> The current model only addresses one armed devices
18:08:01 <ivar-lazzaro> SumitNaiksatam: for which I mean that I don't remember if I already sent the stable/juno patch :)
18:08:09 <SumitNaiksatam> ivar-lazzaro: okay
18:08:12 <SumitNaiksatam> i think you did
18:08:25 <SumitNaiksatam> ivar-lazzaro: we will discuss stable/juno backports as next topic
18:08:32 <SumitNaiksatam> mageshgv: go ahead
18:08:46 <SumitNaiksatam> mageshgv: so your concern is with this specific patch or our model in general?
18:09:25 <mageshgv> SumitNaiksatam: Yes, I think we are missing one main thing when we have redirect from an External policy.
18:09:42 <SumitNaiksatam> mageshgv: okay, what is that?
18:10:15 <mageshgv> When we have a redirect from a normal PTG, for two armed services, the services would get one port on consumer and one port on provider PTGs
18:11:22 <ivar-lazzaro> mageshgv: can't this happen even with External Policies? Even though you can't explicitly create Policy Targets you can still implicitly use the Neutron external network for creating ports
18:11:47 <mageshgv> But in case of redirect from External Policy, one of the ports will be on provider PTG, but the External policy represents the whole internet, and we cannot instantiate a two armed service in this case (especially L3 services)
18:12:25 <mageshgv> ivar-lazzaro: Neutron does not allow us to plug a VM into an external network right ?
18:12:37 <SumitNaiksatam> mageshgv: per ivar-lazzaro’s comment, i think any configuration on the external network is considered out of the scope of GBP
18:12:40 <ivar-lazzaro> mageshgv: I'm pretty sure it does! SumitNaiksatam?
18:13:15 <SumitNaiksatam> mageshgv: i believe as an admin you can, but i am not totally sure
18:13:48 <ivar-lazzaro> mageshgv: unless we see a need for final users to deploy PTs on External Policies, I would not add this capability to the API
18:14:09 <ivar-lazzaro> mageshgv: whether this happens internally though, that's a different story
18:14:33 <SumitNaiksatam> ivar-lazzaro: sorry, i lost you there, why would the API need to change one way or the other?
18:14:35 <ivar-lazzaro> mageshgv: service drivers could implicitly figure out how to plug to external policies
18:14:52 <ivar-lazzaro> SumitNaiksatam: to allow Policy Target CRUD on External Policies
18:15:08 <SumitNaiksatam> ivar-lazzaro: ah okay, got it
18:15:24 <mageshgv> ivar-lazzaro,SumitNaiksatam: okay, let me explore on that a bit more, but I think we will need a model in place in Service Chain driver/GBP I think rather than the Node driver
18:15:53 <ivar-lazzaro> mageshgv: sure, please keep me in the loop so I can include this in the SC refactor
18:15:56 <SumitNaiksatam> mageshgv: okay, fair point, would wait to hear back from you on the investigation
18:16:14 <mageshgv> ivar-lazzaro,SumitNaiksatam: okay
18:16:25 <SumitNaiksatam> an orthogonal point - the use of the “external policy” terminology confuses an lot of people
18:16:39 <SumitNaiksatam> i wish we had called this “external PTG” or something similar
18:16:50 <SumitNaiksatam> that is much easier to related to with the rest of the model
18:16:57 <ivar-lazzaro> we are still in time aren't we? :)
18:17:07 <ivar-lazzaro> that's what Juno was for, gathering feedback
18:17:14 <mageshgv> Right, now that you mention it it does sound different :)
18:17:34 <SumitNaiksatam> ivar-lazzaro: mageshgv: i thought i did just bring it up
18:17:39 <SumitNaiksatam> based on the feedback i got
18:17:42 <ivar-lazzaro> If anything, I would also go back to the notion of "Contract", policy rule set really is a little weird
18:17:53 <SumitNaiksatam> ivar-lazzaro: :-)
18:18:28 <SumitNaiksatam> i am definitely in favor of moving “external policy” to “external PTG”
18:18:37 <SumitNaiksatam> i also like “contract” over “PRS”
18:19:02 <SumitNaiksatam> however, it has propagated in the documentation and collateral quite a bit
18:19:07 <ivar-lazzaro> just to be sure, do you mean a new class called "External Policy Target Group"
18:19:17 <s3wong> ivar-lazzaro: I also like contract more --- the motivation behind name change was to get rid of endpoint, a wholesale change back then seems a bit drastic looking back now
18:19:18 <ivar-lazzaro> or a traditional Policy Target Group with external attributes?
18:19:18 <SumitNaiksatam> so we would need to check with folks before we can make that call
18:19:24 <ivar-lazzaro> SumitNaiksatam: ^^^
18:19:41 <SumitNaiksatam> ivar-lazzaro: i meant rename “external policy” to “external policy target group"
18:20:01 <SumitNaiksatam> s3wong: true
18:20:21 <SumitNaiksatam> ok we are digressing a bit here, we can circle back to this in the open discussion
18:20:31 <SumitNaiksatam> any other bugs to discuss today?
18:20:32 <ivar-lazzaro> s3wong: endpoint still has some conflicts in the openstack world, but I don't really see anything wrong with Contract
18:20:42 <SumitNaiksatam> ivar-lazzaro: true
18:20:50 <SumitNaiksatam> we wont go back on PT and PTG
18:21:04 <s3wong> ivar-lazzaro: correct, that was the point. Changing EP was necessity, changing everything else along with it seems a bit drastic looking back
18:21:12 <SumitNaiksatam> s3wong: true
18:21:26 <SumitNaiksatam> ok seems like no other bugs to discuss
18:21:29 <SumitNaiksatam> #topic Functional/Integration Tests
18:21:49 <SumitNaiksatam> i posted this patch #link https://review.openstack.org/#/c/174267 which triggers jishnu’s test suite
18:22:10 <SumitNaiksatam> jishnu’s test suite - gbpfunc - is an integration test suite
18:22:26 <SumitNaiksatam> that jishnu has developed
18:23:29 <SumitNaiksatam> there were a couple of failures and i am trying to work with jishnu to idnetify the root cause (whether they are actual failures or test issues)
18:23:55 <SumitNaiksatam> currently the gate job is not instrumented well to get the results of the tests
18:24:07 <SumitNaiksatam> so you have to manually go through the console log to see if there are any failures
18:24:14 <SumitNaiksatam> we will try to enhance this soon
18:24:39 <SumitNaiksatam> other than that, the experimental job has now been moved to a check queue
18:25:04 <SumitNaiksatam> so you need not do a “check experimental” to trigger this functional/integration job run
18:25:29 <SumitNaiksatam> the job runs on all the branches, stable/juno, master and feature/refactor
18:25:41 <SumitNaiksatam> its non-voting for now
18:26:02 <SumitNaiksatam> once we clean it up and get more confidence in the job, we will make it fully voting
18:26:09 <SumitNaiksatam> any questions/comments?
18:26:49 <SumitNaiksatam> i believe rkukura is out today
18:26:56 <SumitNaiksatam> so i will skip packaging
18:27:15 <SumitNaiksatam> i have vancouver summit preparation as standing item, i will take that up later
18:27:29 <SumitNaiksatam> #topic Backports to stable/juno
18:27:36 <SumitNaiksatam> #link https://review.openstack.org/#/q/status:open+project:stackforge/group-based-policy+branch:stable/juno,n,z
18:28:02 <SumitNaiksatam> ivar-lazzaro: i had a question on #link https://review.openstack.org/#/c/175556/
18:28:10 <SumitNaiksatam> you can respond on gerrit
18:28:25 <SumitNaiksatam> mageshgv: can you take a look at #link https://review.openstack.org/#/c/170972/
18:28:35 <SumitNaiksatam> its a cherry-pick that you have reviewed before
18:29:10 <mageshgv> SumitNaiksatam: It looked okay to me, but rkukura raised some concerns on the migration initially
18:29:32 <mageshgv> Did we conclude on that
18:29:47 <ivar-lazzaro> SumitNaiksatam: ok
18:30:24 <SumitNaiksatam> mageshgv: i believe the earlier mentioned patch will resolve that issue, ivar-lazzaro?
18:30:32 <ivar-lazzaro> SumitNaiksatam: I think that the reason why that part is missing is that the counterpart was not backported in Juno yet
18:30:41 <SumitNaiksatam> ivar-lazzaro: okay
18:31:10 <SumitNaiksatam> ivar-lazzaro: mageshgv’s question, does the second patch need to wait for the earlier one to merge?
18:31:29 <ivar-lazzaro> SumitNaiksatam: so this #link https://review.openstack.org/#/c/164920/ has no backport yet
18:32:22 <ivar-lazzaro> SumitNaiksatam: which one is which? :)
18:33:08 <SumitNaiksatam> ivar-lazzaro: the commit titles are confusing - this one #link https://review.openstack.org/#/c/170972/ has the same commit title as #link https://review.openstack.org/#/c/164920/
18:33:42 <SumitNaiksatam> ivar-lazzaro: perhaps we can resolve this offline, and let mageshgv and me know which ones to look at in the backport queue and in which order
18:33:45 <ivar-lazzaro> SumitNaiksatam: yeah the first one is a backport
18:33:56 <ivar-lazzaro> SumitNaiksatam: the second one is in master
18:34:12 <SumitNaiksatam> ivar-lazzaro: but you said that the one in the master does not have a backport
18:34:26 <ivar-lazzaro> SumitNaiksatam: in the sense that it's not merged
18:34:31 <SumitNaiksatam> ivar-lazzaro: ah okay
18:34:43 <ivar-lazzaro> SumitNaiksatam: after it merges, I will need to update #link https://review.openstack.org/#/c/175556/
18:34:54 <ivar-lazzaro> SumitNaiksatam: per your previous point
18:35:21 <ivar-lazzaro> SumitNaiksatam: I probably should make it dependent, or Workflow -1 for now
18:35:28 <SumitNaiksatam> ivar-lazzaro: yeah makes sense, okay we will watch out for that, nag us anyway :-)
18:35:47 <SumitNaiksatam> ivar-lazzaro: thats okay, dont have to make it dependent
18:36:10 <SumitNaiksatam> #topic Kilo sync
18:36:37 <SumitNaiksatam> apart from the testing the UI, i believe the #link https://review.openstack.org/#/c/170845 is the last remaining the patch, mageshgv?
18:37:42 <mageshgv> SumitNaiksatam: yes, one more thing that we missed is a devstack update on kilo branch, realized it today when I tried to test on  a new devstack
18:37:55 <SumitNaiksatam> mageshgv: yeah, i will do that
18:38:29 <SumitNaiksatam> mageshgv: hopefully, it will be there before you rise again tomorrow ;-)
18:38:39 <mageshgv> SumitNaiksatam: Thanks :)
18:38:43 <SumitNaiksatam> np
18:38:53 <SumitNaiksatam> #topic Floating IP support
18:39:00 <SumitNaiksatam> mageshgv: over to you
18:39:10 <SumitNaiksatam> Spec: #link https://review.openstack.org/#/c/167174
18:39:23 <SumitNaiksatam> Impl: #link https://review.openstack.org/#/c/167174/
18:39:31 <SumitNaiksatam> we are getting close to wrapping this, right?
18:40:31 <mageshgv> SumitNaiksatam: Yes, I think it is in final stages of iteration, may be you and ivar-lazzaro could take a look at it once more
18:40:44 <SumitNaiksatam> mageshgv: yes sure
18:40:46 <mageshgv> I will update the spec
18:40:50 <ivar-lazzaro> mageshgv: yup
18:40:51 <SumitNaiksatam> mageshgv: yes
18:41:11 <SumitNaiksatam> please update the spec so that the whole team will have the right context to review
18:41:23 <SumitNaiksatam> i believe earlier Yi and yapeng were also reviewing this
18:41:37 <SumitNaiksatam> mageshgv: anything to discuss here?
18:41:38 <mageshgv> SumitNaiksatam: yes, will post it first thing my morning
18:41:52 <SumitNaiksatam> mageshgv: thanks
18:42:09 <SumitNaiksatam> i think mageshgv is going to be PTO soon, so we need to wrap this up
18:42:14 <mageshgv> SumitNaiksatam: I think there is more consensus now, nothing from my side
18:42:17 <SumitNaiksatam> *be on
18:42:24 <SumitNaiksatam> mageshgv: okay thanks
18:42:36 <SumitNaiksatam> #topic Service chain driver refactor
18:42:48 <SumitNaiksatam> Spec #link #https://review.openstack.org/#/c/174118 (still WIP)
18:43:07 <SumitNaiksatam> a number of people are co-authors on this and will update it in parallel
18:43:24 <SumitNaiksatam> implementation patches: #link https://review.openstack.org/#/q/status:open+project:stackforge/group-based-policy+branch:master+topic:bp/sc-refactor,n,z
18:43:38 <SumitNaiksatam> ivar-lazzaro: noticed that you started adding some structure around this, great
18:44:04 <ivar-lazzaro> SumitNaiksatam: yeah, that would be needed anyway even while the spec is WIP
18:44:07 <SumitNaiksatam> i was also on the hook for doing some initial iterations on this, so i will post as we go along
18:44:16 <SumitNaiksatam> ivar-lazzaro: yeah, i will look at it
18:44:29 <ivar-lazzaro> SumitNaiksatam: I have a question on #link https://review.openstack.org/#/c/176580/
18:44:32 <SumitNaiksatam> anyone want to discuss anything in this context?
18:44:45 <SumitNaiksatam> ivar-lazzaro: yes, shoot
18:45:16 <ivar-lazzaro> SumitNaiksatam: the functional tests broke, I guess it may be because of some backward incompatible changes (hopefully not)
18:45:37 <ivar-lazzaro> SumitNaiksatam: while I investigate this, how could I fix the devstack installation if needed?
18:45:37 <SumitNaiksatam> ivar-lazzaro: oh, i will take a look
18:46:06 <ivar-lazzaro> SumitNaiksatam: Is there anything I can merge together with my patch in order to make this work?
18:46:32 <SumitNaiksatam> ivar-lazzaro: devstack artifacts are not in-tree
18:46:45 <SumitNaiksatam> ivar-lazzaro: let me try to investigate what is working
18:46:50 <ivar-lazzaro> SumitNaiksatam: also I can't really see the Neutron logs
18:47:05 <SumitNaiksatam> ivar-lazzaro: the script which clones the devstack is in tree
18:47:49 <ivar-lazzaro> SumitNaiksatam: but can I modify things like the local.conf?
18:48:17 <SumitNaiksatam> ivar-lazzaro: that will have to be done in the relevant devstack branch which gets pulled when this job is run
18:49:08 <SumitNaiksatam> let me take a look and see if i can fix it
18:49:28 <SumitNaiksatam> is hemanthravi here?
18:49:36 <ivar-lazzaro> SumitNaiksatam: that sounds painful, any relevant configuration change would require multiple iteration before fixing the gate
18:49:50 <ivar-lazzaro> SumitNaiksatam: shall we bring at least the local.conf in our tree?
18:50:24 <SumitNaiksatam> ivar-lazzaro: i dont understand how you can avoid multiple iterations by bringing local.conf into the tree
18:50:36 <SumitNaiksatam> i am not opposed to bringing the local.conf into the tree
18:50:56 <SumitNaiksatam> in fact the plan is to be able to move to the devstack plugin model
18:50:59 <ivar-lazzaro> SumitNaiksatam: the patch breaking the configuration can also push the fix at the same time
18:51:16 <SumitNaiksatam> so that we have all the relevant devstack artifacts in tree
18:51:26 <ivar-lazzaro> SumitNaiksatam: ++
18:51:28 <SumitNaiksatam> and we can just pull the upstream devstack branch and patch it
18:51:35 <SumitNaiksatam> however that will take some more time
18:52:08 <SumitNaiksatam> ivar-lazzaro: regardless of whether we fix the local.conf in tree or in the devstack branch, we will need to recheck
18:52:30 <SumitNaiksatam> and we know which patch breaks the branch, becuase the gate job is going to fail on that patch
18:53:08 <SumitNaiksatam> ivar-lazzaro: but i think you have a good point
18:53:36 <SumitNaiksatam> let me try to see how much of the devstack artifacts i can bring in right away
18:53:41 <SumitNaiksatam> into the tree
18:53:46 <ivar-lazzaro> SumitNaiksatam: thanks!
18:54:01 <SumitNaiksatam> i was pushing this down the road, but perhaps needs to be done sooner
18:54:11 <SumitNaiksatam> so i will first fix the kilo branch
18:54:15 <SumitNaiksatam> and then try this out
18:54:33 <SumitNaiksatam> igordcard_: you are keeping a track of the spec?
18:55:59 <SumitNaiksatam> perhaps he is not around
18:56:00 <SumitNaiksatam> moving on
18:56:11 <SumitNaiksatam> #topic Refactor feature branch
18:56:20 <SumitNaiksatam> #link https://review.openstack.org/#/q/status:open+project:stackforge/group-based-policy+branch:feature/refactor,n,z
18:56:28 <SumitNaiksatam> currently only Yi’s patch
18:56:40 <SumitNaiksatam> Yi: apologies for not getting to this
18:56:45 <Yi> np
18:56:48 <SumitNaiksatam> but i believe this is ready to merge
18:56:57 <Yi> yes
18:56:59 <Yi> it's ready
18:57:18 <SumitNaiksatam> it got delayed because we move to feature branch and caused you a lot of pain!
18:57:37 <SumitNaiksatam> ivar-lazzaro and i will try to get this merged by tomorrow latest
18:57:42 <SumitNaiksatam> ivar-lazzaro: sound okay?
18:57:53 <Yi> great
18:57:53 <ivar-lazzaro> SumitNaiksatam: ok
18:57:53 <SumitNaiksatam> unless someone else has objections
18:58:15 <SumitNaiksatam> Yi: yapeng: thanks for your patience on this
18:58:20 <SumitNaiksatam> #topic Liberty/Vancouver Summit
18:58:36 <SumitNaiksatam> posted an etherpad to gather ideas for discussion #link https://etherpad.openstack.org/p/gbp-liberty-design-summit
18:58:59 <SumitNaiksatam> some of us have been discussing the hands-on lab
18:59:04 <SumitNaiksatam> ivar-lazzaro: want to give an update?
19:00:01 <ivar-lazzaro> SumitNaiksatam: yeah we are preparing the USB sticks for the lab session
19:00:10 <ivar-lazzaro> actually we are in the process of getting them
19:00:27 <SumitNaiksatam> ivar-lazzaro: okay great
19:00:29 <ivar-lazzaro> I'd like to request help in some task though
19:00:34 <SumitNaiksatam> ivar-lazzaro: sure
19:00:56 <ivar-lazzaro> There are two main items that would be great to have in Horizon
19:01:11 <ivar-lazzaro> 1) shared attribute for all the concerned objects
19:01:22 <ivar-lazzaro> 2) external connectivity UI
19:01:36 <ivar-lazzaro> anyone is willing to take these 2 items? :)
19:02:16 <SumitNaiksatam> ivar-lazzaro: i am not holding my breath! :-(
19:02:39 <SumitNaiksatam> ivar-lazzaro: we are already able to showed the shared resources, right?
19:03:21 <ivar-lazzaro> SumitNaiksatam: yeah, but we can't set them yet
19:03:49 <SumitNaiksatam> ivar-lazzaro: them being, the shared attributes?
19:04:18 <ivar-lazzaro> SumitNaiksatam: yeah, IIRC the UI doesn't have the "shared" flag for any GBP resource at creation time
19:04:37 <SumitNaiksatam> ivar-lazzaro: okay let me follow up with you offline on this one
19:04:48 <SumitNaiksatam> ivar-lazzaro: for the external connectivity UI, i am not sure
19:05:09 <SumitNaiksatam> ivar-lazzaro: as we discussed, perhaps best not have the workflow being driven from the UI for this hands-on
19:05:13 <SumitNaiksatam> we drive it through the CLI
19:05:29 <SumitNaiksatam> and use the UI feedback
19:05:41 <SumitNaiksatam> okay we are 5 mins over, thankfully not kicked out yet
19:05:46 <SumitNaiksatam> #topic Open Discussion
19:06:07 <SumitNaiksatam> we can continue the earlier discussion, but want to give anyone else a chance to bring something else up
19:06:58 <SumitNaiksatam> if nothing else, we can end for today
19:07:29 <SumitNaiksatam> alrighty thanks everyone, keep up the good work
19:07:38 <SumitNaiksatam> and apologies for going over
19:07:41 <SumitNaiksatam> bye!
19:07:45 <ivar-lazzaro> thanks, adieuuuu
19:07:47 <mageshgv> bye
19:07:55 <SumitNaiksatam> #endmeeting