18:00:28 #startmeeting networking_policy 18:00:28 hi 18:00:28 Meeting started Thu Jun 2 18:00:28 2016 UTC and is due to finish in 60 minutes. The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:29 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:00:32 The meeting name has been set to 'networking_policy' 18:00:50 #info agenda https://wiki.openstack.org/wiki/Meetings/GroupBasedPolicy#June_2nd.2C_May_26th.2C_2016 18:01:07 is songole here? 18:01:35 if he is around we could discuss the bugs he entered 18:01:35 let me get him 18:01:39 yesterday 18:01:52 let me start with the testing 18:01:55 #topic Testing 18:02:11 an update on the gate test job for Rally 18:02:18 it was broken for about a month 18:02:33 SumitNaiksatam: songole will be back in a few min 18:02:35 i have fixed the Rally branch now, so the job is running again 18:02:45 hemanthravi: np, we will take that up when he is here 18:03:28 so please take a look at the rally job results when you review patches 18:04:02 please note that there are some tests which are not returning 100% success, and i think we had planned to remove those tests because they were not framed correctly 18:04:17 i have it on my TODO list to do that clean up 18:05:08 #topic QoS impl 18:05:17 #link https://review.openstack.org/#/c/301701/ 18:05:33 i think igordcard updated the patch but is still not passing the integration gate 18:05:54 SumitNaiksatam: it's passing.. 18:05:58 and also needs the devref that was requested 18:06:24 * tbachman joins the part 18:06:26 party 18:06:33 igordcard: its passing py27 but not gate-group-based-policy-dsvm-functional 18:06:39 tbachman: hi 18:06:41 SumitNaiksatam: hi! 18:06:44 sorry I’m late 18:06:45 (again) 18:06:55 tbachman: np 18:07:02 SumitNaiksatam: oh, I thought those always failed no matter what 18:07:13 igordcard: no, both those should pass 18:07:22 igordcard: it fails in Juno 18:07:38 igordcard: the second one (rally) was failing for some time, but i have fixed it now 18:07:55 SumitNaiksatam: where is the request for devref? 18:07:56 igordcard: and ideally we want the qos impl to be tested in the gate-group-based-policy-dsvm-functional job too 18:08:30 SumitNaiksatam: there is no QoS neutron support in Juno 18:08:34 igordcard: i put it in the comment on May 26th 18:08:48 igordcard: yes sure, we dont need to backport this to Juno 18:09:16 SumitNaiksatam: oh, my bad, I only read the file comments 18:09:32 igordcard: np, i guessed as much (you addressed the inline comments) 18:10:01 igordcard: i think it will be easier for the other folks in the team to try this out once you have those two things 18:10:40 if there are no questions for igordcard we can let him go, we are standing between him and his dinner ;-) 18:10:44 SumitNaiksatam: alright 18:10:56 igordcard: thanks 18:10:59 SumitNaiksatam: lol :p 18:11:04 #topic Packaging 18:11:13 rkukura: thanks for joining in spite being on PTO 18:11:20 rkukura: anything to update here? 18:11:30 no problem, and no update on packaging 18:11:37 rkukura: okay 18:11:56 I need to find someone at Red Hat who will respond regarding the Delorean integration 18:11:58 we ran into an issue with using GBP with Fuel 18:12:06 rkukura: true :-) 18:12:25 right, I was discussing the fuel issue with tbachman 18:12:41 the issue we ran into with Fuel was that it patches released versions, and some of our monkey patches are incompatible 18:12:42 and SumitNaiksatam, sorry 18:12:53 rkukura: :) 18:12:58 rkukura: tbachman any thoughts? 18:13:08 SumitNaiksatam: no great idea just yet 18:13:12 it’s a tricky one 18:13:13 err, i mean any solutions? :-P 18:13:32 as you pointed out, it would be nice to be able to divine a version somehow 18:13:46 tbachman: okay 18:13:51 monkey patching like we do is evil 18:13:56 * tbachman nods 18:14:02 rkukura: i knew you were going to say that! :-) 18:14:04 so lets not blame fuel 18:14:05 lol 18:14:30 rkukura: yeah, no blame game 18:14:35 but problem remains 18:14:54 its my monkey patch anyway, so I could only blame myself 18:15:10 rkukura: it was a team decision to go that way 18:15:18 SumitNaiksatam: of course 18:15:42 This particular one was intended to be short term, right? 18:15:56 rkukura: right, and good point 18:16:03 rkukura: we can perhaps revisit if its really required 18:16:07 We thought we might be hitting infinite loops, and wanted to see if this happens in the field 18:16:20 perhaps the infinite loop would not manifest any more 18:16:22 do we know if this has been happening? 18:16:56 rkukura: it happens if you go and try to delete neutron resources for which corresponding GBP resources still exist 18:17:31 this is of course not supported and no one should be doing it, but we wanted to get out of the infinite loop situation 18:17:38 SumitNaiksatam: thanks for the reminder - this was due to the TX failing due to a FK, right? 18:17:47 rkukura: yeah 18:17:59 Or maybe not? Do we do FKs to neutron? 18:17:59 so the thing is that we are probably covered as far as Fuel is concerned even without the monkey patch 18:18:01 FK? 18:18:10 foreign key 18:18:12 ah 18:18:31 however this will still break with RHEL install 18:18:43 break -> infinite loop 18:19:24 my concern is that there might be a solution for this particular patch, but we have patched other things as well 18:19:58 and it may or may not be straight forward to deal with those (if there is problem with those as well) 18:20:25 anyway, perhaps we need some more offline conversation on this before next week’s meeting 18:20:52 thanks for the input from everyone, and thanks tbachman for digging up all the details 18:21:03 SumitNaiksatam: wish I hadn’t 18:21:07 * tbachman sticks head in sand 18:21:14 tbachman: lol! 18:21:16 I checked, and we do have FKs for neutron resources in our schema 18:21:24 rkukura: right 18:21:49 #topic NFP Impl patches 18:22:01 hemanthravi: songole: hi 18:22:12 update on nfp. 18:22:23 hemanthravi: yes please go ahead 18:22:40 gbp gate tests are running, added nfp tests to gate 18:22:48 using namespace based fw and lb 18:22:49 hemanthravi: cool 18:22:59 hemanthravi: which patch adds the gate test? 18:23:11 * SumitNaiksatam is lazy is to check ;-P 18:23:18 https://review.openstack.org/#/c/298385/83 18:23:35 exercises/lb.sh, fw.sh 18:24:07 https://review.openstack.org/#/c/309145/83 has a README-NFP to try out nfp with devsatck 18:24:29 missing one of the test scripts mentioned, will ask rajendra to commit it tonight 18:24:59 started adding content to the patches wiki https://wiki.openstack.org/wiki/GroupBasedPolicy/GerritQueries/NFP#NFP_Implementation_Patches 18:25:10 will complete this and work on the devref patches 18:25:58 hemanthravi: just looked at the former patch where you mentioned the gate tests are added, looks promising 18:26:08 hemanthravi: the README also looks good 18:26:14 the wiki lists the patches in the order to be reviewed, not all of them are required for the base mode without a service vm 18:26:24 will document this against the patches 18:26:48 hemanthravi: yeah, but i guess we need to be on the last patch to be able to install and check 18:27:07 hemanthravi: so at that point we would have pulled the code from all the patches 18:27:21 yes, need to install the last patch 18:27:26 hemanthravi: so it will be good to have a description on all the patches in the wiki page right away 18:27:36 will install all the code, but won't be exerceised for the base mode 18:27:44 hemanthravi: okay 18:27:58 the other code is required when you launch a service vm as we demod at the summit 18:28:19 hemanthravi: but overall this is good progress, and looks like is its at least at the point where people can try it out 18:28:35 hemanthravi: more information will further aid in reviewing 18:28:57 will do, hope to have most of it done over the weekend 18:29:39 will be helpful to get more reviews on the first 2 patches to start with 18:29:52 hemanthravi: sure 18:30:06 hemanthravi: i do see fw.sh in the integration job logs, so good 18:31:30 hemanthravi: one issue i am seeing right away is that the tests are leaving some service_profiles undeleted, not sure if the delete failed, or the test failed to delete 18:31:46 base_mode_lb and base_mode_fw 18:32:00 will check on that 18:32:51 hemanthravi: thanks, and for the update in general 18:33:01 any questions for hemanthravi on NFP? 18:33:45 hemanthravi: okay thanks much! 18:33:50 #topic Bugs 18:33:54 songole: hi 18:34:02 SumitNaiksatam: hi 18:34:15 I filed a few bugs yesterday 18:34:19 we were discussing a bunch of bugs over the past few days 18:34:23 songole: yes 18:34:39 Some of them I believe are high priority 18:34:42 any particular ones you want to discuss here, get input from the team? 18:34:51 songole: okay, which ones? 18:35:08 if you can copy-paste the launchpad link, the bot will do the rest 18:35:15 https://bugs.launchpad.net/group-based-policy/+bug/1588109 18:35:15 Launchpad bug 1588109 in Group Based Policy "APIC mapping: Neutron router not created for E <--> W L3 policy" [Undecided,New] 18:35:57 songole: that is driver specific, lets check with ivar-lazzaro 18:36:11 ok 18:36:21 yeah that is APIC specific 18:36:37 don't think RMD has the same issue 18:36:41 ivar-lazzaro: right 18:36:53 ivar-lazzaro: what do you think is a reasonable solution here? 18:37:10 what happens is that in apic mapping Neutron routers are created only when L3Ps are attached to ES 18:37:19 ivar-lazzaro: right 18:37:25 I think that we could create a "default" one 18:37:33 that is never attached to a ES 18:37:45 ivar-lazzaro: okay 18:37:53 but I want to check with the author of the first patch here, to see if there's a compelling reason for not doing it 18:38:04 ivar-lazzaro: makes sense 18:38:41 ivar-lazzaro: should we assign this to you for now investigation (and you can later punt it to someone else if required)? 18:38:52 *for investigation 18:39:08 sure 18:39:14 ivar-lazzaro: okay thanks 18:39:42 songole: whats next on your list? 18:39:46 SumitNaiksatam: if it is an easy fix, can we prioritize it? 18:40:21 songole: okay, in LP medium priority is default for driver patches 18:40:32 default -> convention 18:40:49 SumitNaiksatam: ok 18:40:49 songole: we can follow up offline to make progress on this 18:40:56 https://bugs.launchpad.net/group-based-policy/+bug/1588099 18:40:57 Launchpad bug 1588099 in Group Based Policy "Neutron fip association doesn't work with service chains" [Undecided,New] 18:41:23 We discussed this offline and I summarized the discussion in the bug 18:41:38 songole: not sure that should be a bug, since this was known at the time we made the implementation 18:41:52 songole: also, that is broken for explicit association only 18:42:08 songole: but yeah, we need to find a solution anyways 18:42:30 ivar-lazzaro: right 18:42:48 https://bugs.launchpad.net/group-based-policy/+bug/1588107 18:42:49 Launchpad bug 1588107 in Group Based Policy "Automate allocation of fip and static ip for loadbalancer vip" [Undecided,New] 18:42:56 songole: anyone in your team can work on the suggestion made by ivar-lazzaro with retrieving all routers, and finding the candidate router from that based on the reachability? 18:43:25 SumitNaiksatam: I will check. 18:43:39 songole: i am referring to 1588099 18:44:02 got it. 18:45:01 1588107 is about the same provider being used externally (n-s) and internally (e-w) 18:45:43 I need to check the behavior of ip-single nat-pool option 18:45:54 songole: so for 1588107 what is your expectation? 18:47:34 The intent should be to allocate fixed ip and assign floating ip to it 18:48:05 songole: so per our discussion, i am finding it hard to understand “2n'd option above just creates a floating IP which the consumer could directly use. It doesn't allocate a local ip.” 18:48:29 songole: as you said, it will be helpful if you can confirm that is indeed the case 18:48:44 okay 18:48:47 songole: thanks 18:49:05 SumitNaiksatam: I have another bug which I haven't filed yet 18:49:05 songole: if that was not the case, and the local ip was getting allocated, this is not a bug any more? 18:49:35 songole, SumitNaiksatam: the local IP is not allocated? 18:49:36 SumitNaiksatam: I will verify it 18:49:45 meaning that there's no fixed IP in the LB VIP port? 18:50:21 ivar-lazzaro: yes thats the claim, and i am not sure how that can be the case 18:50:26 ivar-lazzaro: that is my understanding based on the code. 18:50:37 That would be a huge bug, probably in Neutron too 18:50:45 yeah let's verify that :D 18:51:38 SumitNaiksatam: I believe proxy ptg is created by admin for the end user 18:52:14 songole: admin can create proxy ptg 18:52:14 SumitNaiksatam: this is regarding a check to not allow cross tenant resource creation. this check only exists for neutron 18:52:24 and not for apic 18:52:54 because of it, a non admin tenant will not be able to launch service chain on neutron 18:53:01 songole: finding it difficult to grok, perhaps you can file the bug, and it might be easier to explain there? 18:53:12 ok 18:53:23 https://github.com/openstack/group-based-policy/blob/master/gbpservice/neutron/services/grouppolicy/drivers/resource_mapping.py#L371 18:54:10 is it because of _reject_cross_tenant_ptg_l2p ? 18:54:21 ivar-lazzaro: yes 18:54:47 I don't see a similar check for apic_mapping driver 18:55:00 https://github.com/openstack/group-based-policy/blob/master/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py#L806 18:56:26 songole: we need to see the implications of doing that 18:56:27 ivar-lazzaro: is there a specific reason behind that validation? 18:57:22 ivar-lazzaro: validation is required but it can be relaxed for admin? 18:57:36 songole: maybe it could 18:57:50 so you want the subnet to be owned by the admin 18:57:55 and the network by the tenant 18:58:05 if Neutron allows that, I don't see why not 18:58:49 ivar-lazzaro: is it not an issue with apic mapping? 18:59:15 songole: may be we can take this offline, you can create the bug 18:59:25 SumitNaiksatam: ok 18:59:25 songole: APIC mapping has his own neutron driver 18:59:26 we have to yield to the next meeting in a few seconds 18:59:51 thanks all for joining! 19:00:07 adieu! 19:00:09 bye! 19:00:12 bye 19:00:13 #endmeeting