15:05:15 #startmeeting neutron_drivers 15:05:15 Meeting started Tue Nov 10 15:05:15 2015 UTC and is due to finish in 60 minutes. The chair is HenryG. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:05:16 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:05:18 The meeting name has been set to 'neutron_drivers' 15:05:36 #chair amotoki_ kevinbenton 15:05:37 Current chairs: HenryG amotoki_ kevinbenton 15:06:13 does someone have an agenda link handy? 15:06:18 #link https://bugs.launchpad.net/neutron/+bugs?field.status%3Alist=Triaged&field.tag=rfe 15:06:29 let's just go through them 15:06:36 #topic https://bugs.launchpad.net/neutron/+bug/1468366 15:06:36 sounds good 15:06:37 Launchpad bug 1468366 in neutron "RFE - Logging API for security group rules" [High,Triaged] - Assigned to Yushiro FURUKAWA (y-furukawa-2) 15:06:40 #topic RFE Triage 15:06:59 * HenryG is an amateur 15:07:00 whoops 15:07:20 #undo 15:07:20 Removing item from minutes: 15:07:28 heh 15:07:50 It seems there is agreement to split this one? 15:08:05 I think so. 15:08:35 generic logging API and then the security groups implementation? 15:08:36 But how does that tie in with common classifier stuff? 15:09:17 i don't think it is related to the common classifer stuff. 15:09:20 it doesn't, does it? 15:09:34 +1 15:09:49 OK I saw a comment from amotoki_ about "split the effort into SG and FWaaS" 15:10:10 HenryG: this is from armax too. 15:10:26 i also suggested to focus on logging API and make logging format out of scope. 15:11:00 So a 3-way split: logging API, logging for SG, logging for FWaaS? 15:11:40 my understanding is that we dicsuss logging API thru SG logging discussion. 15:14:09 OK, I am a bit fuzzy on that TBH 15:14:32 yes, me too, I thought it was all about logging "firewall" drops 15:15:11 or also non-drops 15:15:20 Do we want the logging API to be a generic thing for "system logging of X"? 15:15:53 hmmm, they are also proposing some sort of API to configure the logging backend 15:16:06 Maybe that RFE should be filed and it can be discussed there? 15:16:29 wouldn't it be more reasonable to let just log firewall/sg events?, and then a second step (if necessary to setup any API they need?) 15:16:33 * mestery comes in late 15:16:36 the scope of the RFE itself looks good and is well-focused. 15:16:47 I'd say it's too much for what they want (IMHO) 15:16:59 ajo: log to who 15:17:04 the cloud admin, or the end user? 15:17:05 ajo: I tend to agree with you 15:17:25 yes, I feel we may be throwing too many obstacles in front of this request 15:17:29 the proposed spec looks more than needed... 15:17:53 nm ignore me 15:18:05 russellb , yeah, may be the use case they had in mind was letting the end user debug it's own rules 15:18:24 and then they need to configure a backend to dump the logs too? 15:18:35 russellb: ajo: I do recall reading that in the rfe (end user debugging) 15:18:39 hi folks, sorry I am late 15:18:42 what did I miss? 15:19:02 armax: figuring out https://bugs.launchpad.net/neutron/+bug/1468366 15:19:02 Launchpad bug 1468366 in neutron "RFE - Logging API for security group rules" [High,Triaged] - Assigned to Yushiro FURUKAWA (y-furukawa-2) 15:19:10 armax: not much 15:19:11 yup :) 15:19:16 #chair armax 15:19:16 Current chairs: HenryG amotoki_ armax kevinbenton 15:19:27 #dechair kevinbenton 15:20:09 kevinbenton: #unchair 15:20:20 kevinbenton: Just sit there and be still until the meeting is over. ;0 15:20:22 ;) 15:21:04 armax: we are perhaps gravitating towards narrowing the focus of that RFE to what the title says 15:21:43 HenryG: I proposed the submitter to keep the use case narrow 15:21:50 An API for tenants to log their SGs 15:21:53 I worked through that review quite a bit - the issue was they were baking their deployment's details of using rsyslog directly into the API 15:22:46 sc68cal: That's horrible 15:22:59 HenryG: "for tenants"? the first scope is 'for admins/oeprators' 15:23:09 quite a few cycles were spent just teaching them to decouple the logging implementation from the API 15:23:10 I personally gather that the use case is valid 15:23:26 mestery: yo! 15:23:29 sc68cal: yes. that's bad. i thought it should be discussed in the spec review itself. 15:23:33 but it might take quite a bit of time to get it into the right shape 15:23:45 agree, usecase is valid, it just took a while to get it to a better place 15:24:21 so on that basis we can give this the thumb up 15:24:42 Time check. We've spent 20 minutes on this one and we have 35 minutes left. 15:24:53 but then, the issue is: do we have seasoned who can help the effort move along? 15:25:16 i can volunteer to help it 15:25:37 amotoki: ok 15:26:00 amotoki: are we clear though that this must be limited to secgrups to start with? 15:26:12 I'll also tag along with amotoki_ 15:26:30 since I trolled the spec quite a bit 15:26:34 ok 15:26:38 armax: yes. it must focus on SG 15:26:45 ++ 15:27:11 ok, let me act on this after this meeting 15:27:16 shall we move to the next? 15:27:32 please 15:27:37 https://bugs.launchpad.net/neutron/+bug/1476527 15:27:37 Launchpad bug 1476527 in neutron "RFE - Add common classifier resource" [Undecided,Triaged] 15:27:44 this might actually turn out to be easy 15:27:53 * sc68cal runs and hides 15:28:10 sc68cal: come back 15:28:21 ajo: you there? 15:28:55 my suggestion was to treat this classifier as a reausable component across the neutron stadium projects 15:29:09 to this aim I am thinking it should be its own thing 15:29:28 so that it’ll help us work with well defined and decoupled interfaces 15:29:45 ++ 15:29:50 * dougwig overslept 15:29:54 ajo’s concern was the model, however, we have plenty of subprojects with examples where they have their own model 15:29:57 hi armax , sorry 15:30:08 I got an interrupting call 15:30:12 and I see no problem with that 15:30:23 classifiers 15:30:39 HenryG has been working on handling the schema across multiple projects within the neutron system 15:30:46 armax , do you think it's doable to have the clasiffier db models shared from a library? 15:30:48 we have concerns on db model, for example how db migration works. 15:31:08 amotoki_: that’s something we know it works today 15:31:10 I was looking into that this morning, the question is how ugly is branches in alembic 15:31:10 I mean, how would we do that, to let the API pull/put that to the db.., and the migrations 15:31:41 do the subprojects need to query the DB directly? can't we have them use a service plugin API or something? 15:31:59 kevinbenton: they should not 15:32:17 that’s the whole point of working decoupled and well defined interfaces 15:32:35 data should be encapsulated 15:32:42 You just put a depends-on in the migration(s) 15:32:45 the subprojects should access through some lib interface. 15:32:47 but the idea behind this is having a common data model for the traffic filters... to avoid reimplementing on every project 15:33:04 ajo: right 15:33:13 but the data model in OO is encapsulated 15:33:29 yes, so why do we need to worry about alembic branches? 15:33:32 data is accessed through behavior 15:33:39 kevinbenton: I don’t know 15:33:39 The hardest part I think will be where core depends on a subproject 15:33:41 honestly 15:34:03 let's imagine the scenario, fwaas makes use of it... tap as a service makes use of it, qos makes use of it... 15:34:34 This implies release concurrent with neutron and not independent in pypi, right? 15:35:08 dougwig: that's what it feels like to me 15:35:11 how would that work?, how do we make sure the db models are in place?, I'm just a bit lost about how would we handle the dependencies technically... (make sure the specific migrations have taken place, so you're able to use the "network-traffic-classifiers" api) 15:35:30 I'm not opposed to it, the more decoupling, the better 15:35:36 what I am not sure is whether it will be a library or a subproject. 15:36:04 amotoki_: why do you treat it differently? 15:36:13 This hits a sticky point in neutron lib, which is how to handle models. Ends in this same place. 15:36:42 armax: in my mind a library just provides an interface, a model or something and anyone can consume it 15:37:00 Dependency graph is pretty if pulled, but it pulls a lot. 15:37:06 i think it is a kind of neutron-lib 15:37:25 amotoki_: and a subproject? 15:37:49 a subproject depends on neutron (core) and consume neutron-core. 15:38:20 amotoki_: ok 15:38:42 amotoki_: I don’t believe the distinction buys us anything 15:39:04 it is the first case and we need to explore a way. I haven't figured out a full picture. 15:39:10 neutron can install without a subproject. neutron cannot install without its required libraries. 15:39:15 we’re mixing the fact that a repo falls under the neutron stadium with its dependencies 15:39:32 HenryG , true 15:40:01 I mean, I understand why you’re making this statement 15:40:46 assumed we keep this classification for a minute 15:41:04 the classifier should not have dependencies to subprojects 15:41:23 s/to/on/ ? 15:41:30 HenryG: on 15:41:31 sorry 15:41:35 He's pointing out that it's a circular dependency. So it requires an implicit dependency. Which has been painful in aas. Likely implies we need to think about that structure a bit, though the idea of separation is correct. 15:41:37 but it would most likely depend on neutron-lib when that’s a real thing 15:41:53 Right 15:41:57 I've tried to avoid importing things from Neutron at least in the POC 15:42:01 to avoid circular dep 15:42:17 dougwig: I don’t see the circular dep, or at least if there is, then we got the design wrong 15:42:57 so assumed that the schema side of things can be dealt with 15:43:02 like other projects do 15:43:07 It wouldn't make sense to have circular deps, that makes sense 15:43:22 which RFE are we discussing (I've lost track between two parallel meetings) 15:43:37 what else is the issue that could prevent us from moving forward as a ‘library’ in is own right? 15:43:40 regXboi https://bugs.launchpad.net/neutron/+bug/1476527 15:43:40 Launchpad bug 1476527 in neutron "RFE - Add common classifier resource" [Undecided,Triaged] 15:43:49 ajo: thx 15:44:30 the question is: who would be working on this? ajo, would that be you? 15:44:46 armax: I thought I was? 15:44:52 sc68cal: sorry, right 15:44:57 correct :) 15:45:13 armax, sc68cal , btw I will be happy to review, as an interested party. 15:45:14 and you’re doing some preliminary investigation already 15:45:43 armax: yep 15:45:57 before we go down the path of creating repos, launchpad project, etc some derisking is in oder 15:45:59 order 15:46:01 I imagine 15:46:30 derisking? 15:46:37 armax: the circ dep is there today, but neutron-lib should break it. this is running into a dilemma i mentioned at the summit, and need to talk to HenryG about offline, which is how to release base model foo on a release train indepedent of the integrated-release. 15:46:52 armax: sorry, not awake yet, don't think it should slow this down right now. 15:47:31 sc68cal: mitigate/investigate risk 15:47:36 sc68cal, could you link me to the current poc? 15:47:54 ajo: be gentle, it's https://github.com/sc68cal/neutron-classifier 15:48:12 dougwig: I understand there may be existing complications, or unknowns 15:48:15 sc68cal , of course, just curious, and trying to get my mind on the db & dependency issues 15:48:20 to see if I can help somehow 15:48:39 can we table the db/dep issue until next week? 15:48:39 ajo: cool! 15:48:55 we could eat the entire meeting, and we/i should prep for it more first. 15:49:16 dougwig: ok, I am assuming you and HenryG would be cracking at this? 15:49:16 oh, sc68cal , but it's already decoupled into a separate repo, nice... I will read :) 15:49:28 armax: ack 15:49:41 armax: we'll take a stab and write something up, yes. 15:49:43 ok, let me provide some feedback on this one too 15:49:51 let’s move to the next 15:50:14 https://bugs.launchpad.net/neutron/+bug/1513144 15:50:14 Launchpad bug 1513144 in neutron "Allow admin to mark agents down" [Undecided,Triaged] - Assigned to Carlos Goncalves (cgoncalves) 15:50:17 10 mins left 15:51:04 kevinbenton : just read your last comment about --admin-state-down 15:51:13 Remind me, did we ever implement a way to put an agent in a state where it doesn't accept any more scheduled things? 15:51:17 I guess we don't want to change the semantics or that, or wouldn't that make sense? 15:51:24 carl_baldwin: yes 15:51:27 that's what --admin-state-down does 15:51:31 kevinbenton: ++ 15:51:42 kevinbenton: That wasn't always what it did. 15:51:42 so perhaps this needs to be elaborated more 15:51:43 besides 15:52:02 this spec is to allow immediate rescheduling 15:52:02 kevinbenton: It used to stop functioning even with currently scheduled stuff. 15:52:06 we went down the path where we allow Neutron to be a black biox 15:52:07 box 15:52:17 and wouldn't that suffice the RFE submitter needs? 15:52:32 where automatic rescheduling takes place if agents dies 15:52:37 hmm 15:52:39 granted I believe that can be disabled 15:52:48 both for L3 and dhcp 15:52:51 kevinbenton: immediate rescheduling could happen yes, but not explicitely being proposed in this RFE 15:53:00 so perhaps here this applies to L2 only? 15:53:06 as for L2 I am not entirely sure what the story is 15:53:07 armax: Part of what they claim is that Neutron can't detect some reasons for failure. 15:53:30 carl_baldwin: correct 15:53:45 cgoncalves , you're the rfe submitter, right? 15:53:46 I am pretty sure that L3 and DHCP we already have the ability to disable services 15:53:59 carl_baldwin: it could be e.g. external network access missing for l3 agent. it would be hard to detect it. 15:54:04 and move stuff around for high availability reasons 15:54:05 For L2, we don't directly schedule anything to L2, right? L2 gets ports bound for VMs, routers, etc. 15:54:14 carl_baldwin: either cannot detect some failure or does not detect promptly due to the heartbeat 15:54:19 ajo: yes, I am 15:54:23 carl_baldwin: right, if this is for l2, i'm not sure what this accomplishes 15:54:45 cgoncalves: so if it's just an L2 agent, you could set the admin state to down to show that it's offline 15:54:54 cgoncalves: today the l2 agent detects the crash of the ovs 15:55:05 cgoncalves: now if ovs never comes back that’s a problem 15:55:41 kevinbenton: could also be other agents as well 15:55:45 however I can see that say an admin detects that something is seriously broken with a host 15:55:51 we’d want to disable the l2 agent 15:56:00 can we detect D-plane disconnectivity? I think it is the role of some external monitoring. 15:56:01 but that’s as easy as disabling the nova compute host 15:56:14 and then a new VM will never land on that host 15:56:32 amotoki_: +1 15:56:45 cgoncalves: right, but if this spec isn't about forcing immediate rescheduling, why doesn't admin-state-down satisfy the requirements? 15:56:55 perhaps we can talk a bit more on the bug report, but I am wondering if this is an overkill right now 15:57:19 I agree with kevinbenton , or wonder like him, cgoncalves , can you explain where --admin-state-down is not enough? 15:57:44 kevinbenton: it could be up the admin to decide if and how to recover 15:58:03 cgoncalves: in which case admin-state-down should work IIUC 15:58:10 right, let's move discussion to bug report to clarify 15:59:01 ok 15:59:05 before we break up, armax: can I suggest that 1512864 be marked as being something that should be done in oslo for all projects? the performance group in #openstack-performance is talking about osprofiler, which (with improvement) will cover this ask 15:59:18 bug 1512864 15:59:18 bug 1512864 in neutron "Application Metrics for Neutron" [Low,Triaged] https://launchpad.net/bugs/1512864 - Assigned to Ramu Ramamurthy (ramu-ramamurthy) 15:59:18 I think 16:00:19 I agree, why not leveraging integration with osprofiler, and extending osprofiler where necessary 16:00:46 (I miss where osprofiler needs extension I thought it covered it all, but I'm likely to be wrong) 16:00:51 we’re out of time 16:00:53 time is up 16:00:56 #endmeeting