#openstack-neutron log

14:00:31 <haleyb> #startmeeting neutron_drivers
14:00:31 <opendevmeet> Meeting started Fri Feb 14 14:00:31 2025 UTC and is due to finish in 60 minutes.  The chair is haleyb. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:31 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:31 <opendevmeet> The meeting name has been set to 'neutron_drivers'
14:00:41 <haleyb> Ping list: ykarel, mlavalle, mtomaska, slaweq, obondarev, tobias-urdin, lajoskatona, amotoki, haleyb, ralonsoh
14:00:42 <mlavalle> \o
14:00:45 <obondarev> o/
14:00:53 <lajoskatona> o/
14:01:18 <slaweq> o/
14:02:33 <sahid> o/
14:02:39 <haleyb> just waiting for ralonsoh
14:02:48 <haleyb> the item on the agenda is his change
14:02:53 <haleyb> #link https://review.opendev.org/c/openstack/neutron/+/941511
14:02:55 <ralonsoh> hello
14:03:07 <ralonsoh> yeah, did you check the mail?
14:03:23 <haleyb> no, not yet
14:03:28 <ralonsoh> I commented that it would be better just to take this conversation offline
14:03:32 <ralonsoh> I commented in the LP bug
14:03:33 <ralonsoh> one sec
14:03:49 <ralonsoh> https://bugs.launchpad.net/neutron/+bug/2098109/comments/11
14:03:55 <ralonsoh> so is worst than expected
14:04:07 <ralonsoh> we have the default API that is currently broken
14:04:13 <ralonsoh> using "external_gateway_info"
14:04:26 <ralonsoh> that should be fixed with https://review.opendev.org/c/openstack/neutron-lib/+/941631
14:04:36 <ralonsoh> but that requires some additional changes in the tempest tests
14:04:52 <ralonsoh> and we have the multihoming extension, that uses "external_gateways"
14:05:08 <ralonsoh> that extension does not enforce at all any policy nor we have any defined
14:05:12 <ralonsoh> that will take more time
14:05:19 <ralonsoh> and that's all basically
14:06:11 <ralonsoh> so I think, as commented in the mail, that we can continue the investigation, testing and reviews offline
14:06:33 <mlavalle> so no need to meet today?
14:06:40 <haleyb> ok, i'm still reading the bug comments but we can look offline
14:06:53 <haleyb> your email came at 2am my time, so i had not seen it
14:06:58 <ralonsoh> no, no meeting today is needed
14:07:10 <ralonsoh> yes, I finished the investigation today early (for me)
14:07:38 <haleyb> does anyone have any questions?
14:08:05 <ralonsoh> (I do... but I'm trying to find the answers myself)
14:08:16 <lajoskatona> so we need to disable some tempest tests till the n-lib fix is merged?
14:08:28 <ralonsoh> no, we'll need to change the client to admin_client
14:08:44 <lajoskatona> ah, ok, that's good
14:08:48 <ralonsoh> this is because https://review.opendev.org/c/openstack/neutron-lib/+/941631 CI result, right?
14:08:57 <ralonsoh> these calls must be done by an admin
14:09:13 <ralonsoh> for example, create a router with GW and snat flag
14:09:32 <ralonsoh> (e.g.: https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_656/941631/1/check/neutron-tempest-plugin-ovn/65617f7/testr_results.html)
14:10:01 <ralonsoh> I'm proposing a patch right now. That's all from me!
14:10:23 <lajoskatona> for tempest this is the patch am I right: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/941545 ?
14:11:00 <ralonsoh> not really, that was for the reverted patch
14:11:29 <ralonsoh> this one will be needed but in a second phase, once we implement the multihoming policies and API changes
14:11:58 <lajoskatona> ah, ack
14:13:41 <haleyb> ralonsoh: one of the other reasons i'm confused is even the openstackclient --enable-snat help text doesn't say admin only, and the api ref doesn't show it as an argument
14:14:27 <ralonsoh> about the API doc, I need to check that
14:14:32 <ralonsoh> we have this rule (one sec)
14:14:57 <ralonsoh> https://github.com/openstack/neutron/blob/master/neutron/conf/policies/router.py#L120-L131
14:15:21 <ralonsoh> except for the network_id, any other parameter inside "external_gateway_info" can be modified/created only by an admin
14:15:40 <ralonsoh> that means: a non-admin user can add an external GW to a router, selecting the network
14:16:02 <ralonsoh> but cannot to this (or modify) the enable_snat or external_fixed_ips
14:16:52 <haleyb> the add_external_gateways section needs an update, and probably something needed for external_gateway_info as well, fyi
14:17:03 <haleyb> and update* of course
14:17:21 <ralonsoh> these new commands, related to external_gateways, are related to the new extension
14:17:31 <haleyb> right
14:17:34 <ralonsoh> and yes, doc, API and policies are in bad shape
14:17:55 <ralonsoh> (in ml2/ovs this is not used by default, but it is in ml2/ovn)
14:18:17 <mlavalle> haleyb: do we need to stay in the meeting? Do we have something else to discuss? Or can we continue the conversation in LP and Gerrit?
14:18:28 <ralonsoh> let's close the meeting
14:18:35 <haleyb> sure
14:18:38 <haleyb> #endmeeting