15:01:36 #startmeeting vpnaas 15:01:36 Meeting started Tue Jan 20 15:01:36 2015 UTC and is due to finish in 60 minutes. The chair is pc_m. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:37 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:39 The meeting name has been set to 'vpnaas' 15:01:44 hi numan 15:01:46 hi 15:01:50 pc_m, hi 15:02:21 OK. let's go... 15:02:27 #topic Announcements 15:03:08 I updated the Wiki with info on running VPN on a single DevStack with two routers 15:03:11 #link https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall#VPNaaS_with_Single_DevStack_and_Two_Routers 15:03:38 pc_m : great! 15:03:39 We can use that to do a nice functional/scenario test for VPN. 15:03:57 pc_m, great 15:04:12 pc_m: nice 15:04:52 Any other announcements? 15:05:31 #topic Bugs 15:06:05 Please take some time and look at the VPN bugs and provide comments so we can move everything forward. 15:06:21 Here's the list https://review.openstack.org/#/q/status:open+project:openstack/neutron-vpnaas,n,z 15:06:40 Want to touch on a few and get feedback from people... 15:07:09 One is PID issue on CentOS. #link https://review.openstack.org/#/c/147852/ 15:08:10 pc_m: I got a comment from you on one of my patch for the vpnaas support for DVR 15:08:35 regarding manual testing. 15:08:39 I'm a little concerned about whether that temp fix is adequate. Anyone know of a long term solution? 15:08:58 Swami: hang on. we'll hit that one in a sec. 15:09:16 pc_m: thanks 15:10:37 Appears to be that if dir is not owned by root, there are issues in CentOS. 15:11:34 Should we bring this up on ML or neutron IRC? 15:12:19 the temp solution solves this problem by adding '/' at the end of the pid path ? 15:12:36 numan: yeah 15:13:14 ok. 15:13:14 At the min. we need some comment to indicate this special workaround. Wondering about final solution. 15:14:04 #action Discuss 147852 on ML to see if there is a permanent solution. 15:14:35 Swami: We can talk about your review... do you have the review link... 15:14:54 I got it... #link https://review.openstack.org/143203 15:15:10 yes 15:15:35 #link https://review.openstack.org/#/c/143203/ 15:15:49 I need to go over it again. My main concern was that we've manually tested setting up IPSec connections, as we don't have any functional/scenario tests. 15:15:49 You have a comment in there to make sure that I do the manual testing. 15:16:37 Yes we are planning to add some functional and scenario test for the ipsec vpn. 15:16:50 I see you have. Great! I'll approve. 15:16:55 But that should be submitted as a separate patch and will work on it. 15:17:34 Swami : please have a look at fullstack for functional tests 15:17:35 Swami: Yes, we badly need functional tests. I have a way to run on one node. 15:18:05 Swami : https://review.openstack.org/#/c/128259/ 15:18:09 Was planning on talking to Maru and others about what is needed for a test. 15:18:09 pc_m, Swami, presently jenkins doesn't run functional job for vpnaas. I have raised a bug for it. https://bugs.launchpad.net/openstack-ci/+bug/1412770 15:18:34 #action pc_m to investigate what is needed for function/scenario test. 15:18:37 pc_m: Yes I understand, we are in the process of adding functional tests and vpn will be also under the radar. That is a good point. 15:19:16 Swami : do you have an assigned bug? 15:19:27 Can use help is creating the test cases, especially for variants, like DVR. 15:19:42 numan: Yeah, saw that. Do we have any functional tests? 15:20:04 matrohon: no i have not created a bug for the functional test, but we are working with marun and carl_baldwin to fill in the issues with functional tests. 15:20:26 pc_m, not yet, but there are two patches which have functional tests 15:21:17 numan: Gotcha. So we have a place holder for enabling, once these are working. 15:21:50 Another bug is FQDN #link https://review.openstack.org/#/c/145005/ 15:22:17 pc_m, i saw your comments. I will address them 15:22:34 pc_m, one question is about the functional tests. Are they really functional tests ? 15:23:18 Yeah, the test seems to just be testing the get next hop method. Seems just like a UT to me. 15:23:33 i added those tests in the functional test section because they interact with the system 15:23:39 numan: Did you have something different in mind, or am I missing something. 15:24:31 i can move them to unit tests. can the unit tests create namespace and other resources ? 15:24:40 I see your reply... good question. I'm not sure if it needs to be in functional test due to the namespace. 15:25:02 ok. In that case I will move them to unit tests 15:25:58 numan: Let's ask on IRC and see if they should be functional or unit. 15:26:07 sure 15:26:48 numan: Especially because getaddrinfo is mocked out, right? 15:26:48 Also do we need to support running functional tests in jenkins before the patch (with functional tests) merges ? 15:27:00 pc_m, right. 15:27:26 Yeah, that's a bit of a catch-22 15:27:48 pc_m, i will see if i can get away mocking getaddrinfo 15:27:48 numan : that seems reasonnable 15:27:53 #action numan to see if tests for 145005 need to be fucntional or UT. 15:28:18 matrohon, you mean mocking getaddrinfo ? 15:28:24 numan: I'm thinking if you just mock, and consider a UT, you avoid the whole issue. 15:28:56 In general though, I guess we need to determine what functional tests we need for VPN. 15:28:58 I meant waiting for functional test to be run in neutron-vpnaas 15:29:11 matrohon, ok 15:29:18 The one with StrongSwan seems to make sense. 15:30:17 numan: Check on the IRC. I think you can progress much faster, if you don't have the functional test dependency. 15:30:32 pc_m, ok sure 15:31:02 Next one is netns for StrongSwan #link https://review.openstack.org/#/c/146508/ 15:32:10 I'm struggling a bit on netns_wrapper.py in that bug. 15:32:20 * pc_m not versed in /proc files 15:32:34 me too : it's very hard to review! 15:33:27 Logic in execute_with_wount() is hard to understand. 15:33:49 I've been chatting with people on IRC. I'm questioning whether or not we can require kernel 3.8+ and thus use ns/mnt check. 15:34:42 #action pc_m discuss on ML whether we can require kernel 3.8+ for StrongSwan netns (146508) 15:35:07 Does anyone know what the check on L129-130 does? 15:35:39 * pc_m wondering if Zhang is on-line 15:36:42 I think he is located in beijing 15:37:18 matrohon: I'll post on ML as, we may be able to require kernel 3.8+ and be able to use /ns/mnt. 15:37:36 I think that nati_ueno could be asked to, this code is inspired from a previous patch of nati 15:37:47 Will see what the response is on the review. 15:38:01 matrohon: good point. Checking... 15:38:28 don't see him on now, but can talk to him. It's an old file. Just not sure the assumptions are still true. 15:39:01 Next one is StrongSwan #link https://review.openstack.org/#/c/144391/ 15:39:21 i think the code checks 2 points in one shot 1. if the caller is root or not 2. if the file /proc/1/ns/net exists or not 15:39:49 #undo 15:39:50 Removing item from minutes: 15:40:07 #redo 15:40:18 * pc_m oops. didn't mean to undo... 15:40:25 #topic Bugs 15:40:36 * pc_m might have messed that up. 15:41:17 numan: Yeah, but isn't this always called as root? Or is it a double check. 15:41:44 pc_m, if it isn't called as root os.getpid() will not be 1 i think 15:41:48 numan: Then the log message seems to confuse me as well. 15:42:08 pc_m, right. i think the code can be clearer. 15:42:32 numan: We'll let Zhang respond. 15:42:56 On StrongSwan review, 144391, I need to look it over again. 15:43:56 Anyone have any other bugs to discuss? 15:44:59 Please review the ones we have right now. We can use more eyes on these, from different perspectives. 15:45:16 numam reported a bug to enable functional test in neutron-vpnaas, but we already discussed that earlier 15:45:19 https://bugs.launchpad.net/openstack-ci/+bug/1412770 15:45:46 matrohon: Yes, appreciate the creation to track that. 15:46:06 I don't know if we have to wait for the infra to add the job 15:46:35 i am still not clear. if we need to fix this bug first or let some functional tests gets merged before enabling in infra 15:46:35 oh numan already assigned it to himself! 15:46:38 #action pc_m find out the sequencing for enabling functional tests and first reviews with functional pieces. 15:47:09 matrohon, i unassigned myself as i dont have the necessary expertise :) 15:47:56 I think you have to enable funct test job first, to have it voting on your new func test 15:48:09 numan: If you have bandwidth, do you want to pursue it though (none of us have expertise, I think)? 15:48:42 pc_m, i will try :) 15:48:46 I think we're all groping in the dark on the test stuff. Will need to consult with other. 15:48:51 numan: AWESOME! 15:49:10 #action numan to follow up on 1412770 needs 15:49:18 does anyone know who configured the job to run the vpnaas project 15:49:47 matrohon: I don't know. 15:50:17 numan: You may want to ask Maru on IRC. He may know. 15:50:45 #topic Open Discussion 15:50:46 ok 15:50:56 Anyone have anything to discuss? 15:51:22 Anything we're missing or need to do differently? 15:52:42 Thanks for joining in everyone! 15:52:49 #endmeeting