15:05:21 #startmeeting vpnaas 15:05:22 Meeting started Tue Jan 27 15:05:21 2015 UTC and is due to finish in 60 minutes. The chair is pc_m. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:05:23 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:05:25 The meeting name has been set to 'vpnaas' 15:05:41 #topic Announcements 15:05:58 K-2 is Feb 5th. 15:06:25 The VPNaaS repo didn't have a functional gate running yet. 15:06:51 There is a bug #link https://bugs.launchpad.net/openstack-ci/+bug/1412770 for this. 15:07:05 and a review https://review.openstack.org/#/c/148616 15:07:44 pc_m : so you copied hook script from neutron 15:08:11 Plan is to get the functional gate running as experimental, then test commit, then get check working (non-voting), and finally have gate and check running voting. 15:08:20 matrohon: Not yet. 15:08:25 ok 15:08:59 Will get this working and reviewed. Then, we can submit a functional test and run it using experimental. 15:09:20 Once the test works, we can put it into check as non-voting and have it run for a while. 15:10:25 I need to talk to Maru as to timing of when the gate hook and post test hook need to be in there. I think it is later. 15:10:50 In any case, we need to have this commit merged, to be able to do neutron-vpnaas repo changes. 15:11:07 Do you think it's better to have ipsec connectivity test with a functional test or with a tempest test? 15:11:54 matrohon: There's a few things there... 15:12:29 matrohon: First, they are moving Tempest tests in-tree, so eventually, we'll have tests in the repo. 15:13:16 matrohon: Second, we might be able to run the connectivity test as a functional test. Not sure yet. 15:13:32 matrohon: I do have a way to do a connection test with one VM and two routers. 15:13:51 you mean : each project will host its tempest test? 15:14:41 As I understand, it'll be two phases. One to move tempest into Neutron tree. Then, each adv svc repo can move the tests to their own repo. 15:14:54 For VPN, we have API tests only in Tempest. 15:15:27 So, it's going to be a while, as we have to wait for Tempest migration to in-tree (Maru is working on). 15:15:39 pc_m : for the second, I think we should be able to run your single VM scenario with fullstack duntional tests 15:15:53 pc_m : ok, no hurry 15:16:06 Also, Maru wanted to see basic functional tests, before doing any high level scenario type tests. 15:16:33 His point was that, if there is a failure, it is really hard to debug, if all you have is high level test. 15:17:00 So, encouragement for us to create some lower level functional tests. 15:17:12 matrohon: Yeah, I'm thinking it may work. 15:17:53 matrohon: Only issue is that it will now be in-tree (whether Tempest or functional) and as such, would require a Neutron spec and that will have to be L release. 15:18:21 (to add a scenario test) 15:18:52 Unless, we can get approval to do as a bug. Didn't get a clarification on that yet. 15:19:21 pc_m : ok 15:19:34 #action pc_m to check with Kyle about scenario tests and what we need to do (spec?) 15:20:14 pc_m : BTW : does the vpnaas project can accept its own specs, independently from neutron 15:20:16 In any case, we should start thinking about what functional tests we can create to have coverage. 15:20:53 matrohon: No. All the specs are done under the Neutron project (neutron-specs). That goes for all *aaS projects. 15:21:04 pc_m : ok 15:21:38 Any other announcements. 15:21:43 ? 15:22:15 On the edge VPN 15:22:44 I did see several VPN reviews abandoned due to inactivity. So, if you have one, you'll need to ressurrect it. 15:22:52 mhanif: go ahead 15:23:01 We now have the stackforge project setup. #link https://review.openstack.org/#/admin/projects/stackforge/networking-edge-vpn 15:23:30 I will be uploading the spec this week and we can then iterate over it 15:23:45 mhanif: cool 15:24:02 mhanif : great 15:24:10 * pc_m will have to come up to speed on Edge VPN 15:24:37 any other announcements? 15:25:10 p.s. feel free to add them (or agenda items) on the Wiki page: #link https://wiki.openstack.org/wiki/Meetings/VPNaaS 15:25:21 #topic Bugs 15:25:41 Here's the current list: https://review.openstack.org/#/q/status:open+project:openstack/neutron-vpnaas,n,z 15:25:56 Please help out on reviews. Every +1 helps :) 15:26:24 Are there any that we should go over now? 15:26:36 * pc_m I haven't made another pass through them today yet... 15:27:16 We don't have too much time for K-2 15:27:30 feleouet answered about netns_wrapper on the ML 15:27:54 actually he is a coleague and he is the guy who first proposed this implementation 15:28:20 matrohon: Do you have a link handy of the thread, so we can add here? 15:28:39 It has been merged, but if you have any other question, ping him directly 15:28:42 * matrohon looking 15:29:21 matrohon: IIRC, we just went with the existing implementation, rather than trying to check kernel version and rely on mount namespace. 15:29:52 http://lists.openstack.org/pipermail/openstack-dev/2015-January/055176.html 15:30:10 matrohon: Thanks! 15:31:45 Any other bugs to discuss or any on the list that need discussion? 15:33:00 #topic Open Discussion 15:33:33 Please look over the bugs we have, and provide your comments. 15:34:23 If you have functional test ideas, lets write them up. 15:35:28 I was thinking of creating a bug for OpenSwan functional test, that does similar to what was done for StrongSwan, to use as a "test" commit for the functional check tests, once it merges. 15:35:52 good idea 15:35:53 Just something basic that checks that the config files are created. 15:36:24 Not sure how much further we should go with that test... check that process is running, query status of process? 15:37:11 I don't know how far other functional test goes... 15:38:00 Me neither. I know they're are starting to add to tests for L3 and such. 15:38:33 Maybe have to discuss with Maru and others to see what we can check. Nothing really happens until connection create time. 15:39:17 Any thing else anyone wants to bring up? If not, I'll get ready to go outside and shovel :( 15:39:32 mhanif : what kind of update do you want to provide to your spec? 15:40:00 matrohon: Review of the spec initially 15:40:38 We have the implementation ready as well which we can share 15:41:09 mhanif : you will upload it in your stackforge, no? 15:41:43 mhanif: Can you include the link for the spec review here? 15:41:47 matrohon: Initial updates will be based on the feedback we have received so far 15:41:52 https://review.openstack.org/#/c/136929/4/specs/kilo/edge-vpn.rst 15:41:59 matrohon: Thanks! 15:42:31 pc_m: Here you go #link https://review.openstack.org/#/c/136929 15:43:33 matrohon: Yes, I will upload the spec to stackforge 15:44:07 As I mentioned, lets iterate on the spec int he stackforge 15:45:01 mhanif: Did you get clarification by what Salvatore meant by making this an extension project? 15:46:01 The purpose is to get people to converge on how to orchestrate edge VPN in Openstack and how to bridge Neutron networks to edge VPN 15:46:17 Does it mean Neutron drivers won't review? 15:46:43 pc_m: I believe he meant to carry this out in the stackforge project 15:46:56 mhanif : don't you like the spec of ijw, to be able to have an edge vpn-id manage inside a table of vpnaas, and that id would be referenced for any implementation based proposed in a stackforge project? 15:48:00 pc_m: Any one can review the stackforge project, no? 15:49:08 matrohon: I have not seen that stackforge project. Do you have a link? 15:49:27 mhanif: Yeah I guess. So are they saying to put the spec in stackforge and review and develop outside of neutron? 15:49:40 How does it end up getting hooked in? 15:49:51 pc_m. Yes, exactly! 15:50:07 mhanif : I don't think there will be any stackforge project for the corresponding spec : https://review.openstack.org/#/c/136555/2/specs/kilo/cloud-edge-networks.rst 15:50:15 mhanif: Wondering how it is then integrated into Neutron. 15:50:53 pc_m: Much like how l2gateway is being developed outside and will later on (depending upon how it turns out) will be included 15:51:24 * pc_m wishes I was familiar with what was done for L2 gateway :) 15:51:56 but I think this kind of spec should be merged in vpnaas and merged as link between edge vpn and stackforge project which manage connection details of those edge vpn 15:52:09 pc_m: :-) 15:52:44 #action pc_m get clarification (from kyle?) on how features, like Edge VPN will be handled w.r.t Neutron 15:53:21 matrohon: that seems to make sense to me. 15:53:35 pc_m: Thanks a lot for taking the action item! 15:53:55 I'll chat with Kyle and report back next week. I'm curious as to how we 15:54:11 will handle integration of features that are developed outside. 15:54:32 the only main part that I dislike in ijw's spec is that tenant cannot attach its networks to its edge vpns dynamically 15:55:41 matrohon: Well, it's abandoned... :) 15:56:14 matrohon: I have given my feedback on it. If you go over it, you will see that there are quite a few details missing 15:56:30 pc_m : mainly because no consensus has been found 15:56:42 matrohon: I agree :) 15:56:53 mhanif : I totally agree with the comment you gave 15:57:39 So there are two competing specs, one pushed out to stackforge, and one without consensus. 15:58:14 matrohon: mhanif: Either of you care to try to push for resolution? 15:58:32 3 because we are working on this abandonned spec : https://review.openstack.org/#/c/93329/ 15:58:34 :) 15:58:49 s/push for/work cooperatively to obtain/ 16:00:14 pc_m : of course we'll do, but currently I think stackforge projects make sense to mature our solutions 16:00:28 #action need resolution on several of the VPN features. 16:00:38 matrohon: Yeah just need to hook things in. 16:00:44 We're out of time... thanks!!!! 16:00:49 #endmeeting