Thursday, 2017-10-05

*** reedip_ has joined #openstack-fwaas		00:47
*** SumitNaiksatam has joined #openstack-fwaas		01:27
*** reedip_ has quit IRC		01:44
*** SumitNaiksatam has quit IRC		01:48
*** jhesketh has quit IRC		01:51
*** jhesketh has joined #openstack-fwaas		01:51
openstackgerrit	Merged openstack/neutron-fwaas-dashboard master: Imported Translations from Zanata https://review.openstack.org/509592	02:06
*** vishwanathj has quit IRC		02:44
*** yamamoto has joined #openstack-fwaas		02:48
*** lnicolas has joined #openstack-fwaas		02:50
*** annp has joined #openstack-fwaas		02:59
reedip	jfyi : we have the meeting today on this channel	03:13
*** SumitNaiksatam has joined #openstack-fwaas		04:10
*** eezhova has joined #openstack-fwaas		04:41
*** reedip has quit IRC		04:42
*** eezhova has quit IRC		05:07
*** vishwanathj has joined #openstack-fwaas		05:54
*** vishwana_ has joined #openstack-fwaas		06:19
*** vishwanathj has quit IRC		06:21
*** vishwana_ has quit IRC		06:48
*** vishwanathj has joined #openstack-fwaas		07:04
*** eezhova has joined #openstack-fwaas		08:10
*** hoangcx has quit IRC		08:26
*** hoangcx has joined #openstack-fwaas		08:27
*** yamamoto has quit IRC		09:16
*** yamamoto has joined #openstack-fwaas		09:20
*** eezhova has quit IRC		09:34
*** eezhova has joined #openstack-fwaas		09:38
*** yamamoto has quit IRC		10:02
*** yamamoto has joined #openstack-fwaas		10:06
*** yamamoto has quit IRC		10:12
openstackgerrit	Nguyen Phuong An proposed openstack/neutron-fwaas master: FWaaS v2 extension for L2 agent https://review.openstack.org/323971	10:15
*** yamamoto has joined #openstack-fwaas		10:19
*** yamamoto has quit IRC		10:41
*** yamamoto has joined #openstack-fwaas		11:01
*** yamamoto has quit IRC		11:06
*** annp has quit IRC		11:15
openstackgerrit	Yushiro FURUKAWA proposed openstack/neutron-fwaas master: OVS based l2 Firewall driver for FWaaS v2 https://review.openstack.org/447251	11:29
*** yamamoto has joined #openstack-fwaas		12:00
*** yamamoto has quit IRC		12:39
*** yamamoto has joined #openstack-fwaas		12:41
*** yamamoto has quit IRC		12:46
*** yamamoto has joined #openstack-fwaas		12:51
*** yamamoto has quit IRC		13:06
*** annp has joined #openstack-fwaas		13:47
*** mlavalle has joined #openstack-fwaas		13:49
*** yushiro has joined #openstack-fwaas		13:54
*** SridarK has joined #openstack-fwaas		13:59
*** reedipb has joined #openstack-fwaas		14:00
yushiro	hi	14:00
annp	hi	14:00
mlavalle	o/	14:00
SridarK	Hi	14:00
yushiro	Today is weekly IRC meeting, in here? right?	14:01
SridarK	today xgerman_ i believe it is ur turn ?	14:01
SridarK	yushiro: yes	14:01
mlavalle	so I was told by xgerman_ two days ago	14:01
xgerman_	sure	14:01
SridarK	i noticed that just now too	14:01
yushiro	Yes, today is xgerman_ :)	14:01
yushiro	mlavalle, Hi sorry I couldn't attend tuesday's neutron meeting..	14:01
*** hoangcx_ has joined #openstack-fwaas		14:02
xgerman_	#startmeeting fwaas	14:02
openstack	Meeting started Thu Oct 5 14:02:24 2017 UTC and is due to finish in 60 minutes. The chair is xgerman_. Information about MeetBot at http://wiki.debian.org/MeetBot.	14:02
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	14:02
*** openstack changes topic to " (Meeting topic: fwaas)"		14:02
openstack	The meeting name has been set to 'fwaas'	14:02
SridarK	i was curious if there is a convention on which channels are used for meetings	14:02
xgerman_	#chair yushiro SridarK	14:03
openstack	Current chairs: SridarK xgerman_ yushiro	14:03
SridarK	of course scheduling is not an issue here	14:03
xgerman_	#topic Announcements	14:03
*** openstack changes topic to "Announcements (Meeting topic: fwaas)"		14:03
xgerman_	We have a new meeting time ;-)	14:03
*** HoloIRCUser has joined #openstack-fwaas		14:03
HoloIRCUser	Hi	14:03
*** reedipb has quit IRC		14:04
xgerman_	Netwon EOL is next week 10/13	14:04
HoloIRCUser	K	14:04
xgerman_	and Q1 is 10/16-20	14:04
xgerman_	so coming up rapidly - in two weeks if I am keeping track	14:05
xgerman_	#link https://releases.openstack.org/queens/schedule.html	14:05
yushiro	Yes,	14:05
xgerman_	time flies…	14:06
*** yamamoto has joined #openstack-fwaas		14:06
xgerman_	oh, I think next PTG is in Dublin and 2018 Fall OpenStack summit in Berlin	14:07
SridarK	we have a few milestones we should try to get in by Q1	14:07
xgerman_	indeed	14:07
xgerman_	let’s start with our usual topics	14:07
xgerman_	#topic L2 Support	14:07
*** openstack changes topic to "L2 Support (Meeting topic: fwaas)"		14:07
xgerman_	yushiro pls. go ahead	14:08
yushiro	xgerman_, OK	14:08
yushiro	Inessa and annp, thanks for ur great update.	14:09
xgerman_	+1	14:09
annp	yushiro, you're welcome.	14:09
yushiro	#link https://review.openstack.org/#/c/323971/	14:09
yushiro	We're much more better in shape now.	14:09
SridarK	+1	14:09
xgerman_	+1	14:09
SridarK	yushiro: shall we target some testing	14:10
SridarK	are we ready for that	14:10
annp	i think yes.	14:10
yushiro	SridarK, Yes	14:10
SridarK	annp: ok	14:10
yushiro	annp, but i think we should update on my comment.	14:10
yushiro	at first.	14:10
annp	But i have once concerning related yushiro comment	14:10
xgerman_	awesome — I think to hit the milestone I am ok with just having unit tests…	14:11
SridarK	ok lets cover integration testing after the driver status	14:11
annp	https://review.openstack.org/#/c/323971/59/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py@267	14:11
annp	could you take a look at it?	14:11
yushiro	annp, would it be possible to discuss after this meeting ??	14:11
annp	ok, lets discuss later.	14:11
xgerman_	ok, sounds good	14:11
yushiro	annp, OK, thanks.	14:12
annp	please go ahead	14:12
xgerman_	we can always do in Open Discussion if we have time	14:12
yushiro	remaining points are 1. changing status logic and 2.avoid 'PENDING_xxx' status with some error.	14:13
*** HoloIRCUser has quit IRC		14:13
*** yamamoto has quit IRC		14:13
yushiro	Sorry, I tried to write etherpad for local.conf with devstack, but I couldn't. SridarK , could you tell me a link for etherpad again?	14:13
yushiro	So, that's all for l2-agent side. Next is ovs driver side.	14:14
SridarK	#link https://etherpad.openstack.org/p/fwaas-v2-l2	14:14
yushiro	#linkc https://review.openstack.org/#/c/447251/	14:14
yushiro	SridarK, thank you so much!	14:14
SridarK	lets use the etherpad to communicate as well	14:14
SridarK	yushiro: thx	14:14
yushiro	I tested in devstack with ovs driver PS33, it seems to work correctly.	14:16
yushiro	annp, could you try it again with latest devstack?	14:16
xgerman_	try: https://raw.githubusercontent.com/xgerman/devstack_deploy/master/stackme.sh && chmod +x stackme.sh && vi stackme.sh && ./stackme.sh	14:16
yushiro	oops, sorry. PS34	14:17
annp	actually, I tested it again. But the result same my previous comment	14:17
annp	I have a stupid question, Did you configure firewall_l2_driver = ovs?	14:18
yushiro	Yes, exactly. I configured firewall_l2_driver = ovs.	14:18
yushiro	OK, please revert PS34 and modify test code.	14:19
*** HoloIRCUser has joined #openstack-fwaas		14:19
HoloIRCUser	: Reedip here	14:19
xgerman_	o/	14:19
annp	Ok, tomorrow, I will try it again.	14:19
yushiro	hi reedip. I didn't know that :)	14:19
*** chandanc has joined #openstack-fwaas		14:19
HoloIRCUser	I am driving to a family function so will catch the logs once I reach	14:19
yushiro	chandanc, hi	14:20
chandanc	Hello	14:20
yushiro	good timing, chandanc :)	14:20
HoloIRCUser	Sorry for the last minute update	14:20
yushiro	we were talking about ovs driver patch.	14:20
chandanc	I just got to know from SridarK	14:20
chandanc	ok yushiro	14:20
chandanc	I saw the changes done	14:21
annp	hi chandanc	14:21
chandanc	did the race condition change done ?	14:21
chandanc	hello annp	14:21
annp	actually, I think we should decide using local vlan idea or keep get_tag_from_other_config same as ovsfw	14:23
yushiro	chandanc and I discussed in previous cycle about that. I think it's better to use local vlan idea first.	14:23
chandanc	i thought the other_config is not updated by the time we(driver) are called	14:23
annp	Because if we keep get_tag_from_other_config function, we don't need local vlan function	14:24
annp	I think same, chandanc.	14:24
yushiro	sorry, could you tell me which your opinion is?	14:26
xgerman_	if the other_cobfig is not updated in time that doesn’t make it the best way to go forward… guess vlan is safest	14:26
chandanc	annp i just forwarded the old mail thread i had with yushiro	14:26
chandanc	should give some context to you	14:26
annp	From my opinion, I think we should come up with loccal vlan	14:27
*** HoloIRCUser has quit IRC		14:27
yushiro	chandanc, Ah, it's better :)	14:27
annp	chandanc, thanks. i will check it tomorrow.	14:27
chandanc	annp, i think we are not on the same page	14:27
xgerman_	given we only have two weeks until Q-1 we should just run with something and adjust later	14:27
yushiro	+1	14:28
chandanc	anyways, have a look at the mail. We can then quickly converge	14:28
xgerman_	+1	14:28
chandanc	agree	14:28
annp	chandanc, lets me understand the context. Thanks.	14:29
SridarK	chandanc: will sync with u offline but is there a specific workflow that would cause an issue	14:29
chandanc	l2 agent allocates a local vlan, then calls extensions, then updates the ovsdb with the allocated local vlan	14:29
chandanc	by the time extension calls the driver the local vlan is not in the ovsdb	14:30
xgerman_	mmh, I think the l2-agent needs to change to be a bit more accomodating…	14:31
chandanc	workaround is for the extension to directly get the local vlan from l2 agent	14:31
chandanc	need to pass the config to the extensions	14:31
chandanc	xgerman_: +1	14:31
SridarK	ok	14:31
xgerman_	ok, we can propose a patch along those lines to Neutron	14:32
yushiro	OK,	14:32
chandanc	ya we can, the workaround was a shortcut :)	14:32
xgerman_	sounds like a plan…	14:33
yushiro	OK, let's use local vlan initial release.	14:33
SridarK	would it be feasible kick off some integration (fwaas l2 agent and ovs driver) with the workaround	14:34
xgerman_	+1 and propose changes to l2-agent	14:34
annp	+1 yushiro	14:34
chandanc	SridarK: the workaround was part of the patch, we can revert that change	14:34
SridarK	chandanc: ok lets test with that	14:35
xgerman_	yes, let’s continue with what we have and work in. parallel on the l2-agent patch-solution	14:35
chandanc	ok	14:35
yushiro	In my understanding, L2-agent already inmplented local vlan. So, please align with ovs driver part.	14:35
yushiro	anyway, let's discuss after :)	14:37
yushiro	xgerman_, sorry, please go ahead	14:37
annp	yes. l2 agent already implemented local vlan	14:37
xgerman_	ok, moving on	14:37
xgerman_	#topic FWaaS Dashboard	14:37
*** openstack changes topic to "FWaaS Dashboard (Meeting topic: fwaas)"		14:37
xgerman_	amotoki yt?	14:38
yushiro	#link https://review.openstack.org/#/c/475840/	14:38
yushiro	Sarath ?	14:38
SridarK	SarathMekala is out today	14:39
yushiro	SridarK, OK thanks.	14:39
SridarK	he sent an email	14:39
amotoki	i was on vacation last week, so I have no information to share	14:39
yushiro	amotoki, nice vacation!!!	14:39
xgerman_	pictures?	14:39
amotoki	I wonder how we can move the work forward.	14:39
SridarK	perhaps we can sync up offline and see what remains	14:39
amotoki	we have several issues now on v2 dasbhoard	14:39
SridarK	when SarathMekala is back too	14:40
SridarK	amotoki: sorry pls go ahead	14:40
yushiro	yes. I and hoangcx are watching in v2 dashboard.	14:40
amotoki	my suggestion is to merge the current version (with minimum fixes)	14:40
amotoki	and file backlogs as bugs	14:40
amotoki	and fix them	14:40
amotoki	then cut a release	14:40
*** eezhova has quit IRC		14:41
amotoki	I am afraid it is not easy to track what are remaining and what are fixed already	14:41
xgerman_	well, we should cut Q-1 with whatever we have — it’s better what’s there now	14:41
SridarK	amotoki: ok lets sync up on email with SarathM, and quickly do a final round of tests	14:42
SridarK	so we are aware of the limitations	14:42
amotoki	actually neutron-fwaas-dashboard does uses cycle-with-milestone	14:42
yushiro	OK.	14:42
xgerman_	indeed - so we need to cut a release — question is do we merge it before then or not	14:42
amotoki	so Q-1 is not applied. it is cycle-with-intermediary	14:42
amotoki	cycle-with-intermediary is recommended to cut at least one release before Q-2	14:43
yushiro	OK.	14:43
amotoki	so Q-1 is not a big milestone	14:43
SridarK	ok but if there are only minor issues lets try to get the patch in and fix bugs	14:43
xgerman_	mmh, let’s follow SridarK’s suggestion and sync, catalog bugs, and release?	14:44
xgerman_	SridarK +1	14:44
amotoki	SridarK: +1	14:44
SridarK	ok lets sync with SarathMekala in the next day and try to get it in by early next week	14:45
xgerman_	+1	14:45
yushiro	+1	14:45
amotoki	agree	14:45
amotoki	once the base patch lands, we can fix issues in parallel :)	14:45
SridarK	I will get a round of testing on it tomorrow	14:45
hoangcx_	amotoki: At lease basic functions should be done before landing	14:46
amotoki	hoangcx_: basically yes.	14:46
yushiro	maybe we should focus on "'Add policy' endless loading bug" and "enable to select L2-port" in v2 dashboard..	14:46
amotoki	precisely, all basic functions should work BEFORE RELEASE :)	14:46
SridarK	hoangcx_: +1 basic things were ok on the last round of tests	14:47
SridarK	yushiro: +1	14:47
SridarK	amotoki: +1	14:47
yushiro	hoangcx_, +1	14:47
hoangcx_	amotoki: I will test it and give feedback by early next week for dashboard patch.	14:47
xgerman_	k	14:48
*** yamamoto has joined #openstack-fwaas		14:48
*** yamamoto has quit IRC		14:48
xgerman_	#topic Open Discussion	14:49
*** openstack changes topic to "Open Discussion (Meeting topic: fwaas)"		14:49
yushiro	Can I have 1 topic?	14:49
xgerman_	sure	14:49
xgerman_	go ahead	14:49
mlavalle	and I also want a few seconds after yushiro	14:49
xgerman_	ok	14:49
yushiro	hoangcx_, and I just posted firewall logging feature spec : https://review.openstack.org/#/c/509725/	14:50
SridarK	ok	14:51
xgerman_	yeah, will have a lokk	14:51
yushiro	In queens-1, let's focus v2 functionality. After that, I hope to start to extend this feature into fwaas. ( Of course logging feature is targetted on Queens-1)	14:51
SridarK	extend the work u have done for SG ?	14:51
SridarK	yushiro: sounds good	14:51
yushiro	SridarK, not yet. annp and I are working now but will be finished in Q-1 :	14:52
xgerman_	+1	14:52
yushiro	OK, that's all for me.	14:52
yushiro	mlavalle, please go ahead :)	14:52
xgerman_	+1	14:52
mlavalle	my request is very similar	14:52
mlavalle	would like some eyes on https://review.openstack.org/#/c/461657/	14:52
mlavalle	zhaobo6 is ready to go as soon as the spec is approved	14:53
SridarK	mlavalle: i added my self - will look at the audit feature	14:53
mlavalle	now tht we are talking post Q-1 milestone	14:53
mlavalle	that's all	14:53
mlavalle	Thanks!	14:53
yushiro	mlavalle, me too. Thanks for your notification :)	14:53
yushiro	and I have one announce!	14:54
xgerman_	sure	14:54
yushiro	If guys can go sydney summit, please add your name in team etherpad :)	14:54
mlavalle	I'll be there	14:54
SridarK	+1	14:54
amotoki	the team etherpad?	14:55
yushiro	mlavalle, Yeah!	14:55
yushiro	amotoki, oops, fwaas irc meeting's etherpad.	14:55
xgerman_	I will skip (unless a super cheap flight shows up)	14:55
yushiro	https://etherpad.openstack.org/p/fwaas-meeting	14:56
amotoki	thanks	14:56
xgerman_	ok, 4 min left — anyhting else?	14:56
annp	Can We discuss about https://review.openstack.org/#/c/323971/59/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py@267?	14:56
amotoki	seems L.98 of the etherpad (right now)	14:56
yushiro	annp, sure	14:56
annp	I think firewall group behavior quite strange	14:57
yushiro	amotoki, correct!!!	14:57
* xgerman_ wonder if we need to stick to the times as we are in our won channel		14:57
amotoki	xgerman_: good point! just a weak timekeeper :)	14:58
SridarK	24 x 7 fwaas meeting ? ;-)	14:58
yushiro	hahaha	14:58
annp	my question, why we don't rasie a exception some thing like Port in use, if a port already attached to a fwg?	14:58
amotoki	annp: i think it is similar to SG behavior	14:59
amotoki	a port bound to SG(s) can be deleted even it is associated	14:59
amotoki	FWS just defines a behavior of the port, but IMHO the FWG should not block the port deletion.	15:00
amotoki	does it make sense?	15:00
amotoki	or are you talking about deleting FWG?	15:00
annp	yes, It make sense. However, In yushiro case, it make me confused.	15:00
yushiro	amotoki, Yes. I agree with you. Port can be deleted even if fwg is associated with.	15:01
annp	I'm taking about firewall group update case	15:01
*** yushiro has quit IRC		15:01
SridarK	the plugin did have a check to ensure that a port can have only one fwg associated	15:01
*** yushiro has joined #openstack-fwaas		15:02
hoangcx_	xgerman_: Can we close meeting to not logged evadrop over 1h? Then we can continue discuss as offline :)	15:02
SridarK	xgerman_: we are at time -	15:02
SridarK	#endmeeting fwaas	15:02
*** openstack changes topic to "#openstack-fwaas"		15:02
hoangcx_	SridarK: +1 lol	15:02
openstack	Meeting ended Thu Oct 5 15:02:40 2017 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	15:02
openstack	Minutes: http://eavesdrop.openstack.org/meetings/fwaas/2017/fwaas.2017-10-05-14.02.html	15:02
annp	ok. let close meeting	15:02
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/fwaas/2017/fwaas.2017-10-05-14.02.txt	15:02
openstack	Log: http://eavesdrop.openstack.org/meetings/fwaas/2017/fwaas.2017-10-05-14.02.log.html	15:02
yushiro	annp, sorry. Suddenly I logged out.	15:03
SridarK	sorry folks pls go ahead	15:03
xgerman_	ha, I wanted to see if we can go longer ;-)	15:03
annp	No problem. I'm talking about update case of firewall group.	15:03
SridarK	xgerman_: ;-)	15:03
hoangcx_	yushiro: maybe your laptop want to take a rest since it's next days of your time :o	15:04
annp	As the comemnt(https://review.openstack.org/#/c/323971/59/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py@267)	15:04
SridarK	sorry folks i have to run to get in to work	15:04
yushiro	SridarK, OK. see you :)	15:04
amotoki	yushiro: annp: I wonder why the agent side code updates the associations between FWG and port.....	15:04
yushiro	annp, OK	15:04
SridarK	yushiro: , annp, chandanc can u pls update the L2 testing etherpad so all can do some testing	15:04
yushiro	watching	15:04
yushiro	SridarK, yes, definitely!!	15:05
SridarK	yushiro: thx	15:05
annp	yushiro, can you answer amotoki question?	15:05
yushiro	ya	15:06
amotoki	in my understanding, the association between FWG and port is updated by API operations, so I wonder what self.plugin_rpc.disassociate_fwg_from_ports does actually	15:06
amotoki	this is my point	15:06
annp	My question, in case fwg1 is associated to portA, fwg2 is associated to portB. Why don't we raise a exception if user try to asocciate portB for fwg1?	15:07
yushiro	fwg : port = 1 : n and port can associate only 1 firewall group.	15:08
yushiro	This is current design.	15:08
xgerman_	mmh, can’t SG’s have many ports	15:08
amotoki	SG : port is N:M relationship	15:09
yushiro	xgerman_, yes, port has many SGs. 'Currently', this is different point.	15:09
amotoki	in my understanding, FWG is a kind of set of rules with order. so FWG corresponds to a set of SGs.	15:10
xgerman_	ok, makes sense — it’s probably confusing for suers though…	15:11
xgerman_	users	15:11
amotoki	hehe :p	15:11
yushiro	amotoki, correct. 'position'	15:11
*** hoangcx_ has quit IRC		15:12
amotoki	annp: is your point about API or the agent side?	15:12
amotoki	I think we need to discuss these two separately	15:12
yushiro	initially, we decided to start only 1 fwg association to a port because we don't have a bandwidth to handle 'order' for each firewall_groups.	15:13
annp	My point is API point.	15:13
amotoki	annp: ok. originally you quoted the agent side code, so i was confused	15:13
yushiro	annp, You should raise an exception if fwg1 tries to associate a port which is already associated with another fwg2 ?	15:13
annp	I think it should be done in plugin side	15:14
amotoki	annp: yes	15:14
annp	That mean api side	15:14
amotoki	the agent side should sync with the newest status in the plugin side (neutron-server side)	15:15
yushiro	yes... OK, so, please let me sync.	15:15
yushiro	Maybe I was confusing too about specification.	15:16
annp	amotoki, Do you mean we should raise a exception at agent side?	15:16
amotoki	annp: no	15:16
SridarK	annp: on the plugin: something like this ?	15:17
yushiro	I thought it was OK to modify to associate ports even if the port is associated with another fwg.	15:17
SridarK	https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L265	15:17
amotoki	annp: what I mean is the agent side should keep the port status synced even when what operations are made in the plugin side	15:17
annp	amotoki, ok. I got it	15:17
annp	:) i just want to confirm from you.	15:18
yushiro	SridarK, I have one quick question.	15:19
SridarK	yushiro: yes	15:19
yushiro	fwg1 has portA, fwg2 has portB. Then, fwg1 tries to add portB. Is it possible?	15:20
yushiro	SridarK, I'm confusing that specification.	15:20
SridarK	yushiro: i think the update logic should fail this	15:21
SridarK	unless we have a bug	15:21
annp	+1 SridarK. It should be failed.	15:22
yushiro	SridarK, OK. If fwg tries to associate with port, the port should be alone. ( without no fwg )	15:22
SridarK	yes	15:22
yushiro	OK...	15:22
yushiro	aaaaaaaaaaaaaaa!!!! I had a big misunderstanding...	15:23
annp	ok, no problem. :)	15:23
yushiro	I thought it was OK to associate with any port to fwg.	15:23
SridarK	ok - will step away now - will catch up on logs - we can chat more during ur morning time also	15:23
yushiro	That's why I added self.plugin_rpc.disassociate_fwg_from_ports() even if a little bit strange...	15:24
annp	that's all from me sidark	15:24
yushiro	Thanks SridarK . night.	15:24
amotoki	yushiro: I still haven't got your point	15:24
annp	yushiro, So I can move the line code?	15:25
amotoki	yushiro: how is self.plugin_rpc.disassociate_fwg_from_ports involved in the association of FWG and ports?	15:25
amotoki	it means the agent side updates the association of FWG vs ports, so I am confused.	15:26
amotoki	perhaps annp feels similar	15:26
yushiro	amotoki, this method finds a relation with specified port.	15:27
amotoki	find?	15:27
annp	amotoki, yes, I feels same you in first look. But it's current design.	15:27
amotoki	the method name says 'disassociate'....	15:27
yushiro	amotoki, sorry, -- please let me continue to explain. Not finished yet.	15:28
amotoki	annp: it is in the agent side, so I am still confused	15:28
amotoki	yushiro: sure. go ahead	15:28
annp	the method also update association FWG table.	15:29
yushiro	amotoki, this method finds a fwg relation with specified port. If found, remove current association from fwg and returns this fwg.	15:30
annp	https://review.openstack.org/#/c/323971/59/neutron_fwaas/db/firewall/v2/firewall_db_v2.py@871	15:30
amotoki	yushiro: so does it mean the agent side update the association visible to the API?	15:30
*** eezhova has joined #openstack-fwaas		15:31
yushiro	amotoki, yes. fwg1 with portA , fwg2 with portB fwg1 associate with portB, -> fwg1 is updated with portB and fwg2 is updated with no ports.	15:32
amotoki	yushiro: who triggers the FWG change of portB?	15:33
amotoki	via API?	15:33
yushiro	amotoki, yes. PUT fwg1 is a trigger.	15:33
annp	yushiro, I don't like the behavior. It quite strange	15:33
amotoki	yushiro: so the current behavior looks tricky	15:33
amotoki	yushiro: IMHO the change of the association should be done in the server side	15:34
yushiro	annp, yes-yes. That is I was saying ' I misunderstood the specification'.	15:34
amotoki	and the agent side should follow the chnage in the server side	15:34
yushiro	amotoki, Yes. I turned out that this behavior was so tricky.	15:35
amotoki	yushiro: okay. I understand you just described what the current code behaves, right?	15:35
yushiro	amotoki, Yes.	15:35
amotoki	yushiro: I am okay now :)	15:36
yushiro	amotoki, annp Thanks for your explanation and suggestion.	15:36
amotoki	yushiro: i think what the agent side should do is just to update the status of FWG or something. perhaps we are in the same page.	15:36
annp	yushiro: so shall we propose new patch to fix that first and then we can remove disassociate function. Do you think so?	15:38
yushiro	annp, Yes, but please wait.	15:38
annp	I mean remove disassociate function at agent side	15:39
yushiro	yes, it's ok.	15:40
yushiro	Just a moment, I think disassociate_fwg_from_ports is not necessary.	15:40
annp	yushiro, yes think so.	15:41
yushiro	I'm looking validation in plugin/API layer for port association...	15:41
amotoki	actually we need to handle a case where create and update FWG (which updates associated ports) before the agent side processes it.	15:41
amotoki	this is one of the tricky parts in the agent side. I haven't checked how this situation is handled in the current code though	15:42
amotoki	anyway it is important to clarify the roles of the server and agent sides :)	15:43
yushiro	OK.	15:44
amotoki	I believe this was the nice discussion	15:44
annp	amotoki, yushiro, thanks for long discussion.	15:44
annp	:)	15:44
yushiro	yes	15:44
amotoki	annp: yushiro: thanks too	15:44
amotoki	night!!	15:44
yushiro	annp, _validate_if_firewall_group_on_ports() can validate port association	15:45
annp	ok. So your use case won't happen. right?	15:46
yushiro	annp, yes, not happend and no need to add more validation.	15:46
yushiro	So, It's OK to remove disassociate_fwg_from_ports() completely from this world :)	15:47
yushiro	bye bye, disassciate_fwg_from_ports()	15:47
annp	In addtion, we still need disassociate function in agent side for one case	15:47
annp	in case port delete	15:47
annp	:(	15:47
yushiro	port delete ... just a moment	15:47
annp	if a port is associated to a fwg, then this port is deleted by user.	15:48
yushiro	aha	15:48
yushiro	yes.	15:48
*** yamamoto has joined #openstack-fwaas		15:49
yushiro	annp, but I think it's similar to support default fwg.	15:49
annp	So disassciate_fwg_from_ports still there.	15:49
yushiro	annp, yes. I mean, when we support defualt fwg, we should associate default fwg in handle_port()	15:50
annp	Anyway, I can remove https://review.openstack.org/#/c/323971/59/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py@266	15:50
yushiro	Yes, please.	15:50
yushiro	ah, please fix my other comments.	15:51
yushiro	in validate_fwg_status	15:51
annp	Because it made our code not self readable.	15:51
yushiro	annp, what's mean ??	15:52
*** chandanc has quit IRC		15:52
annp	Because when i read code, i saw add_ports is get first, then i saw disassociate all port	15:52
yushiro	annp, ok. sorry	15:53
annp	So it made me quite difficult to understand.	15:53
yushiro	annp, Can I update it?	15:53
annp	lastest patch I already removed it. :)	15:53
yushiro	ps62 ?	15:54
annp	Yushiro, that's all from me. I will fix remain comment from you.	15:55
annp	yes, PS62	15:55
yushiro	no, you just moved this method into _delete_firewall_group() .	15:56
yushiro	OK, thanks for your help	15:57
annp	yes, You want to fix it on server side, right?	15:57
annp	I'm ok to remove it in _delete_firewall_group if you fix it on server side.	15:58
*** yamamoto has quit IRC		15:58
annp	But _disassociate_fwg_from_port still in agent side for port_delete	15:59
yushiro	Yes	16:01
yushiro	So, no need to update in server-side.	16:01
annp	PS62, no need to update in server-side.	16:03
annp	OK, lets make it run first and then we will fix that. Do you think so?	16:03
yushiro	yes, but I found 1 bug in delete_port().	16:04
annp	please show me your bug.	16:05
yushiro	https://review.openstack.org/#/c/323971/62/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py@397	16:08
annp	yes, it's a bug.	16:11
yushiro	if fwg1 has portA and portA is deleted.	16:11
yushiro	fwg1 should be 'INACTIVE' but it definitely 'ACTIVE'	16:11
yushiro	This is my bug :(	16:11
yushiro	maybe	16:12
annp	Ok. I will consider change compute_status function to correct it.	16:13
yushiro	hmm, I think argument is wrong.	16:13
annp	That mean need to adjust function _verify_fwg_status.	16:14
yushiro	Yes... but @388	16:16
yushiro	in delete_port(), we can refer port_fwg map and find fwg.	16:16
yushiro	If we can find fwg from port_fwg_map by using port, it's not necessary to use 'if port_id in fwg['ports']'.	16:17
annp	ah, yes. :)	16:18
annp	we should cleanup code.	16:19
annp	Please comment on which point do you think no necessary or need to refactor. I will update that	16:20
annp	ah, I have tried restart ovs agent	16:20
yushiro	OK.	16:20
annp	after ovs agent restarted existing flows will be cleanup	16:21
annp	That's mean we need handle_port function.	16:21
yushiro	OK	16:22
annp	OK, that's all from me.	16:22
yushiro	If event is 'delete_port', we shouldn't check an argument 'ports' for verify_fwg_status. Just need to check 'last-port' or 'ports' in fwg.	16:23
annp	OK, You did my work on tomorrow.	16:23
annp	:P	16:24
yushiro	haha. but An-san, you need to do on logging as well ?	16:24
yushiro	Can I update it for fwaas ?	16:24
annp	yes. I forgot talk to Miguel in fwaas meeting	16:25
annp	Yes, of course.	16:26
annp	It's your turn.	16:26
annp	:)	16:26
*** ivasilevskaya1 has joined #openstack-fwaas		16:27
mlavalle	annp: what's up?	16:28
annp	mlavalle, I just inform to you: the gate failed in logging for sg patch-set not related to our change	16:30
mlavalle	annp: ok	16:30
mlavalle	are we good for the next round of reviews?	16:30
mlavalle	I can recheck the patches	16:30
annp	mlavalle: So could you review it again	16:30
mlavalle	ok, will do. probably not today, but tomorrow	16:31
annp	Ok, No problem.	16:31
yushiro	mlavalle, Thank you every day :) I have quick question with you.	16:32
mlavalle	sure	16:32
annp	I'm looking forward your comment and other.	16:32
annp	mlavalle, thanks in advance	16:32
annp	:)	16:33
yushiro	mlavalle, our blueprint (security-group logging) is https://blueprints.launchpad.net/neutron/+spec/security-group-logging	16:33
*** SridarK has quit IRC		16:33
yushiro	mlavalle, We neeed a new approver for this topic. Would it be possible to update a new approver?	16:34
mlavalle	good point	16:34
mlavalle	yushiro: is there an approver you have in mind?	16:35
annp	yushiro, how about Miguel?	16:35
annp	:)	16:36
yushiro	mlavalle, Hmm let me see.... my expectation is you and jakub.	16:37
mlavalle	annp: are you going to Sydney?	16:43
annp	mlavalle, I won't go to Sydney. But Yushiro will go there	16:44
mlavalle	annp: well, one day I will go to Vietnam and will meet you :-)	16:45
mlavalle	where are you, in Ho Chi Minh City?	16:45
annp	mlavalle: welcome you to Vietnam.	16:46
annp	I'm in Hanoi	16:46
mlavalle	ok	16:46
mlavalle	In the North	16:46
annp	yes, Hanoi have many street food.	16:47
annp	So if you go there. I will invite "Bun cha Obama" :)	16:47
annp	So if you go there. I will invite you "Bun cha Obama" :)	16:47
annp	mlavalle: https://www.google.com.vn/search?q=b%C3%BAn+ch%E1%BA%A3+obama&source=lnms&tbm=isch&sa=X&ved=0ahUKEwiR4u7m99nWAhXJoZQKHS6oCWQQ_AUICigB&biw=1440&bih=737#imgrc=Qdjne6SHYiJhBM:	16:49
yushiro	wow! Obama :)	16:50
annp	yushiro, if you go to vietnam, I will also invite you "Bun cha Obama".	16:51
annp	:)	16:51
mlavalle	annp: nice	16:51
yushiro	Yes, please :)	16:51
yushiro	annp, mlavalle and good night.........	16:51
yushiro	1:52 in Japan...	16:51
mlavalle	yushiro: have a good night	16:51
annp	yushiro, mlavalle, my pleasure if you go to vietnam	16:52
mlavalle	is that place in Hanoi?	16:52
annp	mlavalle, Yep.	16:52
mlavalle	cool	16:52
*** yushiro has quit IRC		16:53
annp	mlavalle, Vietnam waiting you. :)	16:55
*** vks1 has joined #openstack-fwaas		16:55
annp	mlavalle, have a good day, I will go to sleep now	16:56
mlavalle	annp: have a good night :-)	16:56
*** eezhova has quit IRC		16:56
*** annp has quit IRC		16:56
*** yamamoto has joined #openstack-fwaas		17:11
*** SumitNaiksatam has quit IRC		17:24
*** vks1 has quit IRC		17:30
*** SumitNaiksatam has joined #openstack-fwaas		17:51
*** SumitNaiksatam has quit IRC		18:00
*** SumitNaiksatam has joined #openstack-fwaas		18:01
*** yamamoto has quit IRC		18:24
*** yamamoto has joined #openstack-fwaas		18:27
*** yamamoto has quit IRC		18:32
*** lnicolas has quit IRC		18:44
*** yamamoto has joined #openstack-fwaas		22:14
*** lnicolas has joined #openstack-fwaas		23:22
*** mlavalle has quit IRC		23:38
*** SumitNaiksatam has quit IRC		23:44
openstackgerrit	Inessa Vasilevskaya proposed openstack/neutron-fwaas master: Introduce default firewall groups https://review.openstack.org/425769	23:48

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!