Friday, 2019-06-28

*** lseki has quit IRC		00:02
*** mriedem_afk is now known as mriedem		00:03
*** cheng1 has quit IRC		00:24
*** brault has quit IRC		00:27
*** rbudden has quit IRC		00:29
*** diablo_rojo has quit IRC		00:44
*** lbragstad has quit IRC		01:11
*** njohnston has quit IRC		01:16
*** baojg has joined #openstack-meeting		01:43
*** yaawang has quit IRC		01:45
*** gouthamr has quit IRC		01:49
*** dmellado has quit IRC		01:51
*** gouthamr has joined #openstack-meeting		01:52
*** dmellado has joined #openstack-meeting		01:54
*** mriedem has quit IRC		01:54
*** rajinir has quit IRC		01:55
*** apetrich has quit IRC		01:58
*** gouthamr has quit IRC		02:02
*** dmellado has quit IRC		02:02
*** dmellado has joined #openstack-meeting		02:05
*** gouthamr has joined #openstack-meeting		02:06
*** brinzhang has joined #openstack-meeting		02:07
*** gouthamr has quit IRC		02:07
*** dmellado has quit IRC		02:14
*** gouthamr has joined #openstack-meeting		02:14
*** gouthamr has quit IRC		02:17
*** dmellado has joined #openstack-meeting		02:17
*** gouthamr has joined #openstack-meeting		02:19
*** ricolin has joined #openstack-meeting		02:20
*** gouthamr has quit IRC		02:29
*** gouthamr has joined #openstack-meeting		02:35
*** dmellado has quit IRC		02:35
*** dmellado has joined #openstack-meeting		02:38
*** gouthamr has quit IRC		02:42
*** dmellado has quit IRC		02:42
*** dmellado has joined #openstack-meeting		02:45
*** gouthamr has joined #openstack-meeting		02:49
*** dmellado has quit IRC		02:52
*** dmellado has joined #openstack-meeting		02:54
*** gouthamr has quit IRC		02:54
*** gouthamr has joined #openstack-meeting		02:58
*** dmellado has quit IRC		03:02
*** dmellado has joined #openstack-meeting		03:04
*** whoami-rajat has joined #openstack-meeting		03:05
*** gouthamr has quit IRC		03:05
*** tonyb has quit IRC		03:05
*** gouthamr has joined #openstack-meeting		03:10
*** dmellado has quit IRC		03:11
*** dmellado has joined #openstack-meeting		03:13
*** gouthamr has quit IRC		03:27
*** dmellado has quit IRC		03:29
*** gouthamr has joined #openstack-meeting		03:31
*** dmellado has joined #openstack-meeting		03:32
*** gouthamr has quit IRC		03:33
*** dmellado has quit IRC		03:34
*** tonyb has joined #openstack-meeting		03:36
*** gouthamr has joined #openstack-meeting		03:37
*** dmellado has joined #openstack-meeting		03:39
*** psachin has joined #openstack-meeting		03:40
*** rbudden has joined #openstack-meeting		03:46
*** gouthamr has quit IRC		03:49
*** dmellado has quit IRC		03:51
*** dmellado has joined #openstack-meeting		03:55
*** gouthamr has joined #openstack-meeting		03:58
*** akhil_jain has joined #openstack-meeting		04:00
*** gouthamr has quit IRC		04:00
*** ekcs has joined #openstack-meeting		04:03
ekcs	#startmeeting congressteammeeting	04:04
openstack	Meeting started Fri Jun 28 04:04:45 2019 UTC and is due to finish in 60 minutes. The chair is ekcs. Information about MeetBot at http://wiki.debian.org/MeetBot.	04:04
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	04:04
*** openstack changes topic to " (Meeting topic: congressteammeeting)"		04:04
openstack	The meeting name has been set to 'congressteammeeting'	04:04
ekcs	hello! topics go here as usual: https://etherpad.openstack.org/p/congress-meeting-topics	04:06
*** gouthamr has joined #openstack-meeting		04:06
*** imsurit has joined #openstack-meeting		04:06
akhil_jain	Hi, ekcs	04:08
ekcs	hello akhil_jain ! how’s it been?	04:08
ekcs	and hello imsurit ! if you’re here to join the meeting, welcome!	04:08
akhil_jain	Everything good, what about you?	04:08
*** dmellado has quit IRC		04:09
*** gouthamr has quit IRC		04:10
*** imsurit_ofc has joined #openstack-meeting		04:10
*** imsurit has quit IRC		04:11
*** imsurit_ofc is now known as imsurit		04:11
ekcs	im alright too!	04:11
ekcs	a little bit of a stressful week but reasonably productive = )	04:12
ekcs	ok I guess we’ll dive in then.	04:12
ekcs	#topic intelligent overprovisioning for high availability	04:13
*** openstack changes topic to "intelligent overprovisioning for high availability (Meeting topic: congressteammeeting)"		04:13
*** dmellado has joined #openstack-meeting		04:13
ekcs	I just want to give a quick update to this use case I’ve been working on.	04:14
ekcs	it’s mentioned in our talks in the denver summit, but I’m working on formalizing it for the self-healing SIG	04:15
ekcs	and also fleshing out all the reference deployment setup.	04:15
*** dmellado has quit IRC		04:15
*** gouthamr has joined #openstack-meeting		04:16
ekcs	the concept is to use predictive analytics (maybe monasca-analytics) to warn of possible failures. and based on those failure severetiy, likelihood, and the load on the affected services, decide how much to overprovision to guard against service disruption/degradation if the failure occurs.	04:17
*** gouthamr has quit IRC		04:17
ekcs	so something like monasca analytics would provide the predictive data, and something like congress would combine with other data to make provisioning decisions.	04:18
ekcs	one difficulty right now is to find someone who is familiar with the predictive piece to drive that. but currently i’m working on the congress side.	04:19
akhil_jain	it sounds interesting	04:20
ekcs	the numerical aggregations and calculations in the postgres engine for congress has been very helpful. will update as I progress.	04:20
*** dmellado has joined #openstack-meeting		04:20
akhil_jain	are you docuenting it in self healing sig ?	04:20
ekcs	yea I think it makes sense to document for self healing SIG and also auto-scaling SIG.	04:21
akhil_jain	is patch up?	04:22
ekcs	but also if I can find a monasca-analytics person or someone who is familiar with predictive analytics it may make sense to submit a talk for shanghai.	04:22
ekcs	no not yet. will add you to review when I submit a patch though.	04:22
akhil_jain	ok thanks	04:22
*** gouthamr has joined #openstack-meeting		04:22
ekcs	is that something you’d be interested in collaborating on for a presentation?	04:23
*** rbudden has quit IRC		04:23
akhil_jain	donot know of any such person, but i can be one by studying,	04:23
akhil_jain	always ready:D	04:23
ekcs	haha ok well we can talk more about level of interest and work.	04:24
akhil_jain	or maybe asking witek can help here	04:24
ekcs	anyway that’s all the uupdate from me on that topic.	04:25
*** _alastor_ has quit IRC		04:25
*** gouthamr has quit IRC		04:25
akhil_jain	ok great, thanks for updating	04:25
ekcs	ok moving on then.	04:26
ekcs	#topic summit presentations	04:26
*** openstack changes topic to "summit presentations (Meeting topic: congressteammeeting)"		04:26
*** brault has joined #openstack-meeting		04:26
ekcs	on the same line of thought, just want to see if there are any ideas or discussions around talks or forums for the summit	04:27
ekcs	or it’s something we can discuss more over email if they come up.	04:29
akhil_jain	I am not sure about the way we can add idea of prometheus-openstack monitoring, I have written down rough abstract, will share it with you over mail by tomorrow	04:30
*** gouthamr has joined #openstack-meeting		04:30
ekcs	ok great!	04:30
ekcs	ok moving on then.	04:31
ekcs	#topic open discussion	04:31
*** openstack changes topic to "open discussion (Meeting topic: congressteammeeting)"		04:31
ekcs	not sure if we have anything else to talk about right now.	04:31
akhil_jain	yea, nothing from my side	04:32
ekcs	ok nothing for me either. I guess we can end then!	04:32
akhil_jain	ok, later then	04:33
ekcs	happy friday and have a great weekend!	04:33
akhil_jain	Thanks and same to you, Bye!	04:34
ekcs	bye	04:34
ekcs	#endmeeting	04:34
*** openstack changes topic to "OpenStack Meetings \|\| https://wiki.openstack.org/wiki/Meetings/"		04:34
openstack	Meeting ended Fri Jun 28 04:34:30 2019 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	04:34
openstack	Minutes: http://eavesdrop.openstack.org/meetings/congressteammeeting/2019/congressteammeeting.2019-06-28-04.04.html	04:34
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/congressteammeeting/2019/congressteammeeting.2019-06-28-04.04.txt	04:34
openstack	Log: http://eavesdrop.openstack.org/meetings/congressteammeeting/2019/congressteammeeting.2019-06-28-04.04.log.html	04:34
*** gouthamr has quit IRC		04:35
*** pcaruana has joined #openstack-meeting		04:36
*** dmellado has quit IRC		04:37
*** dmellado has joined #openstack-meeting		04:41
*** gouthamr has joined #openstack-meeting		04:41
*** gouthamr has quit IRC		04:50
*** ekcs has quit IRC		04:50
*** dmellado has quit IRC		04:56
*** gouthamr has joined #openstack-meeting		04:57
*** dmellado has joined #openstack-meeting		05:00
*** gouthamr has quit IRC		05:06
*** dmellado has quit IRC		05:11
*** gouthamr has joined #openstack-meeting		05:12
*** dmellado has joined #openstack-meeting		05:13
*** gouthamr has quit IRC		05:19
*** gouthamr has joined #openstack-meeting		05:24
*** Luzi has joined #openstack-meeting		05:26
*** gouthamr has quit IRC		05:31
*** dmellado has quit IRC		05:35
*** gouthamr has joined #openstack-meeting		05:37
*** dmellado has joined #openstack-meeting		05:38
*** bbowen__ has quit IRC		05:42
*** gouthamr has quit IRC		05:44
*** jbadiapa has quit IRC		05:46
*** dmellado has quit IRC		05:48
*** dmellado has joined #openstack-meeting		05:51
*** imsurit_ofc has joined #openstack-meeting		05:51
*** gouthamr has joined #openstack-meeting		05:51
*** imsurit has quit IRC		05:52
*** imsurit_ofc is now known as imsurit		05:52
*** gouthamr has quit IRC		05:52
*** dmellado has quit IRC		05:58
*** gouthamr has joined #openstack-meeting		05:58
*** slaweq has joined #openstack-meeting		06:00
*** imsurit_ofc has joined #openstack-meeting		06:00
*** dmellado has joined #openstack-meeting		06:01
*** imsurit has quit IRC		06:02
*** imsurit_ofc is now known as imsurit		06:02
*** gouthamr has quit IRC		06:03
*** yamamoto has joined #openstack-meeting		06:06
*** yamamoto_ has joined #openstack-meeting		06:06
*** dmellado has quit IRC		06:08
*** gouthamr has joined #openstack-meeting		06:08
*** lpetrut has joined #openstack-meeting		06:09
*** lpetrut has quit IRC		06:09
*** lpetrut has joined #openstack-meeting		06:10
*** yamamoto has quit IRC		06:10
*** dmellado has joined #openstack-meeting		06:11
*** gouthamr has quit IRC		06:11
*** gouthamr has joined #openstack-meeting		06:16
*** gouthamr has quit IRC		06:16
*** gouthamr has joined #openstack-meeting		06:22
hyunsikyang	eterpad	06:23
*** kopecmartin\|off is now known as kopecmartin		06:24
*** dmellado has quit IRC		06:27
*** gouthamr has quit IRC		06:29
*** dmellado has joined #openstack-meeting		06:30
*** gouthamr has joined #openstack-meeting		06:36
*** bcafarel has quit IRC		06:41
*** dmellado has quit IRC		06:44
*** rsimai has joined #openstack-meeting		06:46
*** gouthamr has quit IRC		06:46
*** dmellado has joined #openstack-meeting		06:47
*** artom has joined #openstack-meeting		06:54
*** artom is now known as artom\|gmtplus3		06:54
*** dmellado has quit IRC		06:57
*** gouthamr has joined #openstack-meeting		06:58
*** dmellado has joined #openstack-meeting		07:00
*** jbadiapa has joined #openstack-meeting		07:04
*** gouthamr has quit IRC		07:04
*** dmellado has quit IRC		07:05
*** dmellado has joined #openstack-meeting		07:06
*** gouthamr has joined #openstack-meeting		07:12
*** dmellado has quit IRC		07:13
*** gouthamr has quit IRC		07:15
*** ykatabam has quit IRC		07:16
*** dmellado has joined #openstack-meeting		07:16
*** rcernin has quit IRC		07:16
*** tesseract has joined #openstack-meeting		07:17
*** dmellado has quit IRC		07:21
*** dmellado has joined #openstack-meeting		07:21
*** dmellado has quit IRC		07:21
*** gouthamr has joined #openstack-meeting		07:23
*** dmellado has joined #openstack-meeting		07:24
*** ttsiouts has joined #openstack-meeting		07:26
*** dmellado has quit IRC		07:30
*** tesseract has quit IRC		07:30
*** gouthamr has quit IRC		07:30
*** tesseract has joined #openstack-meeting		07:32
*** itssurya has joined #openstack-meeting		07:34
*** dmellado has joined #openstack-meeting		07:34
*** gouthamr has joined #openstack-meeting		07:39
*** dmellado has quit IRC		07:39
*** dmellado has joined #openstack-meeting		07:44
*** apetrich has joined #openstack-meeting		07:45
*** brault has quit IRC		07:49
*** gouthamr has quit IRC		07:51
*** dmellado has quit IRC		07:51
*** dmellado has joined #openstack-meeting		07:54
*** dmellado has quit IRC		07:54
*** dmellado has joined #openstack-meeting		07:55
*** lpetrut has quit IRC		07:56
*** gouthamr has joined #openstack-meeting		07:57
*** gouthamr has quit IRC		07:59
*** brault has joined #openstack-meeting		07:59
*** ralonsoh has joined #openstack-meeting		08:01
*** dmellado has quit IRC		08:03
*** brault has quit IRC		08:04
*** gouthamr has joined #openstack-meeting		08:04
*** psachin has quit IRC		08:08
*** dmellado has joined #openstack-meeting		08:08
*** gouthamr has quit IRC		08:09
*** Lucas_Gray has joined #openstack-meeting		08:11
*** gouthamr has joined #openstack-meeting		08:14
*** gouthamr has quit IRC		08:17
*** bcafarel has joined #openstack-meeting		08:18
*** dmellado has quit IRC		08:19
*** dmellado has joined #openstack-meeting		08:22
*** imsurit_ofc has joined #openstack-meeting		08:22
*** imsurit has quit IRC		08:23
*** imsurit_ofc is now known as imsurit		08:23
*** dmellado has quit IRC		08:23
*** gouthamr has joined #openstack-meeting		08:23
*** dmellado has joined #openstack-meeting		08:24
*** psachin has joined #openstack-meeting		08:24
*** gouthamr has quit IRC		08:30
*** dmellado has quit IRC		08:33
*** whoami-rajat has quit IRC		08:34
*** dmellado has joined #openstack-meeting		08:34
*** dmellado has quit IRC		08:37
*** dmellado has joined #openstack-meeting		08:39
*** gouthamr has joined #openstack-meeting		08:40
*** dmellado has quit IRC		08:46
*** gouthamr has quit IRC		08:47
*** dmellado has joined #openstack-meeting		08:50
*** dmellado has quit IRC		08:50
*** dmellado has joined #openstack-meeting		08:51
*** gouthamr has joined #openstack-meeting		08:53
*** dmellado has quit IRC		08:54
*** gouthamr has quit IRC		08:56
*** dmellado has joined #openstack-meeting		08:57
*** gouthamr has joined #openstack-meeting		09:02
*** dmellado has quit IRC		09:02
*** gouthamr has quit IRC		09:05
*** imsurit has quit IRC		09:05
*** dmellado has joined #openstack-meeting		09:05
*** jbadiapa has quit IRC		09:09
*** jbadiapa has joined #openstack-meeting		09:10
*** dmellado has quit IRC		09:12
*** dmellado has joined #openstack-meeting		09:14
*** gouthamr has joined #openstack-meeting		09:14
*** psachin has quit IRC		09:16
*** gouthamr has quit IRC		09:19
*** ricolin has quit IRC		09:21
*** gouthamr has joined #openstack-meeting		09:23
*** gouthamr has quit IRC		09:25
*** trident has quit IRC		09:27
*** trident has joined #openstack-meeting		09:29
*** dmellado has quit IRC		09:29
*** gouthamr has joined #openstack-meeting		09:32
*** dmellado has joined #openstack-meeting		09:32
*** dmellado has quit IRC		09:32
*** dmellado has joined #openstack-meeting		09:35
*** gouthamr has quit IRC		09:37
*** gouthamr has joined #openstack-meeting		09:42
*** gouthamr has quit IRC		09:43
*** dmellado has quit IRC		09:44
*** dmellado has joined #openstack-meeting		09:47
*** dmellado has quit IRC		09:54
*** itssurya has quit IRC		09:54
*** gouthamr has joined #openstack-meeting		09:54
*** dmellado has joined #openstack-meeting		09:56
*** gouthamr has quit IRC		10:00
*** dmellado has quit IRC		10:02
*** bbowen has joined #openstack-meeting		10:04
*** dmellado has joined #openstack-meeting		10:06
*** gouthamr has joined #openstack-meeting		10:06
*** ociuhandu has joined #openstack-meeting		10:07
*** dmellado has quit IRC		10:11
*** carloss has joined #openstack-meeting		10:14
*** ociuhandu has quit IRC		10:14
*** dmellado has joined #openstack-meeting		10:15
*** ociuhandu has joined #openstack-meeting		10:17
*** gouthamr has quit IRC		10:18
*** dmellado has quit IRC		10:22
*** dmellado has joined #openstack-meeting		10:24
*** gouthamr has joined #openstack-meeting		10:26
*** gouthamr has quit IRC		10:35
*** brinzhang has quit IRC		10:38
*** shilpasd has joined #openstack-meeting		10:39
*** gouthamr has joined #openstack-meeting		10:41
*** gouthamr has quit IRC		10:43
*** dmellado has quit IRC		10:44
*** dmellado has joined #openstack-meeting		10:49
*** whoami-rajat has joined #openstack-meeting		10:51
*** gouthamr has joined #openstack-meeting		10:52
*** aloga has quit IRC		10:53
*** ttsiouts has quit IRC		10:56
*** ttsiouts has joined #openstack-meeting		10:57
*** gouthamr has quit IRC		10:57
*** yamamoto_ has quit IRC		11:02
*** dmellado has quit IRC		11:04
*** dmellado has joined #openstack-meeting		11:05
*** gouthamr has joined #openstack-meeting		11:06
*** njohnston has joined #openstack-meeting		11:06
*** yamamoto has joined #openstack-meeting		11:13
*** rbudden has joined #openstack-meeting		11:15
*** Lucas_Gray has quit IRC		11:38
*** Lucas_Gray has joined #openstack-meeting		11:41
*** dviroel has quit IRC		11:48
*** hyunsikyang__ has joined #openstack-meeting		12:01
*** EmilienM is now known as EvilienM		12:02
*** hyunsikyang has quit IRC		12:04
*** electrofelix has joined #openstack-meeting		12:29
*** lbragstad has joined #openstack-meeting		12:31
*** jbadiapa has quit IRC		12:37
*** pcaruana has quit IRC		12:40
*** pcaruana has joined #openstack-meeting		12:41
*** rbudden has quit IRC		12:44
*** raildo has joined #openstack-meeting		12:44
*** lseki has joined #openstack-meeting		12:48
*** baojg has quit IRC		12:51
*** eharney has joined #openstack-meeting		12:53
*** rbudden has joined #openstack-meeting		12:58
*** lbragstad has quit IRC		13:08
*** lbragstad has joined #openstack-meeting		13:08
*** lpetrut has joined #openstack-meeting		13:23
*** mriedem has joined #openstack-meeting		13:24
*** enriquetaso has joined #openstack-meeting		13:30
*** enriquetaso has quit IRC		13:31
*** enriquetaso has joined #openstack-meeting		13:31
*** yamamoto has quit IRC		13:31
*** baojg has joined #openstack-meeting		13:36
*** jbadiapa has joined #openstack-meeting		13:42
*** mlavalle has joined #openstack-meeting		13:55
*** boden has joined #openstack-meeting		13:56
*** trident has quit IRC		13:56
*** shilpasd has quit IRC		13:57
*** woojay has left #openstack-meeting		13:58
*** trident has joined #openstack-meeting		13:58
mlavalle	#startmeeting neutron_drivers	14:00
openstack	Meeting started Fri Jun 28 14:00:04 2019 UTC and is due to finish in 60 minutes. The chair is mlavalle. Information about MeetBot at http://wiki.debian.org/MeetBot.	14:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	14:00
*** openstack changes topic to " (Meeting topic: neutron_drivers)"		14:00
openstack	The meeting name has been set to 'neutron_drivers'	14:00
slaweq	hi	14:00
mlavalle	boden: to optimize your time, we are talkijg about https://bugs.launchpad.net/neutron/+bug/1832758	14:00
openstack	Launchpad bug 1832758 in neutron "[RFE] Allow/deny custom ethertypes in security groups" [Wishlist,New]	14:00
*** dviroel has joined #openstack-meeting		14:01
ralonsoh	hi	14:01
mlavalle	the question that we have is whether NSX allows other ethertypes in security groups?	14:01
njohnston	o/	14:01
mlavalle	i.e. can you say in a security group rule that non ip traffic is enabled? or is non ip trafiic enabled by deafult in NSX?	14:02
*** Luzi has quit IRC		14:02
boden	mlavalle I would have to dig.. I didn't write much of that code, I mainly just maintain the gate and some bugs	14:03
njohnston	boden: Common examples would be InfiniBand or FCoE	14:03
boden	mlavalle can we propose the question in the bug and I will ask the dev team to look	14:03
mlavalle	boden: yeah, don't dig too much. Just ask your devs to look at the RFE and give their opinion	14:04
haleyb	hi	14:04
boden	mlavalle will do... I could guess here, but better to let them peek since they know the deep details of the integration	14:04
*** yamamoto has joined #openstack-meeting		14:05
mlavalle	boden: that's all I wanted to ask, in case you need to take care of your parental duties. you afe also welcome to stay :-)	14:05
mlavalle	#topic RFEs	14:06
*** openstack changes topic to "RFEs (Meeting topic: neutron_drivers)"		14:06
mlavalle	ok, we have quorum	14:06
mlavalle	Let's go back to https://bugs.launchpad.net/neutron/+bug/1832758	14:07
openstack	Launchpad bug 1832758 in neutron "[RFE] Allow/deny custom ethertypes in security groups" [Wishlist,New]	14:07
*** davidsha has joined #openstack-meeting		14:07
njohnston	Thank you all for getting started talking about this last week while I was on PTO	14:07
njohnston	glad to get the ball rolling	14:08
mlavalle	Let me try to summarize last week's discussion:	14:08
mlavalle	1) The team seemed to agree that we have to allow other ethertypes beyond IP	14:09
mlavalle	2) We got bogged down on the transition from the current situation to the new one	14:09
*** liuyulong has joined #openstack-meeting		14:10
mlavalle	whether just to allow those ethertypes by default or requiring explicit rules to enable them	14:10
mlavalle	is that a good summary?	14:10
slaweq	IMO yes	14:11
*** lpetrut has quit IRC		14:11
slaweq	and we should think about some solution which will be backportable to stable releases IMHO	14:11
njohnston	mlavalle: Sounds right based on my reading of the transcript	14:11
haleyb	+1	14:11
*** jbadiapa has quit IRC		14:12
njohnston	Regarding allowing the ethertypes by default, I think this should be treated like IP traffic: default deny, allow only with exception.	14:12
*** jbadiapa has joined #openstack-meeting		14:12
*** yamamoto has quit IRC		14:12
*** boden has left #openstack-meeting		14:13
mlavalle	njohnston: that was also my position	14:13
mlavalle	but the rest of the team seemed to be inclined towards allowing them by default	14:13
mlavalle	at least that was my take away after reading the log last night	14:14
njohnston	If a bank or governmental institution, for example, wants to lock down their network completely then saying "You're locked down unless a hacker uses a custom ethertype, then he can exfiltrate data freely" is not a good answer	14:14
slaweq	+1	14:14
mlavalle	agree	14:15
mlavalle	I think that is the crux of the discussion	14:16
mlavalle	the user should be locked down / secure by default	14:16
mlavalle	the flip side of the coin is that deployments using custom ethertypes under hybrid fw will have to enable them explicitely when migration to ovs fw	14:19
mlavalle	right?	14:19
amotoki	sorry for late. I second "deny" by default. we see different behaviors in iptables-hybrid and ovs-fw at least. it sounds better to have an explicit rule when close the gap. I think it allows users to be aware of what happens.	14:19
njohnston	mlavalle: yes, which would be an improvement on the current situation where they are broken without recourse for a fix	14:19
amotoki	mlavalle: agree	14:19
*** vishalmanchanda has joined #openstack-meeting		14:20
mlavalle	ok, so are we ready to approve implementing:	14:20
mlavalle	1) custom ethertypes in security groups	14:20
mlavalle	2) with deny as the default bahavior?	14:21
njohnston	mlavalle: Yes. Additionally I think some documentation to help operators sample traffic looking for custom ethertypes so they can see what is actually in use befor ethey migrate would be a good way to help the pain of a transition from iptables to ovsfw	14:22
mlavalle	documentation at a minimum.... ideally some tool	14:22
slaweq	one question: what about iptables driver? Will we also implement blocking such custom ethertypes in it?	14:23
haleyb	my internet connection is going down, so i'll put in a preemptive +1 on Nate's back-portable solution	14:24
njohnston	would it make sense to consider that as a separate RFE once this one is implemented, and pull the security team into the discussion at that time	14:24
njohnston	?	14:24
amotoki	one idea on iptables driver is to define explicit rules to allow such traffic and block to drip them.	14:24
haleyb	amotoki: it would be an ebtables-type driver, so would be more work in the hybrid case	14:25
amotoki	this RFE is about ovs-fw behaviro. we can tackle how to close the gap between ovs-fw and iptable drivers in another RFE.	14:25
slaweq	I agree that it may be separate RFE, but I would just want to not forget about it :)	14:26
njohnston	amotoki: +1	14:26
amotoki	haleyb: yes, I learned that last week. it would need more work and it might be moree complicated.	14:26
mlavalle	here's what I propose. approve the RFE....	14:27
slaweq	because if we will have something like: ovs-fw blocks such traffic by default, iptables always allows this traffic (which is also now) - this sounds a bit like CVE for me even	14:27
mlavalle	and start a disucssion right away with the security team	14:27
njohnston	mlavalle: +1	14:27
mlavalle	slaweq: it is CVE	14:27
amotoki	at least OSSN (openstack security notice) is worth mentioned.	14:28
mlavalle	and that is why we have to start discussing with the security team	14:28
slaweq	ok	14:28
mlavalle	because our deployer have a hole there and I bet most of them don't even realize it	14:28
mlavalle	deployers^^^^	14:28
njohnston	I'd like to talk a little about how we address this in master vs. stable	14:29
njohnston	I'd like to propose - and get the drivers blessing - that we create an RFE and figure out the API changes, DB changes, etc. to create this as a proper API extension for the security groups API for master. But that seems too much to backport to old releases, per our backports policy.	14:30
*** mattw4 has joined #openstack-meeting		14:30
njohnston	So I would like to address this with a minimalistic change that just uses an ovs agent config option to define the permitted ethertypes, as a way to address the situation in stable with a light touch. I started on such an approach here: https://review.opendev.org/#/c/667207/	14:31
mlavalle	ahh, I saw that patch. Now I understand	14:32
njohnston	(this is what haleyb was referring to earlier)	14:32
*** _alastor_ has joined #openstack-meeting		14:32
mlavalle	it never comes into master	14:33
mlavalle	starts in stable/steain	14:34
mlavalle	it makes sense to me	14:34
njohnston	mlavalle: precisely	14:34
njohnston	Since this is CVE territory I think something we can have out there for existing customers soon is a good thing, plus it addresses the "sideways regression" for customers going from iptables_hybrid to ovsfw and having their Infiniband application break.	14:34
slaweq	njohnston: but as this is only for Stein and older, are You sure that proper fix with API changes will be ready for Train for sure?	14:35
ralonsoh	agree with slaweq, this patch can be merged in master and then, if the feature is implemented, removed	14:36
slaweq	maybe that would be "safer" solution	14:36
*** lbragstad has quit IRC		14:36
njohnston	OK, I'd be very open to that	14:36
*** artom\|gmtplus3 has quit IRC		14:37
mlavalle	sounds sensible to me	14:37
mlavalle	amotoki, haleyb: what do you think?	14:38
* njohnston wonders if we lost haleyb		14:39
mlavalle	probably	14:40
-amotoki- was disconnected for a while during train under ground		14:40
amotoki	I followed the discussion and it makes sense to me.	14:40
mlavalle	cool	14:41
mlavalle	we have an agreement	14:41
mlavalle	I will document this discussion in the RFE and mark it approved	14:41
mlavalle	that was the only RFE we had for today	14:42
njohnston	All right. I will take my code on stable/stein and propose it for master, adding TODO statements to remove when we have a full implementation... and then I'll get a spec going for the full change	14:42
mlavalle	but before leaving, I have two questions for the team	14:42
mlavalle	1) Last night I was looking at the RFE, just freshly submitted: https://bugs.launchpad.net/neutron/+bug/1834174	14:43
openstack	Launchpad bug 1834174 in neutron "[RFE] Add support for IPoIB interface driver" [Wishlist,New] - Assigned to Adrian Chiris (adrian.chiris)	14:43
mlavalle	but given the previous ethertypes disucssion, do we need infiniband drivers?	14:43
mlavalle	deployers are connecting infiniband fabrics in their OpenStack systems, right?	14:44
*** rsimai has quit IRC		14:44
mlavalle	at least the RH folks know of one, as far as I can glean out	14:44
njohnston	In the case I know about, the application is using the infiniband protocol natively (I believe, would want to confirm it)	14:45
slaweq	I don't know IB but for me it looks like proposal for new dhcp/L3 driver that dhcp/router namespace can be connected that way	14:45
mlavalle	ok, please leave some comments there if you have time	14:46
*** lpetrut has joined #openstack-meeting		14:46
njohnston	but infiniband can also be implemented in hardware so perhaps this is to create ports on an interface that is an infiniband network interface rather than an ethernet one	14:46
* njohnston will comment		14:46
mlavalle	2) Thursday of Next week is July 4th, Independence Day in the USA. I am taking Friday 5th off and I suspect haleyb and njohnston might do the same	14:47
ralonsoh	I'll do the same!!	14:47
* slaweq is sad that he will have to be at work :(		14:48
*** panda has quit IRC		14:48
*** panda has joined #openstack-meeting		14:48
mlavalle	so it might be slaweq, amotoki and yamamoto only attending the meeting	14:48
* njohnston offers July 4th as a holiday for anyone who is sorting out their issues with Britain		14:49
mlavalle	do you want to have it anyway or do you want to cancel?	14:49
amotoki	canceling the meeting sounds good to. we can spend reviewing others :)	14:49
amotoki	good to me	14:49
slaweq	yes, I think that we can cancel it	14:49
mlavalle	cool	14:49
mlavalle	I'll send a notice to the ML	14:50
mlavalle	That's all for today team	14:50
njohnston	thank you all very much	14:50
mlavalle	Great discussion, btw	14:50
slaweq	thank You all	14:50
ralonsoh	bye!	14:50
slaweq	have a great weekend :)	14:50
slaweq	o/	14:50
mlavalle	have a great weekend!	14:50
mlavalle	#endmeeting	14:51
*** openstack changes topic to "OpenStack Meetings \|\| https://wiki.openstack.org/wiki/Meetings/"		14:51
openstack	Meeting ended Fri Jun 28 14:51:01 2019 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	14:51
openstack	Minutes: http://eavesdrop.openstack.org/meetings/neutron_drivers/2019/neutron_drivers.2019-06-28-14.00.html	14:51
amotoki	the meeting will end before I get off the train :) yay	14:51
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/neutron_drivers/2019/neutron_drivers.2019-06-28-14.00.txt	14:51
openstack	Log: http://eavesdrop.openstack.org/meetings/neutron_drivers/2019/neutron_drivers.2019-06-28-14.00.log.html	14:51
mlavalle	amotoki: that's good!	14:51
*** mlavalle has left #openstack-meeting		14:52
*** ttsiouts has quit IRC		14:53
*** ttsiouts has joined #openstack-meeting		14:54
*** ttsiouts has quit IRC		14:54
*** ayoung has quit IRC		14:59
*** mattw4 has quit IRC		15:04
*** lpetrut has quit IRC		15:05
*** yamamoto has joined #openstack-meeting		15:08
*** bobh has joined #openstack-meeting		15:09
*** whoami-rajat has quit IRC		15:11
*** rajinir has joined #openstack-meeting		15:12
*** igordc has joined #openstack-meeting		15:17
*** whoami-rajat has joined #openstack-meeting		15:19
*** baojg has quit IRC		15:19
*** baojg has joined #openstack-meeting		15:19
*** raildo has quit IRC		15:28
*** baojg has quit IRC		15:29
*** enriquetaso has quit IRC		15:30
*** _alastor_ has quit IRC		15:33
*** enriquetaso has joined #openstack-meeting		15:44
*** enriquetaso has quit IRC		15:44
*** enriquetaso has joined #openstack-meeting		15:44
*** raildo has joined #openstack-meeting		15:50
*** davidsha has quit IRC		16:07
*** mattw4 has joined #openstack-meeting		16:08
*** mattw4 has quit IRC		16:12
*** mattw4 has joined #openstack-meeting		16:15
*** ociuhandu has quit IRC		16:16
*** yamamoto has quit IRC		16:16
*** yamamoto has joined #openstack-meeting		16:17
*** mriedem is now known as mriedem_away		16:18
*** Lucas_Gray has quit IRC		16:19
*** wwriverrat has joined #openstack-meeting		16:21
*** diablo_rojo has joined #openstack-meeting		16:36
*** cmurphy is now known as cmorpheus		16:41
*** kmalloc is now known as needscoffee		16:47
*** enriquetaso has quit IRC		16:59
*** ralonsoh has quit IRC		17:18
*** ricolin has joined #openstack-meeting		17:19
*** raildo has quit IRC		17:24
*** ekcs has joined #openstack-meeting		17:25
*** e0ne has joined #openstack-meeting		17:26
*** mriedem_away is now known as mriedem		17:27
*** bbowen has quit IRC		17:27
*** electrofelix has quit IRC		17:30
*** raildo has joined #openstack-meeting		17:35
*** ricolin has quit IRC		17:45
*** enriquetaso has joined #openstack-meeting		17:48
*** whoami-rajat has quit IRC		17:51
*** akhil_jain has quit IRC		18:10
*** e0ne has quit IRC		18:12
*** e0ne has joined #openstack-meeting		18:13
*** tesseract has quit IRC		18:13
*** raildo has quit IRC		18:16
*** e0ne has quit IRC		18:16
*** raildo has joined #openstack-meeting		18:18
*** e0ne has joined #openstack-meeting		18:26
*** e0ne has quit IRC		18:28
*** vishalmanchanda has quit IRC		18:30
*** raildo has quit IRC		18:46
*** carloss has quit IRC		19:03
*** enriquetaso has quit IRC		19:03
*** EvilienM is now known as EmilienM		19:05
*** bbowen has joined #openstack-meeting		19:14
*** whoami-rajat has joined #openstack-meeting		19:14
*** yamamoto has quit IRC		19:14
*** diablo_rojo has quit IRC		19:23
*** dklyle has quit IRC		19:36
*** yamamoto has joined #openstack-meeting		19:50
*** mattw4 has quit IRC		19:51
*** diablo_rojo has joined #openstack-meeting		19:52
*** yamamoto has quit IRC		20:01
*** mattw4 has joined #openstack-meeting		20:02
*** raildo has joined #openstack-meeting		20:09
*** enriquetaso has joined #openstack-meeting		20:10
*** diablo_rojo has quit IRC		20:16
*** dklyle has joined #openstack-meeting		20:18
*** slaweq has quit IRC		20:23
*** diablo_rojo has joined #openstack-meeting		20:32
*** raildo_ has joined #openstack-meeting		20:40
*** raildo has quit IRC		20:43
*** ekcs has quit IRC		20:59
*** ekcs has joined #openstack-meeting		21:01
*** diablo_rojo has quit IRC		21:10
*** slaweq has joined #openstack-meeting		21:11
*** kopecmartin has quit IRC		21:13
*** slaweq has quit IRC		21:15
*** pcaruana has quit IRC		21:16
*** rfolco is now known as rfolco\|off		21:16
*** bobh has quit IRC		22:01
*** diablo_rojo has joined #openstack-meeting		22:09
*** dviroel has quit IRC		22:10
*** slaweq has joined #openstack-meeting		22:11
*** slaweq has quit IRC		22:16
*** raildo_ has quit IRC		22:20
*** ekcs has quit IRC		22:29
*** ekcs has joined #openstack-meeting		22:35
*** rajinir has quit IRC		22:42
*** diablo_rojo has quit IRC		22:53
*** mattw4 has quit IRC		23:11
*** whoami-rajat has quit IRC		23:13
*** Lucas_Gray has joined #openstack-meeting		23:14
*** enriquetaso has quit IRC		23:15
*** yamamoto has joined #openstack-meeting		23:36
*** Wryhder has joined #openstack-meeting		23:39
*** Lucas_Gray has quit IRC		23:40
*** Wryhder is now known as Lucas_Gray		23:40
*** _alastor_ has joined #openstack-meeting		23:58

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!