14:00:02 <njohnston> #startmeeting fwaas
14:00:06 <openstack> Meeting started Tue Jan 24 14:00:02 2017 UTC and is due to finish in 60 minutes.  The chair is njohnston. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:07 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:10 <openstack> The meeting name has been set to 'fwaas'
14:00:20 <hoangcx> Hi
14:00:22 <njohnston> #chair SridarK yushiro xgerman
14:00:22 <openstack> Warning: Nick not in channel: SridarK
14:00:23 <openstack> Current chairs: SridarK njohnston xgerman yushiro
14:00:25 <yushiro> hi
14:00:27 <tuhv> Hi
14:00:32 <xgerman> o/
14:00:59 <njohnston> OK, so let's get started
14:01:10 <njohnston> #topic FWaaS v2
14:01:36 <njohnston> So it's going to be difficult to get this done before feature freeze I think
14:01:47 <njohnston> the neutron change is still outstanding
14:01:56 <njohnston> #link https://review.openstack.org/348177  neutron: IPtables enhancement for co-existence of SG and FWaaS v2 drivers (Chandan/Sarath/Nate)
14:02:18 <njohnston> I had worked on it, and gotten the tests working except for functional, fullstack, and grenade
14:02:25 <chandanc_> Nate, i just discovered some bug in the patch that was producing duplicate rules
14:02:32 <njohnston> chandanc_: I saw you uploaded a new PS last night?
14:02:41 <chandanc_> ya
14:02:53 <chandanc_> but UTs are again broken
14:03:01 <chandanc_> I have some changes in progress
14:03:01 <njohnston> ah, ok.  I can work on getting the tests working again, but there is a substantial change this may miss Ocata
14:03:26 <chandanc_> ya, sorry i did not see the bug earlier
14:03:31 <njohnston> chandanc_: just let me know when you want to pass the baton and I'll work on it after you're in bed
14:04:06 <chandanc_> I can give you the patch in progress, can help you to loook at the right place
14:04:19 <njohnston> sure
14:04:36 <chandanc_> will summarize in a mail
14:04:39 <njohnston> thanks!
14:04:56 <njohnston> ok, next up is the driver
14:04:57 <njohnston> #link https://review.openstack.org/361071 neutron-fwaas: FWaaS v2 driver for L2 ports (Chandan/Sarath)
14:05:15 <njohnston> I assume this is pretty much ready to go since there has been no activity on it in months
14:05:39 <chandanc_> the driver patch looks good but we ned to test the full integration
14:05:40 <SridarK> This may still need some tweaks i am guessing
14:06:36 <njohnston> If the neutron patch does not make it, should we try and deliver this anyway with the theory that we can tell people to turn off SG entirely and they could still use FWaaS v2 for L2?
14:07:25 <SridarK> This can be a bit tricky as we have no control on whether SG is turned off or not
14:07:55 <njohnston> it would have to be documented very visibly
14:08:00 <xgerman> yep
14:08:12 <xgerman> and we will mark it beta as well
14:08:33 <njohnston> does anyone object to that strategy?
14:08:43 <SridarK> Also i am wondering if we can check if the SG driver is the noop driver
14:09:09 <njohnston> SridarK: how would we accomplish that?
14:10:01 <SridarK> I am not sure if ther is a way to check for that - but that would give an added assurance for user missteps
14:10:30 <SridarK> but yes we could shoot for this strategy with extremely visible caveats
14:11:08 <njohnston> ok.  then let's start integration testing with the driver immediately
14:11:17 <xgerman> +1
14:11:33 <njohnston> #link https://review.openstack.org/323971  neutron-fwaas: FWaaS v2 extension for L2 agent (Yushiro/Paddu)
14:11:34 <SridarK> chandanc_: what are ur thoughts ?
14:11:45 <chandanc_> +1 for testing the solution
14:12:04 <SridarK> ok
14:12:27 <yushiro> l2 agent patch, paddu is updating this patch and I'm writing default firewall group logic.
14:12:42 <SridarK> I believe this is looking in decent shape too
14:13:06 <SridarK> yushiro: then perhaps we can attempt an integration with the L2 driver ?
14:13:30 <yushiro> SridarK, Yes.
14:13:41 <SridarK> chandanc_: if u can run thru the L2 driver to check if there are some missing pieces ?
14:13:57 <yushiro> And 1 question from paddu.
14:14:05 <chandanc_> Sure, will do
14:14:18 <yushiro> He'd like to get 'binding:xxx' data from port_id.
14:15:56 <yushiro> In other words, he wants to get PortBinding data from neutron port_id.  If you know good way to get it, please tell him on e-mail :)
14:17:01 <njohnston> ok, let's move on
14:17:11 <njohnston> #topic Stadium Compliance
14:17:24 <njohnston> #link https://review.openstack.org/394619 Add fullstack testing for neutron-fwaas
14:17:41 <njohnston> that is a basic framework for fulstack testing with nothing fwaas-specific
14:18:00 <njohnston> so that can merge now, and once the OSC new version gets bumped in g-r we can add FWaaS-specific tests
14:18:24 <yushiro> njohnston, #link https://review.openstack.org/#/c/424068/
14:18:41 <yushiro> njohnston, This is the last 1 bug for OSC.
14:19:04 <njohnston> I was looking at that just before the meeting
14:19:07 <njohnston> I just approved it
14:19:13 <SridarK> So on 394619 - we can get that in ?
14:19:37 <njohnston> SridarK: yes, we can approve that anytime since it just sets up the fullstack testing framework
14:19:37 <yushiro> njohnston, Thanks
14:19:43 <SridarK> ok cool
14:19:47 <SridarK> thx njohnston
14:20:14 <SridarK> i will look at it today
14:20:20 <njohnston> API transition - have one bugfix
14:20:25 <njohnston> #link https://review.openstack.org/421534 Add action map for neutron-fwaas API definition
14:20:41 <njohnston> and still working on the transition to use the API definition in neutron-lib
14:20:46 <njohnston> #link https://review.openstack.org/421472 Use neutron-lib definition of neutron-fwaas API
14:20:59 <njohnston> I have been deprioritizing this work in favor of fwaas v2 work
14:21:29 <SridarK> yes makes sense
14:21:41 <yushiro> good!
14:22:18 <njohnston> anything else on stadium?
14:22:52 <xgerman> we should mention the PTL alection
14:22:56 <SridarK> no it seems there is renewed interest in services with vpnaas as well
14:23:02 <xgerman> +1
14:23:07 <SridarK> so that is good overall for the community
14:23:12 <xgerman> indeed
14:23:20 <xgerman> + Kevin is a good guy!
14:23:21 <SridarK> and our own xgerman is back in play with lbaas
14:23:28 <SridarK> xgerman: resounding _1
14:23:36 <SridarK> resounding +1
14:23:48 <njohnston> indeed.  I much liked kevinbenton's candidacy announcement with vpnaas as a plank
14:24:03 <yushiro> Yes, this is good news for me.
14:24:22 <njohnston> #topic performance improvement for v1
14:24:28 <tuhv> Hi
14:24:30 <njohnston> #link https://review.openstack.org/#/c/389654/
14:24:46 <tuhv> I have to update to patch 32 because of pyroute2 updating
14:25:02 <njohnston> this looks like it's really close
14:25:18 <tuhv> I have also commented on my patch the reason, and my solution
14:25:32 <njohnston> tuhv: I will try and retest today
14:25:40 <tuhv> Also with my log test: https://github.com/uttu90/FWaaSNetlink/blob/master/experimental_log.txt
14:25:53 <tuhv> njohnston, thanks
14:26:24 <tuhv> njohnston, it (patch32) is more stable and even faster
14:26:24 <hoangcx> njohnston, xgerman It would be better if the patch can land in Ocata.
14:26:35 <yushiro> tuhv, I will.  I'll put some results after you updated your patch.
14:27:07 <tuhv> yushiro, Actually this patch is the latest
14:27:10 <njohnston> hoangcx: agreed, I would definitely like it to land in Ocata if possible
14:27:16 <xgerman> +1
14:27:18 <yushiro> tuhv, aha. OK.
14:27:19 <tuhv> yushiro, so you can test now
14:27:43 <tuhv> njohnston, thank you
14:28:08 <njohnston> tuhv: thank you for working on this!
14:28:11 <njohnston> #topic bugs
14:28:13 <hoangcx> njohnston, xgerman large scale system need this one :-)
14:28:31 <njohnston> so there are a number of bugs
14:28:54 <njohnston> yushiro: would you mind leading us through this?  I believe you have been the main bugsquasher
14:29:10 <yushiro> njohnston, OK.  let me explain current progress.
14:29:21 <yushiro> #link https://review.openstack.org/#/c/423229/
14:29:50 <yushiro> This patch needs to discuss parameters for 'protocol' in firewall_rule.
14:29:58 <SridarK> yushiro: yes
14:30:17 <SridarK> I just wanted to clarify this as on my comment
14:30:42 <yushiro> SridarK, yes.  Let's discuss in opendiscussion.
14:30:48 <SridarK> ok
14:31:00 <yushiro> 2nd: OSC plugin bug will be fixed.  Thanks all!
14:31:26 <yushiro> #link https://review.openstack.org/#/c/424534/
14:31:52 <yushiro> Yesterday, I put this PS for 'public' attribute.
14:32:04 <yushiro> Thanks for your attention, njohnston and xgerman .
14:32:35 <yushiro> This patch can use 'puglic' attribute like 'shared'.
14:33:21 <njohnston> so the reason this is needed is because rbac feature considers 'shared' to be a special case?
14:33:29 <xgerman> yep
14:33:45 <xgerman> it finds everyhting for a tenant + what is shared
14:33:49 <njohnston> do we depend on the logic rbac uses in this case?
14:34:08 <xgerman> unless we do our own DB queries - yes
14:34:14 <njohnston> ok
14:34:24 <xgerman> but I am not sure why this would bomb update?
14:34:34 <yushiro> njohnston, I think so.  now, this patch are missing for rbac feature.
14:35:13 <yushiro> Currently, rbac feature does not support fwaas.  So, in order to verify this behavior, following procedures are necessary.(IMO)
14:35:37 <xgerman> also I forgot what the difference between shared and public was…
14:35:44 <yushiro> 1. need to apply German's patch.   2. Enable to load neutron-fwaas.json for UT.
14:36:12 <yushiro> xgerman, TBH, I was thinking 'public' is totally same as 'shared'.
14:36:21 <SridarK> xgerman: that is what confuses me on public
14:36:21 <yushiro> s/is/was
14:36:28 <SridarK> yushiro: yes
14:36:33 <SridarK> tht is what i thought
14:36:38 <SridarK> so i am confused here
14:36:49 <xgerman> so kf we rename public -> shared in DB we are good?
14:37:10 <njohnston> it seems like it
14:37:22 <xgerman> that seems like the easiest fix
14:37:29 <SridarK> hmm
14:38:13 <yushiro> xgerman, yes definitely.  but I think it seems a little complexity between DB colomn and resource_attribute_map.
14:39:19 <xgerman> well, if we are confused so will be our users
14:39:26 <SridarK> +1
14:39:29 <njohnston> +1
14:39:32 <yushiro> +1
14:39:38 <yushiro> indeed.
14:39:56 <SridarK> i always thought public was the new approach from shared
14:39:57 <njohnston> let's talk about this on #openstack-fwaas after the meeting and sort it out
14:40:03 <SridarK> yes
14:40:07 <yushiro> OK, that's all bug for me.  However, there are some bugs in fwaas.https://review.openstack.org/#/q/project:openstack/neutron-fwaas+status:open
14:40:56 <yushiro> But others are not so urgent I think.
14:41:10 <njohnston> #link https://bugs.launchpad.net/neutron/+bugs?field.tag=fwaas launchpad list of fwaas bugs
14:41:49 <yushiro> njohnston, aha, thanks.
14:42:19 <yushiro> Unfortunately, I don't have privilege to mark 'bug priority' on launchpad.
14:42:49 <njohnston> let me know, I can do it
14:43:05 <yushiro> njohnston, thanks.
14:43:16 <njohnston> (benefits of having been neutron bug deputy, I highly recommend it)
14:44:31 <yushiro> so, any other question?
14:44:38 <njohnston> specific bugs I am tracking
14:44:45 <njohnston> #link https://bugs.launchpad.net/neutron/+bug/1658817
14:44:45 <openstack> Launchpad bug 1658817 in neutron "_make_firewall_dict_with_rules gets FW rules one by one from db " [Undecided,In progress] - Assigned to Cedric Brandily (cbrandily)
14:44:59 <njohnston> this looks like a good speed optimization
14:45:18 <njohnston> #link https://review.openstack.org/424361 Optimize _make_firewall_dict_with_rules db queries
14:45:24 <xgerman> +1
14:45:52 <yushiro> ah yes.  This patch decrease DB access.  I think this is good patch :)
14:46:26 <njohnston> and
14:46:31 <njohnston> #link https://bugs.launchpad.net/neutron/+bug/1618244
14:46:31 <openstack> Launchpad bug 1618244 in neutron "Possible scale issues with neutron-fwaas requesting all tenants with firewalls after RPC failures" [Undecided,In progress] - Assigned to Bertrand Lallau (bertrand-lallau)
14:46:31 <SridarK> yes indeed - took a look at it and is a neat fix - just wanted to give it a more careful look
14:46:49 <njohnston> also being actively worked
14:46:51 <njohnston> #link https://review.openstack.org/424551
14:47:04 <xgerman> Bertrand and Cedric are good guys
14:47:19 <njohnston> indeed, they look to be doing very good work
14:47:34 <yushiro> yes.
14:47:45 <xgerman> they did some stuff for LBaaS…
14:48:31 <njohnston> those both look important and I hope to shepherd them into Ocata
14:48:39 <xgerman> +1
14:48:46 <yushiro> yes.
14:48:50 <SridarK> yes agreed
14:48:58 <njohnston> does anyone else have any bugs they would like to discuss?  brenda_?
14:50:56 <njohnston> #topic open discussion
14:51:46 <yushiro> FYI: I dropped travel support program for PTG :(  But I'll try to negotiate my manager to go to PTG.
14:51:47 <njohnston> does anyone have anything else they would like to discuss?
14:52:13 <SridarK> I have been pulled into something critical on the work front - so if there is something important any of u have been waiting on from me - pls shoot me an email or ping me.
14:52:15 <njohnston> yushiro: good luck!  I hope to see you there
14:52:26 <yushiro> njohnston, me too :)
14:52:28 <njohnston> thanks, SridarK, I hope it goes well for you
14:52:33 <SridarK> yushiro: i hope u can make it
14:52:41 <yushiro> yes.
14:52:59 <SridarK> njohnston: thx hopefully by end of this week should be back to normal
14:53:11 <xgerman> I got approved last Friday for PTG
14:53:14 <yushiro> SridarK, OK.
14:53:22 <njohnston> excellent xgerman!
14:53:26 <SridarK> cool
14:53:26 <yushiro> xgerman, congurat!!
14:53:41 <xgerman> thanks
14:53:59 <xgerman> now we need to think about Boston
14:54:03 <SridarK> I will be there from Wed - morn of Fri
14:54:18 <xgerman> Mon-Fr
14:54:26 <xgerman> need to stop by the ansible team
14:54:34 <yushiro> SridarK, can I discuss https://review.openstack.org/#/c/424068/  at #openstack-fwaas after this meeting?
14:54:39 <njohnston> Wed - Friday, leaving Saturday
14:54:40 <SridarK> njohnston: xgerman: (and hopefully yushiro:) we can try to thrash out some Pike priorities
14:54:46 <SridarK> yushiro: yes
14:54:47 <xgerman> awesome
14:54:53 <njohnston> SridarK: yes
14:54:56 <yushiro> SridarK, sure.
14:54:57 <xgerman> also Boston presentation deadline is 2/6?
14:55:14 <SridarK> yes lets discuss that quickly
14:55:17 <yushiro> ye
14:55:27 <SridarK> how abt at the bare minimum a talk proposal ?
14:55:40 <xgerman> +1
14:55:43 <SridarK> njohnston: u indicated that u are not sure about Boston
14:55:55 <SridarK> but would this help
14:55:55 <njohnston> I don't think I will be approved for Boston
14:56:02 <SridarK> :-(
14:56:06 <xgerman> :-(
14:56:09 <yushiro> wow..
14:56:15 <SridarK> ok let me put together a talk proposal
14:56:17 <xgerman> and you are east coast!
14:57:05 <njohnston> travel 4x/year is too much, they will do 2x... and I said if I had to pick it'd be the PTGs
14:57:33 <xgerman> makes sense
14:57:40 <SridarK> the 4x travel is not flying well in most places
14:57:53 <SridarK> i am hoping we can go back to the prev format
14:58:11 <xgerman> with the midcycles it always had been 4 times
14:58:33 <SridarK> the midcycles were less formal
14:58:48 <SridarK> and with a more targetted audience
14:59:01 <xgerman> yep
14:59:03 <njohnston> I never got approved to go to the midcycles
14:59:17 <SridarK> 1 min warning
14:59:35 <njohnston> thanks all, we shall continue on the fwaas channel
14:59:38 <brenda_> can I discuss https://review.openstack.org/#/c/423161/ after the meeting?
14:59:50 <SridarK> ok thanks all
14:59:55 <njohnston> sure thing brenda_, on #openstack-fwaas
15:00:04 <yushiro> Thanks all. Bye!
15:00:07 <njohnston> #endmeeting