14:00:11 #startmeeting fwaas 14:00:13 hi 14:00:15 Meeting started Tue Feb 14 14:00:11 2017 UTC and is due to finish in 60 minutes. The chair is xgerman. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:16 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:18 Hello All 14:00:19 hi 14:00:20 The meeting name has been set to 'fwaas' 14:00:20 o/ 14:00:41 #chair njohnston yushiro sridark 14:00:43 Warning: Nick not in channel: sridark 14:00:44 Current chairs: njohnston sridark xgerman yushiro 14:00:59 hi all 14:01:19 A lot.of.stuff going on,here in proxy 14:01:56 #topic FWaaS v2 14:02:19 Neutron patch below is underway. Complexity with managing UT failures, Chandan is working on it. 14:02:33 #link https://review.openstack.org/348177 14:02:55 Ya, i have fixed most of the minor comments 14:03:02 +1 14:03:36 i would like to test the integration with the l2 driver before making changes to the UT to match my expected output 14:03:39 we need to aim to land that before work on #link https://review.openstack.org/#/c/388398/ starts 14:03:55 chandanc_ that sounds sane 14:04:26 If anyone has some free cycle they can get in to testing too 14:04:41 #chair njohnston yushiro SridarK_ 14:04:42 Current chairs: SridarK_ njohnston sridark xgerman yushiro 14:04:47 Hi SridarK_ 14:04:52 Hi All sorry to be late - will be lurking as i have a conflict 14:05:00 ok, no worries 14:05:04 No problem :) 14:05:16 chandanc_ I will see if I can give it a spin 14:05:23 sure xgerman 14:05:33 chandanc_: ^^ me too will keep u updated 14:05:43 sure SridarK_ 14:06:17 At a logical point will cut over to making sure that the L2 driver – L2 Agent integration works – SridarK to help with a setup to start integration tests. 14:06:32 #action SridarK to help with a setup to start integration tests. 14:06:59 #link https://review.openstack.org/361071 14:07:26 that would be huge if we can get that working 14:07:30 I had a discussion with paddu, yushiro and SridarK_ 14:07:49 cool 14:08:12 Paddu had some doubts on the agent extension updates 14:08:19 #link https://review.openstack.org/323971 14:08:43 hi 14:09:19 we now have a better understanding, i might need to update the patch once paddu comes back 14:09:34 as of now no update on that patch, 14:09:51 that would be great. I also owe you a better understanding what we do with address-pairs 14:10:15 and the “pseudo-port” since we use the ports IP in our model 14:10:32 sure, if you will summarize in a mail that will be great :) 14:10:38 k 14:11:24 #link https://review.openstack.org/#/c/425769/ 14:11:34 Applying default firewall group logic will add 14:11:53 I think we are close here 14:12:25 xgerman, aha, "applying default firewall group logic" will be added in https://review.openstack.org/323971 14:13:19 ok, so we should add a depends-on tag 14:13:30 xgerman, Yes. 14:14:10 also Cedric said something about quotas 14:14:30 Which patch, xgerman 14:14:37 For quotas 14:14:43 xgerman, yes, we should take care about quotas with default firewall group. 14:15:00 reedip_ https://review.openstack.org/#/c/425769/ 14:15:07 In addition, cedric and I are discussing about thread-safe for creating default firewall group. 14:15:17 oh, that, too 14:15:20 Will check that xgerman, thnx 14:15:29 I always forget about that ;-) 14:15:34 reedip_, sounds good :) 14:16:34 So, I need reviews about thread-safe.. 14:16:56 there is some oslo_concurrent thing… 14:17:05 but will have a look 14:17:19 #topic Stadium Compliance 14:17:22 xgerman, yeah. Thanks. It'll be helpful for me. 14:17:56 #link https://review.openstack.org/#/c/394619/ 14:18:33 #link https://review.openstack.org/421534 14:18:41 #link https://review.openstack.org/421472 14:18:43 njohnston, Has OSC been released? 14:19:02 No 14:19:14 reedip_, aha, thanks. 14:19:36 So, we should wait for that. 14:19:42 OK, I understand. 14:19:51 should be soon. I think RC-phase ends this week 14:20:08 +1 14:20:41 Have you guys seen the postmortem report from armax 14:20:51 no 14:21:00 No not yet. 14:21:14 reedip_ you have a link? 14:21:16 It highlights whAt need to be done for fwaas and whats done in stadium for 14:21:27 that sounds very relevant for us 14:21:43 xgerman: not right now, shopping :( 14:21:53 ok 14:22:06 https://review.openstack.org/#/c/425990/ this one? 14:22:13 * xgerman things reedip_ is not shopping for himself 14:22:18 You can find it in the pipermail , ocata stadium postmoretm 14:22:38 yushiro looks like it 14:22:48 #link https://review.openstack.org/#/c/425990/ 14:22:55 correct 14:23:51 Let’s digest that and then we can talk about next week face2face 14:24:38 Hsure 14:24:40 sure 14:24:47 #action read the post mortem 14:24:56 #topic performance improvement for v2 14:25:17 yushiro you have the floor 14:25:18 Hi 14:25:29 xgerman, OK. 14:25:47 tuhv, Is there some updates? 14:26:00 yushiro, yes 14:26:16 I have updated a patch to make it configurable 14:26:32 so the operators can switch between 2 drivers 14:26:37 xgerman: not for myself, right 14:26:51 https://review.openstack.org/433598 14:27:03 both Cedric and Kevin are active in there, 14:28:11 When we see it is possible, we will have 2 alternatives for deleting conntrack entries in iptables-based firewall 14:28:35 Also, I have another patch about adding functional tests for netlink 14:28:36 https://review.openstack.org/#/c/432183/ 14:29:10 It need the sudo privileged, I can run in local, but I don't know why it fails in gat 14:29:25 Maybe it should some more config 14:29:41 yushiro, do you have any comment? 14:30:15 tuhv, hmm, I'll take a look for gate failure. 14:30:25 tuhv, let me discuss about netlink patch in bugs topiic. 14:30:56 yushiro, please go ahead 14:31:22 tuhv, Currently, you reported about configurable patch and try to update, don't you? 14:31:43 yes, configurable patch and functional test patch 14:31:53 OK. 14:32:13 OK, Let's move on 14:32:21 #topic bugs 14:33:04 Today, cedric posted 1 bug-report: 14:33:13 #link https://bugs.launchpad.net/neutron/+bug/1664294: Netlink solution not enough mature for Ocata (ZZelle) 14:33:13 Launchpad bug 1664294 in neutron "Netlink solution not enough mature for Ocata" [Undecided,In progress] - Assigned to Cedric Brandily (cbrandily) 14:33:32 Is cedric(ZZelle) here? 14:34:46 So, current netlink patch for v1, there is no UTs and functional tests. Therefore, tuhv is try to add some tests now. 14:35:32 yushiro, I would like to add functional tests first 14:36:09 the UTs of netlink_lib only covers the exception expections 14:36:48 because netlink_lib inhereted from some C libraries (nfct, libc) which are currently being used in conntrack-tools 14:37:28 yushiro, things we need now is how to config to get sudo privliged in gate 14:37:46 rootwrap? 14:38:11 xgerman, yes, I have tried to add https://review.openstack.org/#/c/432183/2/tools/deploy_rootwrap.sh 14:38:16 tuhv, hmm I don't think so. UT is meaningful for return value/argument perspective. I think UT is important same as functional test. 14:38:29 mmh 14:39:30 yushiro, UT in netlink_lib is not very important like you think. Because some UTs are under iptable_fwaas 14:40:40 xgerman, I think you have experience for deploy_rootwrap, so can you take a look at https://review.openstack.org/#/c/432183/ 14:40:58 not really, but I can take a brief look 14:41:11 xgerman, thank you 14:41:28 tuhv, can you discuss later? 14:42:01 yushiro, ok, 14:42:20 OK. So, anything discuss for other bugs? 14:43:33 OK, #link https://review.openstack.org/#/c/423229/ Enable to filter correctly with 'public' (yushiro) 14:44:00 reedip_, and I discussed with this bug. 14:44:18 Yes this is something I wanted to discuss 14:45:31 Currently, my patch will retrieve 'public' same as 'shared'. However, I was told from reedip_ that these were different meaning. 14:45:48 they are? 14:46:24 njohnston, sorry. 'public' is different meaning for 'shared'. 14:46:44 in what way do they differ? 14:47:29 yushiro, reedip_ In my opinion, I think no difference between them. 14:47:33 +1 14:48:01 njohnston, +1 14:48:12 Shared means u r providing access to a resource to a grp of people 14:48:29 But its not accessible.to EVERYONE 14:48:42 Public means sharing the item.with everyone 14:49:11 Something like what happened with SHARED attribute of network and rbac implementation 14:49:41 ok, makes sense 14:50:46 reedip_, thanks for your explanation. 14:50:56 I guess I didn't pick up the nuance in the RBAC code that sharing was scoped to a set of those that were being shared to. 14:51:06 yes, thanks reedip_ 14:51:10 +1 14:51:46 reedip_, +1 I see. 14:51:52 the whole thing might have gotten murky since we moved the different levels out of scope (e.g. cloud admin sets rules, tenant admin, user - and they can’t be changed by lower levels) 14:53:34 OK, 14:54:26 Please let me discuss more in #openstack-fwaas 14:54:34 going on next topic 14:54:41 #topic Open Discussion 14:54:59 PTG is next week(Wed-Fri) 14:55:24 Since PTG next week, So will we keep or skip next week team meeting? 14:55:43 hoangcx_, I just wanted to say about that :) thanks. 14:55:49 We can do a virtual meeting 14:55:50 probably makes sense to skip it 14:56:02 njohnston, +1 14:56:29 +1 14:56:40 NachoDuck, yushiro Got it :-) 14:57:03 OK, next week will skip. 14:57:07 as far as the stadium work, the main thing outstanding is https://review.openstack.org/421472 14:57:08 Oops s/NachoDuck/njohnston 14:57:36 I have had no time to look at why the extensions are not being recognized 14:57:50 but likely when that issue is fixed then it's almost done 14:57:57 if anyone wants to take a look, I invite you to 14:58:26 njohnston, good. 14:58:35 njohnston, will take a look! 14:58:42 thanks yushiro 14:58:50 2 minutes left. 14:59:16 ZZelle, hi. Can you discuss after this meeting on #openstack-fwaas ? 14:59:36 Hope to meet you in Atlanta!! Please take care of yourself :) 14:59:46 * njohnston wishes all those travelling to the PTG great luck and hopes you will have a fun and productive time. 15:00:00 * njohnston wishes he could join you 15:00:01 yushiro, yes, sorry for being late 15:00:05 njohnston, ++++++1 15:00:14 good 15:00:18 #endmeeting