#openstack-meeting-4 log

14:01:40 <yushiro> #startmeeting fwaas
14:01:40 <openstack> Meeting started Tue Mar  7 14:01:40 2017 UTC and is due to finish in 60 minutes.  The chair is yushiro. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:42 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:01:44 <openstack> The meeting name has been set to 'fwaas'
14:01:45 <reedip_1> o/
14:01:53 <vks1> hi
14:01:59 <yushiro> #chair SridarK
14:01:59 <openstack> Warning: Nick not in channel: SridarK
14:02:00 <openstack> Current chairs: SridarK yushiro
14:02:04 <SridarK_> ok lets get started
14:02:23 <SridarK_> by rotation - i will run the meeting today
14:02:27 <SridarK_> #chair xgerman
14:02:36 <yushiro> SridarK_, Yes, please :)
14:02:45 <xgerman> ok
14:02:47 <reedip_1> yo
14:03:01 <SridarK_> ok we will get this running smooth from now on :-)
14:03:09 <SridarK_> next week xgerman will run the mtg
14:03:28 * xgerman needs to make a reminder
14:03:36 <SridarK_> :-)
14:03:36 <reedip_1> sounds good
14:03:50 <yushiro> Good
14:04:07 <SridarK_> ok lets run thru our usual stuff
14:04:15 <SridarK_> #topic FWaaSv2
14:04:47 <SridarK_> wondering if the bot has some issues
14:05:08 <reedip_1> the meeting started, didnt it ?
14:05:25 <SridarK_> yushiro: can u pls add SridarK_ to chair
14:05:35 <reedip_1> No, I think it didnt, we need to copy the logs at the end
14:05:46 <yushiro> #chair SridarK_
14:05:47 <openstack> Current chairs: SridarK SridarK_ yushiro
14:05:59 <SridarK_> ok cool now we should be in business :-)
14:06:05 <yushiro> SridarK_, ah, I missed '_'.
14:06:10 <reedip_1> lol
14:06:14 <SridarK_> no worries
14:06:18 <SridarK_> #chair xgerman
14:06:19 <openstack> Current chairs: SridarK SridarK_ xgerman yushiro
14:06:28 <SridarK_> #topic FWaaSv2
14:07:13 <SridarK_> yushiro how are things with the L2 agent and Default FWG patches
14:07:59 <yushiro> SridarK_ : I'm sorry I couldn't work last week at all due to other emergency jobs..
14:08:10 <xgerman> I know that feeling…
14:08:28 <SridarK_> oh yes - no worries,
14:08:30 <vks1> SridarK_, i can work on patches
14:08:43 <vks1> SridarK_, if there is anythng i can do let me know
14:08:43 <SridarK_> a part of how things go on
14:08:49 <yushiro> SridarK_, This week I can do it.  So, currenlty add more UTs with Cedric/Paddu.
14:08:59 <SridarK_> vks1: great - will take that up in open discussion
14:09:06 <vks1> SridarK_, thanks
14:09:13 <SridarK_> some updates on the OVS changes
14:09:15 <yushiro> vks1, great :)
14:09:39 <SridarK_> Jakub was out on PTO and now is back and provided some pointers to get started
14:09:56 <SridarK_> #link https://github.com/openstack/neutron/blob/master/doc/source/devref/openvswitch_firewall.rst
14:10:13 <SridarK_> #link https://github.com/openstack/neutron/tree/master/neutron/agent/linux/openvswitch_firewall
14:10:31 <reedip_1> SridarK_ this is abut the OVS Firewall Driver implementation , right?
14:10:32 <SridarK_> chandanc is also out on PTO this week
14:10:41 <SridarK_> reedip_1: yes exactly
14:11:06 <SridarK_> so i think next week with chandanc back - we can get some discussions started
14:11:14 <xgerman> yeah, so we need to figure out if we use the same tables or add our own
14:11:25 <SridarK_> and try to nail down some specifics in a week or so
14:11:32 <xgerman> sounds good
14:12:21 <reedip_1> +!
14:12:27 <SridarK_> in some sense this will indeed influence the L2 Driver as well the L2 Agent FWaaS patches as well
14:12:45 <xgerman> yeah, we will need OVS versions, too
14:12:46 <SridarK_> so we are in a bit of a holding pattern anyways in this area
14:12:54 <SridarK_> xgerman: +1
14:13:21 <yushiro> SridarK_, xgerman : sure.
14:14:15 <xgerman> let’s hope this won’t cause too much of. arework/delay
14:14:39 <SridarK_> xgerman: exactly this is probab our biggest risk factor
14:15:04 <SridarK_> we should plan for having a good "plan" in the next 2 weeks
14:15:12 <xgerman> +1
14:15:18 <yushiro> yes.
14:15:27 <reedip_1> yup
14:15:44 <SridarK_> then we should be on track for P-1 or very early P-2 (basically before the summit)
14:16:01 <xgerman> +q
14:16:02 <xgerman> +1
14:16:12 <xgerman> also we need to make sure Neutron doesn’t back out
14:16:20 <xgerman> of OVS
14:16:49 <SridarK_> xgerman: yes indeed - Kevin was fairly certain - but we need to be sure that there are no shifts in priorites
14:17:06 <SridarK_> other important things for FWaaS v2 - were getting better test coverage and Horizon
14:17:27 <SridarK_> Sarath was looking into Horizon
14:17:28 <reedip_1> I will start the test for Tempest soon, was busy this week with neutronlib
14:17:44 <SridarK_> reedip_1: sure - i was going to look into it as well
14:17:50 <SridarK_> we can divy up this
14:17:54 <reedip_1> yup
14:18:10 <reedip_1> lets discuss it in Open Discussion
14:18:21 <SridarK_> also we have been getting some good coverage and fixing of scale issues from zzelle and blallau
14:18:37 <SridarK_> thanks folks for weeding out some day 1 issues
14:19:04 <SridarK_> i guess this is more generic and beyond v2
14:19:11 <blallau> this one is important too https://review.openstack.org/#/c/426287/
14:19:54 <xgerman> yeah, indeed
14:19:59 <SridarK_> Thanks blallau on it
14:20:13 <SridarK_> ok lets move on
14:20:15 <blallau> @Sridark thank you ;)
14:20:20 <yushiro> blallau, Thank you!
14:20:39 <reedip_1> blallau : +1 :)
14:20:42 <SridarK_> #topic Stadium Compliance
14:21:07 <reedip_1> OSC has been released recently
14:21:08 <SridarK_> reedip_1: thanks for stepping here with the neutron lib changes
14:21:17 <SridarK_> *stepping in
14:21:17 <xgerman> +1
14:21:33 <SridarK_> pls go ahead with things that u are looking at
14:21:33 <reedip_1> Next up in my items is the Fullstack and tempest test
14:22:01 <SridarK_> reedip_1: how are we with neutron lib are there more things pending
14:22:04 <reedip_1> Well I am still having an issue with one patch for migration of neutron-lib  ( https://review.openstack.org/421472 )
14:22:14 <SridarK_> yes
14:22:17 <reedip_1> SridarK_  : I am looking at the changes from boden
14:22:30 <reedip_1> at regular intervals as well as any emails
14:23:02 <SridarK_> ok
14:23:08 <reedip_1> so if there is something, I am putting that across in neutron-lib in case he is busy, but other wise boden has been taking care of most of the items
14:23:19 <SridarK_> yes perfect
14:23:22 <reedip_1> so I just pitch in in case of some gate issues etc.
14:23:36 <reedip_1> got some last week
14:23:47 <SridarK_> and njohnston had put together a punch list for neutron lib
14:24:08 <SridarK_> pls feel free to recruit other fwaas folks as well
14:24:11 <reedip_1> I dont know about that list SridarK_
14:24:25 <SridarK_> ah ok - let me dig that up
14:24:29 <reedip_1> can you share the same here so others can also look it up
14:25:28 <njohnston> #link https://etherpad.openstack.org/p/neutron_lib_fwaas_punchlist
14:25:42 <SridarK_> njohnston: thanks as always :-)
14:26:00 <njohnston> obviously quite out of date now
14:26:14 <SridarK_> njohnston: no worries - we will work to clean that up
14:26:25 <SridarK_> reedip_1: so we could use this as a base
14:26:41 <SridarK_> and lets volunteer to get this moving
14:26:51 <reedip_1> hi njohnston :)
14:27:10 <xgerman> hi
14:27:19 <reedip_1> wow, long list
14:27:32 <yushiro> njohnston, hi :)
14:27:49 <njohnston> hello all :-)
14:27:50 <SridarK_> indeed njohnston will be missed very much for all the things he took care of
14:29:05 <SridarK_> reedip_1: we can sync up offline to discuss this more and lets make sure that u are not overly burdened
14:29:47 <SridarK_> other things we need to discuss here ?
14:30:06 <reedip_1> SridarK_ yeah sure ( and no I am not burdened :) )
14:30:15 <reedip_1> nothing more right now
14:30:18 <SridarK_> reedip_1: great cool
14:30:52 <SridarK_> #topic Performance Improvement (Netlink)
14:30:59 <SridarK_> tuhv: pls go ahead
14:31:33 <tuhv> Hi
14:32:12 <tuhv> I have updated my three parts based on Cedric's comments
14:32:42 <tuhv> Hope to see others reviews SridarK_, njohnston, xgemen
14:32:52 <SridarK_> tuhv: will do
14:33:24 <tuhv> SridarK_, Also, please review Cedric's first https://review.openstack.org/#/c/434535/11
14:33:38 <yushiro> tuhv, will do in this week.  Sorry for late.
14:33:47 <SridarK_> tuhv: ok adding to my list
14:34:00 <tuhv> It helps us to grant sudo privilege when we run functional tests
14:34:01 <xgerman> +1
14:34:21 <tuhv> xgerman, SridarK_, we need it for fwass, right?
14:34:47 <tuhv> Also, my functional test is depending-on it :)
14:35:37 <tuhv> https://review.openstack.org/#/c/433598/ helps us to switch between 2 methods: conntrack-tools and netlink
14:35:43 <SridarK_> tuhv: ok will take a look
14:35:56 <xgerman> well, with our new OVS agenda…
14:36:28 <tuhv> xgerman, we also still using iptables for L3, right?
14:36:45 <SridarK_> tuhv: yes that will not change
14:37:11 <tuhv> So, we need to use conntrack :)
14:37:47 <SridarK_> so on that point, on L2 - would this be relevant when we use OVS
14:38:12 <xgerman> OVS handles conntrack differently…
14:38:30 <SridarK_> ok
14:38:38 <tuhv> SridarK_, xgerman, May we need a verification for conntrack in OVS,
14:38:57 <SridarK_> i know tuhv and hoangcx were also looking to extend Netlink to Sec Groups
14:39:09 <xgerman> “Note: Open vSwitch firewall driver uses register 5 for marking flow related to port and register 6 which defines network and is used for conntrack zones."
14:39:10 <SridarK_> so this may need a revisit ?
14:39:10 <tuhv> If ther is a problem, we can fix it
14:39:19 <hoangcx> SridarK_, OVS handles conntrack by its flow entries also
14:39:19 <xgerman> #link Note: Open vSwitch firewall driver uses register 5 for marking flow related to port and register 6 which defines network and is used for conntrack zones.
14:39:42 <xgerman> #link https://github.com/openstack/neutron/blob/master/doc/source/devref/openvswitch_firewall.rst
14:39:49 <xgerman> ^^ that link
14:40:19 <tuhv> xgerman, thanks, we will take a look at this
14:40:21 <xgerman> but I am not sure if we won’t need rootwrap to modify those things
14:41:11 <SridarK_> xgerman: thx - tuhv - yes u should think about the impact of change to OVS
14:41:50 <SridarK_> anyways for L3 being iptables based - this will be relevant
14:42:01 <tuhv> SridarK_ it is easier if we make it configurable (a decouple driver) :)
14:42:03 <yushiro> Yes
14:42:41 <SridarK_> tuhv: yes makes sense
14:42:52 <tuhv> If we make conntrack as a decouple driver as https://review.openstack.org/#/c/433598/, we can implement it easier
14:43:23 <xgerman> +1
14:43:29 <vks1> +1
14:43:42 <tuhv> iptables_fwaas or even OVS if using conntrack driver can use through flush_entries and delete_entries function, I think
14:44:07 <SridarK_> we can focus on trying to sort thru Netlink related patches  for this week
14:44:15 <xgerman> +1
14:44:29 <yushiro> +1
14:44:39 <tuhv> SridarK, xgerman, yushiro, thanks
14:44:54 <SridarK_> thanks tuhv
14:45:08 <tuhv> It's more readable and maintainable now, with keeping it based concept
14:45:15 <SridarK_> +1
14:45:30 <SridarK_> if nothing else lets move on
14:45:34 <SridarK_> #topic bugs
14:46:10 <reedip_1> SridarK_ Can we put a link in the etherpad, to see the latest bugs ? That would be easier for everyone , I guess
14:46:26 <SridarK_> #link https://bugs.launchpad.net/openstack/+bugs?field.searchtext=fwaas&search=Search&field.status%3Alist=NEW&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.assignee=&field.bug_reporter=&field.omit_dupes=on&field.has_patch=&field.has_no_package
14:46:35 <SridarK_> this is what i use
14:46:49 <SridarK_> perhaps others have better filters
14:47:12 <SridarK_> i did not get a chance to triage before the meeting
14:47:21 <reedip_1> Oh , I see the shortened filter in etherpad
14:47:38 <SridarK_> reedip_1: yes u should use that
14:48:25 <yushiro> reedip_1, : http://urx.blue/BEcs   filtered by tag 'fwaas'
14:49:23 <reedip_1> thanks yushiro : but I think it has Incomplete ones as well, we may not need them now if we have marked them incomlete and the authoer hasnt changed it back
14:49:37 <SridarK_> i am not sure if there is someting critical
14:49:48 <SridarK_> lets take an action to scrub the list of bugs
14:50:36 <yushiro> reedip_1, OK.  I'll update filteres.
14:50:39 <SridarK_> if someone has a bug that they would like to discuss - lets do that
14:51:05 <reedip_1> none that I remember right now
14:51:06 <SridarK_> #action SridarK_ to take a first pass to scrub existing bugs
14:51:35 <SridarK_> ok lets move on
14:51:41 <SridarK_> #topic RFE
14:52:33 <SridarK_> reedip_1: did u want to discuss more on ur spec
14:53:11 <reedip_1> SridarK_ : I havent added anything much right now, I want to look into the OVS Firewall Driver first
14:53:11 <SridarK_> #link https://review.openstack.org/#/c/236840/
14:53:23 <reedip_1> before I can work it around for OVS as well as iptables
14:53:44 <reedip_1> so that I can ensure that it is easier to propagate it across other drivers
14:53:48 <SridarK_> ok cool - u will need iptables for L3 anyways
14:53:57 <reedip_1> hmm
14:55:08 <reedip_1> but yeah, I would like review comments from others if possible
14:55:44 <SridarK_> reedip_1: yes - i think we want this to applied to a Rule in the context of a specific policy
14:56:00 <reedip_1> SridarK_  yes
14:56:03 <xgerman> +1
14:56:05 <SridarK_> that was my main comment
14:56:16 <reedip_1> I changed the spec accordingly, hopefully it is answering the concern now
14:56:37 <SridarK_> otherwise i think it is good except for some minor things
14:56:49 <SridarK_> ok lets carry on in gerrit
14:56:54 <reedip_1> sure
14:56:58 <SridarK_> #topic Open Discussion
14:57:10 <reedip_1> SridarK_ I would like someone's help in discussion for the FWaaS driver with ODL
14:57:15 <SridarK_> vks1: thanks for joining
14:57:23 <xgerman> 3 min left
14:57:28 <vks1> SridarK_, hi
14:57:29 <SridarK_> and offer to help
14:57:45 <SridarK_> yes i think there are a number of things that u can pick up on
14:58:07 <vks1> SridarK_, point me and I will look
14:58:08 <SridarK_> i know u wanted to also investigate the interaction with SFC
14:58:19 <reedip_1> yes, hi vks1
14:58:24 <SridarK_> vks1: ok we can look at some things
14:58:29 <reedip_1> we wanted to discuss SFC before our PTG
14:58:32 <yushiro> annp is working logging feature with OVS native in Neutron with me.  I'll ask some help to him about OVS native firewall driver.
14:58:38 <vks1> reedip_1, hi
14:58:45 <reedip_1> we had a discussion for Common Classifier Model
14:58:55 <reedip_1> We wpuld like to know your ideas for SFC
14:59:04 <xgerman> yeah, I keep commenting on CCF
14:59:09 <SridarK_> reedip_1: on the ODL changes - isaku and rui are looking at coming up with an ODL agent as the first step
14:59:12 <reedip_1> maybe on the mail chain as we do not have time right now ?? :(
14:59:15 <vks1> reedip_1, sure
14:59:25 <reedip_1> SridarK_ : ok, I will look into it with them :)
14:59:30 <SridarK_> yes lets start some discussion
14:59:33 <SridarK_> offline
14:59:37 <SridarK_> we are at time
14:59:37 <vks1> yushiro, let me know i am up
14:59:47 <SridarK_> vks1: great thanks
14:59:54 <yushiro> vks1, Sure
15:00:10 <SridarK_> if nothing else thanks for joining and have a great week everyone
15:00:12 <reedip_1> ok, I will take leave
15:00:16 <SridarK_> #endmeeting fwaas