#openstack-meeting-4 log

14:01:01 <yushiro> #startmeeting fwaas
14:01:02 <openstack> Meeting started Tue May 23 14:01:01 2017 UTC and is due to finish in 60 minutes.  The chair is yushiro. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:03 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:01:05 <openstack> The meeting name has been set to 'fwaas'
14:01:06 <chandanc> Hello All
14:01:06 <SridarK_> Hi All
14:01:18 <yushiro> #chair SridarK_  yushiro xgerman njohnston
14:01:18 <openstack> Warning: Nick not in channel: njohnston
14:01:19 <openstack> Current chairs: SridarK_ njohnston xgerman yushiro
14:01:25 <vks1> hi all
14:01:29 <hoangcx> hi
14:02:04 <yushiro> OK, let's start weekly meeting.
14:02:15 <yushiro> #topic Pike
14:02:46 <yushiro> L2 Support
14:03:47 <chandanc> This week was a bit busy, mostly catching up office after summit, but i did had a loo at the mail from Yushiro
14:03:51 <vks1> hi, can someone point to me link to agenda ?
14:04:12 <chandanc> it looks like a race condition to me
14:04:14 <yushiro> oops, sorry I just logged out..
14:04:32 <chandanc> the port does not seem to have the vlan tag attached
14:04:57 <yushiro> chandanc, sorry.  You're talking about driver's patch, right?
14:05:10 <chandanc> i think this can happen if the l2 agent have not processed the l2 port before fwaas driver call
14:05:13 <chandanc> yes yushiro
14:05:27 <chandanc> i was talking about the mail from you about the trace back
14:05:37 <yushiro> Aha. sounds good, chandan.
14:05:56 <chandanc> ya, was there any specific case when this got triggered ?
14:06:08 <reedip__> yo
14:06:21 <chandanc> my view is this is a race condition
14:06:57 <yushiro> chandanc, I just tested in booting VM ( in other words, in creating VM port)
14:07:13 <yushiro> chandanc, I'll dig more.
14:07:20 <yushiro> reedip__, yo-yo!
14:07:32 <chandanc> oh, if possible can you capture the port DB in ovs , when this happens
14:07:47 <chandanc> ovs-vsctl has the commands to dump port db
14:08:16 <SridarK_> you mean the L2 agent port create was not quite processed ?
14:08:17 <yushiro> Sure.
14:08:22 <chandanc> yes
14:08:48 <chandanc> the vlan tag was not present on the port in OVS database
14:09:04 <yushiro> SridarK_, driver returns error and firewall_group is eternally 'PENDING_CREATE'
14:09:41 <SridarK_> ok i am wondering how we can guarantee the ordering
14:09:53 <chandanc> is there a way to make sure that we are called after l2 processing is complete ?
14:10:07 <chandanc> +1 SridarK_
14:10:43 <chandanc> my assumption was we are always called after the ports are processed
14:11:03 <vks1> SridarK_: AFAIK neutron agent can't gurantee that.
14:11:20 <vks1> FW alsways will take pre created port
14:11:24 <SridarK_> so looks like we also listen to the port notification as a peer to L2
14:11:42 <vks1> SridarK_: or check if the port is bounded to host or not
14:11:47 <SridarK_> can we query for some state
14:11:51 <SridarK_> vks1: yes
14:11:52 <chandanc> hmm i will look into it
14:12:02 <yushiro> chandanc, vks1 hmm, how about checking 'binding:host_id' in handle_port?
14:12:05 <vks1> SridarK_: host bounding will work without fail
14:12:17 <chandanc> sure
14:12:18 <vks1> yushiro: that's what I am suggesting
14:12:32 <yushiro> vks1, Ok, so we're on same page now.
14:12:50 <SridarK_> vks1: exactly and we can skip processing but will need to come back to add our rules after L2 processing
14:13:16 <vks1> SridarK_: if we prevalidate that then that will be bug free
14:14:50 <SridarK_> vks1: can u pls clarify this more if we find that we are not ready to apply rules, how do we get back to actually adding rules at a later point
14:15:37 <vks1> SridarK_: agent will not process the request. Infact I will suggest the validation to move into plugin
14:16:19 <vks1> SridarK_: Plugin will not process request
14:16:50 <SridarK_> vks1: interesting point, so we validate on the plugin and then intiate the rule application from the plugin ?
14:17:31 <vks1> SridarK_: yes
14:17:38 <SridarK_> we can listen for port events on the plugin for sure
14:18:38 <SridarK_> vks1: good point - this can possibly help if we did this in the delete workflow as well as we had some issues there that padkrish was looking into
14:19:45 <yushiro> SridarK_, vks1 Sorry, I just confused about waiting an event for port.
14:19:45 <SridarK_> We also should look into qos - they may have an identical scenario
14:20:06 <chandanc> ya should be
14:21:19 <yushiro> Should we change catching events in l2-agent extension?
14:22:25 <chandanc> i think this is coming from DFWG and handle port, correct ?
14:23:09 <yushiro> chandanc, Yes, it is but especially handle_port().
14:23:21 <chandanc> ok got it
14:23:59 <chandanc> we are trying to protect the port as soon as it is up and so the race in my openion
14:23:59 <yushiro> In my understanding   1.create_port -> 2.bind_port -> 3.handle_port(l2-agent) -> 4.apply_rule(driver) -> 5.update fwg's 'status'(l2-agent)
14:24:34 <yushiro> chandanc, Yes, I think you're talking about between "2" and "4"
14:24:49 <chandanc> ya correct yushiro
14:25:08 <vks1> sorry got disconnected
14:25:16 <SridarK_> it seems so
14:25:24 <yushiro> After bind_port("2"), ovs mechanism driver configures VLAN into br-int.
14:25:36 <chandanc> ya
14:25:50 <yushiro> But, this is not ensured whether this configuration has finished or not.
14:26:01 <chandanc> ya
14:27:20 <yushiro> So, I think following validations are necessary:  1.need to verify VLAN configration has finished or not in L2-agent layer.  2. need to wait in driver layer.
14:27:40 <SridarK_> I think we can discuss this more in detail offline so we can validate the approach suggested by vks1 and also look at qos workflow
14:27:44 <SridarK_> yushiro: +1
14:28:04 <chandanc> yes agree
14:28:05 <yushiro> SridarK_, +++1 OK, vks1 can you discuss more after this meeting?
14:28:41 <yushiro> OK, anything else for driver's patch?
14:29:01 <SridarK_> chandanc: could u pls start an email with the FWaaS folks
14:29:12 <chandanc> sure will do that
14:29:16 <SridarK_> maybe we can look at some code and then get into a discussion
14:29:36 <yushiro> #action chandanc sends e-mail for fwaas folks about L2 driver
14:29:38 <chandanc> I will look at QoS and summarize
14:29:46 <SridarK_> perfect
14:29:59 <vks1> +1
14:30:07 <yushiro> OK, next.
14:30:18 <SridarK_> i also think with the agent ext - we can listen for some specific events
14:30:28 <SridarK_> but lets discuss later in email
14:30:34 <SridarK_> sorry yushiro go on
14:30:45 <yushiro> SridarK_, thanks.
14:30:59 <yushiro> L2-agent patch: https://review.openstack.org/#/c/323971/
14:31:25 <yushiro> First of all, so sorry for big update for 1 PatchSet..
14:31:57 <yushiro> Cedric gave me great comments and I'm updating & adding UT now.
14:32:30 <yushiro> I'll add more docstring and explain in etherpad for overview of l2-agent
14:33:13 <yushiro> Currently, this is draft version.. https://etherpad.openstack.org/p/fwaas-v2-l2-agent
14:35:31 <chandanc> the info on etherpad looks good
14:36:43 <yushiro> I need your help for reviewing this patch.  In order to review more easy, I'll update ^^^ etherpad page more.
14:36:47 <yushiro> chandanc, thanks.
14:37:01 <yushiro> Also, I'll sync up paddu with current PatchSet.
14:37:23 <chandanc> great :)
14:37:55 <yushiro> SridarK_, Please give your opinion if my thought is different from your one :)
14:38:07 <SridarK_> yushiro: no this looks good
14:38:32 <SridarK_> also thanks for the etherpad, i just added it to our meeting etherpad so folks can use it to set things up
14:38:36 <SridarK_> for testing
14:39:15 <SridarK_> #action SridarK_ to come up with a basic test plan for L2 scenarios
14:39:37 <yushiro> BTW, I forgot adding FWG vs SG Matrix in etherpad!!
14:40:06 <yushiro> #action yushiro will draw FWG vs SG rule Matrix in etherpad.
14:40:54 <yushiro> ^^^ other reviewer wants to know the behavior e.g. FWG(deny) + SG(allow) = ?
14:41:20 <yushiro> OK, that's all for me.
14:42:32 <yushiro> Next: 'public' attribute behavior
14:42:50 <yushiro> reedip__, I think it has already finished except OSC plugin, right?
14:43:24 <yushiro> #link https://review.openstack.org/#/c/424534/
14:43:44 <yushiro> oops, sorry, this is wrong link.
14:44:04 <vks1> yushiro: plugin side changes is merged
14:44:21 <yushiro> vks1, OK, thanks
14:44:33 <reedip__> hmm
14:45:32 <yushiro> #link https://review.openstack.org/#/c/453204/
14:45:39 <yushiro> reedip__, Thanks for your help
14:47:00 <yushiro> reedip__, Can we discuss with amotoki about this patch?
14:47:36 <yushiro> oh, 13 minutes left..
14:48:06 <amotoki> yushiro: reedip__: what do you need to discuss?
14:48:12 <yushiro> Next: Horizon support.
14:48:33 <reedip__> not mwe amotoki
14:48:37 <reedip__> yushiro
14:48:48 <SarathMekala> I have code in a good shape now.. and can be checked in..
14:48:48 <reedip__> for fwaas horizon patch :)
14:49:05 <SarathMekala> I need some help related to the flow
14:49:18 <amotoki> reedip__: okay, i will talk with yushiro later
14:49:29 <yushiro> amotoki, sorry, please ..
14:49:45 <SarathMekala> as we are creating a new project for fwaas-horizon-dashboard, i need to create a project under openstack
14:49:56 <SarathMekala> openstack/horizon-dashboard
14:50:10 <SarathMekala> sorry.. openstack/fwaas-horizon-dashboard
14:50:26 <SarathMekala> SridarK_, what the process to do this
14:50:40 <SarathMekala> I am referring to https://docs.openstack.org/infra/manual/creators.html
14:50:44 <robcresswell> I'd just stick with something like fwaas-ui
14:50:46 <amotoki> SarathMekala: FYI: I prepared my personal repo for neutron-fwaas-dashboard with the current FWaaS v1 panel
14:50:50 <robcresswell> less to type :)
14:51:03 <SarathMekala> robcresswell, sure :)
14:51:17 <amotoki> it is now available in my github repo https://github.com/amotoki/neutron-fwaas-dashboard
14:51:33 <amotoki> I am okay with any project name though
14:51:45 <SridarK_> SarathMekala: u heard ir from the experts here ^^^^
14:51:47 <amotoki> robcresswell: no 'neutron-' prefix?
14:52:19 <SarathMekala> SridarK_, :)
14:52:34 <SarathMekala> the question is how do we create the project under openstack
14:52:59 <SarathMekala> I am also able to create the project under my name like amotoki but it has to get moved under openstack right?
14:53:01 <amotoki> SarathMekala: I can take care of creating a repo itself
14:53:19 <SarathMekala> thanks amotoki.. that will help
14:53:29 <SridarK_> amotoki: thx
14:53:31 <robcresswell> Well I mean you can call it what you like ofc, but I think Firewall as a service (fwaas) is self-explanatory really.
14:53:37 <yushiro> amotoki, SarathMekala Good.
14:53:43 <SarathMekala> can we sync up after this meeting
14:53:46 <amotoki> one question is a repo name
14:53:48 <amotoki> neturon-XXXX-dashboard ? neutron-XXXX-ui?
14:54:01 <robcresswell> SarathMekala: Its in the docs. You have to propose a patch to create the repo or copy an existing one.
14:54:11 <robcresswell> But its trivial, its a single patch and its all documented :)
14:54:42 <amotoki> we already have neutron-lbaas-dashboad.... which will be superseded by ocatavia-dashboard sooner or later though
14:54:54 <SridarK_> amotoki: either naming work - we should have consistency across projects
14:55:01 <SarathMekala> robcresswell, thanks
14:55:07 <robcresswell> fwaas-dashboard would probably be most consistent, then.
14:55:19 <robcresswell> The plugin UIs are already a huge mixture; there is no consistency.
14:55:23 <amotoki> again no 'neutron-' prefix?
14:55:34 <robcresswell> I dont really think its necessary
14:55:42 <robcresswell> its not called neutron-octavia-dashboard :P
14:55:58 <SridarK_> technically octavia is out of neutron but we are still in neutron stadium
14:56:02 <amotoki> no, octavia is a separate project. it is not a part of neutron
14:57:09 <robcresswell> no, I know
14:57:09 <amotoki> I wonder we use XXX-dashboard where XXX is a repository name in git.openstack.org. there is no more reason than that.
14:57:38 <robcresswell> I just think the naming is really not important; it really comes down to what is easier to say/type, since there is so little consistency
14:57:54 <robcresswell> but this is just bikeshedding, just pick a name and roll with it :)
14:58:34 <SridarK_> Also before we hit time - SarathMekala: Many thx for putting together the UI demo for the summit - it went well and it was set up nicely
14:58:35 <amotoki> I will post a mail tomorrow about creating a repo for FWaaS dashboard to -dev ML
14:58:48 <vks1> robcresswell: +11
14:58:54 <SarathMekala> amotoki, lets sync up after this meeting for 10 mins
14:59:01 <amotoki> SarathMekala: sure
14:59:07 <vks1> folks in other note: I have started working on heat plugin for fwaasv2
14:59:10 <yushiro> SarathMekala, it's better because 1 minute left :)
14:59:20 <SarathMekala> yushiro, :)
14:59:21 <vks1> any suggestion
14:59:23 <vks1> ?
14:59:25 <amotoki> :)
14:59:41 <SarathMekala> SridarK_, thanks
14:59:41 <yushiro> vks1, let's discuss after, because 1 minute left :)
14:59:44 <SridarK_> vks1: great - i think u have some expertise in ur org as well in this area
14:59:48 <amotoki> continue on #-fwaas
15:00:14 <SarathMekala> sure
15:00:20 <yushiro> OK, it's over.  Sorry for slow and cannot finish all contents.
15:00:37 <SridarK_> bye all lets focus on L2 issues this week
15:00:39 <yushiro> #endmeeting