14:02:59 <SridarK_> #startmeeting fwaas
14:03:00 <openstack> Meeting started Tue Jun  6 14:02:59 2017 UTC and is due to finish in 60 minutes.  The chair is SridarK_. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:03:01 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:03:03 <openstack> The meeting name has been set to 'fwaas'
14:03:12 <SridarK_> #chair xgerman_ yushiro2
14:03:13 <xgerman_> #chair SridarK yushiro xgerman_ njohnston
14:03:13 <openstack> Current chairs: SridarK_ xgerman_ yushiro2
14:03:14 <openstack> Warning: Nick not in channel: SridarK
14:03:15 <openstack> Warning: Nick not in channel: yushiro
14:03:16 <openstack> Warning: Nick not in channel: njohnston
14:03:17 <openstack> Current chairs: SridarK SridarK_ njohnston xgerman_ yushiro yushiro2
14:03:32 <SridarK_> sorry xgerman_ pls go ahead
14:03:42 <xgerman_> no worries
14:03:49 <xgerman_> #topic Pike
14:04:20 <xgerman_> L2 support?
14:04:49 <yushiro2> yes
14:05:00 <xgerman_> how’s our progress?
14:05:08 <chandanc> For the l2 driver, i have updated my patch to take care of the review comments from Paddu
14:05:52 <xgerman_> great
14:06:20 <chandanc> I think we need to take care of the race condition that we discussed earlier, that will require the local vlan to be grabbed from the l2 agent and passed to the driver
14:06:45 <chandanc> may ned a changed in the agent extension and the driver call
14:06:49 <xgerman_> yeah, remember that from last week
14:07:04 <chandanc> yes xgerman_
14:07:43 <chandanc> I will  look into the l2 ext patch for the changes needed
14:08:03 <chandanc> in the mean time please have a look the the driver patch and let me know your comments
14:08:16 <xgerman_> sounds good, will do!
14:08:20 <chandanc> Paddu did not have any more comments for now
14:08:21 <SridarK_> chandanc: +1
14:08:56 <xgerman_> next up: Default firewall group -
14:09:11 <xgerman_> I haven’t looked at it for a while — but I saw patches fly by
14:09:43 <yushiro2> xgerman_, default fwg needs to more testing.
14:09:53 <yushiro2> I just rebase a several minutes ago.
14:09:59 <vks1> I have one question here, is there ways to disable DFWG ?
14:10:03 <xgerman_> ok, so we should test?
14:10:19 <vks1> like from config file ?
14:10:31 <SridarK_> vks1: this is something brought up by reedip as well
14:10:31 <yushiro2> xgerman_, yes and more UTs .
14:10:45 <xgerman_> ok
14:11:05 <SridarK_> vks1: i dont believe we came to a resounding consensus on that yet
14:11:52 <vks1> SridarK_: I raised in last meeting something on this line. My experience working with operators is that they will freak out with co-existence of SG and this FWG
14:12:02 <vks1> especially while debugging
14:12:30 <vks1> IMHO, it should be configurable entity from beginning
14:12:55 <vks1> its going to be hard time explaining them
14:13:03 <xgerman_> understood - but if we make it easy to switch off will it ever be switched on?
14:13:03 <SridarK_> vks1:  on the co existence issue, we can always not enable the L2 Firewall driver by setting it to a NOP driver
14:13:34 <xgerman_> well, that is also not what we want ;-)
14:13:45 <xgerman_> we want everybody to use it…
14:13:50 <SridarK_> so at that level of whether we want SG, SG AND L2 FWaaS or L2 FWaaS only - we can handle
14:14:22 <SridarK_> that level of flexibility will be desirable for operators, IMHO
14:14:39 <xgerman_> yep and would people who switch off default FWG want the other features…
14:16:04 <xgerman_> but probably good to have that as a “debug” setting
14:16:07 <SridarK_> if some one went with a L2 FWaaS only solution and did not have default FWG - VMs can start up with a deny all - which may not be desirable
14:16:17 <vks1> SridarK_: the problem what I am flagging is , the point to regulate security from one point...... Its not the feature we are going to provide , its about the end users
14:16:28 <SridarK_> but that is again up to debate
14:17:46 <SridarK_> vks1: i am not disagreeing - just trying to hash out the scenarios
14:18:16 <xgerman_> yeah, I can see how that would be a good feature at least for debugging
14:19:02 <SridarK_> We (or admins) can still control what the actual rules are in the default FWG
14:19:54 <chandanc> SridarK_: agree
14:20:13 <SridarK_> If we provide an additional enable/disable knob - it will be an admin feature correct ?
14:20:13 <yushiro2> +1  yes, current cycle is improving our feature much more better.
14:20:36 <vks1> SridarK_: +1
14:21:20 <xgerman_> yeah, just not sure if that is not already covered by make an accept/deny all rule
14:21:27 <vks1> SridarK_: the flag will give a choice to admins whether they want to deal with this or not rather than getting imposed implicitly
14:21:44 <SridarK_> Lets keep this open, once we have the basic feature working, it shd be easy to add in
14:21:54 <xgerman_> +1
14:21:59 <yushiro2> +1
14:22:13 <SridarK_> we shd probab solicit some feedback from operators
14:22:36 <SridarK_> vks1: lets add some more discussion to the thread started by reedip
14:22:52 <SridarK_> vks1: but this is a valid point
14:23:01 <vks1> SridarK_: OK
14:25:00 <xgerman_> I have +2;d some neutron lib stuff… so I think this is moving
14:25:40 <xgerman_> I haven’t seen much on Horizon in the past week(s) — how is this shaping up?
14:26:03 <SridarK_> xgerman_: just heard from SarathMekala
14:26:17 <SridarK_> he is out sick today - he has most of the code in place
14:26:38 <SridarK_> once the repo decision is settled - he will start pushing his code in
14:26:59 <SridarK_> he told me that he is discussion with Akihiro
14:27:32 <xgerman_> great!!!
14:27:38 <yushiro2> good!
14:29:31 <xgerman_> I think that’s all on that topic 0 unless we have some news on tempest…
14:29:56 <SridarK_> xgerman_: no news on tempest
14:30:05 <xgerman_> yeah, that’s what I though…
14:30:08 <xgerman_> #topic bugs
14:30:40 <xgerman_> #link http://urx2.nu/C7UI
14:30:59 <xgerman_> we have a couple of new ones
14:31:56 <xgerman_> we should look at them and move them to CONFIRMED or some of the other states
14:32:21 <xgerman_> SridarK_ should we have another bug scrub?
14:32:31 <SridarK_> xgerman_: +1
14:32:42 <SridarK_> lets schedule some time later this week
14:32:50 <xgerman_> +1
14:33:26 <SridarK_> we can use this same time slot so most folks can find a reasonable time zone
14:33:35 <xgerman_> #action schedule bug-scrub for later this week
14:33:37 <yushiro2> OK.  Curently, I don't have a priviledge to change status or asignee.  I'll ask neutron's member to get one.
14:33:54 <SridarK_> yushiro2: i dont think i have this either
14:34:08 <SridarK_> xgerman_: i think u are able to do this
14:34:17 <xgerman_> yep, I am
14:34:26 <yushiro2> SridarK_, OK.
14:34:31 <xgerman_> but I have no idea how I got that privilege
14:34:31 <yushiro2> xgerman_, great :)
14:34:42 <SridarK_> :-)
14:34:56 <yushiro2> In neutron LP, I found some request form.
14:35:11 <yushiro2> like 'neutron-bug-hypervisor'
14:35:46 <xgerman_> not sure if they still have the bug master of the week over there…
14:36:05 <yushiro2> xgerman_, OK, thank you.  I'll research more.
14:36:52 <xgerman_> #topic Open Discussion
14:37:17 <xgerman_> Periodic reminder
14:37:20 <xgerman_> #link https://releases.openstack.org/pike/schedule.html
14:37:43 <xgerman_> P-2 is RIGHT NOW!
14:38:07 <SridarK_> +1
14:38:18 <yushiro2> Yes,  i'll strongly take care of it.
14:38:22 <SridarK_> time seems to move so fast
14:38:48 <yushiro2> But sorry for late progress and got sickness..
14:38:53 <xgerman_> so I don’t really know what Membership Freeze means for us — but we should check with kevinb if we are ok
14:39:12 <xgerman_> don’t recall releasing a P-1 version?
14:39:22 <SridarK_> yushiro2: no worries - we all land up juggling multiple things - so dont be hard on urself
14:39:32 <xgerman_> SridarK_ +1
14:39:43 <yushiro2> SridarK_, xgerman_ thanks.. thank you!
14:40:49 <xgerman_> SridarK_ you think we are good with this membership freeze? Or should we summon kevinbenton?
14:41:40 <SridarK_> xgerman_: sorry i dont know what this is either
14:41:59 <xgerman_> #link https://releases.openstack.org/pike/schedule.html#p-mf
14:42:30 <yushiro2> me too..
14:43:00 <xgerman_> my worry is that they exclude us from the Pike release because we didn’t cross all our ts
14:43:30 <xgerman_> especially they want us to have two releases
14:43:37 <SridarK_> hmm i think we have been participants for sometime - so i wonder if it really applies to us
14:43:46 <SridarK_> also our releases are tied in with neutron
14:44:06 <SridarK_> i dont believe we are doing independent releases, as we are part of the stadium
14:44:32 <xgerman_> yeah, that’s why I think we should be good, too — but I rather doublecheck
14:44:41 <SridarK_> we are an official project already
14:44:44 <SridarK_> xgerman_: +1
14:44:50 <SridarK_> better to be safe
14:45:06 <SridarK_> doing an offline confirmation with Kevin is a good idea
14:45:32 <xgerman_> yeah, in LBaaS we once had trouble with not releasing and then being kicked out of the release…
14:45:52 <SridarK_> xgerman_: will u be able to shoot an email to him or ping him on IRC a little later in the day
14:45:59 <xgerman_> yeah, will do
14:46:12 <SridarK_> excellent thx - better to be safe
14:46:17 <xgerman_> #action xgerman_ double check with Kevin that the Membership Freeze doesn’t apply to us
14:47:44 <xgerman_> Anything else to discuss?
14:48:10 <SridarK_> nothing very specific that i can recall now
14:48:27 <xgerman_> so might be one of the rare days we can finish early ;-)
14:49:10 <xgerman_> #endmeeting