14:02:59 #startmeeting fwaas 14:03:00 Meeting started Tue Jun 6 14:02:59 2017 UTC and is due to finish in 60 minutes. The chair is SridarK_. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:03:01 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:03:03 The meeting name has been set to 'fwaas' 14:03:12 #chair xgerman_ yushiro2 14:03:13 #chair SridarK yushiro xgerman_ njohnston 14:03:13 Current chairs: SridarK_ xgerman_ yushiro2 14:03:14 Warning: Nick not in channel: SridarK 14:03:15 Warning: Nick not in channel: yushiro 14:03:16 Warning: Nick not in channel: njohnston 14:03:17 Current chairs: SridarK SridarK_ njohnston xgerman_ yushiro yushiro2 14:03:32 sorry xgerman_ pls go ahead 14:03:42 no worries 14:03:49 #topic Pike 14:04:20 L2 support? 14:04:49 yes 14:05:00 how’s our progress? 14:05:08 For the l2 driver, i have updated my patch to take care of the review comments from Paddu 14:05:52 great 14:06:20 I think we need to take care of the race condition that we discussed earlier, that will require the local vlan to be grabbed from the l2 agent and passed to the driver 14:06:45 may ned a changed in the agent extension and the driver call 14:06:49 yeah, remember that from last week 14:07:04 yes xgerman_ 14:07:43 I will look into the l2 ext patch for the changes needed 14:08:03 in the mean time please have a look the the driver patch and let me know your comments 14:08:16 sounds good, will do! 14:08:20 Paddu did not have any more comments for now 14:08:21 chandanc: +1 14:08:56 next up: Default firewall group - 14:09:11 I haven’t looked at it for a while — but I saw patches fly by 14:09:43 xgerman_, default fwg needs to more testing. 14:09:53 I just rebase a several minutes ago. 14:09:59 I have one question here, is there ways to disable DFWG ? 14:10:03 ok, so we should test? 14:10:19 like from config file ? 14:10:31 vks1: this is something brought up by reedip as well 14:10:31 xgerman_, yes and more UTs . 14:10:45 ok 14:11:05 vks1: i dont believe we came to a resounding consensus on that yet 14:11:52 SridarK_: I raised in last meeting something on this line. My experience working with operators is that they will freak out with co-existence of SG and this FWG 14:12:02 especially while debugging 14:12:30 IMHO, it should be configurable entity from beginning 14:12:55 its going to be hard time explaining them 14:13:03 understood - but if we make it easy to switch off will it ever be switched on? 14:13:03 vks1: on the co existence issue, we can always not enable the L2 Firewall driver by setting it to a NOP driver 14:13:34 well, that is also not what we want ;-) 14:13:45 we want everybody to use it… 14:13:50 so at that level of whether we want SG, SG AND L2 FWaaS or L2 FWaaS only - we can handle 14:14:22 that level of flexibility will be desirable for operators, IMHO 14:14:39 yep and would people who switch off default FWG want the other features… 14:16:04 but probably good to have that as a “debug” setting 14:16:07 if some one went with a L2 FWaaS only solution and did not have default FWG - VMs can start up with a deny all - which may not be desirable 14:16:17 SridarK_: the problem what I am flagging is , the point to regulate security from one point...... Its not the feature we are going to provide , its about the end users 14:16:28 but that is again up to debate 14:17:46 vks1: i am not disagreeing - just trying to hash out the scenarios 14:18:16 yeah, I can see how that would be a good feature at least for debugging 14:19:02 We (or admins) can still control what the actual rules are in the default FWG 14:19:54 SridarK_: agree 14:20:13 If we provide an additional enable/disable knob - it will be an admin feature correct ? 14:20:13 +1 yes, current cycle is improving our feature much more better. 14:20:36 SridarK_: +1 14:21:20 yeah, just not sure if that is not already covered by make an accept/deny all rule 14:21:27 SridarK_: the flag will give a choice to admins whether they want to deal with this or not rather than getting imposed implicitly 14:21:44 Lets keep this open, once we have the basic feature working, it shd be easy to add in 14:21:54 +1 14:21:59 +1 14:22:13 we shd probab solicit some feedback from operators 14:22:36 vks1: lets add some more discussion to the thread started by reedip 14:22:52 vks1: but this is a valid point 14:23:01 SridarK_: OK 14:25:00 I have +2;d some neutron lib stuff… so I think this is moving 14:25:40 I haven’t seen much on Horizon in the past week(s) — how is this shaping up? 14:26:03 xgerman_: just heard from SarathMekala 14:26:17 he is out sick today - he has most of the code in place 14:26:38 once the repo decision is settled - he will start pushing his code in 14:26:59 he told me that he is discussion with Akihiro 14:27:32 great!!! 14:27:38 good! 14:29:31 I think that’s all on that topic 0 unless we have some news on tempest… 14:29:56 xgerman_: no news on tempest 14:30:05 yeah, that’s what I though… 14:30:08 #topic bugs 14:30:40 #link http://urx2.nu/C7UI 14:30:59 we have a couple of new ones 14:31:56 we should look at them and move them to CONFIRMED or some of the other states 14:32:21 SridarK_ should we have another bug scrub? 14:32:31 xgerman_: +1 14:32:42 lets schedule some time later this week 14:32:50 +1 14:33:26 we can use this same time slot so most folks can find a reasonable time zone 14:33:35 #action schedule bug-scrub for later this week 14:33:37 OK. Curently, I don't have a priviledge to change status or asignee. I'll ask neutron's member to get one. 14:33:54 yushiro2: i dont think i have this either 14:34:08 xgerman_: i think u are able to do this 14:34:17 yep, I am 14:34:26 SridarK_, OK. 14:34:31 but I have no idea how I got that privilege 14:34:31 xgerman_, great :) 14:34:42 :-) 14:34:56 In neutron LP, I found some request form. 14:35:11 like 'neutron-bug-hypervisor' 14:35:46 not sure if they still have the bug master of the week over there… 14:36:05 xgerman_, OK, thank you. I'll research more. 14:36:52 #topic Open Discussion 14:37:17 Periodic reminder 14:37:20 #link https://releases.openstack.org/pike/schedule.html 14:37:43 P-2 is RIGHT NOW! 14:38:07 +1 14:38:18 Yes, i'll strongly take care of it. 14:38:22 time seems to move so fast 14:38:48 But sorry for late progress and got sickness.. 14:38:53 so I don’t really know what Membership Freeze means for us — but we should check with kevinb if we are ok 14:39:12 don’t recall releasing a P-1 version? 14:39:22 yushiro2: no worries - we all land up juggling multiple things - so dont be hard on urself 14:39:32 SridarK_ +1 14:39:43 SridarK_, xgerman_ thanks.. thank you! 14:40:49 SridarK_ you think we are good with this membership freeze? Or should we summon kevinbenton? 14:41:40 xgerman_: sorry i dont know what this is either 14:41:59 #link https://releases.openstack.org/pike/schedule.html#p-mf 14:42:30 me too.. 14:43:00 my worry is that they exclude us from the Pike release because we didn’t cross all our ts 14:43:30 especially they want us to have two releases 14:43:37 hmm i think we have been participants for sometime - so i wonder if it really applies to us 14:43:46 also our releases are tied in with neutron 14:44:06 i dont believe we are doing independent releases, as we are part of the stadium 14:44:32 yeah, that’s why I think we should be good, too — but I rather doublecheck 14:44:41 we are an official project already 14:44:44 xgerman_: +1 14:44:50 better to be safe 14:45:06 doing an offline confirmation with Kevin is a good idea 14:45:32 yeah, in LBaaS we once had trouble with not releasing and then being kicked out of the release… 14:45:52 xgerman_: will u be able to shoot an email to him or ping him on IRC a little later in the day 14:45:59 yeah, will do 14:46:12 excellent thx - better to be safe 14:46:17 #action xgerman_ double check with Kevin that the Membership Freeze doesn’t apply to us 14:47:44 Anything else to discuss? 14:48:10 nothing very specific that i can recall now 14:48:27 so might be one of the rare days we can finish early ;-) 14:49:10 #endmeeting