14:03:04 #startmeeting fwaas 14:03:05 Meeting started Tue Sep 5 14:03:04 2017 UTC and is due to finish in 60 minutes. The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:03:07 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:03:10 The meeting name has been set to 'fwaas' 14:03:16 SridarK : either you forgot how to start a meeting or somethings down 14:03:23 oh you forgot how to start the meeting :P 14:03:35 SridarK: sorry typo early AM :-) 14:03:41 i need to wake up 14:03:50 Coffee !!! 14:03:56 yes badly needed 14:04:12 #chair xgerman_ yushiro 14:04:13 Warning: Nick not in channel: yushiro 14:04:14 Current chairs: SridarK xgerman_ yushiro 14:04:22 o/ 14:04:28 i forget who was to run the mtg today 14:04:39 you are ... I think 14:04:50 ok lets get started 14:05:13 #topic Queens 14:05:20 Hi 14:05:28 #chair yushiro xgerman_ 14:05:29 Current chairs: SridarK xgerman_ yushiro 14:05:30 I'm sorry I'm late. 14:05:36 yushiro: np 14:05:58 so in terms of Queens - most important is the planning and PTG topics 14:06:28 #link https://etherpad.openstack.org/p/neutron-queens-ptg 14:06:59 pls add to the existing list in the fwaas section 14:07:37 shall we take a few mins to discuss on any other priorities as well now ? 14:08:08 SridarK : dont we have an etherpad for FWaaS only ? 14:08:13 I think xgerman_ made something 14:08:26 I am open to have a targetted mtg on Thu as well either in our channel or as a conf call or something too 14:08:32 I think I did 14:08:59 https://etherpad.openstack.org/p/fwass_ptg_denver 14:09:09 SridarK : meeting/conf call would be great 14:09:26 #link https://etherpad.openstack.org/p/fwass_ptg_denver 14:09:54 reedip_: ok - shall i set something up for the same time in 48 hrs ? 14:10:15 Oh , I thought during the PTG :P 14:10:32 a normal meeting might suffice before the PTG 14:10:58 PTG might be hectic… 14:11:07 reedip_: ok - i can do that for sure - but my sense is the audio quality is going to be bad 14:12:05 lets take a quick stab now 14:12:14 xgerman_ SridarK : I think on the last day when we have the time only for sub teams, we can have the discussion , yushiro would be there with you, so if not audio, we can just jump in the #fwaas channel and the FWaaS etherpad 14:12:45 of the priorities already listed in #link https://etherpad.openstack.org/p/neutron-queens-ptg 14:12:55 what do folks feel ? 14:13:02 reedip_: +1 we can do that 14:13:38 folks are pretty quiet .... :P 14:13:56 I think in terms of debt or things needing wrap up - we have clarity 14:13:59 after a US holiday… 14:14:05 +1 reedip_ 14:14:10 SridarK, If possible, would you mind adding 'logging extension' as a challengable topic? 14:14:12 L2 support, Horizon, testing 14:14:31 yushiro: yes sure 14:14:38 + 1 14:15:02 yushiro: done 14:15:09 SridarK, thank you so much. 14:15:16 Thanks SridarK 14:15:16 yushiro: np 14:15:25 annp: np 14:15:31 SridarK, xgerman_ I agree with current topic. L2 is the highest priority :) 14:15:50 SridarK, xgerman_ and horizon ;) 14:15:53 i think we also need to evaluate ovs and sg integration 14:16:01 +1 14:16:06 +1 14:16:26 SridarK, ah, yes OVS one is also necessary, isn't it? chandanc :) 14:16:37 also investigate what happened to FW next and how we can collaborate 14:16:47 SG 14:16:47 ya, i agree 14:17:36 chandanc: , yushiro xgerman_ and myself can discuss with the right set of folk on ovs 14:17:45 +1 14:17:53 sure 14:17:57 I rearranged the things a bit in the etherpad as per priority 14:18:07 SridarK, +1 jakub and other OVS guy can attend PTG 14:18:25 chandanc: pls let us know if there are specific concerns that u want clairfication on as well 14:18:41 Sure, i had a look at the code and UT 14:18:58 i see a lot of changes has been done for the SG driver 14:19:32 chandanc: ok - can u pls take a look and send us a summary by the end of the week or early next week 14:19:36 I will try to resync 14:19:44 thanks 14:19:44 chandanc: ok perfect thx 14:19:47 Ok SridarK 14:20:32 and then we have testing 14:20:44 this will keep us busy for a good part of Queens 14:20:56 +1 14:21:24 In terms of new features, SFC integration & using CCF 14:21:35 yep 14:21:52 and then our long term plan hitiching our wagon to K8 14:22:33 I also reached out to CCF folks and did some investigation - i think they will have some model for a PoC - that we can play around with 14:22:40 xgerman_: huge +1 14:22:49 I am talking to them on #openstack-meeting :P 14:22:55 SridarK ^^ 14:22:56 +1 14:22:56 :-) 14:23:14 Yeah, integrating them should be stroght forward 14:23:18 i dont know how we position ourselves on that tha front 14:23:36 should we look at Kuryr as a first step too 14:23:41 SridarK: SFC would be something to work with... 14:23:51 SridarK: you summoned the kuryr man 14:24:00 nice 14:24:00 apuimedo : hey hi :) 14:24:04 I dont have much thoughts on that yet - but lets talk more 14:24:05 hi 14:24:11 apuimedo: hi 14:24:26 SridarK: may I help? 14:24:31 apuimedo: wow like a Genie - u surface :-) 14:24:39 we were wondering how FWaaS can be useful for Kuryr 14:24:52 apuimedo: ^^^ exactly as xgerman_ puts it 14:24:59 IIRC Kuryr doesnt have the FWaaS extension yet, right ? 14:25:09 xgerman_: well, it may be that for some policy in kuryr-kubernetes network policy translation fwaas would be needed 14:25:22 we still didn't check if SGs are enough of not 14:25:37 yes, that’s my thought as well. Canal, etc. are pretty poor in the semantics 14:25:37 apuimedo: perhaps we can thrash out some workflow and usage models 14:25:41 it is a queens goal 14:25:50 apuimedo: will u be at the PTG ? 14:25:51 oh, stars aling… 14:26:05 SridarK: no. Denver + Sydney would be too much 14:26:14 but dmellado is going on behalf of Kuryr 14:26:18 he'll be the kuryr man then 14:26:28 o/ 14:26:31 ok, so we need to go to Sydney to meet you? 14:26:36 lol 14:26:38 apuimedo: ok - we will try to sync up then 14:26:41 :-) 14:27:01 apuimedo: if you try to throw more stuff into me I'll exchange my name tag at the PTG with somebody xD 14:27:04 I want to go Sydney either... 14:27:07 dmellado: perhaps we can figure out a way to meet up to discuss some FWaaS usecases 14:27:15 SridarK: sure thing 14:27:16 yushiro : you are in line ! 14:27:34 dmellado: yushiro, xgerman_ and myself will be at Denver 14:27:34 apuimedo : kuryr meeting is on Mondays, right ? 14:27:56 SridarK: I'll be at the infra sessions on Monday, so feel free to catch me there 14:28:11 dmellado: i get in only on Tue eve - 14:28:22 and there till Fri 14:28:23 SridarK: oh, I see, np I'll be there the whole week 14:28:29 reedip_: it is 14:28:31 me, too 14:28:39 dmellado: ok perfect - we can meet up on Wed 14:28:41 ping me and we'll try to meet up there at some point 14:28:54 dmellado: perfect done 14:30:13 :-) 14:30:16 ok good we have a plan to explore 14:30:23 thx apuimedo dmellado 14:30:31 yw! 14:30:41 thx 14:30:45 thank you 14:30:54 ea 14:31:30 thank you 14:31:47 reedip_: yes on SFC, as u mentioned 14:32:13 sorry SridarK : lost track 14:32:28 apuimedo, dmellado looking forward to meeting in Denver :) 14:32:43 I think we have a reasonable list to go after, other pls add things that are important that we have missed 14:32:45 I am discussing for CCF. SFC not yet 14:33:14 reedip_: sounds good - i had some conversations on SFC in the past 14:33:30 ok .... 14:33:49 yushiro: same there! 14:34:18 ideally if we can wrap up our debt from the Pike cycle and move fwd on 1 or 2 of these new areas - will be ideal 14:34:21 SridarK : I do not think there would be some exceptional work for SFC. I think it would just be pluggable 14:35:01 reedip_: that was my thought too - i had some concerns on the implementation details 14:35:02 the devil is in the details 14:35:12 I am checking the details :P 14:35:12 xgerman_: yes exactly 14:35:34 ok good i think we have enough to keep us busy during PTG 14:35:42 lets move on 14:35:45 they run a port in-different port out model,,, 14:36:15 xgerman_: and based on how we are positioned in the router - i was not sure how to effect it 14:36:17 SridarK , xgerman_ have we considered providing support to tacker ? 14:36:18 for NFV ? 14:36:40 or is it already there ? 14:36:57 reedip_: we had some very early conversations but no discussions recently 14:37:06 +1 14:37:08 xgerman_ https://docs.openstack.org/newton/networking-guide/config-sfc.html#architecture 14:37:25 "for NFV", "for tacker" sounds too ambiguous to me. 14:37:36 SridarK : ok, I think that work would be done from tacker team themselves 14:37:41 it looks better to discuss specific topics if there are such demands 14:37:49 +1 14:37:52 amotoki +1 14:38:17 ok sounds good and agree 14:38:23 #topic L2 Support 14:38:35 yushiro: chandanc pls go ahead 14:38:41 SridarK, OK. 14:38:51 #link https://review.openstack.org/#/c/323971/ 14:39:45 I got some comment from Inessa and he said 'imho noop driver dependency has a lot more chances to get approved and merged.' 14:40:57 yushiro : he reason for that is also mentioned 14:41:02 and I think he is right 14:41:19 "Maybe make this patch independent of ovs driver by implementing noop driver? 14:41:20 ovs driver patch https://review.openstack.org/#/c/447251/ that this patch depends on is a very complex change, imho noop driver dependency has a lot more chances to get approved and merged." 14:41:32 Yes, I'd like to discuss with a behavior when 'noop' driver is loaded. 14:42:32 I think 'noop' driver does nothing and alarm some message(WARNING) into log, right? 14:43:30 yushiro: why do you think some warning log messages are needed? 14:43:57 No , it doesnt ... 14:44:00 amotoki, Because, if 'noop' driver is loaded, firewall rule doesn't set in OVS. 14:44:08 noop driver does nothing on back-end side and if the noop dirver is loaded just API should work as usual 14:44:18 https://github.com/openstack/neutron/blob/master/neutron/services/metering/drivers/noop/noop_driver.py 14:44:32 In the past, for v1 as well as v2 (L3) we have not taken such an approach - the agent - driver interface is basically the internal API corresponding to actions for CRUD 14:44:54 amotoki, reedip_ Aha. 14:45:19 so this will be a pass through 14:45:31 I guess so 14:45:41 amotoki, reedip_ SridarK OK, thank you and I was misunderstanding. 14:45:59 re: noop driver in the agent side, it is in a question how it has a real value though.. 14:46:14 but it can be used to validate internal APIs 14:46:47 amotoki: perhaps that and the removal of dependency with the driver patch - 14:46:55 amotoki : I think we can keep noop driver for now, and once OVS Firewall patch merges, then maybe we can add this back 14:47:08 SridarK: +1, yeah it is one possible usecase 14:47:30 yushiro: since our driver interface is well defined - this should not be a problem 14:47:53 perhaps it gives folks who want to use a different driver more confidence in integration 14:48:34 SridarK, amotoki OK. So, we should implement driver base code and define some methods, shouldn't we? 14:48:35 yushiro: anyways we allow specifying the driver 14:49:10 SridarK, I understood. 14:49:23 yushiro: the base driver is useful to deifne the interface 14:49:37 with docstring 14:49:57 So, I'll remove ovs = neutron_fwaas.services.firewall.drivers.linux.l2.openvswitch_firewall.firewall:OVSFirewallDriver in setup.cfg from l2-agent patch. 14:50:07 amotoki, Yes, I guess so! 14:50:31 yushiro: ok 14:50:46 chandanc, please add above definition into setup.cfg in your OVS patch :) 14:50:54 we have 10 mins, chandanc anything to add from driver side ? 14:51:06 chandanc, I'll comment in gerrit either. 14:51:10 yushiro: sure i agree 14:51:21 ok lets move on 14:51:30 yes 14:51:32 #topic Horizon changes 14:51:41 #link https://review.openstack.org/#/c/475840/ 14:51:52 SarathMekala: amotoki pls go ahead 14:52:14 I returned back from vacation today 14:52:21 SarathMekala: do u feel we are ready to do more manual tests 14:52:23 SarathMekala: ok 14:52:27 SarathMekala, Welcome :) 14:52:35 :) thanks 14:52:38 re v2 dashboard, SarathMekala post a patch with UT success :) yay 14:52:45 as of the last checkin the UTs are passing now 14:53:46 perhaps some more test round will be needed 14:53:57 amotoki: thx for jumping in on the UTs as well 14:54:00 there are some comments given by amotoki.. will work on them 14:54:35 SarathMekala: amotoki ok - i will pick up PS28 14:54:38 now we can do one big round of manual testing and fix any issues that turn up 14:54:53 this should harden the flows :) 14:55:06 #link https://etherpad.openstack.org/p/fwaas-v2-dashboard 14:55:41 ok we can update the etherpad ^^ 14:56:03 yes.. will clean it up a bit 14:56:04 SarathMekala, I found GUI issue in selecting firewall_rule in policy. Please refer #fwp-6 14:56:43 yushiro, ok will check it out 14:56:59 yushiro: SarathMekala: firewall rule selection in policy creation seems not to work at now 14:57:01 SarathMekala: ok pls evaluate that and give us a heads up 14:57:35 what I can tell is that it is due to django 1.11 stuff and v1/v2 dashboard have the same problem 14:58:00 amotoki, Oh, OK. Thanks. 14:58:03 it is caused by horizon side code, but in the horizon side, we are dropping the consumer of the corresponding JS code 14:58:33 so if the fw dashboard continues to use it, we need to maintain and/or fix the probem in the fwaas team 14:58:54 ok 2 mins, let me go to open slot and we can continue discussion 14:59:01 amotoki, you mean v1 dashboard? 14:59:01 #topic Open Discussion 14:59:10 yushiro: including v1 dashboard 14:59:17 others anything else to bring up ? 14:59:17 amotoki, Ok 14:59:37 some maintenance notice: regarding v1 dashboard I sent a series of patches which I noticed during v2 dashboard reviews. v2 dashboard copied a lot from v1 dashboard including some weird codes. https://review.openstack.org/#/q/status:open+project:openstack/neutron-fwaas-dashboard+branch:master 15:00:21 amotoki, wow, nice cleanup! will take a look. 15:00:25 ok we are nearing end - we can continue the fwaas channel 15:00:29 Hi I just started to rebase patch to implement a plugable backend driver 15:00:32 yushiro: +1 15:00:38 https://review.openstack.org/#/c/480265 15:00:39 amotoki: will look too 15:00:43 amotoki, +1 15:00:47 doude: ok 15:01:00 doude: will add to the agenda so u have time 15:01:10 #endmeeting fwaas