14:02:24 #startmeeting fwaas 14:02:25 Meeting started Thu Oct 5 14:02:24 2017 UTC and is due to finish in 60 minutes. The chair is xgerman_. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:02:27 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:02:29 The meeting name has been set to 'fwaas' 14:02:55 i was curious if there is a convention on which channels are used for meetings 14:03:02 #chair yushiro SridarK 14:03:03 Current chairs: SridarK xgerman_ yushiro 14:03:17 of course scheduling is not an issue here 14:03:23 #topic Announcements 14:03:33 We have a new meeting time ;-) 14:03:57 Hi 14:04:35 Netwon EOL is next week 10/13 14:04:52 K 14:04:54 and Q1 is 10/16-20 14:05:21 so coming up rapidly - in two weeks if I am keeping track 14:05:40 #link https://releases.openstack.org/queens/schedule.html 14:05:50 Yes, 14:06:26 time flies… 14:07:03 oh, I think next PTG is in Dublin and 2018 Fall OpenStack summit in Berlin 14:07:24 we have a few milestones we should try to get in by Q1 14:07:30 indeed 14:07:43 let’s start with our usual topics 14:07:45 #topic L2 Support 14:08:39 yushiro pls. go ahead 14:08:54 xgerman_, OK 14:09:13 Inessa and annp, thanks for ur great update. 14:09:18 +1 14:09:27 yushiro, you're welcome. 14:09:30 #link https://review.openstack.org/#/c/323971/ 14:09:48 We're much more better in shape now. 14:09:53 +1 14:09:59 +1 14:10:02 yushiro: shall we target some testing 14:10:07 are we ready for that 14:10:22 i think yes. 14:10:30 SridarK, Yes 14:10:31 annp: ok 14:10:42 annp, but i think we should update on my comment. 14:10:45 at first. 14:10:50 But i have once concerning related yushiro comment 14:11:04 awesome — I think to hit the milestone I am ok with just having unit tests… 14:11:05 ok lets cover integration testing after the driver status 14:11:14 https://review.openstack.org/#/c/323971/59/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py@267 14:11:24 could you take a look at it? 14:11:33 annp, would it be possible to discuss after this meeting ?? 14:11:52 ok, lets discuss later. 14:11:58 ok, sounds good 14:12:00 annp, OK, thanks. 14:12:08 please go ahead 14:12:09 we can always do in Open Discussion if we have time 14:13:01 remaining points are 1. changing status logic and 2.avoid 'PENDING_xxx' status with some error. 14:13:49 Sorry, I tried to write etherpad for local.conf with devstack, but I couldn't. SridarK , could you tell me a link for etherpad again? 14:14:12 So, that's all for l2-agent side. Next is ovs driver side. 14:14:23 #link https://etherpad.openstack.org/p/fwaas-v2-l2 14:14:26 #linkc https://review.openstack.org/#/c/447251/ 14:14:31 SridarK, thank you so much! 14:14:39 lets use the etherpad to communicate as well 14:14:43 yushiro: thx 14:16:12 I tested in devstack with ovs driver PS33, it seems to work correctly. 14:16:23 annp, could you try it again with latest devstack? 14:16:59 try: https://raw.githubusercontent.com/xgerman/devstack_deploy/master/stackme.sh && chmod +x stackme.sh && vi stackme.sh && ./stackme.sh 14:17:24 oops, sorry. PS34 14:17:27 actually, I tested it again. But the result same my previous comment 14:18:15 I have a stupid question, Did you configure firewall_l2_driver = ovs? 14:18:47 Yes, exactly. I configured firewall_l2_driver = ovs. 14:19:23 OK, please revert PS34 and modify test code. 14:19:25 : Reedip here 14:19:33 o/ 14:19:48 Ok, tomorrow, I will try it again. 14:19:51 hi reedip. I didn't know that :) 14:19:54 I am driving to a family function so will catch the logs once I reach 14:20:04 chandanc, hi 14:20:09 Hello 14:20:19 good timing, chandanc :) 14:20:26 Sorry for the last minute update 14:20:36 we were talking about ovs driver patch. 14:20:38 I just got to know from SridarK 14:20:49 ok yushiro 14:21:02 I saw the changes done 14:21:05 hi chandanc 14:21:15 did the race condition change done ? 14:21:20 hello annp 14:23:09 actually, I think we should decide using local vlan idea or keep get_tag_from_other_config same as ovsfw 14:23:54 chandanc and I discussed in previous cycle about that. I think it's better to use local vlan idea first. 14:23:56 i thought the other_config is not updated by the time we(driver) are called 14:24:05 Because if we keep get_tag_from_other_config function, we don't need local vlan function 14:24:56 I think same, chandanc. 14:26:06 sorry, could you tell me which your opinion is? 14:26:44 if the other_cobfig is not updated in time that doesn’t make it the best way to go forward… guess vlan is safest 14:26:46 annp i just forwarded the old mail thread i had with yushiro 14:26:58 should give some context to you 14:27:05 From my opinion, I think we should come up with loccal vlan 14:27:34 chandanc, Ah, it's better :) 14:27:36 chandanc, thanks. i will check it tomorrow. 14:27:39 annp, i think we are not on the same page 14:27:45 given we only have two weeks until Q-1 we should just run with something and adjust later 14:28:03 +1 14:28:14 anyways, have a look at the mail. We can then quickly converge 14:28:20 +1 14:28:48 agree 14:29:03 chandanc, lets me understand the context. Thanks. 14:29:03 chandanc: will sync with u offline but is there a specific workflow that would cause an issue 14:29:49 l2 agent allocates a local vlan, then calls extensions, then updates the ovsdb with the allocated local vlan 14:30:11 by the time extension calls the driver the local vlan is not in the ovsdb 14:31:01 mmh, I think the l2-agent needs to change to be a bit more accomodating… 14:31:10 workaround is for the extension to directly get the local vlan from l2 agent 14:31:48 need to pass the config to the extensions 14:31:54 xgerman_: +1 14:31:54 ok 14:32:13 ok, we can propose a patch along those lines to Neutron 14:32:47 OK, 14:32:56 ya we can, the workaround was a shortcut :) 14:33:17 sounds like a plan… 14:33:51 OK, let's use local vlan initial release. 14:34:02 would it be feasible kick off some integration (fwaas l2 agent and ovs driver) with the workaround 14:34:06 +1 and propose changes to l2-agent 14:34:18 +1 yushiro 14:34:44 SridarK: the workaround was part of the patch, we can revert that change 14:35:00 chandanc: ok lets test with that 14:35:26 yes, let’s continue with what we have and work in. parallel on the l2-agent patch-solution 14:35:37 ok 14:35:48 In my understanding, L2-agent already inmplented local vlan. So, please align with ovs driver part. 14:37:00 anyway, let's discuss after :) 14:37:07 xgerman_, sorry, please go ahead 14:37:15 yes. l2 agent already implemented local vlan 14:37:44 ok, moving on 14:37:45 #topic FWaaS Dashboard 14:38:27 amotoki yt? 14:38:30 #link https://review.openstack.org/#/c/475840/ 14:38:49 Sarath ? 14:39:02 SarathMekala is out today 14:39:11 SridarK, OK thanks. 14:39:12 he sent an email 14:39:13 i was on vacation last week, so I have no information to share 14:39:24 amotoki, nice vacation!!! 14:39:36 pictures? 14:39:43 I wonder how we can move the work forward. 14:39:53 perhaps we can sync up offline and see what remains 14:39:56 we have several issues now on v2 dasbhoard 14:40:05 when SarathMekala is back too 14:40:20 amotoki: sorry pls go ahead 14:40:28 yes. I and hoangcx are watching in v2 dashboard. 14:40:35 my suggestion is to merge the current version (with minimum fixes) 14:40:43 and file backlogs as bugs 14:40:50 and fix them 14:40:59 then cut a release 14:41:30 I am afraid it is not easy to track what are remaining and what are fixed already 14:41:38 well, we should cut Q-1 with whatever we have — it’s better what’s there now 14:42:00 amotoki: ok lets sync up on email with SarathM, and quickly do a final round of tests 14:42:09 so we are aware of the limitations 14:42:17 actually neutron-fwaas-dashboard does uses cycle-with-milestone 14:42:34 OK. 14:42:41 indeed - so we need to cut a release — question is do we merge it before then or not 14:42:49 so Q-1 is not applied. it is cycle-with-intermediary 14:43:18 cycle-with-intermediary is recommended to cut at least one release before Q-2 14:43:44 OK. 14:43:53 so Q-1 is not a big milestone 14:43:59 ok but if there are only minor issues lets try to get the patch in and fix bugs 14:44:00 mmh, let’s follow SridarK’s suggestion and sync, catalog bugs, and release? 14:44:12 SridarK +1 14:44:25 SridarK: +1 14:45:03 ok lets sync with SarathMekala in the next day and try to get it in by early next week 14:45:23 +1 14:45:26 +1 14:45:38 agree 14:45:40 once the base patch lands, we can fix issues in parallel :) 14:45:41 I will get a round of testing on it tomorrow 14:46:09 amotoki: At lease basic functions should be done before landing 14:46:38 hoangcx_: basically yes. 14:46:52 maybe we should focus on "'Add policy' endless loading bug" and "enable to select L2-port" in v2 dashboard.. 14:46:53 precisely, all basic functions should work BEFORE RELEASE :) 14:47:04 hoangcx_: +1 basic things were ok on the last round of tests 14:47:10 yushiro: +1 14:47:17 amotoki: +1 14:47:25 hoangcx_, +1 14:47:47 amotoki: I will test it and give feedback by early next week for dashboard patch. 14:48:44 k 14:49:01 #topic Open Discussion 14:49:23 Can I have 1 topic? 14:49:27 sure 14:49:42 go ahead 14:49:46 and I also want a few seconds after yushiro 14:49:52 ok 14:50:07 hoangcx_, and I just posted firewall logging feature spec : https://review.openstack.org/#/c/509725/ 14:51:03 ok 14:51:18 yeah, will have a lokk 14:51:20 In queens-1, let's focus v2 functionality. After that, I hope to start to extend this feature into fwaas. ( Of course logging feature is targetted on Queens-1) 14:51:22 extend the work u have done for SG ? 14:51:52 yushiro: sounds good 14:52:14 SridarK, not yet. annp and I are working now but will be finished in Q-1 : 14:52:16 +1 14:52:22 OK, that's all for me. 14:52:29 mlavalle, please go ahead :) 14:52:34 +1 14:52:36 my request is very similar 14:52:53 would like some eyes on https://review.openstack.org/#/c/461657/ 14:53:14 zhaobo6 is ready to go as soon as the spec is approved 14:53:24 mlavalle: i added my self - will look at the audit feature 14:53:39 now tht we are talking post Q-1 milestone 14:53:42 that's all 14:53:45 Thanks! 14:53:46 mlavalle, me too. Thanks for your notification :) 14:54:17 and I have one announce! 14:54:25 sure 14:54:45 If guys can go sydney summit, please add your name in team etherpad :) 14:54:57 I'll be there 14:54:57 +1 14:55:09 the team etherpad? 14:55:13 mlavalle, Yeah! 14:55:32 amotoki, oops, fwaas irc meeting's etherpad. 14:55:33 I will skip (unless a super cheap flight shows up) 14:56:10 https://etherpad.openstack.org/p/fwaas-meeting 14:56:18 thanks 14:56:34 ok, 4 min left — anyhting else? 14:56:43 Can We discuss about https://review.openstack.org/#/c/323971/59/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py@267? 14:56:49 seems L.98 of the etherpad (right now) 14:56:54 annp, sure 14:57:10 I think firewall group behavior quite strange 14:57:11 amotoki, correct!!! 14:57:32 * xgerman_ wonder if we need to stick to the times as we are in our won channel 14:58:22 xgerman_: good point! just a weak timekeeper :) 14:58:25 24 x 7 fwaas meeting ? ;-) 14:58:30 hahaha 14:58:33 my question, why we don't rasie a exception some thing like Port in use, if a port already attached to a fwg? 14:59:03 annp: i think it is similar to SG behavior 14:59:22 a port bound to SG(s) can be deleted even it is associated 15:00:17 FWS just defines a behavior of the port, but IMHO the FWG should not block the port deletion. 15:00:21 does it make sense? 15:00:47 or are you talking about deleting FWG? 15:00:59 yes, It make sense. However, In yushiro case, it make me confused. 15:01:00 amotoki, Yes. I agree with you. Port can be deleted even if fwg is associated with. 15:01:27 I'm taking about firewall group update case 15:01:49 the plugin did have a check to ensure that a port can have only one fwg associated 15:02:15 xgerman_: Can we close meeting to not logged evadrop over 1h? Then we can continue discuss as offline :) 15:02:21 xgerman_: we are at time - 15:02:40 #endmeeting fwaas