#openstack-fwaas log

14:01:45 <yushiro> #startmeeting fwaas
14:01:45 <openstack> Meeting started Thu Nov 30 14:01:45 2017 UTC and is due to finish in 60 minutes.  The chair is yushiro. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:46 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:01:48 <openstack> The meeting name has been set to 'fwaas'
14:01:55 <chandanc> Hello
14:02:03 <yushiro> #chair xgerman_ yushiro
14:02:04 <openstack> Current chairs: xgerman_ yushiro
14:02:17 <yushiro> chandanc, hi,  long time no see :)
14:02:28 <chandanc> Hello yushiro
14:02:53 <yushiro> SridarK, Hi!
14:02:53 <SridarK> Hi All
14:02:58 <yushiro> #chair SridarK
14:02:59 <openstack> Current chairs: SridarK xgerman_ yushiro
14:03:15 <yushiro> OK, we just started now.  Good timing :)
14:03:18 <SridarK> I think according to our etherpad - today is my turn
14:03:48 <yushiro> Ah, OK SridarK and sorry I was absent last meeting.
14:03:49 <SridarK> but yushiro if u have started running already
14:04:00 <SridarK> pls go ahead
14:04:04 <yushiro> Sure
14:04:06 <yushiro> #topic Queens
14:04:10 <SridarK> yushiro: yes no worries
14:04:33 <yushiro> 1. l2-agent
14:05:07 <yushiro> oops,  1. l2-agent     2.OVS firewall   3. co-existing   Now we are talking about '1.'
14:05:20 <yushiro> #link https://review.openstack.org/#/c/323971/
14:05:46 <SridarK> annp: i think ur last update on PS77
14:06:02 <annp> SridarK, yes.
14:06:07 <yushiro> Now, this patch is independent and annp added 'sg_enabled' flag on it.
14:06:10 <SridarK> took care of checking the enable flag
14:06:17 <SridarK> yes
14:07:00 <SridarK> I am checking that and can do a +2 soon
14:07:21 <yushiro> SridarK, Good.  In my point of view, there is no issue now.
14:07:30 <SridarK> yushiro: +1
14:07:46 <annp> +1 yushiro
14:07:48 <yushiro> annp, if you feel there is no issue, plz put +1 :)
14:08:08 <annp> yushiro Sure. :)
14:08:26 <yushiro> hoangcx, I'd like to ask you to check this patch either.
14:08:34 <annp> yushiro, Done.
14:09:18 <yushiro> OK, I'll check it again and start updating 'auto-association default fwg patch'.
14:09:39 <SridarK> yushiro: sounds good
14:09:58 <yushiro> OK, let's move next patch.
14:10:00 <yushiro> [1. l2-agent    **2.OVS firewall   3. co-existing]
14:10:13 <yushiro> #link https://review.openstack.org/#/c/447251/54
14:10:46 <yushiro> chandanc, and annp has updated.  Could you tell me some updates?
14:11:01 <yushiro> s/me/us
14:11:33 <annp> regarding to ovs firewall driver patch: i added handling for port no security group in standalone mode of fwg
14:11:37 <chandanc> annp did most of the update on OVS patch, the only change i proposed was to move the sg_enabled detection logic to the agent
14:12:02 <annp> chandanc, yes.
14:12:31 <yushiro> chandanc, annp OK, I see.  Thanks for your update :)
14:12:40 <annp> I also added explicit drop flows for deny and reject rules
14:13:51 <annp> finally, I added generating flow's priority for each fwg rule to respect rule ordering.
14:14:55 <SridarK> annp: so on a FWaaS deny we will drop at this table
14:15:14 <SridarK> and on FWaaS permit - if SG is enabled then we will punt to SG
14:15:43 <annp> SridarK: yes.
14:16:40 <yushiro> annp, In order to transit fwg to sg, we need https://review.openstack.org/#/c/515368/12 ?
14:16:48 <SridarK> annp: on drops there is only one caveat that SG logging will miss it
14:17:24 <annp> yushiro, yes. we need co-existence patch for co-existence mode.
14:17:39 <SridarK> if SG was also enabled once we have SG logging
14:18:24 <annp> SridarK: yes, security group logging will miss drop packets. I think it should be documented in case co-existence
14:18:27 <yushiro> SridarK, ah, yes.
14:18:50 <SridarK> annp: yushiro: yes that is a caveat we can fix with documentation
14:19:13 <SridarK> ok we are on the same page
14:19:23 <chandanc> sorry facing connection issue
14:19:39 <hoangcx_> Or can we add more validation to handle it?
14:19:59 <yushiro> chandanc, NP.  I hope your connection become stable :)
14:20:10 <annp> hoangcx_: what do you mean? validation?
14:20:19 <SridarK> hoangcx_: are u asking on the logging issue ?
14:20:25 <chandanc> thanks yushiro :)
14:20:35 <hoangcx_> Sorry, it will not work. I think documentation is better.
14:20:54 <annp> hoangcx_: +1
14:21:02 <SridarK> if so we want the logging stats to reflect - we will incur a performance penalty too
14:21:08 <SridarK> yes doc is better
14:21:16 <hoangcx_> SridarK: +1
14:21:55 <SridarK> anyways we will support Logging on FWaaS too once SG is done
14:22:02 <yushiro> So, we should implement fwaas logging ASAP :)
14:22:09 <SridarK> :-)
14:22:10 <yushiro> Aha, SridarK +1
14:22:12 <annp> SridarK: yeah. +1
14:22:18 <chandanc> sure
14:23:24 <yushiro> annp, Your co-existing patch is 'PoC'.  I haven't tested this patch yet.  Is it work now?
14:23:38 <annp> yushiro, yes, It work fine now.
14:23:53 <chandanc> yes i could do some tests
14:23:54 <yushiro> annp, If it works correctly, could you remove 'PoC' from commit msg?
14:24:06 <yushiro> chandanc, OK, sounds good.
14:24:08 <annp> Regarding to co-existing patch, chandanc: do you want to update?
14:24:33 <chandanc> annp: i dont think i will be updating it for now
14:24:38 <annp> yushiro, Sure, I will remove that.
14:24:50 <chandanc> will have to wait for feedback
14:25:22 <chandanc> I have update the ppt to the latest implementation
14:25:23 <chandanc> https://docs.google.com/presentation/d/1tRf-JQQiF0v_BdJahDjraxSEgz3c41YGdzHj3ui1C0Q/edit#slide=id.g29cfa03b8a_0_56
14:25:39 <yushiro> 1 feedback for this patch.  Please write releasenote about an effect for logging feature.
14:25:48 <annp> chandanc, I think so too. We are waiting feedback from yushiro, SridarK, xgerman_, ... for that
14:26:01 <yushiro> I'll comment on it.
14:26:06 <yushiro> after this meeting.
14:26:13 <xgerman_> o/
14:26:18 <SridarK> annp: will do
14:26:47 <annp> SridarK, Yushiro, xgerman_:  Thanks :)
14:27:25 <yushiro> OK, Q-2 is only 4 days or ...  We'll do our best.
14:27:46 <yushiro> Anything else for this topic?
14:28:22 <annp> that's all from me
14:28:26 <yushiro> OK, let's move on next topic.
14:28:41 <yushiro> #topic Horizon support
14:29:19 <yushiro> chandanc, Do you know Sarath today?
14:29:55 <yushiro> #link https://bugs.launchpad.net/neutron-fwaas-dashboard
14:30:21 <yushiro> All of bugs or backlog were listed on launchpad now.
14:30:22 <chandanc> not sure about him, he got into some office work
14:30:31 <yushiro> chandanc, OK, thank you.
14:31:12 <SridarK> I think we had a few minor issues and will be good to be ready with L2 support
14:31:46 <xgerman_> yes, I think it was mostly good
14:32:45 <yushiro> Yeah.  I think this is worth to fix it:  'ip_version' doesn't exist in detail firewall rule view' - https://bugs.launchpad.net/neutron-fwaas-dashboard/+bug/1728838
14:32:45 <openstack> Launchpad bug 1728838 in Neutron FWaaS dashboard "'ip_version' doesn't exist in detail firewall rule view" [Undecided,New]
14:33:23 <amotoki> if you need to be a bug supervisor, feel free to request to join a team.
14:33:39 <amotoki> we need to expand the bug team
14:34:45 <yushiro> amotoki, Thanks.
14:34:52 <SridarK> +1
14:35:10 <yushiro> amotoki, you mean $B!H(BNeutron FWaaS dashboard Driver Team$B!I(B team ?
14:35:26 <yushiro> ah, duplicated 'team' :)
14:35:58 <amotoki> some japanese chars are included????
14:36:36 <amotoki> yushiro: yes, neutron-fwaas-dashboard is a separate launchpad project, so it has a separate team.
14:36:58 <amotoki> if you are okay, I can add neutron-bugs team to the neutron-fwaas-dashboard bug team in launchpad
14:37:19 <amotoki> it might be more reasonable solution
14:37:29 <yushiro> Ah, I think it's OK.  How about you, SridarK and xgerman_ ?
14:37:46 <xgerman_> +1
14:37:52 <SridarK> yes i think tht works
14:37:59 <xgerman_> we are part of the community
14:38:12 <amotoki> thanks. I will update it soon
14:38:28 <yushiro> Yes (^_^)v
14:38:50 <amotoki> ah, i noticed a better approach. I can set neutron-bugs team as the bug supervisor of neutron-fwaas-dashboard :)
14:39:11 <amotoki> done
14:39:27 <yushiro> amotoki, Thanks for your quick update
14:39:35 <xgerman_> +1
14:39:50 <SridarK> yes thx amotoki
14:40:21 <yushiro> OK, let's move next topic.
14:40:34 <yushiro> #topic Stadium Compliance
14:40:45 <yushiro> Is reedip here?
14:41:54 <yushiro> OK, maybe today he is off I think.
14:42:38 <yushiro> OK, let's move on next topic.
14:42:49 <yushiro> #topic bugs
14:42:57 <yushiro> #link http://urx2.nu/C7UI
14:44:32 <xgerman_> we need to classify the undecided ones
14:45:24 <yushiro> yes.
14:45:50 <yushiro> I'll check it after this meeting.
14:46:06 <xgerman_> thanks — I can go through them as well
14:46:14 <yushiro> xgerman_, NP :)
14:46:15 <SridarK> lets maybe meet for 30 mins on Mon or Tue and run thru them ?
14:46:27 <xgerman_> ok, works for me
14:46:38 <yushiro> Sure.
14:46:43 <SridarK> We can look thru and decide amongst us quickly
14:46:50 <xgerman_> +1
14:46:54 <yushiro> +1+1
14:47:15 <SridarK> We can meet during yushiro's day time
14:47:28 <SridarK> will make it easier on xgerman_ and myself
14:47:33 <SridarK> as well
14:47:41 <SridarK> will be our evening
14:47:46 <yushiro> Wow, thanks :)  I think it's ok for same time for this meeting.
14:48:03 <yushiro> #topic Open Discussion
14:48:18 <SridarK> doude: i have not got to ur changes yes
14:48:20 <SridarK> *yet
14:48:35 <SridarK> as soon as L2 is done i can start looking
14:48:43 <doude> Hi
14:48:55 <doude> ok I'm waiting lé merge
14:49:02 <doude> s/lé/l2
14:49:03 <SridarK> doude: yes
14:49:10 <yushiro> doude, Hi. since Sydney :)
14:49:19 <doude> I"m in starting blocks
14:49:23 <doude> Hi yushiro
14:49:58 <yushiro> Just an announcement:  PTG will be held in Dublin at Feb.  https://www.openstack.org/ptg/
14:50:55 <yushiro> Also there is Travel Support Program here: https://www.openstack.org/ptg/#tab_travel
14:51:09 <xgerman_> ok, I have plane tickets ;-)
14:51:18 <yushiro> January 4, 2018: Deadline to submit applications for Round One approvals
14:51:24 <xgerman_> k
14:51:30 <yushiro> January 25, 2018: Deadline to submit applications for Round Two approvals
14:52:08 <yushiro> I strongly hope to meet members in Dublin :)  Of course, I'll register TSP!
14:52:08 <SridarK> i am not sure yet
14:52:32 <doude> not sure yet also
14:53:05 <yushiro> haha,  me too :)  I'll try it.
14:55:05 <yushiro> Q-2 is Dec 04 - Dec 08.
14:56:02 <yushiro> FWaaS team can help each other and I believe we can do it :)
14:56:07 <xgerman_> yeah, we *really* need to get L2 in by then
14:56:24 <yushiro> +1
14:56:44 <SridarK> +1
14:56:56 <xgerman_> yushiro do you recall if we ever officially release the V2 API?
14:58:40 <yushiro> xgerman_, let me see.. I think no need to do that because we don't change V2 API.
14:58:57 <xgerman_> I want to change V2 ;-)
14:59:07 <xgerman_> I am adding remote fwg
14:59:16 <hoangcx_> with remote fgw?
14:59:22 <xgerman_> yes
14:59:32 <yushiro> Ah, like SG 'remote_group_id'.
14:59:40 <xgerman_> yep, was in our spec
14:59:56 <xgerman_> now I am wondering if I need an Extension or not
15:00:04 <xgerman_> if we never released Not…
15:01:03 <yushiro> I think it's OK to add with reno.
15:01:10 <yushiro> Oh, it's over time :)
15:01:13 <yushiro> #endmeeting