18:30:44 #startmeeting Networking FWaaS 18:30:45 Meeting started Wed Feb 4 18:30:44 2015 UTC and is due to finish in 60 minutes. The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:30:46 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:30:49 SridarK, pc_m, badveli, hi 18:30:50 The meeting name has been set to 'networking_fwaas' 18:30:59 hello viswantah 18:31:03 vishwanathj: hi 18:31:03 #info metting agenda https://wiki.openstack.org/wiki/Meetings/FWaaS#Agenda_for_Next_Meeting 18:31:07 #info Kilo-2 is Feb 5th 18:31:11 that is tomorrow 18:31:12 hi all 18:31:31 any other pieces of information worth sharing? 18:32:54 #topic Bugs 18:33:23 SumitNaiksatam: nothing new that needs attention 18:33:41 SridarK: yeah, my observation as well 18:33:52 there were a few issues which cropped up during the week 18:34:06 thankfully folks jumped in and patches are passing the gate 18:34:29 * jumped in with a fix 18:34:42 SumitNaiksatam: :-) 18:34:49 :-) 18:34:57 badveli: anything to report on the bugs assigned to you? 18:35:09 sumit looked like some other modules implemented the connection track 18:35:20 i saw some review 18:35:28 good, can you post the review? 18:35:42 review link 18:36:14 trying to check now, i saw it when i was checking all the open reviews 18:36:25 i will send the link to the team 18:37:34 badveli: thanks 18:37:39 #topic Docs 18:38:03 it seems that there are some doc bugs for the freescale fwaas plugin 18:38:32 other than that i dont see anything new 18:38:41 SridarK: did you notice anything? 18:38:48 SumitNaiksatam: nothing else 18:38:58 SridarK: okay good 18:39:31 SumitNaiksatam: i will check with swami if there is anything pending on the dvr changes - i think it is done 18:39:39 SridarK: thanks 18:39:48 SumitNaiksatam: np at all 18:40:14 so just FYI for everyone - the freescale patch author added the DocImpact flag to his review 18:40:20 that generated a bug like this: 18:40:26 #link https://bugs.launchpad.net/openstack-manuals/+bug/1417237 18:40:55 and that can be followed up witha documentation patch 18:41:00 SumitNaiksatam: thanks - good to know this 18:41:45 yeah, since we have quite a few vendor patches in review 18:42:02 and i would imagine that might need to be documented 18:42:17 although things keep changing with regards to the vendor documentation 18:42:45 and i am not sure that exactly what is the latest on that (in terms of incorporating vendor docs in the main docs) 18:42:53 but just keep an eye on this 18:42:57 okay moving one 18:43:00 *on 18:43:14 #topic Firewall Insertion 18:43:23 SridarK: thanks for the WIP patch 18:43:31 Basic skeleton 18:43:41 #link https://review.openstack.org/#/c/134896/ 18:43:58 sorry 18:44:01 wrong link 18:44:04 #link https://review.openstack.org/152697 18:44:26 i suspect that this is now target for kilo-3 18:44:39 SumitNaiksatam: yes we should be good 18:44:47 basic extension and db changes 18:44:52 so we will have to really push to ge this in at the front end of k-3 18:45:04 SumitNaiksatam: yes for sure 18:45:11 Trying to keep a separation between the extension & db code for existing fwaas and the insertion work now. 18:45:13 since we might need to refactor the vendor plugins/drivers 18:45:40 Trying to keep that in mind for sure and see how we can minimize impact 18:45:43 i guess the good thing is that the firewall extension have moved to the neutron-fwaas repo 18:45:48 SridarK: thanks 18:45:53 yes that was good 18:46:04 so we dont have to do the multi-repo acrobatics 18:46:15 SumitNaiksatam: surely is a blessing 18:46:19 Sumit i did not really follow this 18:46:36 could you please explain 18:46:40 given that I think we should go full steam ahead and try to get this wrapped up 18:46:46 yes 18:46:48 badveli: sorry, which part? 18:46:58 badveli: few mins pls 18:47:30 SridarK: go ahead 18:47:40 one thought is that keeping the new extension and db as a separate entity will enable other plugins to pick up the the basic FW resource, policies, rules etc and if needed adopt the router insertion extension. If they need a different insertion strategy they can still use the fwaas extension (and db) and use a different extension / db implementation for their own insertion model. IMHO, keeping this separation will enabl 18:47:49 anyone have a chance to look at SridarK’s patch? 18:48:07 nope 18:48:15 also this can help minimize impacts to other plugins 18:49:08 SumitNaiksatam: i think this will keep things clean in terms of the insertion have some separation 18:49:45 Anyways just trying to get some rationale out there - we can always discuss more offline or in the review 18:49:52 SridarK: by keeping the extension and db separate, you mean using attribute extension (instead of, say, adding the router attribute to the firewall resource)? 18:50:01 SumitNaiksatam: yes 18:50:25 SumitNaiksatam: and also the db for these parts as a separate table 18:50:55 SumitNaiksatam: i want to avoid polluting the existing firewall db code as much as possible 18:51:06 SridarK: the db can still be a separate table (and I think it will need to be regardless of how you decided to extend the resource definition) 18:51:23 SumitNaiksatam: the plugin will include the existing fwaas extension and this new rtrinsertion extension 18:51:30 SridarK: since its a 1:n relationship 18:51:36 SumitNaiksatam: we will keep the logic in the plugin 18:51:47 SumitNaiksatam: yes u are correct 18:52:14 SumitNaiksatam: i want other plugins to inherit from the existing firewall db class 18:52:28 SumitNaiksatam: irrespective of the insertion strategy 18:52:30 SridarK: i think the choice will be between adding the “router_ids” as an optional attribute to the firewall resource, or using the attribute extension 18:52:51 SumitNaiksatam: yes the latter 18:53:13 SridarK: sorry i forget, but did we state an explicit design decision in our spec? 18:53:15 so it is not in the firewall resource as such 18:53:35 if we did then, we are just executing on that design 18:53:39 SumitNaiksatam: i think i did state both as possible options 18:54:12 SridarK: ah ok 18:54:26 other folks in the team please chime in 18:54:37 SumitNaiksatam: sorry my inability to communicate very effectively on irc :-) 18:55:42 SumitNaiksatam: if a plugin does not want the router insertion and just the fwaas extension for the fw resource - want it make it easy for them to do that 18:55:59 SridarK: i think you are very articulate, certainly more than me! :-) 18:56:06 SumitNaiksatam: :-) 18:56:14 SridarK: i very much agree with that intent 18:56:19 I might need to revisit the spec again to be an effective contributor 18:56:30 vishwanathj: sure, please do :-) 18:56:33 SumitNaiksatam: perhaps i can also follow up with a email to the fwaas folks 18:56:40 SridarK: sure 18:56:42 vishwanathj: no worries - 18:56:59 thats all from me 18:57:11 badveli: sorry - did not want to lose my train of thought 18:57:34 no problem 18:57:58 as things are changing i am a bit not sure which way we are going 18:58:00 badveli: thanks for waiting 18:58:08 badveli: i think if u look at the email from SumitNaiksatam on patch from Doug u should get a good idea 18:58:28 badveli: can you be more specific on what “things” and which “way” you are referring to? 18:58:52 badveli: apologies upfront if i might have confused you 18:59:20 about the extension part 18:59:26 no problem since this is chaning 19:00:21 my question is if i need to get the patch for service objects should i follow it/ should i wait for sridark patch 19:00:41 badveli: no u are not dependent on my patch 19:01:05 right, they are not related, at least to the extent i know 19:01:51 thanks sridar, sumit. So now we can move the extension part to the fwaas repo, correct? 19:02:38 badveli: its already moved 19:02:52 that was my email informing the team that it had moved 19:03:04 the existing fwaas extension definition 19:03:31 badveli: i am still pretty fuzzy on how you are planning to implement your extension 19:03:35 thanks sumit, so i can start working my patch 19:04:14 badveli: if its not fwaas-specific, then the extension definition should not be in the neutron-fwaas repo 19:04:32 the extensions we are discussing here are not fwaas-specific 19:04:55 sorry i meant - they *are* fwaas specific 19:05:50 my problem would be if did not have the extension over fwaas, it would be tough to implement the reference impl 19:06:02 SumitNaiksatam: i guess badveli will need to push a patch to neutron for the extensions 19:06:04 badveli: okay 19:06:33 yes sridar, sumit. looks like i need to push the a patch for neutron 19:06:34 SridarK: yeah, i meant to say, it depends on what is stated in the approved blueprint 19:06:46 as the reviewers wanted it to be generic 19:07:15 but would it make the reference implementation 19:07:46 the fwaas usage not so easy? 19:08:27 badveli: my thinking was that we had discussed these issues at design time (while proposing the spec) 19:08:45 badveli: perhaps good idea to check with Yi 19:08:56 badveli: i think it should be ok - u can still implement the reference in fwaas - u will just need to manage 2 patches 19:09:32 thanks sumit, sridark, yes we have discussed in getting two patches 19:10:11 ultimately we want to get the code in 19:11:09 badveli: yeah 19:11:23 okay anyone have any questions for badveli on this? 19:11:48 thanks sumit, as long as we are in agree 19:12:16 I am good 19:12:25 badveli: thanks for the update 19:12:38 thanks sumit 19:12:57 #topic Service Objects 19:13:01 service objects was a separate agenda item, but we munged it with the earlier topic 19:13:26 just added the topic for anyone going through the logs 19:13:34 thanks sumit, let me start working on the patches 19:13:45 badveli: great 19:13:46 #topic FWaaS L3 agent refactoring/restructuring 19:13:54 pc_m: hi 19:13:58 SumitNaiksatam: hi 19:14:01 anything to discuss today on this? 19:14:06 nothing on this front. 19:14:12 pc_m: ah okay 19:14:26 SumitNaiksatam: Waiting for FW insertion to complete first. 19:14:30 pc_m: and again, many thanks for your continued patience 19:14:47 SumitNaiksatam: np. I've got enough other balls to juggle. 19:14:51 :) 19:14:55 pc_m: _;_ 19:14:58 :-) 19:15:07 #topic FWaaS gate jobs 19:15:11 pc_m: since you are around 19:15:28 pc_m: you had taken an AI for yourself to send us some pointers 19:15:32 ;-) 19:15:40 SumitNaiksatam: Yes... here you go... https://wiki.openstack.org/wiki/Neutron/FunctionalGateSetup 19:16:05 ah sweet! 19:16:10 SumitNaiksatam: Please let me know if you have any issues in following the steps (feel free to make corrections). 19:16:24 pc_m: this is great info for everyone 19:16:35 For VPN, I have a commit out for review to make the check queue non-voting. 19:16:48 pc_m: can you share the link to that review? 19:17:00 Once approved, and we use it for a bit, I'll do the last piece to make it voting. 19:17:05 pc_m: this is great 19:17:23 #link https://review.openstack.org/#/c/152602/ 19:17:27 pc_m: thanks 19:17:49 i think the timing is good to this since the extension definition has moved 19:17:54 In the instructions, I put all the VPN review #s so you can see the actual diffs for VPN through the steps/ 19:18:06 I'm going to send this out on the ML today. 19:18:38 pc_m: sweet! 19:18:45 i will go through it 19:19:08 SumitNaiksatam: Nikolay was working on the FWaaS Scenario tests - i have asked him if will be able to continue thru this and if so we can get some these tests in 19:20:11 SumitNaiksatam: You'll likely want to get the experimental queue going, and the gate hooks, and then people can do commits with functional tests. 19:20:31 pc_m: definitely 19:20:35 SridarK: that is awesome 19:20:47 SridarK: can you add me to the conversations as well? 19:20:56 SumitNaiksatam: yes will do 19:21:04 SridarK: thanks 19:21:12 For VPN, we had people hold off on committing functional test modules, until we got that in place. 19:21:27 pc_m: that sounds logical 19:21:51 pc_m: again thanks a bunch for documenting this 19:22:04 Otherwise, you get functional modules upstreamed, and then when the tests are working, there are failures to deal with. 19:22:06 np 19:22:08 lots of people have done this in the past, you took the trouble of documenting it so others can use 19:22:16 +1 19:22:18 in true spirit of community work! 19:22:53 thanks. 19:22:55 pc_m: this is like a book for "defense against the dark arts" :-) 19:23:09 :) 19:23:10 SridarK: lol 19:23:23 didnt i say you were very articulate! ;-P 19:23:25 there is some deep magic in those parts 19:23:30 :-) 19:23:31 we have only few mins left and need to cover vendor drivers 19:23:38 #topic Vendor Plugins/drivers 19:23:46 the freescale plugin was merged, yay! 19:23:51 +1 19:23:54 yes finally 19:24:11 kudos to trinath for his persistence 19:24:14 kudos to the author for his pereseverance 19:24:19 :-) 19:24:28 vishwanathj: on to your patch 19:24:38 the last i checked it had comments from SridarK 19:24:43 are those addressed? 19:24:59 I have addressed comments from SridarK and pc_m 19:25:18 vishwanathj: yes thanks 19:25:30 +1 19:25:36 vishwanathj: i think we are good 19:25:48 oh, trinath put a -1 19:25:49 Trinath also commented early this morning, he is asking to upload README that has link to WIKI page and CI contacts....is that a hard requirement 19:25:49 hmmm 19:25:59 vishwanathj: no 19:26:03 vishwanathj: but do it 19:26:13 vishwanathj: yes he got pulled for that 19:26:16 vishwanathj: i mean your call 19:26:20 its not a hard requirement 19:26:24 vishwanathj: so good to do it i think 19:26:51 I dont have a WIKI page yet, what are the CI contact requirements...completely new to this 19:26:58 vishwanathj: let us know when you do, and we can hopefully proceed quickly from there 19:27:17 vishwanathj: wiki page is a 2 min job, so should not be an issue 19:27:28 vishwanathj: you can update the wiki page independently 19:27:30 SumitNaiksatam, pc_m, SridarK, will let you guys know once I upload a new patch set to get your votes 19:27:37 ok 19:27:38 roger 19:27:43 vishwanathj: u put ur email id or better yet some other colleague in ur company who will get spammed if ur CI job goes down 19:27:47 :-) 19:27:51 :) 19:27:56 for the CI contact requirements i believe you would already have a brocade contact, no? 19:28:21 vishwanathj: see this - #link https://review.openstack.org/#/c/152229/ 19:28:24 fyi 19:28:28 I will check with natarajk, he was the contact earlier, maybe will keep as the contact :) 19:28:38 :-) 19:28:45 check if that file has a brocade contact that can deal with your fwaas plugin 19:29:05 SumitNaiksatam, thanks for the link, ok 19:29:26 there are two other vendor drivers: 19:29:28 SridarK, pc_m, SumitNaiksatam, appreciate your earlier reviews 19:29:37 SumitNaiksatam: yes first patch is up 19:29:38 mcafee: #link https://review.openstack.org/152093 19:29:49 cisco: #link https://review.openstack.org/152282 19:30:00 need to refactor for vendor repo and there will be one more on agent/driver 19:30:04 SumitNaiksatam, can brocade fwaas still make Kilo-2 by tomorrow 19:30:39 vishwanathj: my earlier wish - “we can hopefully proceed quickly from there” 19:30:48 ok 19:30:54 regarding to mcafee, we're respining the patch and working on CI system. 19:31:13 yamahata: great, thanks for joining, are you the point of contact for this? 19:31:28 Yes. 19:31:28 yamahata, hi 19:31:35 vishwanathj: hi. 19:31:36 yamahata: i see a differenent author on the patch 19:31:42 okay anyway 19:31:51 Yalei is also contact, but he's located in China. 19:31:57 It's midnight now in China. 19:32:00 yamahata: and you are now in the bay area? 19:32:18 SumitNaiksatam: Yeah at last. 19:32:22 ok good! :-) 19:32:34 oh, we are two mins over 19:32:39 #topic Open Discussion 19:32:43 i have updated the FWaaS wiki with links to most of the patches 19:32:43 anything that we missed? 19:32:47 #link https://wiki.openstack.org/wiki/Neutron/FWaaS/KiloPlan 19:32:50 SridarK: cool! 19:33:01 pls check if i have messed up someone's patch id etc 19:33:08 SridarK: you will need to maintain it now :-) 19:33:09 yamahata: i will add intel as well 19:33:15 SumitNaiksatam: :-) 19:33:27 no worries 19:33:51 and please note, that every feature has all the associated componentst that need to be completed 19:34:01 like docs, tempest tests, CLI, horizon, etc 19:34:07 as captured in the table on the wiki 19:34:28 and, we as a team, need to plan to cover all those aspects 19:34:36 anything else anyone wants to add? 19:34:36 +1 19:34:52 not just this, but in general? 19:34:59 agreed 19:35:07 SumitNaiksatam: i am good 19:35:12 vishwanathj: thanks for posting the sequence diagrams 19:35:27 will add more as I go along 19:35:33 vishwanathj: that is a great community contribution! 19:35:40 from a fwaas perspective 19:35:40 +1 19:35:46 okay thanks all for joining, sorry for going over 19:35:51 bye! 19:35:54 it was a win win situation 19:35:57 bye all thanks 19:35:57 bye 19:36:00 bye 19:36:02 bye! 19:36:04 #endmeeeting 19:36:16 vishwanathj: absolutely, glad you see it that way 19:36:45 bye 19:36:51 thanks 22:00:21 alaski: Error: Can't start another meeting, one is in progress. Use #endmeeting first. 22:00:50 fail 22:00:58 SumitNaiksatam: can you #endmeeting please? 22:01:33 well, I guess we go off the record then 22:01:40 Anyone here for the cells meeting? 22:01:48 hi 22:02:18 o/ 22:02:29 small crowd today, but that's alright 22:02:42 topic: Test failure 22:03:01 There have been some intermittent test failures in the tempest job 22:03:16 I spent some time trying to repro locally, but I'm not seeing them 22:03:20 did we start the meetbot 22:03:39 melwitt: the last meeting didn't end properly :( 22:03:44 #endmeeting