#openstack-meeting-3 log

18:30:45 <SumitNaiksatam> #startmeeting Networking FWaaS
18:30:46 <openstack> Meeting started Wed Feb 18 18:30:45 2015 UTC and is due to finish in 60 minutes.  The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:30:48 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:30:50 <openstack> The meeting name has been set to 'networking_fwaas'
18:30:55 <SridarK> SumitNaiksatam: , vishwanathj badveli hi
18:31:03 <SumitNaiksatam> #info metting agenda https://wiki.openstack.org/wiki/Meetings/FWaaS#Agenda_for_Next_Meeting
18:31:07 <vishwanathj> SridarK, badveli, Hi
18:31:48 <SumitNaiksatam> #info we are in Kilo-3 (last milestone to get features merged)
18:32:05 <badveli> hello all
18:32:35 <SumitNaiksatam> #info kilo-3 is March 19th
18:33:01 <SumitNaiksatam> anything else anyone wants to share?
18:33:08 <vishwanathj> SumitNaiksatam, I thought it was March 5th, maybe I mistaken
18:33:30 <SumitNaiksatam> vishwanathj: you might as well treat it as March 5th ;-)
18:33:49 <SridarK> :-)
18:34:14 <vishwanathj> :)
18:34:25 <SumitNaiksatam> patches have to posted by march 5th
18:34:35 <vishwanathj> oh, I see
18:34:45 <SumitNaiksatam> and merged by march 19th (barring exceptions)
18:35:12 <SumitNaiksatam> #topic Bugs
18:36:10 <SumitNaiksatam> i just noticed this: #lik https://bugs.launchpad.net/neutron/+bug/1418196
18:36:11 <openstack> Launchpad bug 1418196 in neutron "fwaas: driver base class is stale" [Undecided,In progress] - Assigned to yalei wang (yalei-wang)
18:36:57 <SumitNaiksatam> and i think there is a patch: #link https://review.openstack.org/#/c/153930/
18:37:32 <SridarK> SumitNaiksatam: hmm - i saw the bug
18:37:39 <SridarK> SumitNaiksatam: but missed the review
18:37:52 <SridarK> SumitNaiksatam: i am not sure we need to do this
18:38:00 <SridarK> SumitNaiksatam: i will comment
18:38:03 <SumitNaiksatam> SridarK: okay
18:38:33 <SumitNaiksatam> there is a new doc bug: #link https://bugs.launchpad.net/openstack-manuals/+bug/1419498
18:38:35 <openstack> Launchpad bug 1419498 in openstack-manuals "Networking services in OpenStack Security Guide - FWaaS Section Updates" [Undecided,New]
18:39:19 <SumitNaiksatam> any takers?
18:39:29 <vishwanathj> I can take it
18:39:51 <SumitNaiksatam> vishwanathj: thanks!
18:40:05 <vishwanathj> Should I assign it to myself or are you going to assign it?
18:40:21 <SumitNaiksatam> vishwanathj: yes sure
18:40:33 <SumitNaiksatam> vishwanathj: i think you should be able to assign it
18:40:47 <SumitNaiksatam> SridarK: badveli: I dont see any other high priority issues
18:40:50 <vishwanathj> SumitNaiksatam, I was able to, thanks
18:41:05 <SridarK> SumitNaiksatam: yes - there was another review u pointed me to
18:41:08 <SumitNaiksatam> vishwanathj: great
18:41:21 <SridarK> #link https://review.openstack.org/#/c/147396/
18:41:25 <SumitNaiksatam> SridarK: yeah, i have not been able to get back to that either
18:42:01 <SridarK> SumitNaiksatam: i commented on that, i am okay with that - waiting for Jenkins issues to get fixed
18:42:26 <SridarK> SumitNaiksatam: i requested some additional validation which the author has added
18:42:52 <SumitNaiksatam> SridarK: right, seems to be failing UTs
18:43:07 <SridarK> SumitNaiksatam: yes also had some pep8
18:43:10 <SridarK> earlier
18:43:21 <SumitNaiksatam> SridarK: true
18:43:37 <SumitNaiksatam> lets wait for it to pass Jenkins
18:43:44 <badveli> yes i am not able to check any other bugs
18:43:44 <SridarK> SumitNaiksatam: when i have a bit more cycles will work with him too
18:44:13 <SumitNaiksatam> i believe the author’s claim is that its not breaking the cases we had mentioned
18:44:43 <SumitNaiksatam> there is this general packaging bug: #link https://bugs.launchpad.net/neutron/+bug/1422376
18:44:44 <openstack> Launchpad bug 1422376 in neutron "enable package test suites: dependency on generated egg from git.openstack.org" [Undecided,Incomplete]
18:44:52 <SumitNaiksatam> and there was some discussion in the ML around it
18:45:02 <SumitNaiksatam> i think at this point we are not changing anything
18:45:55 <SumitNaiksatam> anything else in terms of bugs?
18:46:12 <SridarK> SumitNaiksatam: none that i am aware of
18:46:19 <SumitNaiksatam> SridarK: okay, thanks
18:46:30 <SridarK> np at all
18:46:33 <SumitNaiksatam> #topic Firewall Insertion
18:46:41 <SumitNaiksatam> #link https://review.openstack.org/152697
18:46:45 <SumitNaiksatam> SridarK: over to you
18:46:51 <SridarK> SumitNaiksatam: thx
18:47:01 <SridarK> Some basic things begin to work
18:47:12 <SridarK> I am able to do an end to end test with a single router insertion for CRUD. Update is a bit more tricky now as we need to selectively delete or add FW to specific routers. Some cleanup to push patch up.
18:47:42 <SridarK> I am doing testing with a single router insert, update, delete
18:47:45 <SumitNaiksatam> #chairs SridarK vishwanathj badveli
18:47:55 <SumitNaiksatam> #chair
18:47:56 <openstack> Current chairs: SumitNaiksatam
18:48:09 <SumitNaiksatam> #chair SridarK vishwanathj badveli
18:48:10 <openstack> Current chairs: SridarK SumitNaiksatam badveli vishwanathj
18:48:22 <SumitNaiksatam> sorry, anticipating network issues
18:48:23 <SridarK> thus far i have these things working
18:48:30 <SridarK> ok i figured
18:48:42 <SridarK> What remains is to support list of routers on the db side for the access methods.  And UT. And i am sure small things here and there.
18:48:54 <SumitNaiksatam> SridarK: nice
18:48:59 <vishwanathj> SumitNaiksatam, what does that mean?  Current chairs? pardon my ignorance
18:49:13 <SumitNaiksatam> vishwanathj: in case i drop off, you can close the meeting
18:49:21 <vishwanathj> got it, thanks
18:49:27 <SumitNaiksatam> SridarK: sorry for the distraction
18:49:30 <SridarK> SumitNaiksatam: i have hacks all over the place - want to clean that out and push a patch up
18:49:31 <SridarK> np
18:49:46 <SumitNaiksatam> SridarK: okay, i noticed some comments from other cores
18:49:48 <SridarK> hacks - meaning more debug logs
18:50:54 <SumitNaiksatam> SridarK: okay
18:50:59 <SridarK> SumitNaiksatam: yes on the tempest front, Nikolay will be working on that
18:51:27 <SridarK> i wanted to touch base with pc_m before but today has been mtg day from early am
18:51:34 <SumitNaiksatam> SridarK: awesome, i noticed his patch was abandoned
18:51:48 <SridarK> we can cover the agent refactor here
18:51:59 <SridarK> SumitNaiksatam: yes he will pick this
18:52:03 <pc_m> SridarK: We can chat later, jsut ping me
18:52:20 <SumitNaiksatam> pc_m: thanks
18:52:20 <SridarK> SumitNaiksatam: perhaps some synchronization has to happen with api tests
18:52:32 <SumitNaiksatam> SridarK: can you request him to update: #link https://wiki.openstack.org/wiki/Neutron/FWaaS/KiloPlan as well?
18:52:45 <SridarK> SumitNaiksatam: i think i added him
18:52:59 <SridarK> pc_m: sure
18:53:03 <SumitNaiksatam> SridarK: yeah, i meant gerrit patch
18:53:11 <SridarK> SumitNaiksatam: ok will do
18:53:12 <SumitNaiksatam> reference
18:54:00 <SumitNaiksatam> SridarK: any blocking issues?
18:54:12 <SridarK> SumitNaiksatam: nothing now
18:54:24 <SridarK> SumitNaiksatam: more neurons will help ;-)
18:54:24 <SumitNaiksatam> SridarK: nice
18:54:29 <SumitNaiksatam> SridarK: :-)
18:54:49 <SumitNaiksatam> in my case, its - some neurons will help
18:54:49 <SridarK> Lets discuss a bit on the L3 agent refactor implications
18:54:50 <vishwanathj> SridarK, let me know if there is any way that I can help or contribute to your efforts
18:54:55 <SridarK> :-)
18:55:06 <SridarK> thx vishwanathj
18:55:25 <SridarK> i will discuss more with pc_m also
18:55:26 <SumitNaiksatam> #topic FWaaS L3 agent refactoring/restructuring
18:55:31 <SumitNaiksatam> SridarK: go ahead
18:55:33 <SridarK> ok
18:56:01 <SridarK> so with the new model since router insert and del is driven from the plugin
18:56:12 <SridarK> it simplifies the agent side as we had discussed
18:56:36 <SridarK> so router add/del notification may not be needed on the agent
18:56:47 <SridarK> the plugin can take care of that side
18:56:58 <SridarK> not sure if we want to put a FK constraint
18:57:11 <SridarK> but that will kind of happen on the plugin
18:57:27 <SridarK> the other thing on i/f add/del
18:57:40 <SridarK> since we install the rules on qr*
18:57:53 <SridarK> we may not need to worry about this
18:58:07 <SridarK> this is my current thought
18:58:21 <SridarK> by saying "we need not have to worry"
18:58:30 <SridarK> i have probab jinxed it already :-)
18:58:36 <SumitNaiksatam> SridarK: :-)
18:58:45 <SridarK> sorry too much typing
18:58:57 <SridarK> will discuss this more with pc_m
18:59:05 <SumitNaiksatam> okay so on the FK, this will be on router?
18:59:17 <SridarK> and also once i update the patch it will become easier for folks to see
18:59:27 <SridarK> SumitNaiksatam: i am thinking if we need to do that
18:59:28 <SridarK> yes
18:59:47 <SumitNaiksatam> SridarK: i am thinking it might be better to avoid FK constraints
19:00:08 <SridarK> SumitNaiksatam: yes exactly what i started typing
19:00:09 <SumitNaiksatam> SridarK: since they are not always supported across DBs
19:00:31 <SridarK> SumitNaiksatam: and if a router is deleted then the fw for that is gone
19:00:44 <SridarK> other routers should still have the fw
19:00:59 <SridarK> SumitNaiksatam: and this should work automatically
19:01:25 <SridarK> SumitNaiksatam: thats all i had
19:01:31 <SumitNaiksatam> SridarK: okay, to the extent we can lets implement those constraints in the code
19:01:46 <SridarK> SumitNaiksatam: ok
19:01:59 <badveli> Sridark, i am not able to follow you, could you please help what are we doing
19:02:36 <SridarK> badveli: sure this is with router insertion and l3 agent refactor implications
19:03:10 <SridarK> badveli: with the router insertion model we are changing the fundamental behavior in the agent
19:03:28 <SridarK> badveli: the agent no longer tries to determine the routers on a tenant
19:03:40 <SridarK> badveli: the plugin tells the agent
19:03:58 <SridarK> this becomes part of the fw dict we send from the plugin to the agent
19:04:20 <SridarK> badveli: so we can remove some of that old code
19:04:34 <badveli> thanks sridark, ok the plugin directly sends the fw dict
19:04:36 <badveli> thanks
19:05:00 <SridarK> badveli: yes as before, but now it also send the routers the fw is to be inserted on
19:05:51 <SridarK> badveli: pls ping me if u other questions
19:05:57 <SridarK> *have
19:05:59 <pc_m> With the refactoring... before the device drivers were talking directly to the agent (to get router info)
19:06:17 <pc_m> If you no longer have that need, then may not have refactoring to do.
19:06:32 <pc_m> (need to get router info from device driver)
19:06:41 <SridarK> pc_m: no change on the agent - device driver interface
19:07:04 <SridarK> the agent will still call into the device driver (iptables) with the router list
19:07:31 <SridarK> pc_m: the changes are confined to the agent and the agent - plugin interaction
19:07:45 <pc_m> SridarK: Will device driver need to access the router (calling back to the agent to get router info)?
19:08:08 <SridarK> pc_m: no the device driver is given the router
19:08:22 <badveli> sridark, the agent will not longer be able to access the router info?
19:09:05 <SridarK> badveli: it will get the router-id - using the router-id it gets the ri list
19:09:20 <SridarK> no change there either
19:09:56 <SridarK> the only change is the agent used to get the list of all routers on the tenant
19:10:01 <SumitNaiksatam> SridarK: pc_m: accessing the router info works the same way as before (after the l3 agent refactor)?
19:10:17 <badveli> ok, this change is needed only to update where is the firewall applied, correct?
19:10:19 <SridarK> the plugin did not provide this before now it does
19:10:40 <SridarK> badveli: yes
19:10:57 <SridarK> SumitNaiksatam: yes i believe so
19:11:17 <SridarK> as we are in the inheritance hierarchy
19:11:22 <SridarK> we can access router-info
19:11:28 <SridarK> no change there
19:11:54 <pc_m> SridarK: We can chat off-line to see if there is any refactoring needed for FWaaS. For VPN we needed to break the coupling between driver and agent.
19:12:05 <SridarK> pc_m: yes lets do that
19:13:01 <SridarK> SumitNaiksatam: i think that all i had
19:13:16 <SumitNaiksatam> pc_m: SridarK: it might be good to get the summary of that conversation for the rest of the team
19:13:26 <SridarK> SumitNaiksatam: yes i will do that
19:14:00 <SumitNaiksatam> perhaps an email summary will be good (i think there is some concern here with some of the vendor drivers which are currently leveraging this interaction)
19:14:39 <SumitNaiksatam> also general comment - i am pretty lonely on #openstack-fwaas
19:14:51 <SumitNaiksatam> so might be a good place to have offline conversations ;-)
19:14:58 <SridarK> SumitNaiksatam: yes on the vendor implications
19:15:00 <vishwanathj> SumitNaiksatam, I did visit you there once :)
19:15:01 <SridarK> SumitNaiksatam: :-)
19:15:33 <SumitNaiksatam> vishwanathj: SridarK: ;-)
19:15:40 <SumitNaiksatam> SridarK: thanks much for those two updates
19:15:48 <SridarK> SumitNaiksatam: some rewiring is needed to get to the IRC :-)
19:16:14 <SridarK> SumitNaiksatam: i never ever thought i would ever do anything on a db in my previous life :-)
19:16:23 <SridarK> so i can also hang out on IRC
19:16:25 <SridarK> :-)
19:16:30 <SumitNaiksatam> SridarK: totally understand, i was just joking, please feel free to communicate in whichever is convenient and most effective!
19:16:37 <SumitNaiksatam> SridarK: :-)
19:16:37 <SridarK> :0)
19:17:07 <SumitNaiksatam> #topic Service Objects
19:17:14 <SumitNaiksatam> badveli: over to you
19:17:37 <badveli> yes sumit
19:18:19 <badveli> not yet uploaded the patch, at least i will try to upload the neutron patch
19:18:25 <SumitNaiksatam> badveli: okay
19:19:31 <badveli> should it be accompanied by neutron client patch also?
19:19:46 <badveli> python neutron client patch?
19:20:21 <SumitNaiksatam> badveli: ideally yes
19:20:37 <SumitNaiksatam> badveli: but “accompanied” is pretty subjective
19:21:02 <SumitNaiksatam> i believe it should be posted in a reasonable frame of time so as to allow reviewers an easy way to test
19:21:18 <badveli> ok, thanks sumit
19:22:27 <SumitNaiksatam> badveli: thanks for the update
19:22:28 <badveli> hopefully still my old patches
19:22:29 <SridarK> badveli: so we will have one for neutron (extensions), one for fwaas (backend) and cli
19:22:38 <badveli> yes sumit
19:22:51 <badveli> but planning to start on extensions first
19:22:59 <SumitNaiksatam> #topic FWaaS gate jobs
19:23:26 <SumitNaiksatam> pc_m: fwaas team owes you another big one for getting this enabled
19:23:36 <vishwanathj> +1
19:23:46 <SridarK> +1
19:24:34 <badveli> thanks pcm
19:24:39 <pc_m> np guys!
19:24:40 <SridarK> I will need some guidance on patches with api changes and interaction with gate jobs
19:25:03 <SridarK> i see a chicken and egg type of problem unless i am missing something
19:25:25 <SridarK> SumitNaiksatam: pc_m: i will ping u guys later on this
19:25:46 <SumitNaiksatam> SridarK: sure
19:26:03 <pc_m> sure
19:26:07 <SumitNaiksatam> SridarK: you anticipate tempest tests breaking?
19:26:24 <SridarK> SumitNaiksatam: yes, as we now provide router ids
19:26:36 <SridarK> SumitNaiksatam: or rather have to provide router-ids
19:26:48 <SridarK> earlier was not needed
19:27:03 <SridarK> so on the old test we will be in PENDING_CREATE
19:27:41 <SridarK> we can talk later - as we are running out of time
19:27:43 <SumitNaiksatam> SridarK: okay
19:27:55 <SumitNaiksatam> #topic Open Discussion
19:28:04 <SumitNaiksatam> Anything else we missed today?
19:28:10 <SumitNaiksatam> we have 2 mins
19:28:58 <SumitNaiksatam> the proposed talks for the Vancouver summit are now public
19:29:17 <vishwanathj> Well, the Intel McAfee FWaaS patch needs to be reviewed once they upload a new patch which passes all jenkins test
19:29:22 <SumitNaiksatam> pc_m: and me along with doug have proposed a talk on *aaS
19:29:30 <SumitNaiksatam> vishwanathj: yes
19:29:32 <vishwanathj> cool
19:30:06 <SridarK> SumitNaiksatam: on the cisco patch we are sorting out our vendor repo implications
19:30:24 <SumitNaiksatam> SridarK: okay
19:30:34 <SumitNaiksatam> fyi on the talk - #link https://www.openstack.org/vote-paris/presentation/neutron-mitosis-and-the-l7-services-roadmaps
19:31:09 <SumitNaiksatam> please let the team know if there are any other related talks so that we can express our interest accordingly
19:31:14 <SumitNaiksatam> we are out of time
19:31:18 <SumitNaiksatam> thanks all!
19:31:22 <vishwanathj> bye
19:31:22 <SumitNaiksatam> bye
19:31:23 <SridarK> thanks all
19:31:26 <SridarK> bye
19:31:28 <SumitNaiksatam> #endmeeting