00:00:28 #startmeeting networking-fwaas 00:00:29 Meeting started Thu Jan 21 00:00:28 2016 UTC and is due to finish in 60 minutes. The chair is xgerman. Information about MeetBot at http://wiki.debian.org/MeetBot. 00:00:31 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 00:00:32 o/ 00:00:33 The meeting name has been set to 'networking_fwaas' 00:00:38 Hi All 00:00:42 Hi 00:00:45 Hi 00:00:46 Hi 00:00:49 #chair SriarK 00:00:50 Warning: Nick not in channel: SriarK 00:00:51 Current chairs: SriarK xgerman 00:00:55 #chair SridarK 00:00:56 Current chairs: SriarK SridarK xgerman 00:01:07 hi 00:01:27 ok, today we have three topics 00:01:32 Hi 00:01:39 #topic Austin conference 00:01:47 Do we want to have a talk? 00:02:36 xgerman: we may be cutting it close in terms of the patches - if we have things working it would be better 00:02:50 yep, working would be good 00:03:01 xgerman: we will probab have a slot in the neutron design summit 00:03:36 xgerman: in terms of users - having it working and showing a demo will be nice, but hard to predict how well we will land 00:03:41 yeah, I don’t think we have much new stuff to report unless we get the code working... 00:03:51 xgerman: yes that is my concern 00:04:05 SridarK it sounds like vBrownbag is our preferred outlet 00:04:13 yes 00:05:03 ok, I will keep an eye out for that then... 00:05:14 #topic V2 Development 00:05:28 we made good progress at the midcycle 00:05:33 +1 00:05:42 +1 00:06:25 we have some patches… and I think we need to keep at it 00:06:46 +1 00:07:24 i updated the db patch for some basic CR for rules, i will work with sc68cal and keep adding something basic for policy and FW group 00:07:34 * sc68cal drops in 00:07:45 nice — I made some versioned object stubs for testing 00:07:48 then we can try to do an end to end with the agent 00:07:49 Started on cli, right now just using separate names until versioning strategy figured out. 00:08:19 so all our commands will be like fawns-firewall-create 00:08:23 fwaas 00:08:30 Correct. 00:08:58 is that ok? Or another name better? Or straight going to openstack client ;-) 00:09:12 scratch the last one though... 00:10:50 ok, silence is consent :-) 00:11:07 jwarendt: once u have a basic patch - i can start using that in my devstack 00:11:19 yeah!! 00:11:35 So v1 used 'firewall-create'; new strawman is 'fwaas-firewall-create' with the 4 new group params, project_id instead of tenant_id, public instead of shared. Will push up a WIP very soon. 00:11:43 right now i have something hacked based on a pointer for sc68cal 00:11:51 *from sc68cal 00:12:32 jwarendt: nice work 00:12:46 +1 00:12:49 But we do need to figure out version strategy longer-term. I.e. is there a version in the "firewall_*" objects? Are we micro-versioning? Etc. 00:12:51 jwarendt: and some of these will be optional and taken as defaults 00:13:05 micro versioning isn’t ready 00:14:02 in lbaas we just did v2 once v1 is deprecated we can use that namespace again 00:14:29 microversioning depends on support in the main neutron project 00:14:31 sadly :( 00:14:40 :-( 00:15:09 so unless we want to write our own full REST API and server and wsgi layer - like those crazy octavia people - we're not able to use it yet 00:15:18 I mean really, those people ;) 00:15:18 lol 00:15:19 :-) 00:15:40 lol 00:15:43 Hehe 00:15:49 sc68cal: xgerman wears that hat too 00:16:15 yep 00:16:17 yup - and I love poking him with a stick :) 00:17:18 oh, also one thing that we are desperate for is the following: 00:17:36 1) Someone to implement the observer thingy that vpnaas has for the l3 agent, for fwaas 00:17:36 * xgerman zoolander 2? 00:17:48 :-) 00:17:53 2) getting the tempest tests out of neutron main repo, and into fwaas 00:18:31 I'd like to see us get the v1 api out of the main neutron repo and fully decomposed 00:18:42 I thought Yamamoto was doing (2) 00:18:53 sc68cal: on (1) i have pinged the brocade folks and the Bharath from Brocade will pick it up based on what they did for their vendor stuff 00:19:17 xgerman: yes I believe he did some work, but I think one of the patches is stuck in limbo 00:19:43 yeah, wonder if we can reach out to him to get his status/plans 00:20:06 tempest tests are already moved into fwaas tree though 00:21:03 You want v2 api tempest tests though. 00:21:29 we do — but let’s not get ahead of purselves 00:21:48 madhu_ak: ok, if that's the case then great! 00:23:51 I still need to figure out what to do for neutron security groups changes. I think we will need at least two: 1) FWaaS and Security groups co-existence in iptables, some way to jump to our set of rules as well as the security group rules, 2) conntrack manager that can be shared between FWaaS and security groups. For both, if anyone can point out a clean way to do singletons, it would result in cleaner solutions to both. 00:24:19 I have seen an oslo singleton 00:24:49 Any more info that can help me find it? 00:25:19 * xgerman looking 00:28:22 If it takes much longer, perhaps we should take it offline ... 00:28:38 found something in oslo.service 00:28:48 but yeah, let’s take it offline 00:28:49 either way it's not that difficult 00:28:57 I think you can do it with a classmethod 00:29:03 yep 00:29:25 stackoverflow is full with examples 00:29:44 OK. Thanks. 00:31:22 #topic Open Discussion 00:32:06 mickeys: https://github.com/openstack/oslo.service/blob/master/oslo_service/service.py#L112 00:33:53 ok, so anything for the open discussion? 00:34:07 #link https://www.youtube.com/watch?v=4CL4LNWHegk 00:36:57 #endmeeting