22:02:27 #startmeeting neutron_drivers 22:02:28 Meeting started Thu Mar 16 22:02:27 2017 UTC and is due to finish in 60 minutes. The chair is kevinbenton. Information about MeetBot at http://wiki.debian.org/MeetBot. 22:02:29 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 22:02:31 The meeting name has been set to 'neutron_drivers' 22:02:37 it's 3pm outside, and I am still working. disgusting. 22:02:44 ihrachys: we'll try to be quick :) 22:02:54 kevinbenton: maybe moving it for earlier? 22:03:12 ihrachys: ah! I knew it 22:03:12 ihrachys: yes, this timeslot was mainly for amotoki 22:03:21 amotoki is no longer? 22:03:30 ihrachys: we can maybe go to early morning for him 22:03:54 ihrachys: he's still around. i was just saying we can't just go earlier in the day without going much earlier 22:03:59 ihrachys: otherwise he definitely won't make it 22:04:42 armax: are you able to make an early morning meeting? 22:04:52 armax: on thursdays? 22:04:52 kevinbenton: depends how early 22:04:55 I am up from 8am so you consider 22:04:59 from 6am sorry 22:05:05 ihrachys: get out of town 22:05:08 see? I can't make sense that late 22:05:19 my calendar is a mess right now 22:05:30 but generally after 9 is best for me 22:05:30 let me reach out to akihiro to see what times work for him 22:05:38 9 might be a bit too late 22:05:41 thanks 22:05:48 #action kevinbenton to reschedule drivers meeting 22:06:01 any announcements before we dig into RFEs? 22:06:33 ok 22:06:34 kevinbenton: you’re the announcer, no? 22:06:47 armax: i meant from you or ihrachys or anyone else 22:06:49 i don't have anything 22:07:13 ok 22:07:14 #link https://bugs.launchpad.net/neutron/+bugs?field.tag=rfe-approved 22:07:16 OK, I am working on the Pike stadium assessment, bear with me while I put something together 22:07:25 ack 22:08:11 sorry 22:08:15 link should be https://bugs.launchpad.net/neutron/+bugs?field.status%3Alist=Triaged&field.tag=rfe 22:08:16 #link https://bugs.launchpad.net/neutron/+bugs?field.status%3Alist=Triaged&field.tag=rfe 22:09:10 #link https://bugs.launchpad.net/neutron/+bug/1476527 22:09:10 Launchpad bug 1476527 in neutron "[RFE] Add common classifier resource" [Wishlist,Triaged] - Assigned to Igor Duarte Cardoso (igordcard) 22:09:16 armax: do you know the state of that one? 22:09:20 no 22:09:29 armax: it's still being done in a separate repo, no? 22:09:34 it’s largely autonomous 22:09:38 yes 22:09:41 going from top? flow classifier, should we approve that and follow up on spec that is already proposed? 22:09:48 igordcard checked with me on ptg, he is actively working 22:10:01 yeah, i'm for moving to approved 22:10:06 + 22:10:10 we have someone working on it 22:10:21 and a way for it to be done non-disruptively 22:10:33 elaborate on that 22:10:38 they have their own repo 22:10:45 ihrachys: well it's being built in a separate repo 22:10:55 ihrachys: it's not going to break a bunch of stuff as they implement it is what i mean 22:11:14 yeah, I think we should just review the design of the API and otherwise go out of their way 22:11:30 if they deliver what they will write up, good 22:11:34 armax: any objections ? 22:12:16 nope 22:12:19 which may mean we should give them some freedom in terms of reviews and permissions for the repo 22:12:24 so that they can make progress 22:12:32 ofc after spec agrement 22:12:41 ihrachys: sounds good 22:12:47 ihrachys: want to change the state? 22:12:55 ok 22:13:30 ihrachys: which repo? 22:14:14 armax: neutron-classifier 22:14:29 #link https://bugs.launchpad.net/neutron/+bug/1583096 22:14:29 Launchpad bug 1583096 in neutron "[RFE] ml2 supported extensions list is inaccurate" [Wishlist,Triaged] 22:14:40 ihrachys: they already have full access, don’t they? 22:14:55 the comment at the end of this bug is a link to the same bug 22:15:06 armax: were you trying to crash human parsers? 22:15:07 armax: could be, need to check. maybe igordcard doesn't 22:15:30 I assumed it's Sean Collins and mostly that's it 22:15:49 ihrachys: ack 22:15:52 * armax checks 22:16:13 https://review.openstack.org/#/admin/groups/1184,members 22:16:19 we need to open up the circle 22:16:48 kevinbenton: yes 22:16:49 my bad 22:16:57 I am doing lots of unforced errors lately 22:17:02 just like a bad tennis match 22:17:17 kevinbenton: re that ml2 bug, I think we had something specific for qos for that matter 22:17:20 * ihrachys looks 22:17:22 i think we should just roll https://bugs.launchpad.net/neutron/+bug/1583096 into the work being done for https://bugs.launchpad.net/neutron/+bug/1673142 22:17:22 Launchpad bug 1583096 in neutron "[RFE] ml2 supported extensions list is inaccurate" [Wishlist,Triaged] 22:17:23 Launchpad bug 1673142 in neutron "[RFE][ML2] Enforce extension semantics" [Wishlist,Confirmed] 22:17:38 the latter RFE is the work we discussed last week 22:18:21 so i'm going to mark 1583096 as dup of the newer one since that's the proposal I would like to see 22:18:23 I talk about https://review.openstack.org/#/c/253853/ 22:19:02 actually seems like it's quite generic 22:19:13 ack 22:19:15 makes snese 22:19:34 + on dup 22:20:49 #link https://bugs.launchpad.net/neutron/+bug/1628627 22:20:49 Launchpad bug 1628627 in neutron "In FWaaS, when someone makes a change to a firewall rule we know, Who, What, When, and Where" [Wishlist,Triaged] 22:21:37 as for that one, if we don’t have anyone working on the fwaas team 22:21:44 might as well put it on the backburner 22:22:31 do we need an implementor before approving it? 22:22:44 if someone is looking to get into fwaas this might be a good feature to start with 22:22:49 I would think yes, otherwise we fre-postponed? 22:22:56 ok 22:23:18 would make sense to reach them to see if they are interested 22:23:25 i will leave a comment 22:23:48 at this point I would expect fwaas team to focus on stabilizing/completing what they already have 22:24:32 #link https://bugs.launchpad.net/neutron/+bug/1630832 22:24:32 Launchpad bug 1630832 in neutron "[RFE] FWaaS: Using Netlink instead of conntrack-tools to improve performance" [Wishlist,Triaged] 22:24:41 I think we can switch this one to approved 22:24:53 it needs some code cleanups that are being worked on 22:24:58 do you know who is going to work on i? 22:25:00 but there is nothing fundamentally wrong with the idea 22:25:00 it? 22:25:18 yeah, Ha Van Tu is working on it 22:25:29 patches already went in once 22:25:35 we reverted because they had some stability issues 22:25:47 I see 22:25:47 and Cedric has been helping out stabalize it 22:26:23 any issues with me marking it as approved? 22:26:56 no 22:27:00 no 22:27:08 armax: what is the state machine for approved? 22:27:13 not even sure why it's RFE :) 22:27:18 armax: remove rfe tag and add rfe-approved? 22:27:25 armax: set to confirmed? 22:27:30 OK 22:27:35 armax: sacrifice a goat? 22:27:35 I’ll create a BP for it 22:27:55 kevinbenton: https://docs.openstack.org/developer/neutron/policies/blueprints.html#neutron-request-for-feature-enhancements 22:28:21 ihrachys: i can't read :'( 22:28:27 #sad 22:28:58 ok 22:29:07 this is basically just using privsep though right? 22:29:11 based on that we do remove the 'rfe' tag and add 'rfe-approved' right? 22:29:31 armax: well it requires privsep 22:29:35 if there are no API or architectural changes 22:29:44 yeah, nothing visible to the user 22:29:44 we might as well treat it as a regular bug 22:29:47 kevinbenton: yes, though I + the question from armax, not sure why the team cannot make the judgement themselves. 22:29:53 it's replacing shelling out to conntrack 22:30:03 with no BP involved 22:30:05 with netlink calls 22:30:18 I guess this was made RFE to err on the side of caution 22:30:26 yeah, it's a relatively large chunk of code 22:30:31 but if there’s nothing user facing, with minimal deployment impact 22:30:38 might as well be treated as a regular bug fix 22:30:39 so it's somewhat invasive and needs effort to merge 22:30:45 how this rfe is different from ongoing efforts? https://etherpad.openstack.org/p/neutron-ocata-privsep 22:30:57 dasm: this depends on privsep 22:31:09 dasm: it's a particular privileged operation that will execute in a privsep context 22:31:38 I’d say let’s track it as any other bug 22:31:41 isn't this similar to this? https://bugs.launchpad.net/neutron/+bug/1492714 22:31:41 Launchpad bug 1492714 in neutron "RFE: Pure Python driven Linux network configuration" [Wishlist,In progress] - Assigned to Omer Anson (omer-anson) 22:32:06 dasm: that's another thing that would depend on privsep 22:32:09 dasm: true, but that was more open ended 22:32:13 dasm: using pyroute2 library 22:32:23 dasm: this is particularly for conntrack calls 22:32:26 ack 22:32:26 dasm: https://review.openstack.org/#/c/437311/5/neutron_fwaas/privileged/netlink_lib.py 22:32:36 it's not particularily trivial 22:33:00 btw does anyone now what is left for closing bug 1492714? 22:33:01 bug 1492714 in neutron "RFE: Pure Python driven Linux network configuration" [Wishlist,In progress] https://launchpad.net/bugs/1492714 - Assigned to Omer Anson (omer-anson) 22:33:12 i think it needs to be implemented :) 22:33:17 armax: I think it's pretty much everything 22:33:22 we converted a single function 22:33:27 that is not even used in production code 22:33:30 tests only 22:33:33 oh boy 22:33:53 armax: Brian Haley started doing that. this one was first attempt, but got abandoned: https://review.openstack.org/#/c/155631/ 22:33:55 :) 22:34:05 yeah, we have the scaffolding in place now so-to-speak 22:34:14 we just need to start switching to pyroute2 calls 22:34:32 kevinbenton: I think there is agreement it's fine to give conntrack thingy a go, so let's approve, bug or RFE and let them move on 22:34:45 aye aye 22:34:46 ihrachys: yep. armax approved 22:34:49 #link https://bugs.launchpad.net/neutron/+bug/1630981 22:34:49 Launchpad bug 1630981 in neutron "[rfe] Implement l2pop driver functionality in l2 agent" [Wishlist,Triaged] 22:34:58 I would like to see this go in 22:35:08 I can help with vxlan termination info going into binding 22:35:31 Anil had started on working on mac address lookups from port info on the agent side 22:36:11 once we are referencing the port OVO for mac addresses and tunnel endpoints, l2pop can be shut off 22:36:26 + let's do it. a separate driver didn't make much sense ever. 22:36:36 and we have someone poking it 22:36:53 kevinbenton: question 22:36:59 also one of the most important performance impacts is the stupid state machine the agent puts the ports through when it restarts to trigger the l2pop code 22:37:06 can the new solution and the l2pop driver coexist? 22:37:09 ACTIVE->BUILD->ACTIVE 22:37:30 armax: yes 22:37:36 armax: for what? external consumers for RPC? 22:37:53 armax: it will need to for backward compat between agent types at a minimum 22:38:05 I mean, can deployments still keep l2pop on the list of mech drivers? 22:38:11 armax: yes 22:38:16 OK, I think this needs a spec 22:38:18 IMO 22:38:54 armax: keeping it a shallow no-op, or actually notifying? 22:39:02 + for the spec and we can proceed discussion there 22:39:07 to capture some of the challenges that required to get this implemented 22:39:32 I am in favor of nuking l2pop 22:39:44 but I do know that we need to figure out a graceful way to do it 22:39:52 out of tree projects may rely on it 22:40:04 armax: i don't intend on touching the driver 22:40:16 armax: but we should deprecate and remove it 22:40:27 armax: at some point 22:40:36 I understand 22:40:48 or allow to move it somewhere outside if there are interested parties 22:40:53 I wonder if the two will clash together if used in teh context of the same deployment 22:40:58 but we can discuss this on the spec 22:41:09 armax: no, new agents will ignore l2pop messages 22:41:15 sure 22:41:22 mark that it needs a spec 22:41:28 kevinbenton: right, that’s assumed you did the work correctly ;) 22:41:40 kevinbenton: aye sir 22:41:46 armax: discussing bugs isnt' really what a spec is for :) 22:42:04 you’d be surprised 22:42:17 i think the difficult part is actually going to be the DB migration 22:42:20 how many feature requests are disguised as bug reports 22:42:58 ihrachys: i will probably need your help figuring out a way to deal with that 22:43:08 noted 22:43:21 ihrachys: new servers may need to dynamically calculated the null column before returning data 22:43:23 #action armax to approve rfe 1630981 22:43:25 ihrachys: so a getter would have a setter 22:43:56 or always dynamically calculate until a switchover is performed 22:44:04 we'll discuss on spec 22:44:04 and a setter would have a getter? 22:44:35 #link https://bugs.launchpad.net/neutron/+bug/1632877 22:44:35 Launchpad bug 1632877 in neutron "[RFE] Limits and Counts for SecGroup and FIPs" [Wishlist,Triaged] - Assigned to Prince Nana Owusu Boateng (nanaboat) 22:45:25 there is a patch up for this 22:45:31 if we mirror this just as the effort for IP capacity 22:45:38 i don't have a link handy, but it seems reasonable 22:45:45 kevinbenton: find it! 22:45:49 armax: it's not even that complicated 22:45:51 kevinbenton: would be nice to see it in LP 22:45:58 kevinbenton: agreed 22:45:59 kevinbenton: that's a separate API? 22:46:00 it's just to ask for things that the quota engine arleady knows 22:46:08 part of quota api 22:46:21 OK, I’ll process this once you give me the patch # 22:46:38 https://review.openstack.org/#/c/383673/ 22:46:54 https://review.openstack.org/#/c/383673/34/neutron/plugins/ml2/plugin.py 22:46:57 nooooooooooooo 22:47:20 :)) 22:47:22 https://review.openstack.org/#/c/383673/34/neutron/extensions/quotasv2_detail.py 22:47:25 nooooooooooooooooooo 22:47:31 provide patch feedback 22:47:31 / 22:47:41 this doesn't have to do with the rfe though :) 22:47:46 agreed 22:47:52 I’ll get this straigthen out 22:48:41 so + on the RFE? 22:48:50 yes, we need an approver though 22:49:01 i can be approver for that 22:49:11 this is going to be a BP 22:49:17 https://review.openstack.org/#/c/348947/ this is the neutron spec for above patch 22:49:21 kevinbenton: do you know what you’re doing 22:49:22 ? 22:49:34 asingh_: thanks! 22:49:37 no 22:49:58 kevinbenton: good 22:50:00 let’s move on 22:50:39 #link https://bugs.launchpad.net/neutron/+bug/1633280 22:50:39 Launchpad bug 1633280 in neutron "[RFE]need a way to disable anti-spoofing rules and yet keep security groups" [Wishlist,Triaged] 22:50:44 oh that 22:51:11 Even though I can see how this can be implemented 22:51:18 I don’t fully understand the use case presented 22:52:37 wouldn't allowed address pairs work? 22:52:46 just allow 0.0.0.0/0 22:53:23 left a comment 22:53:31 let's revisit that one next week when they respond 22:53:35 kevinbenton: ok 22:53:49 #link https://bugs.launchpad.net/neutron/+bug/1639566 22:53:49 Launchpad bug 1639566 in neutron "[RFE] Add support for local SNAT" [Wishlist,Triaged] 22:54:16 I would like to see something done here 22:54:20 I don't 22:54:40 I have no opinion since first time I see it 22:54:49 this will crash and burn and we have no luxury to throw resources at the problem IMO 22:54:53 ihrachys: essentially parity with nova network 22:55:00 ihrachys: direct routing for snat as well 22:55:11 distributed dvr_snat? 22:55:22 ihrachys: correct 22:55:44 we kissed this goodbye when we went down the path of DVR+HA 22:55:56 for SNAT 22:56:15 not really 22:56:19 they aren't related 22:56:32 I see no reason on working on this now 22:56:48 after all the many years we talked about this very topic 22:56:57 do you know why people keep asking for it? 22:57:24 that’s not the point 22:57:32 just because people ask, you don’t just do 22:58:07 people can be educated in doing the right thing :) 22:58:09 it sounds to me like the reason we're not doing it is because of existing technical debt 22:58:16 no 22:58:18 that’s not it 22:58:29 I think https://etherpad.openstack.org/p/decentralized-snat is emblematic 22:58:58 and it was initiatd in 2014 22:59:04 l3 solution already has a lot of moving parts and deployment options that we ourselves struggle to maintain (consider gate state for all those multinode tempest jobs), so I see why armax is concerned. 22:59:23 right, so tech debt 22:59:45 of all the technical solutions proposed 22:59:57 that one was not identified, time and time again, as the best compromise 23:00:05 so I don’t understand why we keep coming back to it 23:00:10 to me the case is closed, frankly 23:00:26 because all of the other solutions don't solve a problem 23:00:38 we’re at time 23:00:40 and that is no centralized routing for SNAT 23:00:46 #endmeeting