| *** diogogmt has joined #openstack-fwaas | 00:11 | |
| *** vishwanathj has quit IRC | 01:44 | |
| *** yushiro has joined #openstack-fwaas | 02:08 | |
| *** chandanc_ has joined #openstack-fwaas | 02:49 | |
| chandanc_ | Hello Sridar, Nate and Margaret, Sorry I didnot realize that my presence was required on IRC y'day. Please let me know if we need to sync-up | 02:51 |
|---|---|---|
| SridarK | chandanc_: no worries | 02:57 |
| SridarK | i know Mon was a holiday locally | 02:57 |
| SridarK | we just wanted to sync up quickly | 02:57 |
| chandanc_ | Hey SridarK, I read through the logs y'day night | 02:57 |
| chandanc_ | ya | 02:57 |
| chandanc_ | is there anything to be discussed now ? I saw Margaret has the patch in | 02:58 |
| SridarK | chandanc_: mfranc213: pushed up some UT as well, anyways u saw her email also | 02:58 |
| chandanc_ | ya | 02:58 |
| chandanc_ | I think there is no need to be worried about my changes | 02:58 |
| chandanc_ | i will sync with her if more changes are to be pushed | 02:59 |
| SridarK | chandanc_: not really, i got stuck in one set of tests - something funny with tenant_id being driven on the db patch from UT | 02:59 |
| SridarK | so i am debugging that | 02:59 |
| chandanc_ | ok sure | 02:59 |
| SridarK | i was going to sync with yushiro on that | 02:59 |
| SridarK | nothing specific else - i will be around except for dinner at some point - so if there is something we can sync | 03:00 |
| chandanc_ | I will be in meeting next 2 hours, but send me a mail if need be | 03:00 |
| SridarK | chandanc_: ok thx | 03:00 |
| SridarK | yushiro: ping | 03:00 |
| yushiro | SridarK, poing | 03:00 |
| yushiro | pong. hahaha | 03:00 |
| SridarK | yushiro: :-) | 03:00 |
| chandanc_ | I have a small suggestion for L3 patch but nothing major, responding to Margaret's mail | 03:01 |
| SridarK | yushiro: will u have some time to discuss the tenant_id stuff | 03:01 |
| SridarK | chandanc_: ok | 03:01 |
| yushiro | SridarK, oh, I have lunch time now, so, I can free at 13:00 JST(1 hour later) | 03:02 |
| SridarK | yushiro: yes that will work | 03:03 |
| SridarK | yushiro: ok thx | 03:03 |
| yushiro | SridarK, OK. currently, I'm summarizing e-mail about tenant_id and policy.json. Let me discuss about that later. | 03:03 |
| SridarK | yushiro: ok | 03:04 |
| yushiro | I'll go for lunch. bye. | 03:04 |
| *** yushiro is now known as yushiro_lunch_ti | 03:04 | |
| *** mickeys has quit IRC | 03:08 | |
| *** mickeys has joined #openstack-fwaas | 03:09 | |
| *** mickeys has quit IRC | 03:10 | |
| *** mickeys has joined #openstack-fwaas | 03:10 | |
| *** chandanc_ has quit IRC | 03:16 | |
| *** chandanc_ has joined #openstack-fwaas | 03:21 | |
| *** vishwanathj has joined #openstack-fwaas | 03:25 | |
| *** yushiro_lunch_ti has quit IRC | 03:29 | |
| *** diogogmt has quit IRC | 03:34 | |
| *** vishwanathj has quit IRC | 03:54 | |
| *** yushiro has joined #openstack-fwaas | 04:01 | |
| yushiro | SridarK, Hi, I'm online now :-) | 04:03 |
| yushiro | and thanks for your e-mail. | 04:04 |
| SridarK | yushiro: hi | 04:08 |
| SridarK | yushiro: yes i hope i was clear in explaining the issue | 04:08 |
| *** chandanc_ has quit IRC | 04:09 | |
| SridarK | it was quite strance to see that the context is not set in the CR method for the resource | 04:09 |
| SridarK | *strange | 04:09 |
| *** chandanc_ has joined #openstack-fwaas | 04:09 | |
| yushiro | SridarK, Yes, that's strange about your result of 'context'. | 04:11 |
| SridarK | yushiro: i think i somehow there is some error in how the context is getting set for the UT | 04:12 |
| yushiro | I see. SridarK , please let me confirm. you defined ctx = context.Context('not_admin', 'tenant1'), didn't you? | 04:14 |
| SridarK | yushiro: yes, let me double check | 04:15 |
| SridarK | yushiro: yes that is for the firewall group | 04:16 |
| SridarK | i see the issue in step 1 to create the policy itself | 04:17 |
| *** vishwanathj has joined #openstack-fwaas | 04:17 | |
| yushiro | SridarK, OK. I see... Here is my environment result. I think it same as you. http://paste.openstack.org/show/558036/ | 04:20 |
| SridarK | yushiro: ok, there is no tenant_id or project_id | 04:23 |
| SridarK | yushiro: http://paste.openstack.org/show/558038/ | 04:28 |
| yushiro | SridarK, yes... If correct, we can get both 'tenant_id' and 'project_id'. https://github.com/openstack/neutron/blob/master/neutron/context.py#L70 | 04:28 |
| SridarK | by breaking in the test file - it is quite the same i see as well | 04:28 |
| yushiro | SridarK, Yes, it's same. | 04:29 |
| SridarK | i think for the resources, it is fine | 04:30 |
| SridarK | but now when a firewall_policy CR comes along - shouldnt i be seeing the tenant_id/project_id - reflecting this tenant | 04:31 |
| SridarK | yushiro: in ur env, can u put in a breakpoint in neutron_fwaas/db/firewall/v2/firewall_db_v2.py:420 | 04:32 |
| SridarK | if u have picked the latest rev of the patch | 04:33 |
| SridarK | and look a the context | 04:33 |
| yushiro | SridarK, Sure. just a moment, please. | 04:33 |
| SridarK | ok no worries | 04:33 |
| *** chandanc__ has joined #openstack-fwaas | 04:34 | |
| *** chandanc_ has quit IRC | 04:35 | |
| yushiro | SridarK, Sorry for late. I set 'pdb.set_trace()' in L.420. | 04:57 |
| SridarK | yushiro: ok | 04:57 |
| SridarK | np thx for looking | 04:57 |
| yushiro | (Pdb) p context.tenant_id | 05:01 |
| yushiro | None | 05:01 |
| SridarK | ah yes | 05:08 |
| SridarK | now isnt this a problem | 05:08 |
| *** chandanc__ has quit IRC | 05:10 | |
| yushiro | SridarK, I think argument 'context=ctx' is missing at new_create_request | 05:12 |
| yushiro | '_create_firewall_policy' at test_firewall_db_v2.py, please add following codes and try it: | 05:12 |
| yushiro | ctx = kwargs.get('context', None) | 05:13 |
| yushiro | fw_policy_req = self.new_create_request(FWP, data, fmt, context=ctx) | 05:13 |
| yushiro | oh, sorry. s/FWP/'firewall_policy' | 05:13 |
| SridarK | yushiro: hmm ok | 05:13 |
| SridarK | actually the fwg does have this in the new_create ... | 05:16 |
| SridarK | but let me try this | 05:17 |
| yushiro | SridarK, sorry. I was wrong. there is no change. | 05:23 |
| SridarK | yushiro: yes somehow for fwg - i was passing a context - then i get a bad req | 05:23 |
| *** chandanc__ has joined #openstack-fwaas | 05:39 | |
| yushiro | SridarK, If we don't specify context in new_create_request, strange? context will be set. | 06:19 |
| yushiro | tenant_id : None, is_admin: True, like that. | 06:19 |
| yushiro | So, firewall_policy passes populate_tenant_id at api/v2/attributres.py | 06:20 |
| yushiro | However, in case of POST firewall_group, we specify context which is not admin, then this request is validated in populate_tenant_id. | 06:21 |
| yushiro | SridarK, I passed POST firewallgroup. However, still exist 'tenant_id' issue. | 06:39 |
| *** SarathMekala has joined #openstack-fwaas | 07:05 | |
| SridarK | yushiro: ok | 07:25 |
| SridarK | yushiro: many thx - i think i am very tired - so will go sleep some. Perhaps if u find out something more - pls send me an email. I will resume in our morning time | 07:28 |
| yushiro | SridarK, Yes. please take care of yourself and good night. | 07:29 |
| SridarK | yushiro: thx and have a great day | 07:29 |
| *** mickeys has quit IRC | 08:17 | |
| *** mickeys has joined #openstack-fwaas | 08:17 | |
| *** mickeys has quit IRC | 08:22 | |
| *** yamamoto has quit IRC | 08:44 | |
| *** yushiro has quit IRC | 08:45 | |
| *** yamamoto has joined #openstack-fwaas | 09:31 | |
| *** yamamoto has quit IRC | 09:41 | |
| *** yamamoto has joined #openstack-fwaas | 09:46 | |
| *** yamamoto has quit IRC | 09:46 | |
| *** yamamoto has joined #openstack-fwaas | 09:48 | |
| *** yamamoto has quit IRC | 10:25 | |
| *** chandanc__ has quit IRC | 11:00 | |
| *** yamamoto has joined #openstack-fwaas | 11:03 | |
| *** SarathMekala has quit IRC | 11:10 | |
| *** yamamoto has quit IRC | 12:33 | |
| *** yamamoto has joined #openstack-fwaas | 12:39 | |
| *** yamamoto has quit IRC | 12:43 | |
| *** mickeys has joined #openstack-fwaas | 13:03 | |
| *** yamamoto has joined #openstack-fwaas | 13:07 | |
| *** yamamoto has quit IRC | 13:07 | |
| *** mickeys has quit IRC | 13:07 | |
| *** diogogmt has joined #openstack-fwaas | 13:33 | |
| *** diogogmt has quit IRC | 13:42 | |
| *** yamamoto has joined #openstack-fwaas | 14:07 | |
| *** chandanc_ has joined #openstack-fwaas | 14:09 | |
| *** yamamoto has quit IRC | 14:13 | |
| *** chandanc_ has quit IRC | 14:20 | |
| *** chandanc_ has joined #openstack-fwaas | 14:20 | |
| *** diogogmt has joined #openstack-fwaas | 14:37 | |
| *** mickeys has joined #openstack-fwaas | 14:42 | |
| SridarK | njohnston: ping | 15:40 |
| njohnston | SridarK: Good morning | 15:40 |
| SridarK | njohnston: GM | 15:40 |
| SridarK | quick update: still on the UT issue - seems like it could be a project_id thing - so testing something along those lines | 15:41 |
| SridarK | will let u know as soon as i find something | 15:41 |
| SridarK | if this is done - we can try to quickly wrap up the db patch today | 15:42 |
| njohnston | SridarK: Thanks, I think that would be perfect. | 15:42 |
| SridarK | njohnston: ok cool - will continue on this at some point will need to drive in to work and will be online again | 15:43 |
| njohnston | SridarK: We need to merge https://review.openstack.org/#/c/264489/ before the DB patch though, yes? | 15:43 |
| SridarK | njohnston: yes - this may have impact there too | 15:43 |
| SridarK | will know shortly, on this issue - every time i see a light at the end of a tunnel - turns out to be an oncoming locomotive. :-) | 15:45 |
| chandanc_ | :) | 15:45 |
| njohnston | What can we do to get 264489 merged today? Is there anything I can help with? I am posting my rationale for FIREWALL_PREFIX now. | 15:45 |
| SridarK | njohnston: once i know, it will need a change - once we close on that - we shd be good | 15:46 |
| *** chandanc_ is now known as chandanc_AFK_1hr | 15:48 | |
| njohnston | OK, comment on 264489 posted, we need to alter 311159 instead. | 15:50 |
| SridarK | njohnston: ok - i have been running the UT with /fwaas as the PREFIX | 15:54 |
| SridarK | so i think we are good | 15:55 |
| njohnston | without the "v2.0"? | 15:55 |
| njohnston | Cool, as long as it works for you - the proof is in the pussing, as they say! | 15:55 |
| njohnston | pudding | 15:55 |
| SridarK | njohnston: yes :-) i think that v2.0 is the endpoint URL | 16:00 |
| njohnston | So where is the configuration that determines if FWaaS is operating in v1 or v2 mode? Or, are both v1 and v2 calls always supported at the same time, but they will have different methods, with the v2 methods having "_v2" appended? | 16:01 |
| njohnston | I am reflecting on Chandan's comment https://review.openstack.org/#/c/355755/1/etc/policy.json@161 and I wanted to make sure I wasn't moving forward based on preconceptions | 16:01 |
| SridarK | njohnston: the plugin will set that | 16:02 |
| SridarK | or rather 1) based on which plugin is pointed to by neutron.conf | 16:03 |
| SridarK | 2) which extension(s) are loaded by this plugin | 16:03 |
| SridarK | in the plugin patch : https://review.openstack.org/#/c/267046/3/neutron_fwaas/services/firewall/fwaas_plugin_v2.py L#89 | 16:04 |
| SridarK | supported_extension_aliases = ["fwaas_v2"] | 16:05 |
| njohnston | And even though that is an array, there will only ever be one value? | 16:06 |
| *** chandanc_AFK_1hr has quit IRC | 16:07 | |
| *** chandanc_AFK_1hr has joined #openstack-fwaas | 16:08 | |
| njohnston | How can one inspect the API to determine if FWaaS v1 or v2 is being used? | 16:08 |
| SridarK | it will be localhost:9696/v2.0/fw/<resoucename> for v1 | 16:09 |
| SridarK | it will be localhost:9696/v2.0/fwaas/<resourcename for v2 | 16:10 |
| SridarK | and u would use appropriately based on which plugin is loaded | 16:10 |
| njohnston | No, I mean is there an API call that you can call and get "{ 'fwaas_version': '2.0' }" back or something like that, so you could know in advance whether you should call /fw/ or /fwaas/ | 16:11 |
| SridarK | i guess it will be a mapping based on which plugin is loaded | 16:13 |
| SridarK | u can check which ext are loaded | 16:14 |
| njohnston | Yes, but in a public cloud setting if you're a customer you don't have the ability to look at what plugin is loaded. But I guess that is a teeny tiny point, and something that would need to be handled in the larger Neutron context. | 16:16 |
| SridarK | a neutron ext-list should tell u, but yes this is a wider issue | 16:21 |
| njohnston | SridarK: Just checking, when I run the UTs, I get "TypeError: Can't instantiate abstract class Firewall_db_mixin_v2 with abstract methods create_address_group, delete_address_group, get_address_group, update_address_group" - are you getting that as well? | 16:22 |
| SridarK | njohnston: i removed these, i think now the ext patch also removed it | 16:23 |
| njohnston | Excellent, must be an old copy of 264489 | 16:26 |
| SridarK | njohnston: ok | 16:26 |
| SridarK | njohnston: it seems that if we use project_id instead of tenant_id - there is an issue - i just put a comment in the ext patch | 16:30 |
| SridarK | njohnston: to test this - i replaced all occurrences in our db patch set as well. As soon as Shweta updates - i will push out the changes for our patch | 16:32 |
| njohnston | sounds good. | 16:32 |
| SridarK | with that we can divy things up and move fwd in parallel | 16:32 |
| njohnston | I am leaving a comment; there is a minor change to 311159 that would avoid a deprecation notice | 16:32 |
| njohnston | I don't want to step on your next patchset :-) | 16:33 |
| SridarK | i just got an email from yushiro who also has been digging into the tenant_id vs project_id and he is off the same opinion | 16:33 |
| SridarK | njohnston: sounds good | 16:33 |
| SridarK | i will get ready and head to work shortly | 16:34 |
| chandanc_AFK_1hr | Hello Nate and SridarK, please let me know if you need to run any integration tests, i can probably bring-up a fresh devstack in the morning and test the patches | 16:42 |
| *** chandanc_AFK_1hr is now known as chandanc_ | 16:42 | |
| *** xdcc has joined #openstack-fwaas | 16:44 | |
| SridarK | chandanc_: ok thx - will let u know - will be back online in an hour | 17:04 |
| *** chandanc_ has quit IRC | 17:15 | |
| *** SridarK has quit IRC | 17:18 | |
| *** SridarK_ has joined #openstack-fwaas | 18:02 | |
| SridarK_ | njohnston: i just pushed up a PS for the tenant_id change to our db patch | 18:45 |
| *** xdcc has quit IRC | 18:45 | |
| njohnston | excellent, I will take a look at it | 18:54 |
| njohnston | let me make sure what I am seeing for test results mirrors what you are seeing, SridarK_. I see 3 main types of errors: | 19:05 |
| njohnston | 1. "AttributeError: 'module' object has no attribute 'migration_callback'" | 19:06 |
| njohnston | SridarK_: Do you want me to post fixes to a new PS, or leave comments in gerrit? | 19:17 |
| SridarK_ | njohnston: sorry back - office interruption | 19:26 |
| njohnston | np | 19:27 |
| SridarK_ | njohnston: no we can divy up for sure - i will also go back to the plugin patch | 19:27 |
| SridarK_ | quick call ? | 19:27 |
| njohnston | sure; phone or online? | 19:28 |
| SridarK_ | we can do online so we can screen share - give me a few mins - let me find a conf room | 19:29 |
| njohnston | ok | 19:29 |
| njohnston | SridarK_: If the extension patch is not updated, that would explain why most of my errors are: | 19:37 |
| njohnston | {"NeutronError": {"type": "HTTPBadRequest", "message": "Unrecognized attribute(s) 'tenant_id'", "detail": ""}} | 19:37 |
| SridarK_ | njohnston: yes this is because the ext patch is not updated | 19:38 |
| njohnston | Do we have an ETA for that? | 19:38 |
| SridarK_ | njohnston: a quick work around could be to just manually replace project_id with tenant_id in the ext file | 19:39 |
| SridarK_ | there are only 4 or 5 in the ext file | 19:39 |
| njohnston | yep, doing that now... is Shweta currently working on the extension? I could push a new Ps for it. | 19:39 |
| njohnston | (not sure what timezone Shweta is in) | 19:39 |
| SridarK_ | she is working on it - i think she is on a customer mtg | 19:40 |
| SridarK_ | she is in EDT | 19:40 |
| njohnston | okie dokie | 19:40 |
| SridarK_ | njohnston: mfranc213: http://paste.openstack.org/show/558522/ | 19:45 |
| SridarK_ | has the list of errors, 3 categories | 19:46 |
| SridarK_ | 0) - will need to be removed | 19:46 |
| SridarK_ | 1) mostly we need to tweak some of the names etc | 19:47 |
| mfranc213 | hi SridarK_ i'm going to let you and Nate beat that one down. i'm finishing up the UT for the driver and agent-extension stuff. actually have all UT working; | 19:47 |
| SridarK_ | mfranc213: ok that is fine | 19:47 |
| mfranc213 | a UT error in the ciso_fwaas_plugin was introduced after a rebase. | 19:47 |
| mfranc213 | 2 UT failures actually. | 19:47 |
| mfranc213 | am investigating these now. | 19:48 |
| SridarK_ | mfranc213: i will get a patch out now to remove the cisco stuff | 19:48 |
| mfranc213 | oh, so i can ignore? | 19:48 |
| SridarK_ | yes | 19:48 |
| mfranc213 | b/c them i'm done. | 19:48 |
| mfranc213 | thank you Sridar | 19:48 |
| SridarK_ | ok | 19:48 |
| SridarK_ | i just need one clarification and then i will have that out | 19:48 |
| SridarK_ | u still have these other patches to merge | 19:49 |
| SridarK_ | 2) has some of the tenant_id kind of things | 19:49 |
| SridarK_ | njohnston: i can poke at (2) since i was in that area, | 19:50 |
| SridarK_ | but i shd also get back to the plugin and clean things up there and get the UT going | 19:50 |
| njohnston | let me work on it :-) | 19:50 |
| SridarK_ | ok then u will start down the list on (1) | 19:51 |
| njohnston | yep | 19:51 |
| SridarK_ | u can look at test_create_firewall_group & test_create_firewall_group_with_dvr | 19:52 |
| SridarK_ | the fixes shd be along those lines | 19:52 |
| njohnston | thanks | 19:53 |
| SridarK_ | njohnston: i forgot the libconstants - i quickly wanted to get the changes out of my workspace | 20:00 |
| njohnston | not a problem, I'll take care of it | 20:00 |
| SridarK_ | njohnston: thx | 20:00 |
| mfranc213 | hello chandanc_ please see https://review.openstack.org/#/c/337699/11..12 | 20:08 |
| mfranc213 | i hope you can look carefully especially at the changes in test_iptables_fwaas_v2.py | 20:08 |
| mfranc213 | and iptables_fwaas_v2.py. let me know if you see things that need to be fixed and, if so, whether you would like me to fix them or would like to do it yourself. | 20:09 |
| SridarK_ | njohnston: mfranc213: just got done with my mtg - if we need a sync we can do that now or later in the day too | 20:13 |
| njohnston | I am still crawling on the DB patch, so I am good for now | 20:14 |
| mfranc213 | SridarK_ njohnston suggested i look at the OVO stuff now. | 20:15 |
| SridarK_ | ok then, i wont push anything | 20:15 |
| mfranc213 | does that sound good or is there something else you would like me to look at? | 20:15 |
| SridarK_ | mfranc213: OVO ? | 20:15 |
| SridarK_ | versioned obj | 20:15 |
| SridarK_ | ? | 20:15 |
| mfranc213 | yeah. oslo versioned objects. | 20:15 |
| mfranc213 | sorry for the abbrev :) | 20:16 |
| SridarK_ | mfranc213: no i think that would be perfect | 20:16 |
| mfranc213 | how come you need to wait to push the next plugin PS? i'm a little confused... (sorry) | 20:17 |
| SridarK_ | mfranc213: no i was talking abt the db | 20:18 |
| mfranc213 | oh, i get it! | 20:18 |
| SridarK_ | :-) | 20:18 |
| mfranc213 | thank you SridarK_ diving into versioned objects now... | 20:19 |
| SridarK_ | mfranc213: great thx | 20:19 |
| mfranc213 | padkrish: i'm going to start looking at the comments on https://review.openstack.org/#/c/342476/ now. don't want to step on your toes; so please let me know if i shouldn't issue a PS before checking with you. | 20:24 |
| njohnston | brb, relocating | 20:35 |
| njohnston | SridarK_: Quick question. It looks like there is no analogue to the "firewall" method in FirewallPluginDbTestCase - http://git.openstack.org/cgit/openstack/neutron-fwaas/tree/neutron_fwaas/tests/unit/db/firewall/test_firewall_db.py#n277 - did that get renamed/refactored into something else? Or is it just not needed in v2? | 21:07 |
| SridarK_ | it will be firewall_group | 21:08 |
| *** yamamoto has joined #openstack-fwaas | 21:08 | |
| SridarK_ | L#281 | 21:09 |
| njohnston | Thanks - I wasn't sure because the argument list is a bit different, but I guess that is because firewall_policy_id has bifurcated into ingress and egress variants in v2 | 21:10 |
| *** yamamoto has quit IRC | 21:15 | |
| SridarK_ | njohnston: yes that is correct | 21:16 |
| SridarK_ | i think i have fixed all these helper methods | 21:17 |
| SridarK_ | i was just passing in a policy id and used the same for ingress & egress | 21:17 |
| njohnston | I was in progress of doing the same thing, I'll finish it up and push a PS | 21:24 |
| SridarK_ | ok | 21:32 |
| njohnston | SridarK_: I pushed another PS for 311159; it looks like some of the negative unit tests are failing and for good reasons. For example, test_update_shared_firewall_policy_with_unshared_rule should error out but it doesn't, so we get an expectation mismatch, where it was looking for an http return code of 409 but it got 200 instead. | 21:44 |
| njohnston | I want to see if going through the gate catches any other syntax-y stuff, but that is the main part of the errors at this point. | 21:44 |
| SridarK_ | njohnston: ah ok - yes that is a good point. i think some places with public could be broken. i can take a look at this test, when i hit a logical point on the plugin | 21:45 |
| njohnston | sounds good | 21:46 |
| *** yamamoto has joined #openstack-fwaas | 22:46 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!