Tuesday, 2017-05-23

« Monday, 2017-05-22 Index Wednesday, 2017-05-24 »
*** SumitNaiksatam has quit IRC00:12
*** Tim_Eberhard has joined #openstack-fwaas00:30
*** Tim_Eberhard has quit IRC00:31
*** hoangcx has joined #openstack-fwaas00:56
*** trungnv has joined #openstack-fwaas01:09
*** SumitNaiksatam has joined #openstack-fwaas02:25
*** vks1 has joined #openstack-fwaas03:24
*** mickeys has quit IRC03:59
*** yushiro has joined #openstack-fwaas04:28
*** mickeys has joined #openstack-fwaas04:39
reedipxgerman : yeah, saw it.. tempest failed for fwaas router insertion04:43
reedip@yushiro: do you have any idea if we are going to propagate fwaasrouterinsertion extension for fwaas_v204:43
reedipas per the current understanding, the way fwaas_v2 is written, we do not wish to use the extension04:43
yushiroreedip, hi.  You mean, enable to specify router_id in creating firewall-group?04:44
reedipyep04:45
yushirohmm..., Currently,,, I don't have.  However, can we use current extension with a few customization?04:47
yushiroreedip, xgerman Sorry, I couldn't read previous log.  Was there some issue?04:49
reedipnone as such yushiro05:01
reedipcurrently I am trying to debug http://logs.openstack.org/11/456511/11/check/gate-neutron-fwaas-v1-dsvm-tempest/8d600ce/console.html05:02
reedipThe issue is that fwaasrouterinsertion tempest test are failing even though the extension is included05:02
reedipbecause router_ids is not a part of the API05:02
*** Tim_Eberhard has joined #openstack-fwaas05:21
yushiroaha. OK.  I'll dit it.05:24
yushiros/dit/dig/05:24
*** Tim_Eberhard has quit IRC05:25
*** mickeys has quit IRC05:40
yushiroreedip, fwaasrouterinsertion is definitely loaded... http://logs.openstack.org/11/456511/11/check/gate-neutron-fwaas-v1-dsvm-tempest/8d600ce/logs/devstacklog.txt.gz#_2017-05-22_09_50_04_29606:13
reedipyushiro : yeah, but I am not sure why its not loading06:13
yushiroyes..06:13
reedipas in why the tempest tests for routerinsertion are failing06:13
yushiroyes.  And, it also fails 'without router insertion'  case.06:14
reedipyushiro : does it ?????06:14
yushirofor example06:15
yushironeutron_fwaas.tests.tempest_plugin.tests.scenario.test_fwaas.TestFWaaS.test_firewall_block_icmp[id-b985d010-994a-4055-bd5c-9e961464ccde](without router insersion)06:16
yushirohttp://logs.openstack.org/11/456511/11/check/gate-neutron-fwaas-v1-dsvm-tempest/8d600ce/console.html#_2017-05-22_10_23_51_59271306:16
yushiroresult: http://logs.openstack.org/11/456511/11/check/gate-neutron-fwaas-v1-dsvm-tempest/8d600ce/console.html#_2017-05-22_10_23_51_63367306:16
reedipyushiro: but the reason is a bit different06:19
reedipI mean it states that the IP is reachable06:19
yushiroyes, but I'm doubting it affects other scenario tests now.  Anyway, I'll focus on routerinsertion first.06:20
reedipthanks yushiro , it would be great help..  :D06:25
yushiroreedip, NP.  It's my job ;)06:25
yushirohttp://logs.openstack.org/11/456511/11/check/gate-neutron-fwaas-v1-dsvm-tempest/8d600ce/logs/screen-q-svc.txt.gz#_May_22_09_47_32_54749906:27
yushirofwaasrouterinsertion is definitely perfectly strongly accordingly loaded...06:27
reedipYes, I checked that06:27
yushiroDo you know where is  DB migration log?06:28
reedipDB Migration would be in svc logs only, shouldnt it?06:29
reedipyamamoto : any suggestions ?06:30
yushiroOK, thanks06:30
yamamoto?06:30
reedipyamamoto : Do you know where is  DB migration log? In case of http://logs.openstack.org/11/456511/11/check/gate-neutron-fwaas-v1-dsvm-tempest/8d600ce06:30
reedipyamamoto , yushiro : I think its here http://logs.openstack.org/11/456511/11/check/gate-neutron-fwaas-v1-dsvm-tempest/8d600ce/logs/devstacklog.txt.gz#_2017-05-22_09_46_05_90606:31
yamamotoyes06:31
reedipthanks yamamoto06:32
yushiroreedip, yamamoto Thanks.  I found following log messages :  4202e3047e47 -> 540142f314f4, FWaaS router insertion06:32
reedipyushiro: yep06:33
reedipyushiro : then there must be some reason why the API is not registering the router_ids as the API extension for fwaas v106:35
yushiroYes, API definition.  So, neutron-lib patch for an API definition has been merged in these days, right?06:37
reedipyushiro : yes, it has been merged06:40
*** mickeys has joined #openstack-fwaas06:41
reedipyushiro : something strange here06:42
reedipyushiro: https://review.openstack.org/#/c/389388/28/neutron_lib/api/definitions/firewallrouterinsertion.py06:42
reedipcheck the alias06:42
reedipthats correct?06:42
yushiroYes, I found same point. https://github.com/openstack/neutron-lib/blob/master/neutron_lib/api/definitions/firewallrouterinsertion.py#L1706:42
yushirooh....06:43
yushirohttps://review.openstack.org/#/c/428000/06:44
reedipyushiro : wait , I remembered: https://review.openstack.org/#/c/434771/06:44
reedipsee boden's comments here06:44
*** mickeys has quit IRC06:45
yushiroI still don't see why this is needed; it's the same thing as RESOURCE_ATTRIBUTE_MAP that's already defined. In the consumption patches, just use RESOURCE_ATTRIBUTE_MAP instead of  EXTENDED_ATTRIBUTES_2_0.06:45
yushirothis one?06:46
reedipyushiro : got it, probably06:47
reedipyes...06:47
reedipyushiro : see https://review.openstack.org/#/c/456511/12/neutron_fwaas/extensions/firewallrouterinsertion.py06:47
reedipits returning sub_resource_attribute_map06:47
reedipand not resource_attribute_map06:47
reedipand as per https://review.openstack.org/#/c/434771/7/neutron_lib/api/definitions/firewallrouterinsertion.py , we need to return resource attribute map06:48
reedipthe sub resource is empty06:48
yushiroaha!06:49
reedipthanks yushiro, pushed the change, now waiting for the result06:50
yushiroSo, we should modify return value of get_extended_resources or ..06:50
reedipbut I think we still need to check why the tests "without_router_insertion" are failing06:50
yushiroYes. Indeed.06:50
yushiroI'm doubting fwaas driver.06:50
reedipwhich section?06:51
reedipbecause this is not happening in normal scenarios06:52
reediptherefore would be something else06:52
reedipI mean this doesnt happen in other patches, happens only in this patch06:52
yushiroOK.  I just watched WARNING message from q-l3 about driver iptables.06:52
yushiroOK, I'm focus on the patch.06:53
reediplog location ?06:53
yushirohttp://logs.openstack.org/11/456511/11/check/gate-neutron-fwaas-v1-dsvm-tempest/8d600ce/logs/screen-q-l3.txt.gz#_May_22_09_47_36_40078006:53
yushiroThis one.  But as you said, there is no relation.06:54
*** trungnv has quit IRC07:00
*** mickeys has joined #openstack-fwaas07:03
*** trungnv has joined #openstack-fwaas07:07
yushiroreedip, Could you update your patch and upload?07:39
reedipUpdating the patch07:39
yushiroreedip, great.  It's better to find issues after updated your patch :)07:39
*** mickeys has quit IRC08:04
yushiroI'll leave my office and online at home.08:23
yushiropatially, bye08:23
*** yushiro has quit IRC08:23
*** vcn[m] has quit IRC08:46
*** amotoki has quit IRC08:49
*** amotoki has joined #openstack-fwaas08:51
*** vcn[m] has joined #openstack-fwaas08:51
reedipOk09:00
*** mickeys has joined #openstack-fwaas09:05
*** mickeys_ has joined #openstack-fwaas09:09
*** mickeys has quit IRC09:09
*** mickeys_ has quit IRC09:11
*** mickeys has joined #openstack-fwaas10:12
*** mickeys has quit IRC10:18
*** hoangcx has quit IRC10:54
*** mickeys has joined #openstack-fwaas11:14
*** yamamoto has quit IRC11:17
*** mickeys has quit IRC11:19
xgermanGuys, I am on PTO the next two weeks - but will try to move things along ;-) Not sure if I can make the meeting today though --11:19
*** yamamoto has joined #openstack-fwaas11:58
*** yamamoto_ has joined #openstack-fwaas12:00
*** yamamoto has quit IRC12:04
*** vcn[m] has quit IRC12:09
*** mickeys has joined #openstack-fwaas12:15
*** vcn[m] has joined #openstack-fwaas12:16
*** mickeys has quit IRC12:19
*** vks1 has quit IRC12:31
*** mickeys has joined #openstack-fwaas13:15
*** mickeys has quit IRC13:20
*** reedip__ has joined #openstack-fwaas13:31
*** SarathMekala has joined #openstack-fwaas13:43
*** hoangcx has joined #openstack-fwaas13:52
*** hoangcx has quit IRC13:54
*** hoangcx has joined #openstack-fwaas13:54
*** chandanc has joined #openstack-fwaas13:55
reedip__xgerman : updated the patch13:55
*** vks1 has joined #openstack-fwaas13:59
*** Tim_Eberhard has joined #openstack-fwaas14:16
*** mickeys has joined #openstack-fwaas14:16
*** Tim_Eberhard has quit IRC14:17
*** mickeys has quit IRC14:21
*** yushiro has joined #openstack-fwaas15:00
SarathMekalahi amotoki15:01
yushiroI'm home.15:01
amotokiSarathMekala: hi15:01
*** SridarK_ has joined #openstack-fwaas15:01
SarathMekalaI will give you a heads up on my progress and we can plan the next steps15:01
yushirovks1, chandanc Hi, let's continue to discuss L2 part.15:01
SridarK_SarathMekala: sounds good15:02
amotokiSarathMekala: yeah. as my horizon hat, we plan to split FWaaS v1 dashboard in horizon to a newly created repo15:02
SarathMekalayes amotoki15:02
yushirosounds good15:02
SridarK_yushiro: i will need to step away shortly but will look at logs and maybe we need to think this thru more15:03
SarathMekalato start with... rob cresswell has advised me to start a new project for fwaas dashboard15:03
amotokiSarathMekala: yes15:03
yushiroSridarK_, Sure.  Thanks for your help!15:03
SarathMekalaso I have used the cookie cutter plugin and created the folder structure needed15:03
amotokimy plan at now is to create a new repo, move FWaaS v1 panel to a new repo and then add FWaaS v2 support based on your work15:03
SridarK_the approach of handling this in the plugin could make things similar to L315:03
amotokiSarathMekala: so perhaps the works we two have done would conflict :(15:04
amotokiand we need to resolve conflicts15:04
yushiroSridarK_, you mean 'plugin layer' is 'fwaas_plugin_v2.py' ?15:04
*** hoangcx has quit IRC15:05
SridarK_yushiro: yes that is what vks1 seemed to suggest15:05
SarathMekalayeah amotoki ... there seems to be some overlap15:05
SridarK_or at least how i understood15:05
vks1yushiro: yes, I suggested to validate the host bounding in plugin side15:05
amotokiSarathMekala: which one do you want, FWaaS v1 or v2 first?15:05
SridarK_yushiro: but i would think this would an issue for qos as well with a similar workflow15:05
*** chandanc has quit IRC15:05
vks1SridarK_: yes you understood correctly :)15:05
yushiroSridarK_, vks1 OK, thanks.  However, in plugin layer, we can only trigger fwg CRUD.15:06
amotokiSarathMekala: perhaps Angular stuff requires more dependencies than django one (v1 stuff)15:06
SarathMekalaamotoki, can these two projects co-exist15:06
*** mickeys has joined #openstack-fwaas15:06
SarathMekalait may be possible.. and we may need only one repo15:06
amotokiSarathMekala: what do you mean? if you are talking about FWaaS support, it is not a good idea to have two repos for FWaaS15:07
yushiroSridarK_, Yes, QoS works at L2 and service plugin layer I think.15:07
vks1yushiro: plugin is the only place where you can be sure of this binding15:07
amotokiSarathMekala: do you have any public repo now?15:07
SarathMekalaamotoki, i meant one UI plugin project for v1 and v2 dashboards15:07
SarathMekalano15:07
SarathMekalaI have v2 code that needs to be pushed to the repo15:08
SarathMekalaand thus be reviewed :015:08
yushirovks1, hmm, When creating/updating fwg, we can check binding status to get port DB in plugin layer.15:08
amotokiSarathMekala: perhaps most things do not conflict and you can put a new panel to FWaaS v1 panel15:08
yushirovks1, I agree with you.15:08
amotokiSarathMekala: what conflicts is just about the common stuff. The directory structure may need to be changed.15:09
vks1yushiro: if its OK with you , it seems simpler and less buggy15:09
yushirovks1, However, how should we know in case of VM port creation?15:09
SarathMekalaamotoki, yes.. openstack_dashboards/firewalls will be for V115:09
amotokiSarathMekala: can you check how you can add your contents to my initial repo based on v1 panel?15:10
yushirovks1, I think l2-agent extension can only handle port behavior.15:10
SarathMekalaand openstack-dashboards/firewalls_v2 will be  for V215:10
amotokiSarathMekala: I think you can easily check the dir structure of https://github.com/amotoki/neutron-fwaas-dashboard15:10
SridarK_yushiro: i think we can get a plugin notification as well but need to check but still there could be a timing and we need to validate15:10
SarathMekalaok15:10
amotokiSarathMekala: at now FWaaS v1 panel is placed at https://github.com/amotoki/neutron-fwaas-dashboard/tree/master/neutron_fwaas_dashboard/dashboards/project15:11
SridarK_but overall if we react to a port create, validate and then push the rules from the plugin that could be cleaner15:11
amotokibut I can move it to dashboards/project/fwaas15:11
SridarK_we will need db cleanup on the delete workflow as well15:11
SridarK_but needs some digging15:11
vks1SridarK_: there is one thing , will it be scalable ?15:12
SridarK_vks1:  i am not really sure15:12
vks1SridarK_: I aggree we need some digging15:12
SridarK_vks1: i think in parallel we need to investigate qos -15:12
SarathMekalaamotoki, why is the project called as "project"... shouldn't it be firewalls15:12
SridarK_with the agent ext - there is possibly a mechanism for a specific notification that we can listen on15:13
SridarK_so we can serialize after the L2 processing15:13
SarathMekalaamotoki, if we go with your structure.. V1 and V2 projects will be under these hierarchies15:13
SridarK_lets look at that too15:13
SarathMekalaneutron-fwaas-dashboard/neutron_fwaas_dashboard/dashboards/project/15:13
SarathMekala  ---> V115:13
SarathMekalaneutron-fwaas-dashboard/neutron_fwaas_dashboard/dashboards/firewalls_v2  ---> V215:13
amotokiSarathMekala: it is not a requirement. I assumed we have just 'project' and 'admin' panels when I split out the panel15:14
yushiroSridarK_, vks1 OK, I understood currently.  Thanks for your explanation.15:14
SridarK_vks1: on a orthogonal point - u asked abt heat if i recall correctly - Hemanth in ur org did some extensive work with heat15:14
amotokiSarathMekala: if we have multiple panels, it is reasonable to have multiple dirs under dashboards/project15:14
SridarK_vks1: may be a good point to start15:14
amotokiSarathMekala: and perhaps it is what we want now.15:14
SarathMekalaamotoki, yes15:15
SarathMekalaone for V1 and other for V215:15
vks1SridarK_: Yeah hemanth have lead some work there.15:15
amotokiSarathMekala: so neutron_fwaas_dashboard/dashboards/project/{firewalls(_v1),firewalls_v2} sound good to you?15:15
SarathMekalaamotoki, yes.. that sounds good15:16
yushiroSridarK_, vks1 so, Should I stop updating current L2-agent patch?15:16
amotokiSarathMekala: thanks15:16
vks1SridarK_: We have used V1 for our customer :)15:16
SridarK_yushiro: vks1: I think chandanc logged off - maybe lets start an email discussion with some points raised15:17
SarathMekalaamotoki, can you IM me your email.. it will be easy to get in touch with you15:17
SridarK_and we can do some investigation15:17
amotokiSarathMekala: regarding repo naming, I can easily change it, so it does not matter me.15:17
vks1yushiro: please don't stop15:17
yushiroSridarK_, vks1 Sure.15:17
amotokiSarathMekala: my email is amotoki@gmail.com15:17
SridarK_vks1: ok15:17
SarathMekalaamotoki, thanks15:17
yushiroOK, all guys start digging in parallel :)15:17
SarathMekalaamotoki, will you also create the repo under openstack?15:17
amotokiSarathMekala: sure. I will send a mail to -dev to check our plan.15:18
SarathMekalaamotoki, cool.. thanks a lot for your help15:18
amotokiSarathMekala: I would like to clarify the repo will be under the neutron stadium and what launchpad project will be used for bug tracking15:19
amotokiSarathMekala: this is the main goal of my mail tomorrow15:19
SarathMekalasure..15:19
yushiroSridarK_, vks1 thanks for your help today :)15:19
amotokiSarathMekala: thanks for your work :)15:19
SarathMekalaI have created a launchpad project https://launchpad.net/neutron-fwaas-v2-dashboard.. see if it helps.. or you can create your own15:20
yushiroreedip, Hi!15:20
SarathMekalaamotoki, thanks.. need to log off now.. will check your mail and get back to you15:20
SridarK_yushiro: no worries let us continue on email  - it is very late for u as well15:20
amotokiSarathMekala: personally I would like to avoid 'v2' :p15:20
yushiroSridarK_, Thank you.  But I'm not so sleepy today.  Maybe amotoki is too :)15:21
amotokiSarathMekala: perhaps we will have a new repo next week15:21
amotokiyushiro: no. am chatting in bed now15:22
amotokiyushiro: :)15:22
yushiroamotoki, aha :)15:22
SridarK_:-)15:22
*** sarathmekala_ has joined #openstack-fwaas15:22
amotokigood night all15:23
yushironight15:23
*** SarathMekala has quit IRC15:25
*** yamamoto_ has quit IRC15:26
*** yamamoto has joined #openstack-fwaas15:27
*** Tim_Eberhard has joined #openstack-fwaas15:31
*** yamamoto has quit IRC15:32
SridarK_good night15:34
*** sarathmekala_ has quit IRC15:39
*** yushiro has quit IRC15:40
*** vks1 has quit IRC15:57
*** reedip__ has quit IRC16:19
*** yamamoto has joined #openstack-fwaas16:30
*** yamamoto has quit IRC16:39
*** SumitNaiksatam has quit IRC17:17
*** SridarK_ has quit IRC17:28
*** SumitNaiksatam has joined #openstack-fwaas17:52
*** SridarK_ has joined #openstack-fwaas19:00
*** mickeys has quit IRC19:58
*** mickeys has joined #openstack-fwaas20:59
*** mickeys has quit IRC21:03
*** mickeys has joined #openstack-fwaas21:05
-openstackstatus- NOTICE: The logserver has filled up, so jobs are currently aborting with POST_FAILURE results; remediation is underway.21:20
*** ChanServ changes topic to "The logserver has filled up, so jobs are currently aborting with POST_FAILURE results; remediation is underway."21:20
*** Tim_Eberhard has quit IRC21:58
*** SridarK_ has quit IRC22:10
*** mickeys has quit IRC22:25
*** Tim_Eberhard has joined #openstack-fwaas22:28
*** mickeys has joined #openstack-fwaas22:43
*** Tim_Eberhard has joined #openstack-fwaas22:45
*** Tim_Eberhard has quit IRC22:58
*** SumitNaiksatam has quit IRC23:59
« Monday, 2017-05-22 Index Wednesday, 2017-05-24 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!