Wednesday, 2017-10-18

« Tuesday, 2017-10-17 Index Thursday, 2017-10-19 »
-openstackstatus- NOTICE: due to unscheduled restart of zuulv3.o.o you will need to 'recheck' your jobs that were last running. Sorry for the inconvenience.00:31
*** AlexeyAbashkin has joined #openstack-fwaas01:23
*** AlexeyAbashkin has quit IRC01:27
*** yamamoto has joined #openstack-fwaas01:56
*** hoangcx has quit IRC01:58
*** hoangcx has joined #openstack-fwaas02:01
*** AlexeyAbashkin has joined #openstack-fwaas02:23
*** AlexeyAbashkin has quit IRC02:27
*** hoangcx has quit IRC02:56
*** hoangcx has joined #openstack-fwaas02:57
openstackgerritCao Xuan Hoang proposed openstack/neutron-fwaas master: Adopt a new abstract method ha_state_change  https://review.openstack.org/51292603:13
*** openstackgerrit has quit IRC03:22
*** AlexeyAbashkin has joined #openstack-fwaas03:23
*** AlexeyAbashkin has quit IRC03:27
*** annp has joined #openstack-fwaas03:37
*** yamamoto_ has joined #openstack-fwaas03:39
*** yamamoto has quit IRC03:42
*** vks1 has joined #openstack-fwaas04:39
*** vks1 has quit IRC04:51
*** vks1 has joined #openstack-fwaas04:53
*** openstackgerrit has joined #openstack-fwaas05:58
openstackgerritCao Xuan Hoang proposed openstack/neutron-fwaas master: Adopt a new abstract method ha_state_change  https://review.openstack.org/51292605:58
*** bzhao has joined #openstack-fwaas07:25
*** doude has joined #openstack-fwaas07:39
*** AlexeyAbashkin has joined #openstack-fwaas07:57
*** bzhao has quit IRC08:04
*** bzhao has joined #openstack-fwaas08:04
*** Trident has joined #openstack-fwaas08:36
*** yamamoto_ has quit IRC08:37
*** yamamoto has joined #openstack-fwaas08:40
*** yamamoto has quit IRC08:40
*** yamamoto has joined #openstack-fwaas09:07
*** yamamoto has quit IRC09:11
*** yamamoto has joined #openstack-fwaas09:17
hoangcxHi team. FWaaS gate is failing. Is anyone taking care of that?09:18
hoangcxOr I will do it?09:19
*** yamamoto has quit IRC09:21
*** yamamoto has joined #openstack-fwaas09:28
*** yamamoto_ has joined #openstack-fwaas09:34
ivasilevskayaannp, hi. I didn't get your comment in l2 ext driver.09:36
ivasilevskayaannp, what do you suggest to remove and where do you suggest to handle fixed_ips?09:37
*** yamamoto has quit IRC09:37
openstackgerritCao Xuan Hoang proposed openstack/neutron-fwaas master: Fix UTs gate failed  https://review.openstack.org/51298509:38
annpivasilevskaya, in l2 agent patch, we should remove updating fixed_ips format.09:39
annpivasilevskaya, In l2_driver side we can handle that.09:39
hoangcx^^09:40
ivasilevskayahoangcx: thanks!09:41
annpivasilevskaya, If you already handle about format of fixed_ips, please ignore this. That's all my suggestion on l2 agent patch.09:43
ivasilevskayaannp: currently l2 agent doesn't do anything with fixed ips format in PS6809:44
annpwhat did you change in PS68?09:44
ivasilevskayaannp: there's just port['fixed_ips'] = port.get('fixed_ips', [])09:45
annpyep, Please remove this line.09:45
annpThis line no need. that's my suggestion.09:46
ivasilevskayaannp: ok, just rerun the tests first. I might have it there for some reason09:46
annpivasilevskaya, Sorry but I don't see any reason here :) Any handle should be done in driver side. So we can merge this patch.09:47
*** AlexeyAbashkin has quit IRC09:49
ivasilevskayaannp: how's ovs flows trouble (connectivity issue I found with ovs driver), did you debug it?09:52
ivasilevskayaannp: and just fyi - iptables_hybrid is not deprecated09:55
ivasilevskayaannp: that's a standard setup devstack gives you with neutron09:55
annpivasilevskaya, sorry again. I haven't had a chance to debug it. Because I need to spent more effort to logging api in neutron. :(09:55
*** yamamoto_ has quit IRC09:56
annpivasilevskaya, Your information is office?09:56
ivasilevskayaannp: ovsfw driver is extremely cool and promising, but I don't think it will be the default SG driver earlier than in a few cycles09:56
ivasilevskayaannp: my practice, absence of 'iptables_hybrid deprecation' information on the net and in summit notes09:58
ivasilevskayaannp: if you have other information please share09:58
annpivasilevskaya,https://etherpad.openstack.org/p/neutron-ptg-pike-final L31710:02
ivasilevskayaannp: and here's the information from the person who implemented it10:02
ivasilevskaya(13:01:49) jlibosva: ivasilevskaya: I think we aim for it but there was no patch to deprecate hybrid option. We merged a patch that supports migration path recently10:02
ivasilevskayaannp: so we'll have to keep in mind we have 2 drivers to support if fwaas ovs driver is to land in Q10:03
annpivasileskaya, I think it should be discussed in meeting.10:09
ivasilevskayaannp: ok but support hybrid driver is a ton easier than ovsfw one - no other flows to keep in mind10:09
annpivasilevskaya, Ok, and then?10:11
annpivasilevskaya, IMO, firewall group should only handle port under a firewall group, right?10:12
ivasilevskayaannp: then we can think about ovsfw. Everything is broken for the easier hybrid case, it's too early to think how to coexist with another driver10:12
ivasilevskayaannp: I'm not saying we should have just 1 driver. I'm just saying we have to deal with the problems one by one - first make fwaas ovs driver working in the easiest case (with iptables_hybrid) and then aim for ovsfw compatibility10:14
annpivasilevskaya, We should only have 2 case: 1. ml2 is ovs--> security group based ovs10:14
annp2. ml2 is linuxbridge --> security group based iptables.10:14
annpotherwise, we shoudn't care I think.10:14
ivasilevskayaannp: what's otherwise? :)10:14
annpwith case 1: we will have ovs driver for fwg10:15
annpcase2: we will propose a iptables driver for fwg later.10:15
annpivasilevskaya, I think you're caring to much.10:16
ivasilevskayaannp: that might be my last day of working on fwaas and I would like to fix the bug with the openflow pipeline10:17
annpivasilevskaya, I don't think my comment is difficult to fwg can work with security group base ovs10:18
ivasilevskayaannp: I believe we don't need to add any new flows before we sort out current trouble (and we have plenty of it). That's why I bother much about you wanting to add any more flows when nothing works yet)10:20
annpivasilevskaya, I think if our driver is not make sense, then we will meet unexpected problem. So Lets make it reasonable.10:20
annpivasilevskaya, then we can debug something related openflow.10:21
ivasilevskayaannp: this problem isn't related to the driver, smth is wrong with the flow matching rules10:21
ivasilevskayaannp: you will hit it with ovsfw\ovs10:22
annpivasilevskaya, No problem if driver can work correctly, lets make it reasonable and clean,10:22
annpthat mean first, we need to make driver code clean and reasonable, then we can debug that10:23
openstackgerritInessa Vasilevskaya proposed openstack/neutron-fwaas master: FWaaS v2 extension for L2 agent  https://review.openstack.org/32397110:23
annpivasilevskaya, So I'd like you update ovs code first, then we can debug to gather.10:24
ivasilevskayaannp: I have no idea what do you mean but "update ovs code"10:25
*** yamamoto has joined #openstack-fwaas10:26
ivasilevskayaannp: so either you do it yourself, or I locate the bug first and then push a PS with bugfix10:26
annpivasilevskaya, ah OK. I will do it and share with you if it's make sense we can merge them.10:28
ivasilevskayaannp: you are going to MERGE not working code???10:28
annpivasilevskaya, NO no, I mean we can mixed my local patch with your patch.10:29
ivasilevskayaannp: you see we have trouble with the core rules generation. Regardless of what you do with ovsfw support - this trouble won't be fixed. Because packets will still get to table 60 and be dropped in table 6310:30
annpivasilevskaya, if my patch can be work and make more sense.10:30
ivasilevskayaannp: and ovsfw (neutron's) rules will be applied afterwards10:30
ivasilevskayaannp: ok, let's cut this conversation - give it a try and let's see, maybe on one of our approaches works out.10:32
annpivasilevskaya, Have you read my last comment?10:32
ivasilevskayaannp: yes I did. Did you try it?10:34
ivasilevskayaannp: if this solves the connectivity problem - just verify it and file the patch10:34
ivasilevskayayou can even do it using ovs tools only by altering flows at br-int manually10:35
annpivasilevskaya, I will make it in local and share with you if it works as my expectation.10:35
ivasilevskayaannp: ok10:36
annpivasilevskaya, thanks for discussion. I'll leave office now. Have a great day ahead.10:37
ivasilevskayaannp: you too! :)10:37
*** annp has quit IRC10:40
*** ivasilevskaya has left #openstack-fwaas10:51
*** AlexeyAbashkin has joined #openstack-fwaas10:55
openstackgerrityangzhenyu proposed openstack/neutron-fwaas master: Enable to use conntrack driver in fwaas_v2  https://review.openstack.org/48998011:03
*** vks1 has quit IRC11:17
*** yamamoto has quit IRC11:59
*** jhesketh_ has joined #openstack-fwaas12:38
*** jhesketh has quit IRC12:43
*** yamamoto has joined #openstack-fwaas12:59
*** yamamoto has quit IRC13:07
*** yamamoto has joined #openstack-fwaas13:54
*** yamamoto has quit IRC13:55
*** vks1 has joined #openstack-fwaas14:03
*** yamamoto has joined #openstack-fwaas14:55
*** vks1 has quit IRC14:59
*** yamamoto has quit IRC15:05
*** vks1 has joined #openstack-fwaas15:14
*** vks1 has quit IRC16:07
*** AlexeyAbashkin has quit IRC16:47
*** vks1 has joined #openstack-fwaas16:48
*** vks1 has quit IRC17:59
*** AlexeyAbashkin has joined #openstack-fwaas18:19
*** AlexeyAbashkin has quit IRC18:24
*** AlexeyAbashkin has joined #openstack-fwaas19:19
*** AlexeyAbashkin has quit IRC19:24
*** openstackgerrit has quit IRC20:17
*** AlexeyAbashkin has joined #openstack-fwaas21:19
*** AlexeyAbashkin has quit IRC21:24
*** AlexeyAbashkin has joined #openstack-fwaas23:19
*** AlexeyAbashkin has quit IRC23:23
*** lnicolas has joined #openstack-fwaas23:29
« Tuesday, 2017-10-17 Index Thursday, 2017-10-19 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!