Thursday, 2017-11-30

« Wednesday, 2017-11-29 Index Friday, 2017-12-01 »
*** yamamoto has joined #openstack-fwaas00:02
*** threestrands has quit IRC00:21
*** yamamoto has quit IRC00:45
*** yamamoto has joined #openstack-fwaas01:24
*** annp has joined #openstack-fwaas01:56
*** yamamoto has quit IRC02:22
*** yamamoto has joined #openstack-fwaas02:24
*** vks1 has joined #openstack-fwaas02:26
*** yamamoto has quit IRC02:40
*** yamamoto has joined #openstack-fwaas02:54
*** threestrands has joined #openstack-fwaas02:55
*** yamamoto has quit IRC03:05
*** AlexeyAbashkin has joined #openstack-fwaas04:15
*** AlexeyAbashkin has quit IRC04:20
*** yamamoto has joined #openstack-fwaas05:39
*** yamamoto has quit IRC05:43
*** yamamoto has joined #openstack-fwaas05:53
*** yamamoto has quit IRC05:57
*** vks1 has quit IRC06:10
*** eN_Guruprasad_Rn has joined #openstack-fwaas06:16
*** vks1 has joined #openstack-fwaas06:25
*** yamamoto has joined #openstack-fwaas06:31
*** yamamoto has quit IRC06:43
*** threestrands has quit IRC06:50
*** yamamoto has joined #openstack-fwaas06:59
*** yamamoto has quit IRC07:06
*** yamamoto has joined #openstack-fwaas07:49
*** yamamoto has quit IRC07:51
*** yamamoto has joined #openstack-fwaas07:57
*** AlexeyAbashkin has joined #openstack-fwaas08:06
*** yamamoto has quit IRC08:33
*** yamamoto has joined #openstack-fwaas08:40
*** AlexeyAbashkin has quit IRC08:41
*** AlexeyAbashkin has joined #openstack-fwaas08:42
*** yamamoto has quit IRC08:44
*** yamamoto has joined #openstack-fwaas09:04
*** yamamoto has quit IRC09:19
*** eN_Guruprasad_Rn has quit IRC09:19
*** eN_Guruprasad_Rn has joined #openstack-fwaas09:19
*** xgerman_ has quit IRC10:09
*** fyxim has quit IRC10:09
*** xgerman_ has joined #openstack-fwaas10:15
*** fyxim has joined #openstack-fwaas10:15
*** annp has quit IRC10:23
openstackgerritAkihiro Motoki proposed openstack/neutron-fwaas-dashboard master: Some more cleanup around tox_install.sh  https://review.openstack.org/52413210:39
*** hoangcx has quit IRC10:43
*** hoangcx has joined #openstack-fwaas10:44
*** yamamoto has joined #openstack-fwaas12:37
*** yamamoto has quit IRC13:04
*** yamamoto has joined #openstack-fwaas13:05
*** vks1 has quit IRC13:26
*** vks1 has joined #openstack-fwaas13:34
*** hoangcx_ has joined #openstack-fwaas13:54
*** annp has joined #openstack-fwaas13:55
*** chandanc has joined #openstack-fwaas13:57
*** yushiro has joined #openstack-fwaas13:58
yushiroHi fwaas folks14:00
annphi yushiro and all14:01
yushiroxgerman_, I was absent for last meeting.  So, I'll chair today.14:01
yushiro#startmeeting fwaas14:01
openstackMeeting started Thu Nov 30 14:01:45 2017 UTC and is due to finish in 60 minutes.  The chair is yushiro. Information about MeetBot at http://wiki.debian.org/MeetBot.14:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:01
*** openstack changes topic to " (Meeting topic: fwaas)"14:01
openstackThe meeting name has been set to 'fwaas'14:01
chandancHello14:01
yushiro#chair xgerman_ yushiro14:02
openstackCurrent chairs: xgerman_ yushiro14:02
yushirochandanc, hi,  long time no see :)14:02
chandancHello yushiro14:02
*** SridarK has joined #openstack-fwaas14:02
yushiroSridarK, Hi!14:02
SridarKHi All14:02
yushiro#chair SridarK14:02
openstackCurrent chairs: SridarK xgerman_ yushiro14:02
yushiroOK, we just started now.  Good timing :)14:03
SridarKI think according to our etherpad - today is my turn14:03
yushiroAh, OK SridarK and sorry I was absent last meeting.14:03
SridarKbut yushiro if u have started running already14:03
SridarKpls go ahead14:04
yushiroSure14:04
yushiro#topic Queens14:04
*** openstack changes topic to "Queens (Meeting topic: fwaas)"14:04
SridarKyushiro: yes no worries14:04
yushiro1. l2-agent14:04
yushirooops,  1. l2-agent     2.OVS firewall   3. co-existing   Now we are talking about '1.'14:05
yushiro#link https://review.openstack.org/#/c/323971/14:05
SridarKannp: i think ur last update on PS7714:05
annpSridarK, yes.14:06
yushiroNow, this patch is independent and annp added 'sg_enabled' flag on it.14:06
SridarKtook care of checking the enable flag14:06
SridarKyes14:06
SridarKI am checking that and can do a +2 soon14:07
yushiroSridarK, Good.  In my point of view, there is no issue now.14:07
SridarKyushiro: +114:07
annp+1 yushiro14:07
yushiroannp, if you feel there is no issue, plz put +1 :)14:07
annpyushiro Sure. :)14:08
yushirohoangcx, I'd like to ask you to check this patch either.14:08
annpyushiro, Done.14:08
yushiroOK, I'll check it again and start updating 'auto-association default fwg patch'.14:09
SridarKyushiro: sounds good14:09
yushiroOK, let's move next patch.14:09
yushiro[1. l2-agent    **2.OVS firewall   3. co-existing]14:10
yushiro#link https://review.openstack.org/#/c/447251/5414:10
yushirochandanc, and annp has updated.  Could you tell me some updates?14:10
yushiros/me/us14:11
annpregarding to ovs firewall driver patch: i added handling for port no security group in standalone mode of fwg14:11
chandancannp did most of the update on OVS patch, the only change i proposed was to move the sg_enabled detection logic to the agent14:11
annpchandanc, yes.14:12
yushirochandanc, annp OK, I see.  Thanks for your update :)14:12
annpI also added explicit drop flows for deny and reject rules14:12
annpfinally, I added generating flow's priority for each fwg rule to respect rule ordering.14:13
SridarKannp: so on a FWaaS deny we will drop at this table14:14
SridarKand on FWaaS permit - if SG is enabled then we will punt to SG14:15
annpSridarK: yes.14:15
*** chandanc_ has joined #openstack-fwaas14:16
yushiroannp, In order to transit fwg to sg, we need https://review.openstack.org/#/c/515368/12 ?14:16
SridarKannp: on drops there is only one caveat that SG logging will miss it14:16
annpyushiro, yes. we need co-existence patch for co-existence mode.14:17
SridarKif SG was also enabled once we have SG logging14:17
*** chandanc has quit IRC14:18
annpSridarK: yes, security group logging will miss drop packets. I think it should be documented in case co-existence14:18
yushiroSridarK, ah, yes.14:18
*** chandanc_ has quit IRC14:18
SridarKannp: yushiro: yes that is a caveat we can fix with documentation14:18
*** chandanc has joined #openstack-fwaas14:18
SridarKok we are on the same page14:19
chandancsorry facing connection issue14:19
hoangcx_Or can we add more validation to handle it?14:19
yushirochandanc, NP.  I hope your connection become stable :)14:19
annphoangcx_: what do you mean? validation?14:20
SridarKhoangcx_: are u asking on the logging issue ?14:20
chandancthanks yushiro :)14:20
hoangcx_Sorry, it will not work. I think documentation is better.14:20
annphoangcx_: +114:20
SridarKif so we want the logging stats to reflect - we will incur a performance penalty too14:21
SridarKyes doc is better14:21
hoangcx_SridarK: +114:21
SridarKanyways we will support Logging on FWaaS too once SG is done14:21
yushiroSo, we should implement fwaas logging ASAP :)14:22
SridarK:-)14:22
yushiroAha, SridarK +114:22
annpSridarK: yeah. +114:22
chandancsure14:22
yushiroannp, Your co-existing patch is 'PoC'.  I haven't tested this patch yet.  Is it work now?14:23
annpyushiro, yes, It work fine now.14:23
chandancyes i could do some tests14:23
yushiroannp, If it works correctly, could you remove 'PoC' from commit msg?14:23
yushirochandanc, OK, sounds good.14:24
annpRegarding to co-existing patch, chandanc: do you want to update?14:24
chandancannp: i dont think i will be updating it for now14:24
annpyushiro, Sure, I will remove that.14:24
chandancwill have to wait for feedback14:24
chandancI have update the ppt to the latest implementation14:25
chandanchttps://docs.google.com/presentation/d/1tRf-JQQiF0v_BdJahDjraxSEgz3c41YGdzHj3ui1C0Q/edit#slide=id.g29cfa03b8a_0_5614:25
yushiro1 feedback for this patch.  Please write releasenote about an effect for logging feature.14:25
annpchandanc, I think so too. We are waiting feedback from yushiro, SridarK, xgerman_, ... for that14:25
yushiroI'll comment on it.14:26
yushiroafter this meeting.14:26
xgerman_o/14:26
SridarKannp: will do14:26
annpSridarK, Yushiro, xgerman_:  Thanks :)14:26
yushiroOK, Q-2 is only 4 days or ...  We'll do our best.14:27
yushiroAnything else for this topic?14:27
annpthat's all from me14:28
yushiroOK, let's move on next topic.14:28
*** chandanc_ has joined #openstack-fwaas14:28
yushiro#topic Horizon support14:28
*** openstack changes topic to "Horizon support (Meeting topic: fwaas)"14:28
yushirochandanc, Do you know Sarath today?14:29
yushiro#link https://bugs.launchpad.net/neutron-fwaas-dashboard14:29
*** chandanc has quit IRC14:30
*** chandanc_ is now known as chandanc14:30
yushiroAll of bugs or backlog were listed on launchpad now.14:30
chandancnot sure about him, he got into some office work14:30
yushirochandanc, OK, thank you.14:30
SridarKI think we had a few minor issues and will be good to be ready with L2 support14:31
xgerman_yes, I think it was mostly good14:31
yushiroYeah.  I think this is worth to fix it:  'ip_version' doesn't exist in detail firewall rule view' - https://bugs.launchpad.net/neutron-fwaas-dashboard/+bug/172883814:32
openstackLaunchpad bug 1728838 in Neutron FWaaS dashboard "'ip_version' doesn't exist in detail firewall rule view" [Undecided,New]14:32
amotokiif you need to be a bug supervisor, feel free to request to join a team.14:33
amotokiwe need to expand the bug team14:33
yushiroamotoki, Thanks.14:34
SridarK+114:34
yushiroamotoki, you mean $B!H(BNeutron FWaaS dashboard Driver Team$B!I(B team ?14:35
yushiroah, duplicated 'team' :)14:35
amotokisome japanese chars are included????14:35
amotokiyushiro: yes, neutron-fwaas-dashboard is a separate launchpad project, so it has a separate team.14:36
amotokiif you are okay, I can add neutron-bugs team to the neutron-fwaas-dashboard bug team in launchpad14:36
amotokiit might be more reasonable solution14:37
yushiroAh, I think it's OK.  How about you, SridarK and xgerman_ ?14:37
xgerman_+114:37
SridarKyes i think tht works14:37
xgerman_we are part of the community14:37
amotokithanks. I will update it soon14:38
yushiroYes (^_^)v14:38
amotokiah, i noticed a better approach. I can set neutron-bugs team as the bug supervisor of neutron-fwaas-dashboard :)14:38
*** chandanc has quit IRC14:38
amotokidone14:39
yushiroamotoki, Thanks for your quick update14:39
xgerman_+114:39
SridarKyes thx amotoki14:39
yushiroOK, let's move next topic.14:40
*** chandanc has joined #openstack-fwaas14:40
yushiro#topic Stadium Compliance14:40
*** openstack changes topic to "Stadium Compliance (Meeting topic: fwaas)"14:40
yushiroIs reedip here?14:40
yushiroOK, maybe today he is off I think.14:41
yushiroOK, let's move on next topic.14:42
yushiro#topic bugs14:42
*** openstack changes topic to "bugs (Meeting topic: fwaas)"14:42
yushiro#link http://urx2.nu/C7UI14:42
xgerman_we need to classify the undecided ones14:44
yushiroyes.14:45
yushiroI'll check it after this meeting.14:45
xgerman_thanks — I can go through them as well14:46
yushiroxgerman_, NP :)14:46
SridarKlets maybe meet for 30 mins on Mon or Tue and run thru them ?14:46
xgerman_ok, works for me14:46
yushiroSure.14:46
SridarKWe can look thru and decide amongst us quickly14:46
xgerman_+114:46
yushiro+1+114:46
SridarKWe can meet during yushiro's day time14:47
SridarKwill make it easier on xgerman_ and myself14:47
SridarKas well14:47
SridarKwill be our evening14:47
yushiroWow, thanks :)  I think it's ok for same time for this meeting.14:47
yushiro#topic Open Discussion14:48
*** openstack changes topic to "Open Discussion (Meeting topic: fwaas)"14:48
SridarKdoude: i have not got to ur changes yes14:48
SridarK*yet14:48
SridarKas soon as L2 is done i can start looking14:48
doudeHi14:48
doudeok I'm waiting lé merge14:48
doudes/lé/l214:49
SridarKdoude: yes14:49
yushirodoude, Hi. since Sydney :)14:49
doudeI"m in starting blocks14:49
doudeHi yushiro14:49
yushiroJust an announcement:  PTG will be held in Dublin at Feb.  https://www.openstack.org/ptg/14:49
yushiroAlso there is Travel Support Program here: https://www.openstack.org/ptg/#tab_travel14:50
xgerman_ok, I have plane tickets ;-)14:51
yushiroJanuary 4, 2018: Deadline to submit applications for Round One approvals14:51
xgerman_k14:51
yushiroJanuary 25, 2018: Deadline to submit applications for Round Two approvals14:51
yushiroI strongly hope to meet members in Dublin :)  Of course, I'll register TSP!14:52
SridarKi am not sure yet14:52
doudenot sure yet also14:52
yushirohaha,  me too :)  I'll try it.14:53
yushiroQ-2 is Dec 04 - Dec 08.14:55
yushiroFWaaS team can help each other and I believe we can do it :)14:56
xgerman_yeah, we *really* need to get L2 in by then14:56
yushiro+114:56
SridarK+114:56
xgerman_yushiro do you recall if we ever officially release the V2 API?14:56
yushiroxgerman_, let me see.. I think no need to do that because we don't change V2 API.14:58
xgerman_I want to change V2 ;-)14:58
xgerman_I am adding remote fwg14:59
hoangcx_with remote fgw?14:59
xgerman_yes14:59
yushiroAh, like SG 'remote_group_id'.14:59
xgerman_yep, was in our spec14:59
xgerman_now I am wondering if I need an Extension or not14:59
xgerman_if we never released Not…15:00
yushiroI think it's OK to add with reno.15:01
yushiroOh, it's over time :)15:01
yushiro#endmeeting15:01
*** openstack changes topic to "#openstack-fwaas"15:01
xgerman_k15:01
openstackMeeting ended Thu Nov 30 15:01:13 2017 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:01
openstackMinutes:        http://eavesdrop.openstack.org/meetings/fwaas/2017/fwaas.2017-11-30-14.01.html15:01
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/fwaas/2017/fwaas.2017-11-30-14.01.txt15:01
openstackLog:            http://eavesdrop.openstack.org/meetings/fwaas/2017/fwaas.2017-11-30-14.01.log.html15:01
xgerman_o/15:01
yushiroSridarK, How do you think about adding an attribute into v2 API like 'remote_group_id'?15:02
SridarKyushiro: i think it is ok - worst case we will need an extension15:03
yushiroSridarK, OK, so we're on same page now.15:03
annpxgerman_ do you want remote_group_id on L3 side or l2 side or both of them?15:03
*** hoangcx_ has quit IRC15:05
annpxgerman_: Just a question :)15:05
yushiroGood point.  In L3, we need to translate from fwg to IP addresses and insert into iptables by using ipset or some command I think.15:07
*** eN_Guruprasad_Rn has quit IRC15:07
annpIn l2 we can use conjunct flows to do that.15:09
yushiroannp, yeah, we have feasibility for both I think.15:10
annpBut conjunct flows are quite complicated. It will take our time.15:10
yushiroOK.15:11
yushiroI'll leave it now... good night.15:11
*** yushiro has quit IRC15:11
annpgood night!15:11
annpsee you guys, thank you.15:12
*** annp has quit IRC15:12
*** chandanc has quit IRC15:29
-openstackstatus- NOTICE: if you receieved a result of "RETRY_LIMIT" after 14:15 UTC, it was likely due to an error since corrected. please "recheck"15:37
*** yamamoto has quit IRC15:49
*** yamamoto has joined #openstack-fwaas15:50
xgerman_annp I can see it for both L2 and L3 —15:51
*** eN_Guruprasad_Rn has joined #openstack-fwaas15:52
*** eN_Guruprasad_Rn has quit IRC16:08
*** AlexeyAbashkin has quit IRC17:01
*** SumitNaiksatam has joined #openstack-fwaas17:53
*** vks1 has quit IRC18:10
*** SridarK has quit IRC18:14
*** openstackgerrit has quit IRC18:48
*** AlexeyAbashkin has joined #openstack-fwaas19:52
*** AlexeyAbashkin has quit IRC19:59
*** SumitNaiksatam has quit IRC20:00
*** AlexeyAbashkin has joined #openstack-fwaas20:12
*** AlexeyAbashkin has quit IRC20:17
*** threestrands has joined #openstack-fwaas21:12
*** openstackgerrit has joined #openstack-fwaas22:52
openstackgerritGerman Eichberger proposed openstack/neutron-fwaas master: [WIP] Adds remote firewall group  https://review.openstack.org/52120722:52
*** AlexeyAbashkin has joined #openstack-fwaas23:12
*** AlexeyAbashkin has quit IRC23:16
« Wednesday, 2017-11-29 Index Friday, 2017-12-01 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!