| *** lnicolas has joined #openstack-fwaas | 01:03 | |
| *** annp has joined #openstack-fwaas | 02:50 | |
| *** yamamoto has joined #openstack-fwaas | 02:57 | |
| *** openstackgerrit has joined #openstack-fwaas | 02:59 | |
| openstackgerrit | chandanc proposed openstack/neutron-fwaas master: Fixing OVS driver coexistence check https://review.openstack.org/535237 | 02:59 |
|---|---|---|
| *** threestrands has quit IRC | 05:40 | |
| openstackgerrit | Nguyen Phuong An proposed openstack/neutron-fwaas master: WIP: validate port in coexistence mode https://review.openstack.org/536234 | 07:03 |
| *** AlexeyAbashkin has joined #openstack-fwaas | 08:15 | |
| openstackgerrit | Nguyen Phuong An proposed openstack/neutron-fwaas master: WIP: validate port in coexistence mode https://review.openstack.org/536234 | 09:41 |
| *** yamamoto has quit IRC | 09:57 | |
| *** yamamoto has joined #openstack-fwaas | 09:58 | |
| openstackgerrit | Nguyen Phuong An proposed openstack/neutron-fwaas master: WIP: validate port in coexistence mode https://review.openstack.org/536234 | 10:00 |
| *** yamamoto has quit IRC | 10:03 | |
| *** yamamoto has joined #openstack-fwaas | 10:09 | |
| *** yamamoto has quit IRC | 10:10 | |
| *** yamamoto has joined #openstack-fwaas | 10:12 | |
| doude | Hi there | 11:06 |
| doude | I've an issue with default firewall resources | 11:06 |
| doude | that resources cannot be updated ? | 11:06 |
| doude | we cannot change rules of the default firewall? | 11:07 |
| doude | and a user cannot add ports to the default firewall group? | 11:07 |
| doude | reedip xgerman_ --^ | 11:07 |
| *** annp has quit IRC | 11:22 | |
| *** AlexeyAbashkin has quit IRC | 11:32 | |
| *** openstackgerrit has quit IRC | 11:33 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 11:41 | |
| *** reedip has quit IRC | 12:59 | |
| *** yamamoto has quit IRC | 12:59 | |
| *** reedip has joined #openstack-fwaas | 13:11 | |
| *** yamamoto has joined #openstack-fwaas | 13:19 | |
| *** yamamoto has quit IRC | 14:17 | |
| *** yamamoto has joined #openstack-fwaas | 14:18 | |
| *** yamamoto has quit IRC | 14:23 | |
| *** yamamoto has joined #openstack-fwaas | 14:49 | |
| *** yamamoto has quit IRC | 14:54 | |
| xgerman_ | doude I think a user/admin should be able to update/change default firewall | 15:15 |
| *** yamamoto has joined #openstack-fwaas | 15:15 | |
| *** yamamoto has quit IRC | 15:15 | |
| doude | xgerman_ when I read that code https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/db/firewall/v2/firewall_db_v2.py#L985-L988, I'm not sure it's possible | 15:48 |
| doude | in fact I've got a weird issue | 15:48 |
| xgerman_ | Mmh... | 15:49 |
| doude | as a normal user, if I try to set a port to the default fw group I get that error: | 15:54 |
| doude | Failed to set firewall group 'default': Operation cannot be performed on default object '99161c79-37ce-46c9-87e5-1b5173ac776c' of type Firewall Group. | 15:54 |
| doude | xgerman_ --^ | 15:54 |
| doude | but fianlly the port is added to the fw group port list | 15:55 |
| xgerman_ | yeah, the idea is that the FWG gest applied at port creation automaticlly | 15:55 |
| xgerman_ | so I was thinking you talked about not able to add rules, policies | 15:56 |
| doude | but we cannot applied port manually if auto_associate_default_firewall_group is false? | 15:56 |
| xgerman_ | yeah, technically we should allow that so it might be good to file. abug | 15:57 |
| doude | but the weird issue is I get an error when I try to add port but the port is still added | 15:58 |
| xgerman_ | understood - we didn’t test this since we thought if somebody disable auto-association he didn’t want the whole FWG at all | 15:59 |
| doude | ok | 15:59 |
| xgerman_ | clearly the wrong assumption… | 15:59 |
| doude | and you mean we can add policies or rules to the default fw group? | 16:00 |
| xgerman_ | that’s what should work… we also spend some time tetsing to delete the FWG and then it showed up again… | 16:00 |
| doude | seems not work xgerman_ | 16:03 |
| doude | http://paste.openstack.org/show/650070/ | 16:04 |
| xgerman_ | oh, no | 16:10 |
| *** yamamoto has joined #openstack-fwaas | 16:16 | |
| *** yamamoto has quit IRC | 16:27 | |
| *** AlexeyAbashkin has quit IRC | 16:27 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 17:54 | |
| *** AlexeyAbashkin has quit IRC | 17:56 | |
| doude | you confirm xgerman_? | 17:59 |
| xgerman_ | I am swamped with internal stuff but will look at it this afternoon… | 18:05 |
| xgerman_ | (pacific time) | 18:06 |
| doude | ok | 18:06 |
| doude | just a question xgerman_ if you have time | 18:10 |
| xgerman_ | sure | 18:18 |
| doude | I think I found my answer with patch https://review.openstack.org/#/c/535237/2 | 18:19 |
| doude | Ive to use SG ovs driver to use fw ovs driver together | 18:20 |
| doude | and if I understood correctly FW rules are more prioritary? | 18:20 |
| *** AlexeyAbashkin has joined #openstack-fwaas | 18:38 | |
| *** AlexeyAbashkin has quit IRC | 18:42 | |
| *** SridarK has joined #openstack-fwaas | 18:47 | |
| SridarK | doude: ping | 18:47 |
| doude | hi SridarK | 18:47 |
| SridarK | Hi doude | 18:47 |
| SridarK | did u hear back from Miguel on the bp issue | 18:48 |
| doude | no nothing | 18:48 |
| SridarK | yes i did not see a response either - can u pls check with him also | 18:49 |
| SridarK | So i think u are doing some testing - xgerman_ pointed out some issues u ran into | 18:49 |
| SridarK | pls publish into the etherpad | 18:49 |
| SridarK | i am going thru the PS as well | 18:49 |
| doude | I think I've weird behavior with default fw group/policy/rules | 18:50 |
| SridarK | so either case we will try and be ready | 18:50 |
| SridarK | yes xgerman_ mentioned that | 18:50 |
| doude | I've to push a new patch set which fix the auto set default fw group to new | 18:50 |
| doude | port | 18:50 |
| SridarK | ok | 18:50 |
| doude | but I've some issue to have a proper devstack config which works with OVS firewall | 18:51 |
| SridarK | i would say that dont worry abt existing issues - we can focus more on any regression that may happen with ur changes | 18:51 |
| SridarK | we can track existing issues and bugs and get a fix in | 18:51 |
| doude | here my local.conf http://paste.openstack.org/show/650292/ | 18:52 |
| doude | ok | 18:52 |
| SridarK | Later today - we can get some feedback from yushiro and annp | 18:52 |
| SridarK | on the default fwg | 18:53 |
| doude | ok | 18:54 |
| *** openstackgerrit has joined #openstack-fwaas | 18:54 | |
| openstackgerrit | Édouard Thuleau proposed openstack/neutron-fwaas master: Implements a plugable backend driver https://review.openstack.org/480265 | 18:54 |
| doude | I just pushed a new patch set | 18:54 |
| SridarK | ok | 18:55 |
| SridarK | thx doude - lets keep our fingers crossed | 18:56 |
| doude | :) | 18:57 |
| openstackgerrit | chandanc proposed openstack/neutron-fwaas master: Fixing OVS driver coexistence check https://review.openstack.org/535237 | 19:01 |
| *** AlexeyAbashkin has joined #openstack-fwaas | 19:08 | |
| *** AlexeyAbashkin has quit IRC | 19:20 | |
| *** SridarK has quit IRC | 20:08 | |
| *** SridarK has joined #openstack-fwaas | 21:52 | |
| *** lnicolas has quit IRC | 22:03 | |
| *** openstackgerrit has quit IRC | 22:18 | |
| *** SridarK has quit IRC | 22:26 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 23:18 | |
| *** AlexeyAbashkin has quit IRC | 23:23 | |
| *** lnicolas has joined #openstack-fwaas | 23:37 | |
| *** openstack has quit IRC | 23:55 | |
| *** openstack has joined #openstack-fwaas | 23:57 | |
| *** ChanServ sets mode: +o openstack | 23:57 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!