| *** openstackgerrit has joined #openstack-fwaas | 01:08 | |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/neutron-fwaas master: Updated from global requirements https://review.openstack.org/537087 | 01:08 |
|---|---|---|
| openstackgerrit | OpenStack Proposal Bot proposed openstack/neutron-fwaas-dashboard master: Updated from global requirements https://review.openstack.org/535027 | 01:08 |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/neutron-fwaas-dashboard master: Updated from global requirements https://review.openstack.org/535027 | 02:04 |
| *** yamamoto has joined #openstack-fwaas | 02:13 | |
| *** SridarK has joined #openstack-fwaas | 03:33 | |
| *** annp has joined #openstack-fwaas | 03:48 | |
| *** annp has quit IRC | 04:33 | |
| *** annp has joined #openstack-fwaas | 04:34 | |
| *** lnicolas has quit IRC | 05:55 | |
| SridarK | annp: hi | 06:16 |
| SridarK | regarding https://review.openstack.org/#/c/535237/ | 06:16 |
| SridarK | can we move fwd on that - i think it solves at least an immediate issue with breakage on coexistence | 06:17 |
| SridarK | if we need to look for a more complete solution we can work towards that but given the deadline for tomorrow - do u see a major issue here | 06:17 |
| annp | SridarK, hi | 06:35 |
| SridarK | annp: hi - i just see ur latest comment | 06:36 |
| SridarK | i send out an email b4 | 06:36 |
| annp | Sridark, In short term, I think it can be consider as a temporary fix. So Please go with chandanc's patch. | 06:36 |
| SridarK | annp: ur concern is if we have either an iptables implementation of FWaaS or someother non-ovs implementation of FWaaS ? | 06:37 |
| SridarK | I am sorry i am trying to understand more | 06:38 |
| *** threestrands has joined #openstack-fwaas | 06:39 | |
| annp | SirdarK, my concern is maybe there is another implementation base ovs but the driver will use sg_enable by another ways to check coexistence. Because I see changing sg_enable value at Firewall L2 agent is not quite reasonable. | 06:41 |
| annp | SridarK, why does Firewall L2 agent need to take care coexistence or not? | 06:42 |
| annp | Actually, I don't found a reason for that | 06:43 |
| SridarK | annp: I think the logic we should apply is: (if SG is enabled AND SG is an ovs based implementation) AND FWaaS_L2 --> then we need to handle coexistence | 06:45 |
| SridarK | the assumption is that FWaaS_L2 is ovs based | 06:47 |
| annp | SridarK, I think checking whether redirect packet to sg tables should be do in Firewall L2 driver side not at Firewall l2 agent side. It's better I think | 06:48 |
| *** threestrands has quit IRC | 06:49 | |
| annp | why does we check sg_driver at Firewall L2 driver side? | 06:50 |
| annp | s/does/do | 06:50 |
| SridarK | annp: ok so ur point is that it should be setup and not do the check either in the agent or driver ? | 06:51 |
| annp | https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/drivers/linux/l2/openvswitch_firewall/firewall.py#L242 | 06:51 |
| annp | We should check sg_driver = openvswitch at Driver | 06:52 |
| SridarK | ok so if the sg driver is ovs then we do coexistence | 06:53 |
| annp | yes. | 06:53 |
| SridarK | and if the sg driver is iptables or noop we dont do coexistence | 06:53 |
| SridarK | is that what u mean ? | 06:53 |
| annp | yep! | 06:53 |
| SridarK | and u have concern with overloading on sg_enabled | 06:54 |
| SridarK | i think that is reasonable | 06:54 |
| annp | yes, that's my concern. | 06:54 |
| SridarK | so given we are only a day away - are u okay with getting this in as temporary solution | 06:55 |
| SridarK | and then we can refactor ? | 06:55 |
| SridarK | maybe u can continue more discussion with chandan when he is online during ur daytime | 06:55 |
| annp | of course, I tried to raise my point to get a better solution :) | 06:56 |
| SridarK | oh absolutely and i welcome that | 06:56 |
| SridarK | i am just trying to understand and hence my questions | 06:56 |
| SridarK | :-) | 06:57 |
| SridarK | And tomorrow during my daytime - we can get this merged before the deadline | 06:57 |
| SridarK | So the plan: | 06:57 |
| SridarK | 1) annp & chandanc to discuss more | 06:58 |
| annp | thank you. I'll reach out him on tomorrow, because I will go to another place later | 06:58 |
| SridarK | 2) If we dont have a clear plan - we will go with https://review.openstack.org/#/c/535237/ | 06:58 |
| SridarK | 3) we can open a bug to track refactor | 06:58 |
| SridarK | annp: no worries if u need to be away | 06:59 |
| SridarK | my only concern is the timing | 06:59 |
| SridarK | It is 11pm in my time zone now (US Pacific) | 06:59 |
| SridarK | lets shoot for some path forward by 6am (US Pacific) before u end ur day | 07:00 |
| SridarK | or at least remove the -1 on the PS | 07:00 |
| annp | SridarK, thanks and I think we should go with https://review.openstack.org/#/c/536234/ also if possible because the change will make sure the behavior of fwg not break by a hybrid port | 07:00 |
| SridarK | if we take that approach then we can track with a bug | 07:01 |
| SridarK | for refactor | 07:01 |
| SridarK | so are u proposing 536234 in lieu of 535237 ? | 07:01 |
| SridarK | or get in both ? | 07:02 |
| annp | SridarK, OK. I will remove now. This time OK for me. | 07:02 |
| annp | both of them is better. | 07:02 |
| SridarK | and lets continue the discussion | 07:02 |
| SridarK | ok pls do try to sync up with chandanc on that as well | 07:03 |
| annp | But we can go with 535237 first. | 07:03 |
| annp | OK, I will comment on his patch. | 07:03 |
| SridarK | i will check in during my morning | 07:03 |
| annp | SridarK, thanks in advance. :) | 07:04 |
| SridarK | if u agree for the workaround - remove the -1 and put a comment that this may need a refactor for a cleaner solution | 07:04 |
| SridarK | annp: no worries at all thank u for ur understanding | 07:04 |
| SridarK | We will merge tomorrow so we meet the deadline of Wed eve Pacific time | 07:05 |
| SridarK | Many thz | 07:05 |
| SridarK | *thx | 07:05 |
| SridarK | I will sign off now | 07:05 |
| annp | SridarK, you're welcome. | 07:06 |
| annp | Have a great day ahead :) | 07:06 |
| annp | see you tomorrow! | 07:06 |
| SridarK | I hope to sleep :-) u have a great day | 07:06 |
| SridarK | thx annp | 07:06 |
| SridarK | talk tomorrow | 07:06 |
| *** annp has quit IRC | 07:10 | |
| *** SridarK has quit IRC | 07:10 | |
| openstackgerrit | Yushiro FURUKAWA proposed openstack/neutron-fwaas master: Enable to associate ports with default fwg for non-admin users https://review.openstack.org/536845 | 07:11 |
| *** yushiro has joined #openstack-fwaas | 07:14 | |
| yushiro | reedip, Thanks for your review(https://review.openstack.org/#/c/536845) | 07:15 |
| yushiro | I just updated it. | 07:15 |
| *** AlexeyAbashkin has joined #openstack-fwaas | 08:23 | |
| openstackgerrit | Merged openstack/neutron-fwaas master: Updated from global requirements https://review.openstack.org/537087 | 08:49 |
| openstackgerrit | Merged openstack/neutron-fwaas master: Support IPv6 for netlink_conntrack https://review.openstack.org/527044 | 08:50 |
| *** yamamoto has quit IRC | 08:53 | |
| openstackgerrit | Yushiro FURUKAWA proposed openstack/neutron-fwaas master: Fixing OVS driver coexistence check https://review.openstack.org/535237 | 09:10 |
| *** yamamoto has joined #openstack-fwaas | 09:10 | |
| *** yushiro has quit IRC | 09:16 | |
| *** yamamoto has quit IRC | 09:59 | |
| *** yamamoto has joined #openstack-fwaas | 10:16 | |
| *** AlexeyAbashkin has quit IRC | 10:53 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 10:54 | |
| *** AlexeyAbashkin has quit IRC | 13:47 | |
| *** lnicolas has joined #openstack-fwaas | 13:49 | |
| *** yamamoto has quit IRC | 13:53 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 14:00 | |
| *** yamamoto has joined #openstack-fwaas | 14:10 | |
| *** AlexeyAbashkin has quit IRC | 14:33 | |
| *** cleong has joined #openstack-fwaas | 14:42 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 15:00 | |
| -openstackstatus- NOTICE: gerrit has been suffering from a full disk, some mails may have been lost in the last couple of hours. we will now restart gerrit to address ongoing slowness, too | 15:23 | |
| xgerman_ | o/ | 15:46 |
| *** annp has joined #openstack-fwaas | 15:48 | |
| *** AlexeyAbashkin has quit IRC | 16:05 | |
| openstackgerrit | Nguyen Phuong An proposed openstack/neutron-fwaas master: Add checking whether current FWaaS L2 driver support for a port or not https://review.openstack.org/536234 | 16:10 |
| openstackgerrit | Nguyen Phuong An proposed openstack/neutron-fwaas master: Add checking whether a port is supported by current FWaaS L2 driver or not https://review.openstack.org/536234 | 16:13 |
| *** annp has quit IRC | 16:35 | |
| *** yamamoto has quit IRC | 16:49 | |
| *** yamamoto has joined #openstack-fwaas | 17:05 | |
| *** yamamoto has quit IRC | 17:07 | |
| *** yamamoto has joined #openstack-fwaas | 17:07 | |
| *** yamamoto has quit IRC | 17:07 | |
| openstackgerrit | Merged openstack/neutron-fwaas master: Add Zuul v3 native midonet cross test https://review.openstack.org/536091 | 17:17 |
| openstackgerrit | Merged openstack/neutron-fwaas master: Fixing OVS driver coexistence check https://review.openstack.org/535237 | 17:51 |
| *** yamamoto has joined #openstack-fwaas | 18:07 | |
| *** yamamoto has quit IRC | 18:18 | |
| openstackgerrit | Merged openstack/neutron-fwaas master: Enable to associate ports with default fwg for non-admin users https://review.openstack.org/536845 | 18:20 |
| *** jafeha__ has joined #openstack-fwaas | 18:21 | |
| *** jafeha has quit IRC | 18:24 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 19:34 | |
| *** AlexeyAbashkin has quit IRC | 19:38 | |
| *** cleong has quit IRC | 20:37 | |
| *** threestrands has joined #openstack-fwaas | 21:41 | |
| *** threestrands_ has joined #openstack-fwaas | 21:44 | |
| *** threestrands_ has quit IRC | 21:44 | |
| *** threestrands_ has joined #openstack-fwaas | 21:44 | |
| *** threestrands has quit IRC | 21:47 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!