Thursday, 2018-06-21

« Wednesday, 2018-06-20 Index Friday, 2018-06-22 »
*** longkb has joined #openstack-fwaas00:34
*** yamamoto has joined #openstack-fwaas00:46
*** yamamoto has quit IRC00:52
*** yamamoto has joined #openstack-fwaas01:48
*** yamamoto has quit IRC01:54
*** yamamoto has joined #openstack-fwaas02:50
*** yamamoto has quit IRC02:54
*** yamamoto has joined #openstack-fwaas03:51
*** hoangcx has quit IRC03:54
*** yamamoto has quit IRC03:56
*** hoangcx has joined #openstack-fwaas04:07
*** yamamoto has joined #openstack-fwaas04:41
*** AlexeyAbashkin has joined #openstack-fwaas05:58
*** AlexeyAbashkin has quit IRC06:43
*** AlexeyAbashkin has joined #openstack-fwaas06:43
*** hoangcx has quit IRC06:48
*** hoangcx has joined #openstack-fwaas06:49
*** Alexey_Abashkin has joined #openstack-fwaas07:23
*** AlexeyAbashkin has quit IRC07:24
*** Alexey_Abashkin is now known as AlexeyAbashkin07:24
*** annp has joined #openstack-fwaas07:34
openstackgerritNguyen Phuong An proposed openstack/neutron-fwaas master: Firewall L3 logging extension  https://review.openstack.org/57633808:09
openstackgerritYushiro FURUKAWA proposed openstack/neutron-fwaas master: WIP: Add python binding for libnetfilter_log  https://review.openstack.org/53069408:42
openstackgerritNguyen Phuong An proposed openstack/neutron-fwaas master: Firewall L3 logging extension  https://review.openstack.org/57633808:43
openstackgerritNguyen Phuong An proposed openstack/neutron-fwaas master: Firewall L3 logging extension  https://review.openstack.org/57633809:12
openstackgerritNguyen Phuong An proposed openstack/neutron-fwaas master: Firewall L3 logging extension  https://review.openstack.org/57633809:21
openstackgerritNguyen Phuong An proposed openstack/neutron-fwaas master: Firewall L3 logging extension  https://review.openstack.org/57633809:24
openstackgerritNguyen Phuong An proposed openstack/neutron-fwaas master: Firewall L3 logging extension  https://review.openstack.org/57633809:29
openstackgerritYushiro FURUKAWA proposed openstack/neutron-fwaas master: Migrate to stestr as unit tests runner  https://review.openstack.org/50552609:51
*** annp has quit IRC10:20
*** yamamoto has quit IRC11:05
*** yamamoto has joined #openstack-fwaas11:06
*** yamamoto has quit IRC11:10
*** yamamoto has joined #openstack-fwaas12:04
*** longkb has quit IRC12:28
*** yamamoto has quit IRC12:51
*** yamamoto has joined #openstack-fwaas13:25
*** annp has joined #openstack-fwaas13:34
*** yamamoto has quit IRC13:36
*** yamamoto has joined #openstack-fwaas13:48
*** wkite has joined #openstack-fwaas13:56
*** longkb has joined #openstack-fwaas14:00
xgerman_o/14:00
longkbo/14:00
*** SridarK has joined #openstack-fwaas14:00
SridarKHi FWaaS folks14:01
annphi14:01
wkitehi14:01
SridarK#startmeeting fwaas14:01
openstackMeeting started Thu Jun 21 14:01:42 2018 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.14:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:01
*** openstack changes topic to " (Meeting topic: fwaas)"14:01
openstackThe meeting name has been set to 'fwaas'14:01
SridarK#chair xgerman_14:01
openstackCurrent chairs: SridarK xgerman_14:01
*** yushiro has joined #openstack-fwaas14:02
*** annp has quit IRC14:02
yushiroHi14:02
yushiroSorry I was late.14:02
xgerman_#chairs yushiro14:02
xgerman_#chair yushiro14:02
openstackCurrent chairs: SridarK xgerman_ yushiro14:02
SridarKok lets get started14:03
SridarKyushiro: ur turn today ?14:03
yushiroYes, SridarK .14:03
SridarKyushiro: pls go ahead :-)14:03
yushiro#topic announcements14:03
*** openstack changes topic to "announcements (Meeting topic: fwaas)"14:03
*** annp has joined #openstack-fwaas14:04
yushiroDoes anyone have any announcement?14:04
xgerman_travel support for PTG ends 6/30 or so14:04
xgerman_Programming Comittee nomination for Berlin end 6/2814:05
yushiroxgerman_, +1 :)14:05
yushiro#link https://www.openstack.org/ptg/#tab_travel14:05
annp+114:06
xgerman_CfP for Berlin ends 7/1714:06
njohnstono/14:06
xgerman_and R3 is near14:06
yushiroAh, Yes.  That's a good information.  > CFP (7/17)14:06
yushiroWe're R-10 now : https://releases.openstack.org/rocky/schedule.html14:08
yushiroOK14:08
yushiro#topic Rocky14:08
*** openstack changes topic to "Rocky (Meeting topic: fwaas)"14:08
yushiro[WIP] Adds remote firewall group: https://review.openstack.org/52120714:09
yushiroxgerman_, Please go ahead :)14:09
xgerman_didn’t do much progress (internal priorities) but deployed FWaaS V2 with it and it ddn’t blow up14:10
yushiroOK14:10
yushiroIn Japan, Jun is also very busy with another task(writing report and presentation to our boss or something...)14:11
yushiroHaha, so, I'm glad to join today's meeting :p14:12
annpyushiro, you're boss :D14:12
xgerman_;-)14:12
yushiroNext.  Logging for FWaaS v214:12
longkbyushiro. I saw it. There is holiday this week in Japan14:13
yushiroannp, Please go ahead14:13
yushirolongkb, Yes,  Please keep in you mind :p14:13
longkbhi folks, I am a new comer in fwaas, from Fujitsu Vietnam Limitted.14:13
SridarKlongkb: welcome14:13
longkbSridarK, thanks14:14
annpregards to logging, we're making progress.14:14
xgerman_welcome14:15
longkbthanks xgerman :)14:15
yushirowelcome!! ( I knew it :p14:15
annpI'd like to get your eyes in https://review.openstack.org/#/c/529814/ as first of serial logging14:15
annphere is list patch for logging https://review.openstack.org/#/q/topic:bug/1720727+(status:open)14:16
annpI'd like to get more review on https://review.openstack.org/#/c/574683/14:17
longkbannp +114:18
yushiroToday, I had bandwidth for reviewing.  I'll review them.14:18
annpyushiro, thank you so much .14:18
annpThat's all for firewall logging.14:18
annpyushiro, please go ahead.14:19
yushiroAgain, we're targeting fwg L3 logging in this cycle(Rocky).14:19
yushiroOK, thanks annp14:19
*** mlavalle has joined #openstack-fwaas14:19
annpyushiro, +114:19
yushiro#topic specs14:19
*** openstack changes topic to "specs (Meeting topic: fwaas)"14:19
yushiro(wkite) fwaas 2.0 address groups support  https://review.openstack.org/55713714:20
wkiteok14:20
wkitei have pushed some patches to gerrit.All the questions raised have been resolved.14:21
annpwkite +1.14:21
yushirowkite, Could you reply my comments?14:22
yushirowkite, Thanks for your update.14:22
wkiteyushiro: All right. I'll get back to you as soon as possible.14:22
annpwkite: will we start with l2 ovs reference implementation, right?14:22
* mlavalle would like to bring up a point in the bugs section (if there is one) or in the open discussion section14:22
SridarKwkite: thx once the comments are addressed - i think we can move fwd14:23
wkiteannp: I'm not sure ether I can do it.14:24
yushiromlavalle, Of course!!!!14:24
mlavalle:-)14:24
yushiroLet's review more on this SPEC>14:25
yushiro#topic Horizon support14:25
*** openstack changes topic to "Horizon support (Meeting topic: fwaas)"14:25
annpwkite: Let's discuss on gerrit. :)14:26
wkiteSridarK: +114:26
SridarKOh looks like SarathMekala is not on today14:26
wkiteannp: ok14:26
yushiroSarath is not here today.  SridarK,did you get any reply from him?14:26
SridarKyushiro: he did attend last week14:26
yushiroSridarK, wow, sorry.  I missed it.14:27
SridarKhe is evaluating any gaps to be addressed in R14:27
amotokiwhat are expected as feature gaps in the current v2.0 dashboard?14:27
SridarKamotoki: i think we need to validate with L2 support - something Sarath was investigating14:27
SridarKHe mentioned he was in the tail end of an internal release - will follow up on this14:28
amotokiyeah, L2 support is one of gaps. I am not sure we have others or not.14:28
SridarKamotoki: i think most others u have squashed too14:28
longkbSridarK: +114:28
amotokiI have no actual list of such gaps.14:29
SridarKanyways let me check in and see if he can attend next week or provide an update on email14:29
amotokiit would be nice if we have an up-to-date list :)14:29
SridarKamotoki: +114:29
yushiroAha.  Currently, fwaas dashboard can filter L2 port.  I cannot catch up the latest state for dashboard.  We need to enhance more regarding L2 port?14:29
xgerman_we should show the compute name/id along port if available14:30
longkbyushiro: IMO, we cannot add fwg to l2 port14:30
longkbfrom Horizon14:30
yushiroxgerman_, Aha. Thanks.14:30
xgerman_I just did yesterday14:30
yushirolongkb, Oh, really?  I just fixed to filter L2 port...( Am I missing something..)14:31
amotokiI tend to avoid writing patches by myself as I usually fail to get reviews :( and :)14:31
yushiroamotoki, yeeeees.  I always think it is very helpful and so sorry for lack of review...14:32
xgerman_+114:32
SridarKlongkb: maybe u can capture into a bug - so we can track14:32
annpSridarK +114:33
yushiroI'D LIKE TO REVIEW/WRITE PATCHES!!!  I hope I had a 4 hands and 2 keyboards... :P14:33
SridarKI did not think we had an issue here either from the CLI14:33
longkbSridarK +1 I will report this bug asap14:33
njohnstonyushiro +10014:33
xgerman_I sleep too much, but that’s me14:33
annpyushiro ++14:34
yushironjohnston, now I'm only 2 hands. Haha14:34
SridarKyushiro: :-) i think u can add stand up comedy to ur many talents :-)14:34
yushiroSridarK, Hahaha14:34
yushiroOK, next topic.14:35
yushiro#topic bugs14:35
*** openstack changes topic to "bugs (Meeting topic: fwaas)"14:35
yushiromlavalle, Hi :)14:35
mlavallehi14:35
SridarKyushiro: we shd do a triage14:35
yushiroSridarK, Ah, yes.14:35
SridarKlets defn get this done early next week14:35
xgerman_+114:35
SridarKmaybe Mon ?14:36
xgerman_sure14:36
SridarKbut pls go ahead14:36
mlavalleI just want to make sure this bug is in the radar screen of the team: https://bugs.launchpad.net/neutron/+bug/176245414:36
openstackLaunchpad bug 1762454 in neutron "FWaaS: Invalid port error on associating ports (distributed router) to firewall group" [Medium,Triaged] - Assigned to Sridar Kandaswamy (skandasw)14:36
SridarKmlavalle: yes14:36
mlavalleIt was discussed last week in the L3 sub-team meeting14:36
mlavalleand I took the action of item of bringing it up here14:36
SridarKmlavalle: i have discussed it with Swami14:36
mlavalleThank you SridarK14:37
SridarKwill get some traction on it - adding the validation fix is easy - we need to evaluate if the namespace mappings etc dont mess up the datapath14:37
mlavallethanks for the update14:38
SridarKmlavalle: thx for the kick to remind :-) will sync up with Swami and get it moving14:38
mlavalle:-)14:38
yushiro:)))14:38
SridarKas u can see, i am trying to get together with yushiro on his act :-)14:39
njohnstonShould I bring up the issue with debian/wsgi/l3 agent/fwaas in the bugs section, or wait to see if there is time in the open discussion section?14:39
SridarKnjohnston: pls yes14:39
yushiroSridarK, Sure.14:39
yushironjohnston, Yes, please!14:39
SridarKnjohnston: thx for the detailed email14:39
yushiroSridarK, njohnston ++1  Your mail is so helpful for sync up with current state.14:40
SridarKso it seems agent rpc is lost on debian14:40
njohnstonIt does, yes, but I cannot pinpoint why that would be happening14:40
njohnstonand why it would only happen with the specific combination of wsgi, debian, and fwaas14:41
njohnstonit occurs regardless of fwaas v1 or v214:41
njohnstonbut it does not happen when wsgi is not engaged14:41
njohnstonand it does not happen on centos or ubuntu14:41
SridarKnjohnston: do u think it is something on some package versions across the distros14:41
yushiroannp, Did you reproduce njohnston's situation?? I thought that you used to deploy with Debian.14:41
njohnstonI only sent the email to the cores, but perhaps I should sent to openstack-dev14:42
xgerman_yeah, I am no debian expert — test on ubuntu14:42
SridarKnjohnston: +114:42
xgerman_so broader audience is useful14:42
annpyushiro, yes. I did.14:42
yushironjohnston, I'll also try to deploy on Ubuntu16.04 and will share the state.14:43
njohnstonJust to note, wsgi is essential because zigo is attempting to package an all-python 3 set of packages, and eventlet has some kind of issue with python 2 IIRC14:44
yushiroannp, OK, so, could you reply njohnston's mail with your detail situation?14:44
njohnstonLet me send it to openstack-dev and annp then perhaps you can reply to that14:44
annpnjohnston, yushiro, yes. I will.14:45
yushironjohnston, +114:46
annpnjohnston: +114:47
zigonjohnston: The issue is SSL + Python 3 + Eventlet == SSL handshake crash.14:47
zigoThis is known since 2015...14:47
yushirozigo, Oh, it is potential bug..14:48
njohnstonAh, thanks for refreshing my memory zigo14:48
zigoI don't think the issue is Debian specific.14:48
zigoIt is specific to using neutron-api and neutron-rpc-server, maybe also python 3 ...14:49
njohnstonyushiro: the SSL handshake crash is relevant to why wsgi is important, but not relevant to the issue in question14:49
yushironjohnston, OK.14:49
njohnstonOK, mail sent to openstack-dev, so we can all pool our info there14:50
yushironjohnston, Thanks!!14:50
annpzigo, How can I update fwaas source with up-to-date in the vm?14:50
yushiro#topic Open Discussion14:51
*** openstack changes topic to "Open Discussion (Meeting topic: fwaas)"14:51
annpzigo, because I saw fwaas source in the vm not update to date.14:51
zigoannp: You mean with HEAD of git?14:52
zigoannp: Well, it's just in /usr/lib/python3/dist-packages ...14:52
zigoannp: I guess you could simply replace the code there.14:52
zigoQuick and dirty rm -r and a cp -r should do.14:52
yushiroToday, ndefigueiredo is not here.  So, let's skip Stateless security14:52
xgerman_+114:52
annpzigo, thanks. I got it. :)14:53
zigoyushiro: njohnston: The thing is, in the Py3 + SSL situation, we have no choice but to use neutron-api + neutron-rpc-server instead of neutron-server daemon, and that may be source of new bugs. annp already fixed one with the ovn driver ...14:54
zigoNot sure, just double-guessing what's possible.\14:54
njohnstonzigo: When you deploy on centos or ubuntu you're using the same setup, though, right?  I would expect that if that was the issue, it would manifest on ubuntu and centos as well.14:55
zigonjohnston: No you're not. neutron-server runs instead of neutron-api and neutron-rpc-server.14:55
njohnstonah, ok14:55
zigoBecause they're using Python 2, then can run neutron-server using Eventlet and SSL.14:55
zigoI can't...14:56
zigoSo, instead, in Debian, neutron-api does the requests over uwsgi, and rpc-server does the rabbitmq stuff.14:56
yushirozigo, could you reply e-mail that your local.conf of devstack?  I'll try it.14:57
zigoyushiro: I'm not using devstack, I'm using Debian packages.14:57
xgerman_packaging is downstream from us14:57
yushirozigo, Aha.  OK.14:57
annpnjohnston: I also have a patch in devstack for deploy neutron-api in uwsgi and rpc-server in eventlet at https://review.openstack.org/#/c/473718/14:57
zigoyushiro: What you could do is run puppet-openstack to get it installed.14:58
zigoThat's very easy.14:58
yushirozigo, Thanks.  puppet-openstack.14:58
zigoyushiro: I can reply with the way to do it with puppet-openstack if you like?14:58
annpnjohnston: you can ./stack with the patch.14:58
njohnstonThanks annp that is very helpful14:58
*** Swami has joined #openstack-fwaas14:59
yushirozigo, Please send us !! It is very helpful.14:59
SridarKtime check14:59
yushiroannp's patch can reproduce similar environment by using devstack,.14:59
yushiroWow, 1 minutes.14:59
njohnstonThanks everyone15:00
zigoI need to go back home now (2 hours driving from Geneva), but I'll reply tonight.15:00
*** longkb1 has joined #openstack-fwaas15:00
yushiroOK guys,  that's good discussion.  will sync up e-mail more.  Thanks!!15:00
SridarKthx all15:00
xgerman_+115:00
yushiro#endmeeting15:00
xgerman_o/15:00
longkb1o/15:00
*** openstack changes topic to "Queens (Meeting topic: fwaas)"15:00
openstackMeeting ended Thu Jun 21 15:00:22 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:00
openstackMinutes:        http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-06-21-14.01.html15:00
annpyushiro, will sync up via email.15:00
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-06-21-14.01.txt15:00
openstackLog:            http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-06-21-14.01.log.html15:00
yushiroannp, Thanks.15:00
mlavallezigo: safe driving!15:00
annpthank all.15:01
*** longkb1 has quit IRC15:01
*** longkb has quit IRC15:02
*** annp has quit IRC15:03
*** wkite has quit IRC15:09
*** SridarK has quit IRC15:23
*** mlavalle has left #openstack-fwaas15:33
*** yushiro has quit IRC15:36
*** yushiro has joined #openstack-fwaas15:42
*** yushiro has quit IRC16:01
*** raopajay has joined #openstack-fwaas16:33
*** yamamoto has quit IRC16:38
*** yamamoto has joined #openstack-fwaas16:46
*** yamamoto has quit IRC16:51
*** yamamoto has joined #openstack-fwaas16:55
*** yamamoto has quit IRC17:00
*** Swami has quit IRC17:15
*** SumitNaiksatam has joined #openstack-fwaas17:26
*** yamamoto has joined #openstack-fwaas17:56
*** yamamoto has quit IRC18:04
*** AlexeyAbashkin has quit IRC18:10
*** SumitNaiksatam has quit IRC18:31
*** yamamoto has joined #openstack-fwaas19:01
*** yamamoto has quit IRC19:06
*** yamamoto has joined #openstack-fwaas20:02
*** yamamoto has quit IRC20:07
*** yamamoto has joined #openstack-fwaas21:04
*** yamamoto has quit IRC21:09
*** yamamoto has joined #openstack-fwaas22:06
*** yamamoto has quit IRC22:11
*** yamamoto has joined #openstack-fwaas23:07
*** yamamoto has quit IRC23:12
*** yamamoto has joined #openstack-fwaas23:36
« Wednesday, 2018-06-20 Index Friday, 2018-06-22 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!