Thursday, 2018-07-19

*** longkb has joined #openstack-fwaas		00:32
*** njohnston_ has joined #openstack-fwaas		00:44
*** njohnston_ has quit IRC		01:00
*** haleyb has quit IRC		01:05
*** haleyb has joined #openstack-fwaas		01:13
*** njohnston_ has joined #openstack-fwaas		01:13
*** njohnston_ has quit IRC		01:29
*** annp has joined #openstack-fwaas		02:16
*** njohnston_ has joined #openstack-fwaas		02:27
*** njohnston_ has quit IRC		02:43
*** AlexeyAbashkin has joined #openstack-fwaas		04:57
*** AlexeyAbashkin has quit IRC		05:41
*** njohnston_ has joined #openstack-fwaas		05:49
*** threestrands has quit IRC		05:49
*** threestrands has joined #openstack-fwaas		06:09
*** threestrands has quit IRC		06:09
*** threestrands has joined #openstack-fwaas		06:09
*** annp has quit IRC		06:17
*** njohnston__ has joined #openstack-fwaas		06:21
*** threestrands has quit IRC		06:36
*** njohnston__ has quit IRC		06:37
*** openstackgerrit has quit IRC		07:04
*** velizarx has joined #openstack-fwaas		07:07
*** annp has joined #openstack-fwaas		07:40
*** AlexeyAbashkin has joined #openstack-fwaas		07:56
*** velizarx has quit IRC		07:57
*** velizarx has joined #openstack-fwaas		08:24
*** openstackgerrit has joined #openstack-fwaas		09:42
openstackgerrit	Nguyen Phuong An proposed openstack/neutron-fwaas master: WIP: Add python binding for libnetfilter_log https://review.openstack.org/530694	09:42
openstackgerrit	Nguyen Phuong An proposed openstack/neutron-fwaas master: WIP: Add python binding for libnetfilter_log https://review.openstack.org/530694	10:29
*** reedip has joined #openstack-fwaas		11:48
*** reedip has quit IRC		11:48
openstackgerrit	Nguyen Phuong An proposed openstack/neutron-fwaas master: [firewall_v2]: RPC listener should be served by rpc worker https://review.openstack.org/579433	12:23
*** velizarx has quit IRC		12:29
*** velizarx has joined #openstack-fwaas		12:37
openstackgerrit	Kim Bao Long proposed openstack/neutron-fwaas master: Add log validator for FWaaS https://review.openstack.org/532792	12:48
openstackgerrit	Kim Bao Long proposed openstack/neutron-fwaas master: [log]: Add rpc stuff for logging https://review.openstack.org/530715	12:48
openstackgerrit	Kim Bao Long proposed openstack/neutron-fwaas master: Add notification callback events https://review.openstack.org/578718	12:48
openstackgerrit	Kim Bao Long proposed openstack/neutron-fwaas master: Adding resources callback handler for logging service in FWaaS https://review.openstack.org/580976	12:48
openstackgerrit	Kim Bao Long proposed openstack/neutron-fwaas master: FWaaS v2: L3 logging extension https://review.openstack.org/576338	12:48
openstackgerrit	Kim Bao Long proposed openstack/neutron-fwaas master: Introduce accepted/dropped/rejected chains for future processing https://review.openstack.org/574128	12:48
openstackgerrit	Kim Bao Long proposed openstack/neutron-fwaas master: WIP: Add python binding for libnetfilter_log https://review.openstack.org/530694	12:48
openstackgerrit	Kim Bao Long proposed openstack/neutron-fwaas master: [log] Logging driver based iptables for FWaaS https://review.openstack.org/553738	12:48
*** longkb has quit IRC		12:54
-openstackstatus- NOTICE: logs.openstack.org is offline, causing POST_FAILURE results from Zuul. Cause and resolution timeframe currently unknown.		12:55
*** ChanServ changes topic to "logs.openstack.org is offline, causing POST_FAILURE results from Zuul. Cause and resolution timeframe currently unknown."		12:55
*** yushiro has joined #openstack-fwaas		13:11
*** ChanServ changes topic to "Queens (Meeting topic: fwaas)"		13:38
-openstackstatus- NOTICE: logs.openstack.org is back on-line. Changes with "POST_FAILURE" job results should be rechecked.		13:38
*** hoangcx_ has joined #openstack-fwaas		13:49
*** annp_ has joined #openstack-fwaas		13:49
yushiro	annp, Hi. I just filed https://bugs.launchpad.net/neutron/+bug/1782576	13:49
openstack	Launchpad bug 1782576 in neutron "Logging - No SG-log data found at /var/log/syslog" [Undecided,New]	13:49
*** wkite has joined #openstack-fwaas		13:50
*** longkb has joined #openstack-fwaas		13:53
annp_	yushiro, Got it. Thanks.	13:56
longkb	o/ yo	13:58
*** SridarK has joined #openstack-fwaas		13:58
yushiro	Hi	14:00
annp_	hi	14:00
SridarK	Hi FWaaS folks	14:00
longkb	hi forks	14:00
doude	hi o/	14:00
yushiro	#startmeeting fwaas	14:00
openstack	Meeting started Thu Jul 19 14:00:43 2018 UTC and is due to finish in 60 minutes. The chair is yushiro. Information about MeetBot at http://wiki.debian.org/MeetBot.	14:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	14:00
*** openstack changes topic to " (Meeting topic: fwaas)"		14:00
openstack	The meeting name has been set to 'fwaas'	14:00
yushiro	#chair SridarK xgerman_	14:00
openstack	Current chairs: SridarK xgerman_ yushiro	14:00
yushiro	SridarK, Maybe today is my turn :p	14:01
xgerman_	o/	14:01
*** SridarK_ has joined #openstack-fwaas		14:02
*** chandanc has joined #openstack-fwaas		14:02
yushiro	Hi chandanc , :p	14:02
yushiro	OK, let's start.	14:02
yushiro	#topic announcements	14:02
*** openstack changes topic to "announcements (Meeting topic: fwaas)"		14:02
chandanc	Hello all	14:02
chandanc	Hello yushiro	14:03
yushiro	:)	14:03
yushiro	We're now R-6 https://releases.openstack.org/rocky/schedule.html	14:04
yushiro	Jul 23 - Jul 27, this is Rocky-3 milestone and we need to tell Feature freeze if necessary.	14:04
*** SridarK has quit IRC		14:04
yushiro	Oh, network connection looks unstable in SridarK's side..	14:05
SridarK_	yes i am back	14:06
yushiro	Welcome back :)	14:06
yushiro	CALL FOR PRESENTATIONS for Berlin summit has closed. (17th)	14:07
yushiro	If you submitted some presentation, please tell us during vote-for-presentation :p	14:08
yushiro	Anything else to announce?	14:08
longkb	+1 yushiro	14:08
SridarK_	yushiro: nothing from me	14:09
yushiro	OK, thanks.	14:09
yushiro	#topic Rocky	14:09
*** openstack changes topic to "Rocky (Meeting topic: fwaas)"		14:09
yushiro	Logging for FWaaS v2	14:10
yushiro	#link https://review.openstack.org/#/q/topic:bug/1720727+(status:open)	14:10
yushiro	annp_, hoangcx , longkb plz go ahead.	14:10
SridarK_	annp: longkb: I started going thru the patches	14:10
longkb	I have updated the guide for testing: https://github.com/longkb/logging/blob/master/Ingration%20guideline%20for%20logging%20service%20in%20FWaaS.rst	14:11
SridarK_	trying to piece things together so pls be tolerant of stupid questions i will continue to ask	14:11
longkb	the relation between patches also created :)	14:11
yushiro	longkb, good document and thanks for rebasing with relation.	14:12
longkb	SridarK_: please help us to review our patches	14:12
yushiro	SridarK_, Very helpful for us and that IS core reviewing :)	14:12
SridarK_	yushiro: +1	14:13
longkb	yushiro: A bug from libnetfilter_log has been fixed by AnNP	14:13
SridarK_	So have u asked for an FFE ?	14:13
longkb	We are able to catch log in /var/log/syslog now	14:13
yushiro	SridarK_, Not yet but I will ask an FFE tomorrow.	14:14
SridarK_	yushiro: ok	14:14
annp_	SridarK, yushiro, longkb: thanks	14:14
yushiro	So, annp_ longkb , we need to ask FFE for https://review.openstack.org/#/q/topic:bug/1720727+(status:open) , right?	14:14
annp_	yushiro:+1	14:14
longkb	annp: thanks for your greate work :D	14:14
longkb	+100 yushiro	14:15
annp_	yushiro, yes. Please ask our PTL for FFE	14:15
yushiro	13 patches( 8: neutron-fwaas, 4:neutron, 1:python-neutronclient)	14:15
yushiro	OK,	14:15
yushiro	Next, "Remote firewall group"	14:15
annp_	mlavalle, Can we send the FFE email tomorrow?	14:16
annp_	maybe he is not here.	14:16
yushiro	#link https://review.openstack.org/#/c/564888/	14:16
SridarK_	annp_: yes	14:16
xgerman_	maybe	14:16
annp_	yushiro, Sorry for interrupt. Please go ahead.	14:17
yushiro	I'll ask him on neutron channel as well.	14:17
xgerman_	ok	14:17
annp_	yushiro, +1	14:17
*** velizarx has quit IRC		14:19
amotoki	for python-neutronclient, we don't apply FFE. client FF will be the next week	14:19
amotoki	we need to wait neutronclient from Stein for some FFE feature	14:19
yushiro	amotoki, I see. Thanks	14:19
xgerman_	#link https://review.openstack.org/#/c/571331/	14:19
xgerman_	will address yushiro ’s comment and that should be good	14:20
SridarK_	xgerman_: shd we close on the ovs driver related conversations	14:21
yushiro	xgerman_, +1	14:21
yushiro	SridarK_, +1 Yes, I wanted to decide about this specification.	14:21
yushiro	chandanc, Thanks for your investigation about remote firewall group.	14:21
xgerman_	I am good with the outcome of the discussion	14:21
*** hongbin_ has joined #openstack-fwaas		14:22
xgerman_	chandanc: +1	14:22
SridarK_	chandanc: yes many thx for ur time	14:22
chandanc	Sure yushiro , xgerman_ . I will try to get into the ovs rules part	14:22
xgerman_	thank you so much!!!	14:22
SridarK_	xgerman_: yes that seems reasonable	14:22
yushiro	So, we should follow SG behavior first. It means, we should add 'remote_group_id' into firewall_rule.	14:23
chandanc	yushiro: yes,	14:24
SridarK_	yushiro: +1	14:24
xgerman_	there already is a remote_group_id on the inside	14:24
yushiro	xgerman_, Aha! That's nice.	14:24
yushiro	OK, so, client patch should also fix to align with this specification.	14:25
chandanc	yushiro: can i have the client patch link ?	14:25
yushiro	I think that we don't need to specify 'source/destination' for remote_group_id.	14:26
yushiro	chandanc, https://review.openstack.org/#/c/571331/	14:26
chandanc	thanks	14:26
chandanc	yushiro: +1	14:26
xgerman_	yeah, I don’t really want to change the client around since that would mean an API change for an API we merged in Q	14:26
chandanc	xgerman_: yushiro i will go through the client code and sumarize in mail,	14:28
yushiro	Aha. Thanks chandanc.	14:28
xgerman_	the client is on top of a neutron-lib change from Q	14:28
chandanc	xgerman_: i agree, we need to be careful with the client	14:28
yushiro	xgerman_, I see.	14:28
SridarK_	xgerman_: oh ok	14:28
SridarK_	xgerman_: need to understand that more if we need to have options for both src and dst fwg	14:29
xgerman_	https://developer.openstack.org/api-ref/network/v2/#fwaas-v2-0-current-fwaas-firewall-groups-firewall-policies-firewall-rules	14:30
yushiro	SridarK_, Yes. I still don't clear if we have such option in the future.	14:31
yushiro	It's simple to allow ingress/egress traffic with remote_group_id ( align with SG )	14:31
chandanc	SridarK_: yushiro my only worry about client changes is , if we remove src rfwg and dst rfwg and replace with only rfwg, the rules will loose its standalone meaning	14:32
xgerman_	if we want to get rid of src/dst we need to start a deprecation cycle	14:32
chandanc	so have to tink abit more, may be i am out of touch and need to catch up	14:32
xgerman_	chandanc: +1	14:32
SridarK_	Also may be if we look at it from the perspective of an L3 port then maybe it makes sense as in the API	14:33
xgerman_	yep	14:33
yushiro	xgerman_, Ah, I see. Our API reference has been added source/destination firewall_group ID.	14:33
xgerman_	yes, we did that in Queens — so changing will be tough…	14:34
xgerman_	I think we should start with L2 and add L3 in S	14:34
SridarK_	we can always have some validation logic to ignore one of the them appropriately depending on whethere the rule is in an ingress or egress policy	14:34
chandanc	May be we can discuss over mail, but +1 to SridarK_	14:34
SridarK_	ok more thought is needed	14:34
chandanc	that can be an option	14:35
SridarK_	chandanc: yes	14:35
xgerman_	=1	14:35
SridarK_	it is some complexity but that can take care of the situation	14:35
SridarK_	ok lets discuss on email so we are more clear	14:35
yushiro	SridarK_, xgerman_ +1	14:35
*** hoangcx_ has quit IRC		14:35
yushiro	I see. Thank you.	14:36
yushiro	#topic specs	14:36
*** openstack changes topic to "specs (Meeting topic: fwaas)"		14:36
SridarK_	i agree with xgerman_ that making changes to the API is a no no now	14:36
yushiro	I see. Existing API shouldn't change.	14:37
SridarK_	I sent a reminder to the PTL on the address group spec - i think it is ready to go	14:37
SridarK_	maybe it happens now, but if it is punted to S - will that need to fresh review ?	14:37
SridarK_	not that it is a big deal	14:38
yushiro	SridarK_, Yes. I think directory should change from rocky to stein. Super nit :p	14:39
SridarK_	yes	14:39
yushiro	wkite, I'm sorry I didn't have enough time to do these week.	14:40
yushiro	#topic Horizon support	14:40
*** openstack changes topic to "Horizon support (Meeting topic: fwaas)"		14:40
wkite	yushiro: Never mind.	14:41
SridarK_	wkite: no worries - we shd get a response soon	14:41
SridarK_	i think it shd get in	14:41
wkite	SridarK_: Thank you for your efforts.	14:42
yushiro	+1	14:42
SridarK_	wkite: no issue at all -	14:42
SridarK_	I think SarathMekala is tied up with an internal release	14:43
yushiro	OK	14:44
yushiro	#topic bugs	14:44
*** openstack changes topic to "bugs (Meeting topic: fwaas)"		14:44
SridarK_	chandanc: if u can remind him - we can try to discuss the issues he was tracking	14:44
chandanc	SridarK_: sure will do	14:44
yushiro	SridarK_, chandanc +1 And say hello to him :)	14:44
SridarK_	thx chandanc	14:45
chandanc	yushiro: sure	14:45
yushiro	https://bugs.launchpad.net/neutron/+bug/1762454	14:46
openstack	Launchpad bug 1762454 in neutron "FWaaS: Invalid port error on associating ports (distributed router) to firewall group" [Medium,In progress] - Assigned to Yushiro FURUKAWA (y-furukawa-2)	14:46
yushiro	#link https://bugs.launchpad.net/neutron/+bug/1762454	14:46
SridarK_	yushiro: were u able to test the HA router scenario ?	14:46
yushiro	SridarK_, I'm sorry. I didn't have any update for it. But I'll target L3-HA first.	14:47
SridarK_	yushiro: ok we can sync up	14:47
SridarK_	my concern is on on the HA	14:47
SridarK_	*only on	14:48
yushiro	I believe that devstack can deploy 2 network nodes and 1 compute node.	14:48
SridarK_	yushiro: ok	14:48
yushiro	SridarK_, I thought that in case of DVR, we can use L2 port for it. Is there any meaning to put firewall_group into DVR port?	14:49
SridarK_	yushiro: DVR is not an issue - i verified on how the rules get put into ns	14:50
SridarK_	the issue is only on the naming used	14:50
*** velizarx has joined #openstack-fwaas		14:51
yushiro	I think E-W traffic in DVR can be filtered at VM port. Ah, we can filter N-S traffic by putting DVR port.	14:51
yushiro	SridarK_, yes, naming is little different ;)	14:51
SridarK_	yushiro: yes it is only relevant to N - S	14:51
SridarK_	here	14:51
yushiro	SridarK_, I see.	14:51
yushiro	OK, so, I'll test L3-HA case.	14:52
SridarK_	I will update gerrit and lets sync on this HA	14:52
yushiro	#topic Open Discussion	14:52
*** openstack changes topic to "Open Discussion (Meeting topic: fwaas)"		14:52
SridarK_	Are we maintaining an etherpad for the Logging testing ?	14:52
yushiro	annp_, I think etherpad is hyperlink page for google doc(testing) and github(devstack configuration), right?	14:54
annp_	SridarK, https://etherpad.openstack.org/p/Logging_service_for_FWaaS_review_plan	14:54
annp_	yushiro, right.	14:55
SridarK_	sorry got it thx annp_	14:55
SridarK_	will be easy to reference that	14:55
annp_	SridarK_, Thanks a ton for your great reviewing	14:55
SridarK_	annp_: no i have not done much - just trying to get the pieces to fit together	14:56
annp_	SridarK, regards to L7 filtering I'd like to discuss with you and xgerman at PTG if I go there	14:56
SridarK_	I have run the neutron patches and the first 4 fwaas patches	14:56
SridarK_	* I have gone thru	14:57
SridarK_	annp_: surely	14:57
SridarK_	annp_: sorry i forgot to respond to ur email but we can defn talk	14:57
openstackgerrit	Merged openstack/neutron-fwaas-dashboard master: fix tox python3 overrides https://review.openstack.org/573934	14:57
longkb	SridarK_: if you got any problem, please ping me or annp :D	14:57
SridarK_	longkb: yes i will do that	14:57
annp_	SridarK_, No worries.	14:58
longkb	+10 SridarK_	14:58
annp_	longkb, SridarK_: +100	14:58
SridarK_	almost time	14:59
yushiro	al	15:00
yushiro	OK, bye bye !!	15:00
yushiro	#endmeeting	15:00
*** openstack changes topic to "Queens (Meeting topic: fwaas)"		15:00
openstack	Meeting ended Thu Jul 19 15:00:18 2018 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	15:00
chandanc	bye	15:00
openstack	Minutes: http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-07-19-14.00.html	15:00
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-07-19-14.00.txt	15:00
openstack	Log: http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-07-19-14.00.log.html	15:00
SridarK_	byE ALL	15:00
yushiro	Happy weekend!	15:00
longkb	buy guys	15:00
*** chandanc has quit IRC		15:00
annp_	thank you, bye	15:00
*** annp_ has quit IRC		15:01
*** longkb has quit IRC		15:12
*** longkb has joined #openstack-fwaas		15:26
*** velizarx has quit IRC		15:27
*** longkb has quit IRC		15:31
*** njohnston_ has quit IRC		15:33
*** wkite has quit IRC		15:35
*** AlexeyAbashkin has quit IRC		15:40
*** hoangcx_ has joined #openstack-fwaas		15:47
*** hoangcx has quit IRC		15:48
*** yushiro has quit IRC		16:07
*** SridarK_ has quit IRC		17:01
*** njohnston has joined #openstack-fwaas		17:34
openstackgerrit	Merged openstack/neutron-fwaas-dashboard master: Add release note in README https://review.openstack.org/583133	21:28
openstackgerrit	Merged openstack/neutron-fwaas master: [FWaaS v1] RPC listener should be served by rpc worker https://review.openstack.org/580327	22:30
openstackgerrit	Merged openstack/neutron-fwaas master: use autonested_transaction from neutron-lib https://review.openstack.org/583326	22:33
openstackgerrit	Merged openstack/neutron-fwaas master: Add release note in README https://review.openstack.org/583265	22:33
*** hongbin_ has quit IRC		22:34
openstackgerrit	Merged openstack/neutron-fwaas master: python3: fix netlink_lib delete_entries https://review.openstack.org/581602	22:48

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!