| *** dmellado_ is now known as dmellado | 00:10 | |
| *** dmellado_ is now known as dmellado | 02:14 | |
| *** dmellado_ is now known as dmellado | 02:47 | |
| opendevreview | liuyulong proposed openstack/neutron stable/ussuri: Fix migration failed due TypeError of new_vlan_tag https://review.opendev.org/c/openstack/neutron/+/853750 | 05:18 |
|---|---|---|
| opendevreview | liuyulong proposed openstack/neutron stable/train: Fix migration failed due TypeError of new_vlan_tag https://review.opendev.org/c/openstack/neutron/+/853751 | 05:18 |
| opendevreview | liuyulong proposed openstack/neutron stable/stein: Fix migration failed due TypeError of new_vlan_tag https://review.opendev.org/c/openstack/neutron/+/853752 | 05:18 |
| opendevreview | liuyulong proposed openstack/neutron stable/rocky: Fix migration failed due TypeError of new_vlan_tag https://review.opendev.org/c/openstack/neutron/+/853753 | 05:18 |
| opendevreview | liuyulong proposed openstack/neutron stable/rocky: Fix migration failed due TypeError of new_vlan_tag https://review.opendev.org/c/openstack/neutron/+/853753 | 05:19 |
| opendevreview | liuyulong proposed openstack/neutron stable/queens: Fix migration failed due TypeError of new_vlan_tag https://review.opendev.org/c/openstack/neutron/+/853754 | 05:20 |
| *** amoralej|off is now known as amoralej | 06:21 | |
| opendevreview | Lajos Katona proposed openstack/neutron-tempest-plugin master: DNM: Check stein branch https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/853794 | 07:58 |
| opendevreview | Lajos Katona proposed openstack/neutron stable/stein: DNM: check stein branch fixes https://review.opendev.org/c/openstack/neutron/+/853608 | 08:01 |
| opendevreview | Lajos Katona proposed openstack/neutron stable/stein: DNM: check stein branch fixes https://review.opendev.org/c/openstack/neutron/+/853608 | 08:01 |
| *** dmellado_ is now known as dmellado | 09:03 | |
| opendevreview | Lajos Katona proposed openstack/neutron-tempest-plugin master: DNM: Check stein branch https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/853794 | 09:08 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron master: [S-RBAC] Remove system scope from the API policies https://review.opendev.org/c/openstack/neutron/+/853798 | 09:41 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron master: [S-RBAC] Use ADMIN rule instead of PROJECT_ADMIN in the new policies https://review.opendev.org/c/openstack/neutron/+/853799 | 09:41 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron master: [S-RBAC] Rename ProjectAdmin* unit tests to Admin* https://review.opendev.org/c/openstack/neutron/+/853800 | 09:41 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron master: [S-RBAC] Remove definitions of not used roles https://review.opendev.org/c/openstack/neutron/+/853801 | 09:41 |
| ralonsoh | slaweq, ^^ those patches should be for Zed release? | 09:46 |
| slaweq | ralonsoh IMO it would be good if we could include them there | 09:47 |
| ralonsoh | perfect | 09:47 |
| slaweq | but I would like first gmann to check them | 09:48 |
| slaweq | I think it's all what we need to align with recent changes in the community goal update | 09:48 |
| opendevreview | Lajos Katona proposed openstack/neutron-tempest-plugin master: DNM: Check stein branch https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/853794 | 09:57 |
| opendevreview | Merged openstack/neutron-tempest-plugin master: Use StatefulConnection class to verify connectivity in SG tests https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/853203 | 10:00 |
| slaweq | frickler hi, You asked me few days ago about things which we miss in Cirros to be able to use only that image in neutron scenario tests | 10:10 |
| slaweq | here's list https://paste.opendev.org/show/b4xNSkBoPDDF4EayMiVA/ | 10:10 |
| slaweq | I hope I didn't missed anything from it | 10:10 |
| ralonsoh | frickler, and one request, if possible, apart from the requirements sent by slaweq | 10:24 |
| ralonsoh | is it possible to have "ping" command with -i (interval), accepting values under a second | 10:24 |
| frickler | slaweq: ralonsoh: I will check those things, thanks for your feedback | 10:46 |
| opendevreview | Lajos Katona proposed openstack/neutron-tempest-plugin master: DNM: Check stein branch https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/853794 | 11:30 |
| lajoskatona | bcafarel: Hi, Some trials for the stein issue: https://review.opendev.org/c/openstack/neutron/+/853608 & https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/853794 | 11:42 |
| lajoskatona | bcafarel: the neutron patch is actually testing the n-t-p patch, and it contains the comments to stop grenade | 11:42 |
| lajoskatona | bcafarel: by this doc grenade is experimental by QA team on older branches: https://docs.openstack.org/grenade/latest/stable_branch_testing_policy.html | 11:44 |
| *** dmellado_ is now known as dmellado | 11:44 | |
| bcafarel | lajoskatona: +1 and grenade on these old releases is less important we do not have large changes in so upgrades should not break on these | 11:45 |
| lajoskatona | bcafarel: one of the famous last sentences? But I agree, we have many jobs to keep working and master to keep it in shape for the features and bugs also | 11:47 |
| bcafarel | :) yes hopefully I have not jinxed it (especially for really old branches with limited number of backports) | 11:47 |
| bcafarel | and n-t-p looks similar to https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/843799 (train) | 11:48 |
| *** tbachman_ is now known as tbachman | 13:10 | |
| *** dmellado_ is now known as dmellado | 13:20 | |
| *** amoralej is now known as amoralej|lunch | 13:39 | |
| *** dasm|off is now known as dasm | 13:59 | |
| lajoskatona | #startmeeting neutron_drivers | 14:00 |
| opendevmeet | Meeting started Fri Aug 19 14:00:14 2022 UTC and is due to finish in 60 minutes. The chair is lajoskatona. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:00 |
| opendevmeet | The meeting name has been set to 'neutron_drivers' | 14:00 |
| mlavalle | o/ | 14:00 |
| lajoskatona | Hi! | 14:00 |
| ralonsoh | hi | 14:00 |
| obondarev | hi | 14:00 |
| slaweq | hi | 14:00 |
| lajoskatona | As I see we have quorum | 14:02 |
| lajoskatona | Let's start | 14:02 |
| haleyb | hi | 14:02 |
| lajoskatona | We have 2 RFEs for today | 14:02 |
| lajoskatona | [RFE] Add possibility to define default security group rules (#link https://bugs.launchpad.net/neutron/+bug/1983053 ) | 14:02 |
| slaweq | that's proposed by me | 14:03 |
| lajoskatona | I think we discussed something like this but I was not able to find it in logs :-( | 14:03 |
| slaweq | during one of the PTGs I think we discussed that default rules aren't the greates | 14:04 |
| slaweq | but conclusion was to not change them to not break backward compatibility | 14:04 |
| lajoskatona | ahh, ok so it was one of the PTGs | 14:05 |
| slaweq | but recently we discussed that internall again and we think that it could be made better than it's now with hardcoded rules | 14:05 |
| slaweq | IMO the best way would be to add API resource like "default SG rule" | 14:05 |
| slaweq | and those would be stored in Neutron database and used for every new SG | 14:05 |
| slaweq | instead of currently used hardcoded rules | 14:06 |
| slaweq | only admin would be able to change those default rules | 14:06 |
| obondarev | sorry, for every new SG or project | 14:06 |
| obondarev | ? | 14:06 |
| ralonsoh | good question | 14:06 |
| lajoskatona | project as I understand | 14:06 |
| slaweq | obondarev there are 2 things here | 14:06 |
| slaweq | 1. Default SG which is created automatically for every new project | 14:07 |
| slaweq | that one have always 4 rules added automatically | 14:07 |
| obondarev | yep | 14:07 |
| slaweq | 2. Every other SG created by user - this one has 2 rules added by Neutron automatically | 14:07 |
| slaweq | so, we can add possibility to define by admin new rules for both of those types of security groups | 14:08 |
| ralonsoh | where/how those generic default rules are created? | 14:08 |
| haleyb | Two questions - 1) Why can't this just be a post project create task by the admin, which could work today? 2) Is the user not allowed to change these rules? | 14:10 |
| slaweq | https://github.com/openstack/neutron/blob/b551516e30ad7ccd38a0ef651741c307fa4e8216/neutron/db/securitygroups_db.py#L80 | 14:10 |
| *** amoralej|lunch is now known as amoralej | 14:10 | |
| obondarev | I guess these | 14:10 |
| obondarev | sorry, disregard please | 14:10 |
| slaweq | this is method which creates security group and adds rules to it | 14:10 |
| ralonsoh | no no I mean, how do you propose it? | 14:11 |
| ralonsoh | how do you propose to create those default rules? | 14:11 |
| slaweq | haleyb users can remove/change those rules | 14:11 |
| slaweq | but: | 14:11 |
| slaweq | a) we had some requests from customers that admin would like to define for users some other set of the rules added automatically to the new SGs | 14:12 |
| haleyb | So not just to the default SG when the project is created? | 14:12 |
| slaweq | b) default SG rules which are added today aren't great, we know that rules with remote_group_id aren't scale well, | 14:12 |
| slaweq | haleyb I think we can allow to define set of rules which will be added for each new SG and some "special" set of the rules which will be added also to each new "Default" SG | 14:13 |
| slaweq | that shouldn't be problem | 14:13 |
| haleyb | Ok, the bug only mentions the default SG is why I ask | 14:14 |
| lajoskatona | Personally I tend also to think that this can be solved neatly with hot templates or other tools, but can accept that this will be better for customers | 14:14 |
| lajoskatona | perhaps Neutron API is good place for such customization and default settings for sec-groups | 14:16 |
| slaweq | haleyb sorry, it was probably my "shortcut" when I was writing RFE | 14:16 |
| lajoskatona | Basically I am ok with this RFE, but I think we need a spec to see the details | 14:18 |
| haleyb | slaweq: is there much of a use case for the non-default SG? for example, if I create a new SG for say secure access, do we want extra rules added there? | 14:18 |
| haleyb | I could see adding icmp and ssh to default since we all do it first thing anyways, but that doesn't need a code change, just a heat template | 14:19 |
| slaweq | haleyb not everyone is using heat | 14:19 |
| slaweq | I know it can be automated with some script | 14:20 |
| slaweq | but we had such request to allow such modification | 14:20 |
| slaweq | and IMO it's reasonable request as it would be better instead of hardcoded things | 14:20 |
| haleyb | slaweq: well, it could even just be in my create-project.sh script as a post-create step like you mention. just playing devils advocate | 14:21 |
| obondarev | my 2 cents: I also know customers that are suffering from a "remote_group_id" rules in default SG | 14:22 |
| ralonsoh | yeah, I'm ok with the feature (needed by some customers) but I waiting for the implementation details | 14:23 |
| mlavalle | yeah, that's a scuge | 14:23 |
| mlavalle | scurge | 14:24 |
| lajoskatona | So let's have a spec and see the details for it | 14:25 |
| mlavalle | +1 | 14:25 |
| slaweq | of course I will write spec with proposed API changes first if this will be accepted | 14:25 |
| haleyb | obondarev: ack, and this is maybe a more attractive option of doing this spec to not create those rules | 14:25 |
| haleyb | if it was just adding rules it would be different (to me) | 14:25 |
| lajoskatona | Ok, let's vote than to see if we are ok with the RFE with the condition of a spec | 14:26 |
| lajoskatona | +1 from me | 14:26 |
| ralonsoh | +1 | 14:27 |
| mlavalle | +1 | 14:27 |
| obondarev | +1 | 14:27 |
| haleyb | +1 | 14:27 |
| lajoskatona | ok, thanks, I will update the RFE | 14:28 |
| lajoskatona | The 2nd one: | 14:28 |
| lajoskatona | [rfe][fwaas]support standard_attrs for firewall_group (#link https://bugs.launchpad.net/neutron/+bug/1986906 ) | 14:28 |
| slaweq | thank You | 14:28 |
| lajoskatona | As I see this RFE is quite simple: let's have standard attrs for fwaas_groups | 14:30 |
| slaweq | I agree with lajoskatona and I have no objections for it | 14:31 |
| ralonsoh | I'm ok too, looks an easy change | 14:31 |
| obondarev | yeah, looks pretty straightforward, no questions from me | 14:32 |
| lajoskatona | mlavalle, haleyb: what do you think? | 14:33 |
| mlavalle | +1 | 14:33 |
| mlavalle | pretty straightforward | 14:33 |
| mlavalle | we don't need a spec, do we? | 14:34 |
| mlavalle | just kidding :-) | 14:34 |
| lajoskatona | :-) | 14:34 |
| haleyb | +1 as this should be on most objects | 14:34 |
| lajoskatona | Ok, I will update this RFE also, thanks for discussing it :-) | 14:34 |
| lajoskatona | #topic On Demand Agenda | 14:34 |
| lajoskatona | Do you have anything more which we can discuss ? | 14:35 |
| slaweq | nothing from me | 14:35 |
| mlavalle | nothing from me | 14:35 |
| atimmins | hey all - looking for another review of https://review.opendev.org/c/openstack/neutron-specs/+/851607 | 14:35 |
| obondarev | nope | 14:35 |
| mlavalle | atimmins: I'll review it today | 14:35 |
| atimmins | Thanks! | 14:36 |
| slaweq | atimmins added to my review list | 14:36 |
| slaweq | but I will check it next week probably | 14:36 |
| lajoskatona | atimmins: I will check it also (perhaps early next week) | 14:36 |
| lajoskatona | If nothing more we can close the meeting | 14:36 |
| lajoskatona | #endmeeting | 14:36 |
| opendevmeet | Meeting ended Fri Aug 19 14:36:55 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 14:36 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-08-19-14.00.html | 14:36 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-08-19-14.00.txt | 14:36 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-08-19-14.00.log.html | 14:36 |
| ralonsoh | bye | 14:36 |
| lajoskatona | Bye, have a nice weekend | 14:37 |
| obondarev | bye! | 14:37 |
| slaweq | o/ | 14:37 |
| mlavalle | o/ | 14:37 |
| slaweq | have a nice weekend | 14:37 |
| opendevreview | Merged openstack/neutron master: Add vpnaas to extensions supported by ovn https://review.opendev.org/c/openstack/neutron/+/847005 | 14:53 |
| opendevreview | Merged openstack/neutron stable/ussuri: Fix migration failed due TypeError of new_vlan_tag https://review.opendev.org/c/openstack/neutron/+/853750 | 14:58 |
| opendevreview | Merged openstack/neutron stable/train: Fix migration failed due TypeError of new_vlan_tag https://review.opendev.org/c/openstack/neutron/+/853751 | 14:58 |
| *** amoralej is now known as amoralej|off | 15:10 | |
| opendevreview | Arnau Verdaguer proposed openstack/neutron master: [Trunk] Update the trunk status with the parent status https://review.opendev.org/c/openstack/neutron/+/853779 | 15:40 |
| frickler | slaweq: ralonsoh: I created https://etherpad.opendev.org/p/cirros-for-neutron-tempest-plugin for tracking, some things should already work, for some I've made PRs, but python3 is questionable. will do some further sizing tests next week | 16:59 |
| ralonsoh | frickler, thanks | 17:00 |
| opendevreview | Rodolfo Alonso proposed openstack/neutron master: [OVN][QoS] Add minimum bandwidth rule support to ML2/OVN https://review.opendev.org/c/openstack/neutron/+/842292 | 17:13 |
| opendevreview | Jakub Libosvar proposed openstack/neutron master: ovn: Don't fail db sync if new IP allocation fails for metadata https://review.opendev.org/c/openstack/neutron/+/853840 | 20:24 |
| *** dasm is now known as dasm|off | 21:33 | |
| opendevreview | Merged openstack/neutron master: [S-RBAC] Remove system scope from the API policies https://review.opendev.org/c/openstack/neutron/+/853798 | 23:31 |
| opendevreview | Merged openstack/neutron master: [S-RBAC] Use ADMIN rule instead of PROJECT_ADMIN in the new policies https://review.opendev.org/c/openstack/neutron/+/853799 | 23:31 |
| opendevreview | Merged openstack/neutron master: [S-RBAC] Rename ProjectAdmin* unit tests to Admin* https://review.opendev.org/c/openstack/neutron/+/853800 | 23:31 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!