| *** rbudden has quit IRC | 02:02 | |
| *** jmlowe has joined #scientific-wg | 03:24 | |
| *** jmlowe has quit IRC | 04:33 | |
| *** blair_ has joined #scientific-wg | 05:57 | |
| blair_ | anyone seen guest crashes correlated with KVM rdmsr errors before ? | 07:23 |
|---|---|---|
| *** blair_ has quit IRC | 07:31 | |
| *** priteau has joined #scientific-wg | 09:20 | |
| -openstackstatus- NOTICE: The CI system will be offline starting at 11:00 UTC (in just under an hour) for Zuul v3 rollout: http://lists.openstack.org/pipermail/openstack-dev/2017-October/123337.html | 10:09 | |
| *** b1airo has joined #scientific-wg | 10:29 | |
| b1airo | hi all, we are hereby known as the Scientific SIG (https://wiki.openstack.org/wiki/Scientific_SIG) | 10:55 |
| *** martial has joined #scientific-wg | 10:56 | |
| *** masuberu has joined #scientific-wg | 11:05 | |
| *** masber has quit IRC | 11:07 | |
| *** rbudden has joined #scientific-wg | 11:28 | |
| *** khappone has joined #scientific-wg | 12:01 | |
| khappone | Hello * | 12:01 |
| b1airo | hi | 12:01 |
| martial | hello again :) | 12:02 |
| khappone | We standardize the login names for all our images. We do turn on automatic updates on all images (I don't know the upstream standard though), which is kind of important. However I'm not sure if it's important enough to deviate from the standard | 12:02 |
| khappone | Some sites made the images use local NTP servers | 12:02 |
| b1airo | so is your new approach to not standardise login names? | 12:03 |
| b1airo | here are our image build recipes: https://github.com/NeCTAR-RC/nectar-images | 12:04 |
| khappone | Basically we'd take what ubuntu, centos et.al. offer and use them directly | 12:04 |
| khappone | We'd update our documentation, have a few mails and a small announcement capaign to our users. | 12:04 |
| b1airo | yeah that makes sense, we try to be hands off - things like the usernames are an informal standard across clouds, e.g., most experienced users know and rely on Ubuntu images using "ubuntu" etc | 12:05 |
| khappone | One of the point is also to make possible future cloud federation and collaboration easier | 12:05 |
| b1airo | you can see the base of what we change here: https://github.com/NeCTAR-RC/nectar-images/blob/master/ansible/playbook.yml | 12:05 |
| khappone | Yeah, I'm still torn if this is a good idea. I'd really love to somewhat standardize on this, but I also think there are relevant tweaks | 12:06 |
| b1airo | yep, it's tough - some of this is strictly necessary for us, e.g., installing fail2ban | 12:07 |
| b1airo | our cloud instances are on the Internet by default, and even though secgroups default to being closed, many users still just open 0.0.0.0/0 | 12:07 |
| khappone | And you feel like key only SSH isn't safe enugh? | 12:08 |
| b1airo | and of course we have guidelines telling them not to set passwords etc, but half the time they have no idea what they are doing | 12:08 |
| khappone | Ah, we have solved this by never knowing what they're doing and when something goes wrong we'll shut their VM(s) down :) | 12:09 |
| b1airo | ha! i wish my life were that simple | 12:09 |
| khappone | But I think it's a compromise between technical controls and documentation | 12:10 |
| khappone | and defaults | 12:10 |
| martial | :) | 12:10 |
| khappone | I don't think anybody uses the recommendations I wrote yet (we don't yet), so I don't know if they're reasonable. But we'll try to figure it out. And it might be that even the base images would have some agreed-upon tweaks in them | 12:11 |
| b1airo | i think it would be useful to extend your work to try and find where a sensible cut-off point is for customisation, i suspect a blanket "no customisation" rule will not be practical, but if we can come up with reasoned guidelines about what should not be touched then that would be useful to avoid interoperability issues for users | 12:11 |
| b1airo | this would have made a really great Forum topic | 12:12 |
| b1airo | perhaps in 6 months if you can be there! | 12:12 |
| khappone | If we do that, I'd also like to have the same standard customizations. Partly to make the images and tools reusable, and secondly to be able to build on that and share more complex appliances | 12:13 |
| khappone | I'll try to be in Vancouver | 12:13 |
| martial | maybe a customization interface? | 12:13 |
| martial | ansible playbook calling other ansible playbooks | 12:13 |
| khappone | I'm sure the compromize won't be what exactly everybody wants, but if the benefits outweigh the comromise (which I think could easily be done), we could get someting to work | 12:14 |
| b1airo | khappone, do you have any examples of times that customisations have caused problems for end-users/consumers ? | 12:14 |
| khappone | b1airo: yes, we can't directly steal your images, so it's extra work for us, and we can't focus on what the users really need :P | 12:15 |
| b1airo | it may be useful to list some of those out to use as sanity tests | 12:15 |
| b1airo | haha | 12:15 |
| khappone | Final goal: The only images we build are something that's not out there, and nobody else has to build that. | 12:16 |
| b1airo | maybe you could directly steal our image code though... just a few new group_vars :-) | 12:16 |
| khappone | That's an option, a less-nice one, but an option. Sharing tools is also beneficial. But I WANT MORE. | 12:17 |
| khappone | :) | 12:17 |
| khappone | Anyway, I really need to run now. I'm glad there was discussion around this topic. I shall try work on it on our part and see what problems I find. | 12:18 |
| martial | sounds very cool, thanks for sharing the link | 12:18 |
| b1airo | thanks for staying to chat khappone ! | 12:18 |
| b1airo | time for me to head to bed as well | 12:18 |
| martial | good night then b1airo | 12:19 |
| martial | good bye khappone | 12:20 |
| *** martial has quit IRC | 12:20 | |
| *** priteau has quit IRC | 12:30 | |
| -openstackstatus- NOTICE: Due to unrelated emergencies, the Zuul v3 rollout has not started yet; stay tuned for further updates | 13:06 | |
| khappone | b1airo: when you're back. May I add the link to your image build tools to the document? | 13:32 |
| *** priteau has joined #scientific-wg | 13:35 | |
| *** jmlowe has joined #scientific-wg | 13:55 | |
| *** rbudden has quit IRC | 15:36 | |
| *** rbudden has joined #scientific-wg | 15:38 | |
| *** jmlowe has quit IRC | 16:47 | |
| *** jmlowe has joined #scientific-wg | 18:18 | |
| *** masuberu has quit IRC | 19:01 | |
| *** jmlowe has quit IRC | 19:30 | |
| *** jmlowe has joined #scientific-wg | 19:48 | |
| *** priteau has quit IRC | 20:38 | |
| *** jmlowe has quit IRC | 20:38 | |
| *** jmlowe has joined #scientific-wg | 20:57 | |
| *** b1airo has quit IRC | 21:06 | |
| *** jmlowe has quit IRC | 21:12 | |
| *** jmlowe has joined #scientific-wg | 21:25 | |
| *** jmlowe has quit IRC | 21:47 | |
| *** jmlowe has joined #scientific-wg | 21:53 | |
| *** b1airo has joined #scientific-wg | 21:57 | |
| *** b1airo has quit IRC | 22:05 | |
| *** priteau has joined #scientific-wg | 22:39 | |
| *** priteau has quit IRC | 22:44 | |
| *** jmlowe has quit IRC | 22:53 | |
| *** priteau has joined #scientific-wg | 23:01 | |
| *** priteau has quit IRC | 23:06 | |
| *** masber has joined #scientific-wg | 23:14 | |
| *** b1airo has joined #scientific-wg | 23:39 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!