11:01:55 <oneswig_> #startmeeting scientific-sig 11:01:55 <openstack> Meeting started Wed May 6 11:01:55 2020 UTC and is due to finish in 60 minutes. The chair is oneswig_. Information about MeetBot at http://wiki.debian.org/MeetBot. 11:01:56 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 11:01:58 <openstack> The meeting name has been set to 'scientific_sig' 11:02:14 <janders> gday all 11:02:51 <oneswig_> Hi janders ahem sorry I'm late :-) 11:03:06 <janders> :) 11:03:23 <oneswig_> what's new? 11:03:39 <janders> not much 11:03:48 <dh3> openmpi/mpi4py (new to me at least) - not openstack related though 11:03:59 <janders> some interesting attempts to use secgroups the other way round 11:04:14 <oneswig_> mpi4py always seemed like a curious combination 11:04:15 <janders> (restricting egress with negative matching) 11:04:45 <janders> ended up putting some extra private subnets and routers in instead 11:05:35 <janders> but apparently secgroups cant be used to allow a VM to ping everything except something (e.g. local network) 11:06:59 <oneswig_> janders: had an interesting issue with secgroups the other day. A VM with allowed_address_pairs to relax what IPs and MACs can be transmitted, also disables security groups. 11:07:25 <janders> interesting feature 11:07:33 <janders> a little scary though 11:08:13 <janders> reminds me of a stuff up at one of AUS OpenStack operators back in nova-network days 11:08:35 <janders> a puppet bug caused iptables flush cluster wide... while computes were on public IPs 11:08:55 <janders> a bit of guessing and attacker can get console access to VMS 11:09:23 <oneswig_> yikes! 11:09:24 <janders> quick rd.break and the floodgates are open 11:09:27 <janders> yeah 11:09:44 <janders> accidental disabling of iptables ain't fun 11:10:04 <oneswig_> could they remember all the rules to put back :-) 11:10:32 <janders> i think the degree of compromise was large enough to sanction mass rebuild of stuff 11:11:02 <oneswig_> janders: on a different subject, have you contributed a case study to the OSF bare metal white paper? 11:11:10 <janders> working on it 11:11:19 <janders> getting close 11:11:21 <oneswig_> same here... 11:11:29 <janders> issue is its a little too long 11:11:38 <janders> cutting bits out before I can merge back 11:11:44 <oneswig_> there's an upper limit on length? 11:11:47 <janders> good problem to have i suppose 11:12:11 <janders> i dont think there's a specifc word count etc... mine had a fair bit of detail, code listings, etc 11:12:13 <janders> that needs to go 11:12:54 <oneswig_> ah right. I wasn't sure on embedding config myself 11:14:17 <oneswig_> On an administrative point 11:14:24 <oneswig_> #link Virtual PTG registration open https://www.eventbrite.com/e/virtual-project-teams-gathering-june-2020-tickets-103456996662 11:15:05 <priteau> OpenDev registration as well 11:15:20 <oneswig_> Hi priteau, thanks :-) 11:15:50 <priteau> #link https://www.eventbrite.com/e/opendev-large-scale-usage-of-open-infrastructure-software-registration-102899719832 11:16:52 <janders> done! 11:16:59 <janders> it's free - great! 11:17:04 <dh3> likewise, this morning :) 11:17:41 <oneswig_> Are they at the same time, how does that work again? 11:19:05 <oneswig_> ah, no, they are a few weeks apart. I should read up 11:20:49 <oneswig_> Now registered for both. 11:21:57 <oneswig_> Last week's discussion on Open Infra Labs was an interesting one. Seeing Adjutant in the list of PTG projects reminded me they use that for user onboarding. 11:22:03 <oneswig_> I'd not heard of it before. 11:22:36 <janders> (googling) 11:22:49 <janders> sounds a bit like my bunch of ansible used for onboarding 11:24:17 <janders> or maybe im wrong 11:24:34 <oneswig_> Right - I wasn't sure what it looks like to use. 11:24:43 <dh3> looks like it exposes some user self-service panels to Horizon too. We are using Cloudforms/ManageIQ for that 11:25:31 <janders> whats your feel around the next summit - will it be physical or virtual> 11:25:37 <janders> s/>/? 11:26:00 <oneswig_> Berlin in October? I wonder 11:26:43 <witek> Octoberfest in Sep has been canceled, but that's not exactly similar size 11:27:07 <oneswig_> I expect there will be a split: people keen to travel and others anxious to stay at home. It sounds like Germany is slowly relaxing its lockdown. I'm doubtful the US will be in a good spot by then though. 11:27:37 <oneswig_> Hi witek :-) 11:27:41 <witek> hi 11:28:15 <oneswig_> If there's a physical summit at all, perhaps it would be hundreds of attendees, not thousands. 11:28:36 <janders> right 11:28:51 <janders> at this stage it looks like we won't be allowed out of the country even if we wanted 11:29:18 <janders> but at least I got full refunds for OpenDev/PTG and ISC no worries 11:29:27 <janders> *flight refunds 11:30:30 <oneswig_> Flight refunds - interesting. I heard a European budget airline, all the refunds team are "currently not working due to coronavirus" - but the teams for rebooking are available to process your request! :-) 11:31:25 <janders> Qantas seemed to have a "system issue" which caused all cancellations to be turned into flight credits not refunds 11:31:35 <janders> but that was easy to fix with a little nagging 11:31:42 <dh3> priorities...! we/Sanger went "no business travel" weeks before lockdown so I expect they will be cautious 11:32:51 <janders> much business travel turned into budget travel after 911 & GFC 11:33:04 <janders> I wonder if this will go a step further and turn into videoconferencing instead 11:33:16 <oneswig_> It's an interesting point as opinion on travelling will have a large amount of subjective disposition to risk 11:33:18 <janders> in many cases that wouldn't be a bad thing 11:34:11 <oneswig_> If I had a fitbit, my daily step count these days would be ~100... 11:34:16 <dh3> depends on the videoconf platform I think... I bailed from one virtual conference because they used AdobeConnect and it was too unreliable (audio dropping, screen shares failing) 11:34:51 <oneswig_> AdobeConnect - not heard of that. Everyone has a pet hate I think. Skype for Business never feels like fun. 11:35:06 <janders> dont get me started on webex 11:35:39 <janders> teams is probably the least bad microsoft product on the market though 11:35:40 <oneswig_> Can you tell which platforms are built on OpenStack? 11:36:10 <oneswig_> janders: teams, I have a name for my pain. 11:36:32 <janders> its the least bad tool we use here 11:37:04 <janders> i deliberately dont use any reference to "good" or "better" though :P 11:41:16 <oneswig_> janders: got the VFLAG stuff working better. 11:41:29 <janders> great! 11:41:41 <janders> so - does it provide performance+redundancy? 11:41:45 <oneswig_> Upgrade to OVS 2.12 should have been redeploy - I think there were DB schema migration issues. 11:41:49 <janders> what's the aggregate bandwidth? 11:42:21 <oneswig_> Redundancy I haven't checked, performance is good but I only have it as an aggregate of clients on 5 hypervisors so far. 11:42:51 <oneswig_> I'm planning to get some meaningful data this afternoon, will put a graph on the SIG Slack channel if it's sufficiently pretty 11:42:58 <janders> i have no updates on my cx6-ovs issues 11:43:19 <oneswig_> That's been a long-running issue for you 11:43:23 <janders> mlnx are doing some testing in the lab to see if it is a generic bug or sth to do with my setup 11:43:25 <janders> yeah 11:43:30 <janders> we have some workarounds though 11:43:47 <janders> but overall vpi-eth-cx6 wasnt smooth sailing 11:43:51 <janders> cx6-ib - no worries 11:44:13 <janders> but overall i dont really see a point... for eth cx5 is more than sufficient 11:44:23 <janders> next stop pcie4/5 and 400GE I suppose 11:45:03 <oneswig_> I think there are some ipsec offloads in CX6 I was interested in testing. 11:45:16 <janders> for ib it does make sense esp for storage 11:45:21 <janders> its very very nice 11:45:27 <oneswig_> Also the NVMEoF support, I think there was something neat it did with presentation of VFs? 11:45:39 <janders> that is possible 11:46:08 <oneswig_> not much help if it fails on the "basics" though 11:46:27 <janders> pcie4 cx6-eth might be more smooth 11:46:40 <janders> i sense that hacks around pcie3 limitations dont mix with ethernet all that well 11:46:51 <janders> but - will know for sure when we have full explanation of the ovs issues 11:46:53 <janders> and a fix 11:48:40 <oneswig_> janders: are you a Cumulus customer? 11:48:48 <janders> not really 11:48:55 <janders> its a little funny actually 11:49:05 <janders> i ended up with some cumulus switches for.... ipmi 11:49:20 <janders> but not using any SDN stuff there 11:49:23 <janders> just dumb switches 11:49:34 <janders> as in they are used as dumb switches 11:49:52 <oneswig_> I wonder what it's prognosis is as an open net os. I suspect vendors like Dell will take a dim view 11:52:24 <oneswig_> I don't have anything more to add - janders? 11:52:31 <janders> i think im good 11:52:39 <janders> thank you all - and stay safe 11:52:44 <janders> till next time 11:52:47 <oneswig_> It must be late in canberra... 11:52:54 <janders> 2152 11:52:58 <oneswig_> Until next time! 11:53:03 <oneswig_> #endmeeting