#openstack-meeting log

11:01:55 <oneswig_> #startmeeting scientific-sig
11:01:55 <openstack> Meeting started Wed May  6 11:01:55 2020 UTC and is due to finish in 60 minutes.  The chair is oneswig_. Information about MeetBot at http://wiki.debian.org/MeetBot.
11:01:56 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
11:01:58 <openstack> The meeting name has been set to 'scientific_sig'
11:02:14 <janders> gday all
11:02:51 <oneswig_> Hi janders ahem sorry I'm late :-)
11:03:06 <janders> :)
11:03:23 <oneswig_> what's new?
11:03:39 <janders> not much
11:03:48 <dh3> openmpi/mpi4py (new to me at least) - not openstack related though
11:03:59 <janders> some interesting attempts to use secgroups the other way round
11:04:14 <oneswig_> mpi4py always seemed like a curious combination
11:04:15 <janders> (restricting egress with negative matching)
11:04:45 <janders> ended up putting some extra private subnets and routers in instead
11:05:35 <janders> but apparently secgroups cant be used to allow a VM to ping everything except something (e.g. local network)
11:06:59 <oneswig_> janders: had an interesting issue with secgroups the other day.  A VM with allowed_address_pairs to relax what IPs and MACs can be transmitted, also disables security groups.
11:07:25 <janders> interesting feature
11:07:33 <janders> a little scary though
11:08:13 <janders> reminds me of a stuff up at one of AUS OpenStack operators back in nova-network days
11:08:35 <janders> a puppet bug caused iptables flush cluster wide... while computes were on public IPs
11:08:55 <janders> a bit of guessing and attacker can get console access to VMS
11:09:23 <oneswig_> yikes!
11:09:24 <janders> quick rd.break and the floodgates are open
11:09:27 <janders> yeah
11:09:44 <janders> accidental disabling of iptables ain't fun
11:10:04 <oneswig_> could they remember all the rules to put back :-)
11:10:32 <janders> i think the degree of compromise was large enough to sanction mass rebuild of stuff
11:11:02 <oneswig_> janders: on a different subject, have you contributed a case study to the OSF bare metal white paper?
11:11:10 <janders> working on it
11:11:19 <janders> getting close
11:11:21 <oneswig_> same here...
11:11:29 <janders> issue is its a little too long
11:11:38 <janders> cutting bits out before I can merge back
11:11:44 <oneswig_> there's an upper limit on length?
11:11:47 <janders> good problem to have i suppose
11:12:11 <janders> i dont think there's a specifc word count etc... mine had a fair bit of detail, code listings, etc
11:12:13 <janders> that needs to go
11:12:54 <oneswig_> ah right.  I wasn't sure on embedding config myself
11:14:17 <oneswig_> On an administrative point
11:14:24 <oneswig_> #link Virtual PTG registration open https://www.eventbrite.com/e/virtual-project-teams-gathering-june-2020-tickets-103456996662
11:15:05 <priteau> OpenDev registration as well
11:15:20 <oneswig_> Hi priteau, thanks :-)
11:15:50 <priteau> #link https://www.eventbrite.com/e/opendev-large-scale-usage-of-open-infrastructure-software-registration-102899719832
11:16:52 <janders> done!
11:16:59 <janders> it's free - great!
11:17:04 <dh3> likewise, this morning :)
11:17:41 <oneswig_> Are they at the same time, how does that work again?
11:19:05 <oneswig_> ah, no, they are a few weeks apart.  I should read up
11:20:49 <oneswig_> Now registered for both.
11:21:57 <oneswig_> Last week's discussion on Open Infra Labs was an interesting one.  Seeing Adjutant in the list of PTG projects reminded me they use that for user onboarding.
11:22:03 <oneswig_> I'd not heard of it before.
11:22:36 <janders> (googling)
11:22:49 <janders> sounds a bit like my bunch of ansible used for onboarding
11:24:17 <janders> or maybe im wrong
11:24:34 <oneswig_> Right - I wasn't sure what it looks like to use.
11:24:43 <dh3> looks like it exposes some user self-service panels to Horizon too. We are using Cloudforms/ManageIQ for that
11:25:31 <janders> whats your feel around the next summit - will it be physical or virtual>
11:25:37 <janders> s/>/?
11:26:00 <oneswig_> Berlin in October?  I wonder
11:26:43 <witek> Octoberfest in Sep has been canceled, but that's not exactly similar size
11:27:07 <oneswig_> I expect there will be a split: people keen to travel and others anxious to stay at home.  It sounds like Germany is slowly relaxing its lockdown.  I'm doubtful the US will be in a good spot by then though.
11:27:37 <oneswig_> Hi witek :-)
11:27:41 <witek> hi
11:28:15 <oneswig_> If there's a physical summit at all, perhaps it would be hundreds of attendees, not thousands.
11:28:36 <janders> right
11:28:51 <janders> at this stage it looks like we won't be allowed out of the country even if we wanted
11:29:18 <janders> but at least I got full refunds for OpenDev/PTG and ISC no worries
11:29:27 <janders> *flight refunds
11:30:30 <oneswig_> Flight refunds - interesting.  I heard a European budget airline, all the refunds team are "currently not working due to coronavirus" - but the teams for rebooking are available to process your request! :-)
11:31:25 <janders> Qantas seemed to have a "system issue" which caused all cancellations to be turned into flight credits not refunds
11:31:35 <janders> but that was easy to fix with a little nagging
11:31:42 <dh3> priorities...! we/Sanger went "no business travel" weeks before lockdown so I expect they will be cautious
11:32:51 <janders> much business travel turned into budget travel after 911 & GFC
11:33:04 <janders> I wonder if this will go a step further and turn into videoconferencing instead
11:33:16 <oneswig_> It's an interesting point as opinion on travelling will have a large amount of subjective disposition to risk
11:33:18 <janders> in many cases that wouldn't be a bad thing
11:34:11 <oneswig_> If I had a fitbit, my daily step count these days would be ~100...
11:34:16 <dh3> depends on the videoconf platform I think... I bailed from one virtual conference because they used AdobeConnect and it was too unreliable (audio dropping, screen shares failing)
11:34:51 <oneswig_> AdobeConnect - not heard of that.  Everyone has a pet hate I think.  Skype for Business never feels like fun.
11:35:06 <janders> dont get me started on webex
11:35:39 <janders> teams is probably the least bad microsoft product on the market though
11:35:40 <oneswig_> Can you tell which platforms are built on OpenStack?
11:36:10 <oneswig_> janders: teams, I have a name for my pain.
11:36:32 <janders> its the least bad tool we use here
11:37:04 <janders> i deliberately dont use any reference to "good" or "better" though :P
11:41:16 <oneswig_> janders: got the VFLAG stuff working better.
11:41:29 <janders> great!
11:41:41 <janders> so - does it provide performance+redundancy?
11:41:45 <oneswig_> Upgrade to OVS 2.12 should have been redeploy - I think there were DB schema migration issues.
11:41:49 <janders> what's the aggregate bandwidth?
11:42:21 <oneswig_> Redundancy I haven't checked, performance is good but I only have it as an aggregate of clients on 5 hypervisors so far.
11:42:51 <oneswig_> I'm planning to get some meaningful data this afternoon, will put a graph on the SIG Slack channel if it's sufficiently pretty
11:42:58 <janders> i have no updates on my cx6-ovs issues
11:43:19 <oneswig_> That's been a long-running issue for you
11:43:23 <janders> mlnx are doing some testing in the lab to see if it is a generic bug or sth to do with my setup
11:43:25 <janders> yeah
11:43:30 <janders> we have some workarounds though
11:43:47 <janders> but overall vpi-eth-cx6 wasnt smooth sailing
11:43:51 <janders> cx6-ib - no worries
11:44:13 <janders> but overall i dont really see a point... for eth cx5 is more than sufficient
11:44:23 <janders> next stop pcie4/5 and 400GE I suppose
11:45:03 <oneswig_> I think there are some ipsec offloads in CX6 I was interested in testing.
11:45:16 <janders> for ib it does make sense esp for storage
11:45:21 <janders> its very very nice
11:45:27 <oneswig_> Also the NVMEoF support, I think there was something neat it did with presentation of VFs?
11:45:39 <janders> that is possible
11:46:08 <oneswig_> not much help if it fails on the "basics" though
11:46:27 <janders> pcie4 cx6-eth might be more smooth
11:46:40 <janders> i sense that hacks around pcie3 limitations dont mix with ethernet all that well
11:46:51 <janders> but - will know for sure when we have full explanation of the ovs issues
11:46:53 <janders> and a fix
11:48:40 <oneswig_> janders: are you a Cumulus customer?
11:48:48 <janders> not really
11:48:55 <janders> its a little funny actually
11:49:05 <janders> i ended up with some cumulus switches for.... ipmi
11:49:20 <janders> but not using any SDN stuff there
11:49:23 <janders> just dumb switches
11:49:34 <janders> as in they are used as dumb switches
11:49:52 <oneswig_> I wonder what it's prognosis is as an open net os.  I suspect vendors like Dell will take a dim view
11:52:24 <oneswig_> I don't have anything more to add - janders?
11:52:31 <janders> i think im good
11:52:39 <janders> thank you all - and stay safe
11:52:44 <janders> till next time
11:52:47 <oneswig_> It must be late in canberra...
11:52:54 <janders> 2152
11:52:58 <oneswig_> Until next time!
11:53:03 <oneswig_> #endmeeting