11:01:55 #startmeeting scientific-sig 11:01:55 Meeting started Wed May 6 11:01:55 2020 UTC and is due to finish in 60 minutes. The chair is oneswig_. Information about MeetBot at http://wiki.debian.org/MeetBot. 11:01:56 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 11:01:58 The meeting name has been set to 'scientific_sig' 11:02:14 gday all 11:02:51 Hi janders ahem sorry I'm late :-) 11:03:06 :) 11:03:23 what's new? 11:03:39 not much 11:03:48 openmpi/mpi4py (new to me at least) - not openstack related though 11:03:59 some interesting attempts to use secgroups the other way round 11:04:14 mpi4py always seemed like a curious combination 11:04:15 (restricting egress with negative matching) 11:04:45 ended up putting some extra private subnets and routers in instead 11:05:35 but apparently secgroups cant be used to allow a VM to ping everything except something (e.g. local network) 11:06:59 janders: had an interesting issue with secgroups the other day. A VM with allowed_address_pairs to relax what IPs and MACs can be transmitted, also disables security groups. 11:07:25 interesting feature 11:07:33 a little scary though 11:08:13 reminds me of a stuff up at one of AUS OpenStack operators back in nova-network days 11:08:35 a puppet bug caused iptables flush cluster wide... while computes were on public IPs 11:08:55 a bit of guessing and attacker can get console access to VMS 11:09:23 yikes! 11:09:24 quick rd.break and the floodgates are open 11:09:27 yeah 11:09:44 accidental disabling of iptables ain't fun 11:10:04 could they remember all the rules to put back :-) 11:10:32 i think the degree of compromise was large enough to sanction mass rebuild of stuff 11:11:02 janders: on a different subject, have you contributed a case study to the OSF bare metal white paper? 11:11:10 working on it 11:11:19 getting close 11:11:21 same here... 11:11:29 issue is its a little too long 11:11:38 cutting bits out before I can merge back 11:11:44 there's an upper limit on length? 11:11:47 good problem to have i suppose 11:12:11 i dont think there's a specifc word count etc... mine had a fair bit of detail, code listings, etc 11:12:13 that needs to go 11:12:54 ah right. I wasn't sure on embedding config myself 11:14:17 On an administrative point 11:14:24 #link Virtual PTG registration open https://www.eventbrite.com/e/virtual-project-teams-gathering-june-2020-tickets-103456996662 11:15:05 OpenDev registration as well 11:15:20 Hi priteau, thanks :-) 11:15:50 #link https://www.eventbrite.com/e/opendev-large-scale-usage-of-open-infrastructure-software-registration-102899719832 11:16:52 done! 11:16:59 it's free - great! 11:17:04 likewise, this morning :) 11:17:41 Are they at the same time, how does that work again? 11:19:05 ah, no, they are a few weeks apart. I should read up 11:20:49 Now registered for both. 11:21:57 Last week's discussion on Open Infra Labs was an interesting one. Seeing Adjutant in the list of PTG projects reminded me they use that for user onboarding. 11:22:03 I'd not heard of it before. 11:22:36 (googling) 11:22:49 sounds a bit like my bunch of ansible used for onboarding 11:24:17 or maybe im wrong 11:24:34 Right - I wasn't sure what it looks like to use. 11:24:43 looks like it exposes some user self-service panels to Horizon too. We are using Cloudforms/ManageIQ for that 11:25:31 whats your feel around the next summit - will it be physical or virtual> 11:25:37 s/>/? 11:26:00 Berlin in October? I wonder 11:26:43 Octoberfest in Sep has been canceled, but that's not exactly similar size 11:27:07 I expect there will be a split: people keen to travel and others anxious to stay at home. It sounds like Germany is slowly relaxing its lockdown. I'm doubtful the US will be in a good spot by then though. 11:27:37 Hi witek :-) 11:27:41 hi 11:28:15 If there's a physical summit at all, perhaps it would be hundreds of attendees, not thousands. 11:28:36 right 11:28:51 at this stage it looks like we won't be allowed out of the country even if we wanted 11:29:18 but at least I got full refunds for OpenDev/PTG and ISC no worries 11:29:27 *flight refunds 11:30:30 Flight refunds - interesting. I heard a European budget airline, all the refunds team are "currently not working due to coronavirus" - but the teams for rebooking are available to process your request! :-) 11:31:25 Qantas seemed to have a "system issue" which caused all cancellations to be turned into flight credits not refunds 11:31:35 but that was easy to fix with a little nagging 11:31:42 priorities...! we/Sanger went "no business travel" weeks before lockdown so I expect they will be cautious 11:32:51 much business travel turned into budget travel after 911 & GFC 11:33:04 I wonder if this will go a step further and turn into videoconferencing instead 11:33:16 It's an interesting point as opinion on travelling will have a large amount of subjective disposition to risk 11:33:18 in many cases that wouldn't be a bad thing 11:34:11 If I had a fitbit, my daily step count these days would be ~100... 11:34:16 depends on the videoconf platform I think... I bailed from one virtual conference because they used AdobeConnect and it was too unreliable (audio dropping, screen shares failing) 11:34:51 AdobeConnect - not heard of that. Everyone has a pet hate I think. Skype for Business never feels like fun. 11:35:06 dont get me started on webex 11:35:39 teams is probably the least bad microsoft product on the market though 11:35:40 Can you tell which platforms are built on OpenStack? 11:36:10 janders: teams, I have a name for my pain. 11:36:32 its the least bad tool we use here 11:37:04 i deliberately dont use any reference to "good" or "better" though :P 11:41:16 janders: got the VFLAG stuff working better. 11:41:29 great! 11:41:41 so - does it provide performance+redundancy? 11:41:45 Upgrade to OVS 2.12 should have been redeploy - I think there were DB schema migration issues. 11:41:49 what's the aggregate bandwidth? 11:42:21 Redundancy I haven't checked, performance is good but I only have it as an aggregate of clients on 5 hypervisors so far. 11:42:51 I'm planning to get some meaningful data this afternoon, will put a graph on the SIG Slack channel if it's sufficiently pretty 11:42:58 i have no updates on my cx6-ovs issues 11:43:19 That's been a long-running issue for you 11:43:23 mlnx are doing some testing in the lab to see if it is a generic bug or sth to do with my setup 11:43:25 yeah 11:43:30 we have some workarounds though 11:43:47 but overall vpi-eth-cx6 wasnt smooth sailing 11:43:51 cx6-ib - no worries 11:44:13 but overall i dont really see a point... for eth cx5 is more than sufficient 11:44:23 next stop pcie4/5 and 400GE I suppose 11:45:03 I think there are some ipsec offloads in CX6 I was interested in testing. 11:45:16 for ib it does make sense esp for storage 11:45:21 its very very nice 11:45:27 Also the NVMEoF support, I think there was something neat it did with presentation of VFs? 11:45:39 that is possible 11:46:08 not much help if it fails on the "basics" though 11:46:27 pcie4 cx6-eth might be more smooth 11:46:40 i sense that hacks around pcie3 limitations dont mix with ethernet all that well 11:46:51 but - will know for sure when we have full explanation of the ovs issues 11:46:53 and a fix 11:48:40 janders: are you a Cumulus customer? 11:48:48 not really 11:48:55 its a little funny actually 11:49:05 i ended up with some cumulus switches for.... ipmi 11:49:20 but not using any SDN stuff there 11:49:23 just dumb switches 11:49:34 as in they are used as dumb switches 11:49:52 I wonder what it's prognosis is as an open net os. I suspect vendors like Dell will take a dim view 11:52:24 I don't have anything more to add - janders? 11:52:31 i think im good 11:52:39 thank you all - and stay safe 11:52:44 till next time 11:52:47 It must be late in canberra... 11:52:54 2152 11:52:58 Until next time! 11:53:03 #endmeeting