#openstack-meeting log

09:00:11 <oneswig> #startmeeting scientific_wg
09:00:12 <openstack> Meeting started Wed Sep 28 09:00:11 2016 UTC and is due to finish in 60 minutes.  The chair is oneswig. Information about MeetBot at http://wiki.debian.org/MeetBot.
09:00:13 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
09:00:15 <openstack> The meeting name has been set to 'scientific_wg'
09:00:24 <oneswig> #chair b1airo
09:00:25 <openstack> Current chairs: b1airo oneswig
09:00:30 <zioproto> hello, here Saverio Proto from SWITCH, this is my first IRC meeting for this WG
09:00:32 <b1airo> sure, but fyi i am fighting with some switch upgrades and they are not going well, so a little distracted sorry...
09:00:51 <oneswig> If you get cut off, we'll know what happened
09:00:56 <b1airo> welcome zioproto !
09:01:01 <oneswig> Hello zioproto, thanks for joining in
09:01:04 <priteau> Welcome zioproto
09:01:21 <oneswig> #link today's agenda URL https://wiki.openstack.org/wiki/Scientific_working_group#IRC_Meeting_September_28th_2016
09:02:03 <oneswig> #topic Accounting and Scheduling
09:02:15 <oneswig> Or in today's case, identity federation
09:02:44 <zioproto> is anyone using identity federation in production with Horizon ?
09:02:49 <oneswig> #link zioproto's workshop in Rome: https://eventr.geant.org/events/2527
09:03:01 <zioproto> yes we have this WS right before barcelona
09:03:06 <zioproto> The main goal of the WS is the identification of the current level of integration between Identity Federations, Trust & Identity technologies, and Openstack.
09:03:13 <zioproto> The workshop idea comes from the community of the NRENs Openstack Operators (OSO), which is an informal, hands-on meet up of NREN people dealing with OpenStack in the provisioning of NREN services. Link http://swit.ch/oso
09:03:31 <zioproto> I would like to Write a User Story with the description of what NRENs mean by federation, to deliver to the Openstack Product WG. From the Manchester Ops-midcycle it emerged that the developers of the openstack community have very confused ideas about what is federation.
09:03:54 <zioproto> the Workshop is open to anyone interested in the topic
09:04:04 <zioproto> if you ahve trouble loggin in the GEANT platform just contact me
09:04:16 <zioproto> there is a google docs with the Agenda, if you want to bring content just edit the agenda
09:04:20 <oneswig> Do we need an account with GEANT to attend?
09:04:30 <zioproto> no, I think you can login also with a google acount
09:04:35 <zioproto> but I never tried :)
09:04:52 <zioproto> I mean to register in the web site to show you are participating
09:04:58 <zioproto> we have max room for 30 people
09:05:13 <zioproto> so we want to collect also
09:05:16 <zioproto> experience for people
09:05:20 <zioproto> how do you onboard your users ?
09:05:44 <zioproto> how do you integrate the existing identity federation mechasim that you have for the other academic services
09:06:02 <zioproto> for example a SWITCH we have a portal where you login with your federated identity
09:06:10 <zioproto> and then the portal creates an account into keystone
09:06:22 <oneswig> At Cambridge we are starting to look seriously at federation but are not yet started.  We authenticate the cloud with the university LDAP infrastructure, but would like to reach further
09:06:43 <zioproto> the final goal would be to have something like EDUROAM for openstack
09:06:48 <oneswig> zioproto: How are the account creations themselves authorised?
09:06:59 <zioproto> we send to the user a Voucher Link
09:07:05 <oneswig> something like eduroam but not eduroam?
09:07:16 <zioproto> that would be the final Goal
09:07:16 <dariov> hello all
09:07:17 <verdurin> Ah - that's better. Was on OFTC by mistake. Morning.
09:07:23 <oneswig> hello all
09:07:24 <zioproto> I hope we get there by the 'Z' release :)
09:07:44 <zioproto> so I just wanted to adversise this workshop, and I hope to find interested people in this topics
09:08:00 <zioproto> also, this would remove a lot of work from operators
09:08:06 <zioproto> now we spend a lot of time managin users
09:08:07 <zioproto> and quota
09:08:09 <zioproto> and so on
09:08:15 <oneswig> zioproto: for people who aren't up to speed, can you describe what you see as the current state of the art wrt identity federation in openstack?
09:08:20 <oneswig> and what's missing?
09:08:23 <zioproto> yes
09:08:25 <zioproto> sure
09:08:30 <zioproto> we had already a first workshop
09:08:32 <zioproto> and we have a etherpad
09:08:36 <zioproto> hold on I have to find the link
09:09:09 <zioproto> #link https://sandstorm.cloud.switch.ch/grain/JWSXCZnKY7tQFi2P2DfvKS/
09:09:33 <oneswig> it needs a sign-in, alas
09:09:44 <zioproto> ops
09:09:46 <zioproto> let me check
09:10:02 <b1airo> zioproto: did Simon Leinen mention NeCTAR Research Cloud has on-boarding via Australian Access Federation?
09:10:19 <zioproto> yes he mentioned
09:10:37 <zioproto> oneswig: you can sign in with a github account, any account will work
09:10:47 <oneswig> ah ok thanks
09:10:49 <zioproto> I have no idea why is not completely public, I think for antispam
09:11:35 <zioproto> oneswig: also check out this page with other useful material #link https://wiki.geant.org/display/gn41sa7/Agenda
09:11:50 <oneswig> Got a bit further, I signed in via github but now I'm at a form where I can request access.
09:12:05 <zioproto> b1airo: our solution is similar to Nectar
09:12:18 <dariov> oneswig, same here
09:12:19 <zioproto> oneswig: I will fix this permission issue as soon as we end the meeting, sorry about that
09:13:10 <oneswig> zioproto: Is there integration between federation solutions being developed in Europe, North America and Australasia?
09:13:28 <oneswig> ... or is that the aim of this workshop?
09:13:31 <b1airo> so to you does this initial bootstrapping of users into your cloud count as "openstack federation"?
09:14:04 <zioproto> sorry I used the wrong link
09:14:07 <zioproto> try this #link https://sandstorm.cloud.switch.ch/shared/WUO9KOOMpUqWNMphapnjSe2GpPNmTEXSP_6QzrA6pfM
09:14:33 <zioproto> oneswig: we dont know, that is a good topic for the WS
09:14:46 <oneswig> New link works thanks
09:15:05 <zioproto> oneswig: especially if you want easily access for VMs in different continent for network measurements for example
09:15:30 <priteau> zioproto: I didn't know about ospurge, useful! #link https://github.com/openstack/ospurge
09:16:04 <zioproto> yes, another side goal of the workshop is to have operators meet face to face and share operations best practice
09:16:07 <zioproto> like this tools
09:16:45 <zioproto> We organized soon before Barcelona so we can collect good ideas from this community to bring at the devs room in BCN
09:16:59 <oneswig> zioproto: how do you expect to organise the sessions - discussions, presentations, hands-on activities?
09:17:33 <zioproto> we are organizing the Agenda on a google docs #link https://docs.google.com/document/d/1ZevFuLbumCzf1kmdBy-WkeyjWBG3PfJCuaidTcYkBb8/edit
09:17:56 <zioproto> we have the first day presentations I guess, and the second day more hands on, on practical things
09:18:06 <zioproto> I would like to write following this template https://github.com/openstack/openstack-user-stories/blob/master/user-story-template.rst
09:18:14 <zioproto> something to give to the Product Working Group
09:18:32 <zioproto> because the commericial companies have no idea what we meant for federation
09:18:45 <zioproto> this emerged here #link https://etherpad.openstack.org/p/MAN-ops-Keystone-and-Federation
09:19:07 <zioproto> when you talk with Commercial Public CLoud providers about federation they have no idea about the use case
09:19:45 <zioproto> sorry I give a lot of links and input, maybe too much all together, but I hope I have an idea what is the workshop about
09:19:55 <zioproto> 1. Understand what is already available
09:20:03 <zioproto> 2. try to give feedback upstream on our use case
09:20:30 <zioproto> 3. meet each other to make stronger the scientific academic openstack community
09:21:19 <oneswig> zioproto: this all sounds good and hopefully having the summit the following week will give you some attendees from other continents
09:21:41 <b1airo> agreed
09:21:56 <zioproto> yes, sorry for short notice, but is not me organizing officialy
09:22:01 <priteau> zioproto: Are you planning to share a recap of the workshop? It would be useful to bootstrap discussion at the summit
09:22:01 <dariov> zioproto, interesting stuff, really.
09:22:02 <zioproto> workshop is organized by GARR
09:22:04 <b1airo> i suspect we need to split out multiple user stories from this?
09:22:05 <mario__> Hi
09:22:07 <oneswig> How does this compare with Helix Nebula (for example)?
09:22:19 <oneswig> Hi mario__
09:22:22 <zioproto> they have a very large deployment but for example they are not very much in touch with the community
09:22:30 <zioproto> so this is also a motivation to get more people in
09:22:50 <dariov> oneswig, Helix Nebula is something completely different
09:23:13 <dariov> that’s mainly a talking shop between “clients” and european cloud providers
09:23:25 <mario__> The idea is to gather che community around the issues and desired features to integrate the openstack cluster and identity federations at large
09:23:30 <verdurin> Yes, Helix Nebula is mainly about procuring cloud resources, as far as I know.
09:23:56 <dariov> there’s a “huge” cloud procurement going on, and identity federation is something we asked for
09:23:59 <zioproto> mario__ is the official organizer of the workshop. He is the local organizer in Rome.
09:24:13 <mario__> Openstack operators is an informal meet up of the national reserach and edutacion networks community in EU
09:24:13 <dariov> but that’s something that is under hte “Helix Nebula” umbrella, but somewhat a separate projecty
09:24:19 <dariov> *project
09:24:50 <oneswig> OK thanks
09:25:32 <mario__> So interested people should take a look at the proposed discussion items and the agena - feel free to add possible discussion items
09:25:34 <mario__> at  https://eventr.geant.org/events/2527
09:25:47 <zioproto> mario__: read the backlog I guess you connected a bit late :)
09:25:56 <mario__> yes
09:26:00 <dariov> anyway, zioproto, we’re come across many times the “we want to federate our OpenStack, but how the hell we do it”
09:26:01 <oneswig> So this workshop will feed into activities in Barcelona - ops sessions?
09:26:15 <mario__> yes.  any further additional question about it ?
09:26:27 <dariov> I’ll ask out openstack guys to have a look at the workshop, not sure they can come as they’re all flying to Barcelona (lucky them)
09:26:55 <zioproto> dariov: it was very difficult to do it until the Liberty release. But now all components should work
09:27:07 <mario__> yes, the idea is to try to skatch a summry document, again - informally - to feed possible  requests coming from the discussion in Rome and find a way to ship them to Barcelona
09:27:08 <zioproto> dariov: the CLI is the most difficult thing to federate. Web access is easier
09:27:41 <mario__> also collect own developments and share them
09:27:49 <oneswig> zioproto: Does OpenStack publish any reference on federation or is it all moving too fast to be useful?
09:27:49 <dariov> yep, I think we managed to federate to the EGI cloud, but that’s pretty much it
09:27:50 <zioproto> Guys I have clear in my mind that if we never write a use case for people outside of our community, federation as we mean it will never be implemented or supported.
09:27:55 <mario__> to make just one example :   how to deal with non ephemeral users
09:27:59 <zioproto> there is a lot of demos out there but no production stuff
09:28:24 <mario__> pre-procure them in keystone,  using domains
09:28:54 <zioproto> oneswig: all moving very fast. Keystone was still busy changing token format until Kilo ! Shadow users and proper LDAP support appeared only in Juno or Icehouse. :)
09:29:00 <mario__> there are both operational and management issues, demanding steps in terms of overall set up of a system able to accomodate users from SAML identity providers
09:29:04 <dariov> CERN has federated the two Openstack they have, right?
09:29:29 <daveholland> is two-factor auth something that's considered with federation or is it usually handled separately?
09:29:37 <zioproto> dariov: not exactly. They use the CERN LDAP as far as I know.
09:29:42 <verdurin> dariov: they use cells
09:29:48 <dariov> ah-ah, good to know
09:30:01 <dariov> thanks
09:30:06 <zioproto> dariov: so they have everything attached to this external LDAP, but is only 1 as far as I know
09:30:18 <verdurin> they contributed a lot of upstream fixes to get it working
09:30:58 <zioproto> Guys, I dont have all the answers :) otherwise I would not push to organize the workshop :) but I feel the topic is of great interest :)
09:31:00 <verdurin> yes, the two different sites are not visible to CERN cloud users
09:31:14 <oneswig> daveholland: good question, my guess is that authentication is separated but can anyone comment?
09:31:41 <mario__> please spread information as appropriate about this workshop, we will organize and support remote participation as well,
09:31:57 <oneswig> zioproto: definitely seems to be a relevant subject to me!
09:32:01 <verdurin> daveholland: I'd consider that to be separate from federation, at least logically
09:32:07 <dariov> mario__, kudos for the remote partecipation
09:32:07 <mario__> we have still 25 places available on Premises at GARR, Rome
09:32:14 <dariov> zioproto: it is!
09:32:39 <b1airo> are you all aware of the effort towards a meeting specifically around scientific cloud federation at the Boston summit?
09:32:51 <zioproto> Again at this etherpad #link #link https://sandstorm.cloud.switch.ch/shared/WUO9KOOMpUqWNMphapnjSe2GpPNmTEXSP_6QzrA6pfM we collected the compatibility matrix of the current Identity Federation solutions until Liberty
09:33:05 <zioproto> there is an ASCI table almost at the end
09:34:08 <oneswig> got it thanks.
09:34:15 <oneswig> Any more on this topic?
09:34:21 <zioproto> b1airo: I am , are you talking about this #link https://docs.google.com/document/d/13cq5Nn-BFHbLsuw8boDLUyt291G86KbUukJws7VOHWI/edit ?
09:34:43 <b1airo> yes
09:34:45 <mario__> please feel free to edit the shared agenda document proposing items you feel could be useful to discuss in Rome,  propose a talk if you feel like, and, also, we have to define a skeleton for a way to tructure  feedback consistently
09:34:48 <daveholland> verdurin: yes, the question was a bit tangential, wondering about the case of federating but only allowing federated uers who have 2fa
09:34:50 <mario__> structure
09:36:24 <zioproto> move on to next topic ?
09:36:51 <oneswig> Thanks zioproto mario__ for joining and sharing those details
09:36:59 <zioproto> you are welcome !
09:37:10 <oneswig> #topic Barcelona planning
09:37:11 <mario__> feel free to further contact me and/or Saverio about it
09:37:21 <oneswig> Great thanks mario__
09:37:32 <mario__> you're welcome
09:37:58 <oneswig> So there was some discussion about posters at the WG session in Barcelona but the feeling is it may be something to plan ahead for Boston instead
09:38:53 <oneswig> We should also start gathering agenda items for discussion at the WG meeting
09:39:26 <zioproto> oneswig: there is a etherpad link ?
09:39:34 <oneswig> #link https://etherpad.openstack.org/p/scientific-wg-barcelona-agenda - fresh out of the oven
09:39:55 <zioproto> thanks
09:40:21 <zioproto> oh ok it is still empty
09:40:27 <oneswig> Given the BoF and the meeting, where do discussions on matters like federation fall?
09:40:40 <zioproto> BoF ?
09:40:49 <zioproto> I dont know this BoF acronym
09:40:59 <oneswig> Yes - Birds of a Feather (stick together)
09:41:35 <zioproto> I am editing the etherpad with this
09:42:05 <oneswig> In the meeting we should at least talk over the four activity areas kicked off in Austin at the meeting and talk over what has happened in the meantime
09:43:03 <zioproto> I was not able to join Austin. Do you have the Austin etherpad link ?
09:43:24 <oneswig> zioproto: think you could make a lightning talk from your google-ngrams item ?
09:43:37 <zioproto> oneswig: sure !
09:43:50 <oneswig> #link what happened in Austin https://etherpad.openstack.org/p/scientific-wg-austin-summit-agenda
09:43:56 <zioproto> do we already know the timeslot and day ? I need to make sure I have in my calendar
09:44:32 <oneswig> zioproto: we are intending to have a set of lightning talks in the BoF, no schedule as yet
09:44:49 <zioproto> OK, but we know on what day ?
09:44:51 <oneswig> zioproto: all I know is Wednesday morning
09:44:57 <zioproto> perfect, I will take a not
09:44:59 <zioproto> note
09:45:19 <zioproto> we are working on Scientific Dataset and Hadoop/Spark. The idea is to implement at SWITCH something similar to Amazon Public Datasets
09:45:30 <zioproto> I can make a presentation about where we are so far, and the lesson learned
09:45:32 <b1airo> oneswig: i take it you have not heard anything more back from speakersupport?
09:45:46 <oneswig> b1airo: not that I'm aware of, no
09:45:58 <daveholland> the schedule has the BoF at Wednesday 12:15pm-12:55pm
09:46:06 <oneswig> zioproto: interesting, and when the federation's all in place will that end up with code moving to the data?
09:46:36 <zioproto> oneswig: yes, you will be able to start instances to our Openstack deployment and have the Data in the same datacenter
09:47:12 <zioproto> also together with GARR me and mario__ worked on replicating the data between SWITCH and GARR so we can host it with reduced redundancy and at a lower cost
09:47:49 <oneswig> sounds like a good vision
09:48:12 <zioproto> how much time is the lightnening talk ? 10 mins ?
09:48:21 <zioproto> so I can prepare the presentation accordingly
09:48:30 <oneswig> I would expect 5 minutes
09:49:06 <zioproto> ok, so it will be very quick :) 3 slides I guess :)
09:49:19 <oneswig> that kind of thing, yes
09:50:00 <oneswig> So one other item for the agenda for the meeting was the suggestion we have 3 co-chairs, geographically spread to Europe, Americas and APAC
09:50:17 <oneswig> In order to keep an eye on (and take part in) regional events more effectively
09:50:30 <dariov> zioproto, beware lighting talks, they’re really crazy :-)
09:50:53 <daveholland> we (Sanger) can offer a few slides/few minutes about the private OpenStack/VMware/CloudForms system we built as a proof-of-concept?
09:51:15 <oneswig> daveholland: I am sure that would be interesting to many people
09:51:44 <daveholland> OK, I will make sure we have something
09:52:07 <oneswig> I will start to gather items for this and mail on the ops list
09:52:28 <oneswig> #action Stig to mail ops for BoF lightning talk subjects
09:53:02 <oneswig> Anyone else interested in putting in a lightning talk?
09:53:33 <verdurin> oneswig: possibly
09:53:54 <oneswig> verdurin: noted - possible topic to follow :-)
09:54:06 <oneswig> OK, last item here was the evening social on Thursday
09:54:21 <zioproto> oneswig: I went on the eventbrite and it was already fully booked :(
09:54:27 <oneswig> ... Which is full but we are looking to extend from 30 to 50
09:54:33 <zioproto> yahooo
09:54:49 <dariov> oneswig, great! I’ll pass that on to our guys
09:54:58 <oneswig> zioproto: I'll put you on the list (we have 10 waiting) to make sure you get space if it goes through
09:55:11 <oneswig> 10 including EBI gang
09:55:12 <zioproto> ok it is my + 1
09:55:37 <zioproto> I travel with my wife that is also Openstack operator in another istitution. She will kill me if I get the seat and she does not :)
09:55:45 <zioproto> :)
09:56:02 <oneswig> 2 tickets down on the list
09:56:02 <b1airo> ha!
09:56:51 <dariov> oneswig, should just be one from the EBI, not a gang :-)
09:57:04 <oneswig> Got it - David Ocana?
09:57:07 <daveholland> I am on the list but would appreciate +1 for my boss (Pete) if space allows
09:57:09 <dariov> yep
09:57:16 <oneswig> Pete's down too
09:57:20 <daveholland> brill, ta
09:58:25 <oneswig> So hopefully we should know the score by the weekend.  If we can't subsidise 100%, I think the next best is to partly-subsidise more people rather than fully-subsidise fewer.  Any views on that?
09:58:31 <zioproto> so from SWITCH we are 4. Simon already registered on the event brite.
09:58:59 <oneswig> Is Mario #4?
09:59:06 <zioproto> no Mario is from GARR
09:59:06 <verdurin> Have to go - thanks all.
09:59:19 <oneswig> ah, we are out of time!
09:59:30 <b1airo> yeah agreed, i think most people would be more than happy to attend even if they with no subsidy
09:59:32 <zioproto> thank you for the good meeting !
09:59:35 <oneswig> zioproto: Sofiane?
09:59:51 <zioproto> oneswig: Sofiane is from EPFL
09:59:58 <zioproto> I dont know if he knows about this dinner
10:00:01 <zioproto> I will tell him !
10:00:17 <oneswig> OK zioproto let me know
10:00:21 <zioproto> SWITCH: Saverio Simon Valery and Harald
10:00:34 <zioproto> we are 4 travelling to BCN for the summit
10:00:42 <zioproto> and also I have my wife from University of Zurich
10:00:47 <zioproto> we all plan to attend the social dinner
10:00:53 <zioproto> but only simon registered
10:00:58 <zioproto> I hope this clears the confusion
10:01:00 <oneswig> OK I've updated - 1+4
10:01:10 <oneswig> OK all, must wrap up
10:01:15 <oneswig> thanks everyone, great session
10:01:18 <oneswig> #endmeeting