09:00:11 #startmeeting scientific_wg 09:00:12 Meeting started Wed Sep 28 09:00:11 2016 UTC and is due to finish in 60 minutes. The chair is oneswig. Information about MeetBot at http://wiki.debian.org/MeetBot. 09:00:13 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 09:00:15 The meeting name has been set to 'scientific_wg' 09:00:24 #chair b1airo 09:00:25 Current chairs: b1airo oneswig 09:00:30 hello, here Saverio Proto from SWITCH, this is my first IRC meeting for this WG 09:00:32 sure, but fyi i am fighting with some switch upgrades and they are not going well, so a little distracted sorry... 09:00:51 If you get cut off, we'll know what happened 09:00:56 welcome zioproto ! 09:01:01 Hello zioproto, thanks for joining in 09:01:04 Welcome zioproto 09:01:21 #link today's agenda URL https://wiki.openstack.org/wiki/Scientific_working_group#IRC_Meeting_September_28th_2016 09:02:03 #topic Accounting and Scheduling 09:02:15 Or in today's case, identity federation 09:02:44 is anyone using identity federation in production with Horizon ? 09:02:49 #link zioproto's workshop in Rome: https://eventr.geant.org/events/2527 09:03:01 yes we have this WS right before barcelona 09:03:06 The main goal of the WS is the identification of the current level of integration between Identity Federations, Trust & Identity technologies, and Openstack. 09:03:13 The workshop idea comes from the community of the NRENs Openstack Operators (OSO), which is an informal, hands-on meet up of NREN people dealing with OpenStack in the provisioning of NREN services. Link http://swit.ch/oso 09:03:31 I would like to Write a User Story with the description of what NRENs mean by federation, to deliver to the Openstack Product WG. From the Manchester Ops-midcycle it emerged that the developers of the openstack community have very confused ideas about what is federation. 09:03:54 the Workshop is open to anyone interested in the topic 09:04:04 if you ahve trouble loggin in the GEANT platform just contact me 09:04:16 there is a google docs with the Agenda, if you want to bring content just edit the agenda 09:04:20 Do we need an account with GEANT to attend? 09:04:30 no, I think you can login also with a google acount 09:04:35 but I never tried :) 09:04:52 I mean to register in the web site to show you are participating 09:04:58 we have max room for 30 people 09:05:13 so we want to collect also 09:05:16 experience for people 09:05:20 how do you onboard your users ? 09:05:44 how do you integrate the existing identity federation mechasim that you have for the other academic services 09:06:02 for example a SWITCH we have a portal where you login with your federated identity 09:06:10 and then the portal creates an account into keystone 09:06:22 At Cambridge we are starting to look seriously at federation but are not yet started. We authenticate the cloud with the university LDAP infrastructure, but would like to reach further 09:06:43 the final goal would be to have something like EDUROAM for openstack 09:06:48 zioproto: How are the account creations themselves authorised? 09:06:59 we send to the user a Voucher Link 09:07:05 something like eduroam but not eduroam? 09:07:16 that would be the final Goal 09:07:16 hello all 09:07:17 Ah - that's better. Was on OFTC by mistake. Morning. 09:07:23 hello all 09:07:24 I hope we get there by the 'Z' release :) 09:07:44 so I just wanted to adversise this workshop, and I hope to find interested people in this topics 09:08:00 also, this would remove a lot of work from operators 09:08:06 now we spend a lot of time managin users 09:08:07 and quota 09:08:09 and so on 09:08:15 zioproto: for people who aren't up to speed, can you describe what you see as the current state of the art wrt identity federation in openstack? 09:08:20 and what's missing? 09:08:23 yes 09:08:25 sure 09:08:30 we had already a first workshop 09:08:32 and we have a etherpad 09:08:36 hold on I have to find the link 09:09:09 #link https://sandstorm.cloud.switch.ch/grain/JWSXCZnKY7tQFi2P2DfvKS/ 09:09:33 it needs a sign-in, alas 09:09:44 ops 09:09:46 let me check 09:10:02 zioproto: did Simon Leinen mention NeCTAR Research Cloud has on-boarding via Australian Access Federation? 09:10:19 yes he mentioned 09:10:37 oneswig: you can sign in with a github account, any account will work 09:10:47 ah ok thanks 09:10:49 I have no idea why is not completely public, I think for antispam 09:11:35 oneswig: also check out this page with other useful material #link https://wiki.geant.org/display/gn41sa7/Agenda 09:11:50 Got a bit further, I signed in via github but now I'm at a form where I can request access. 09:12:05 b1airo: our solution is similar to Nectar 09:12:18 oneswig, same here 09:12:19 oneswig: I will fix this permission issue as soon as we end the meeting, sorry about that 09:13:10 zioproto: Is there integration between federation solutions being developed in Europe, North America and Australasia? 09:13:28 ... or is that the aim of this workshop? 09:13:31 so to you does this initial bootstrapping of users into your cloud count as "openstack federation"? 09:14:04 sorry I used the wrong link 09:14:07 try this #link https://sandstorm.cloud.switch.ch/shared/WUO9KOOMpUqWNMphapnjSe2GpPNmTEXSP_6QzrA6pfM 09:14:33 oneswig: we dont know, that is a good topic for the WS 09:14:46 New link works thanks 09:15:05 oneswig: especially if you want easily access for VMs in different continent for network measurements for example 09:15:30 zioproto: I didn't know about ospurge, useful! #link https://github.com/openstack/ospurge 09:16:04 yes, another side goal of the workshop is to have operators meet face to face and share operations best practice 09:16:07 like this tools 09:16:45 We organized soon before Barcelona so we can collect good ideas from this community to bring at the devs room in BCN 09:16:59 zioproto: how do you expect to organise the sessions - discussions, presentations, hands-on activities? 09:17:33 we are organizing the Agenda on a google docs #link https://docs.google.com/document/d/1ZevFuLbumCzf1kmdBy-WkeyjWBG3PfJCuaidTcYkBb8/edit 09:17:56 we have the first day presentations I guess, and the second day more hands on, on practical things 09:18:06 I would like to write following this template https://github.com/openstack/openstack-user-stories/blob/master/user-story-template.rst 09:18:14 something to give to the Product Working Group 09:18:32 because the commericial companies have no idea what we meant for federation 09:18:45 this emerged here #link https://etherpad.openstack.org/p/MAN-ops-Keystone-and-Federation 09:19:07 when you talk with Commercial Public CLoud providers about federation they have no idea about the use case 09:19:45 sorry I give a lot of links and input, maybe too much all together, but I hope I have an idea what is the workshop about 09:19:55 1. Understand what is already available 09:20:03 2. try to give feedback upstream on our use case 09:20:30 3. meet each other to make stronger the scientific academic openstack community 09:21:19 zioproto: this all sounds good and hopefully having the summit the following week will give you some attendees from other continents 09:21:41 agreed 09:21:56 yes, sorry for short notice, but is not me organizing officialy 09:22:01 zioproto: Are you planning to share a recap of the workshop? It would be useful to bootstrap discussion at the summit 09:22:01 zioproto, interesting stuff, really. 09:22:02 workshop is organized by GARR 09:22:04 i suspect we need to split out multiple user stories from this? 09:22:05 Hi 09:22:07 How does this compare with Helix Nebula (for example)? 09:22:19 Hi mario__ 09:22:22 they have a very large deployment but for example they are not very much in touch with the community 09:22:30 so this is also a motivation to get more people in 09:22:50 oneswig, Helix Nebula is something completely different 09:23:13 that’s mainly a talking shop between “clients” and european cloud providers 09:23:25 The idea is to gather che community around the issues and desired features to integrate the openstack cluster and identity federations at large 09:23:30 Yes, Helix Nebula is mainly about procuring cloud resources, as far as I know. 09:23:56 there’s a “huge” cloud procurement going on, and identity federation is something we asked for 09:23:59 mario__ is the official organizer of the workshop. He is the local organizer in Rome. 09:24:13 Openstack operators is an informal meet up of the national reserach and edutacion networks community in EU 09:24:13 but that’s something that is under hte “Helix Nebula” umbrella, but somewhat a separate projecty 09:24:19 *project 09:24:50 OK thanks 09:25:32 So interested people should take a look at the proposed discussion items and the agena - feel free to add possible discussion items 09:25:34 at https://eventr.geant.org/events/2527 09:25:47 mario__: read the backlog I guess you connected a bit late :) 09:25:56 yes 09:26:00 anyway, zioproto, we’re come across many times the “we want to federate our OpenStack, but how the hell we do it” 09:26:01 So this workshop will feed into activities in Barcelona - ops sessions? 09:26:15 yes. any further additional question about it ? 09:26:27 I’ll ask out openstack guys to have a look at the workshop, not sure they can come as they’re all flying to Barcelona (lucky them) 09:26:55 dariov: it was very difficult to do it until the Liberty release. But now all components should work 09:27:07 yes, the idea is to try to skatch a summry document, again - informally - to feed possible requests coming from the discussion in Rome and find a way to ship them to Barcelona 09:27:08 dariov: the CLI is the most difficult thing to federate. Web access is easier 09:27:41 also collect own developments and share them 09:27:49 zioproto: Does OpenStack publish any reference on federation or is it all moving too fast to be useful? 09:27:49 yep, I think we managed to federate to the EGI cloud, but that’s pretty much it 09:27:50 Guys I have clear in my mind that if we never write a use case for people outside of our community, federation as we mean it will never be implemented or supported. 09:27:55 to make just one example : how to deal with non ephemeral users 09:27:59 there is a lot of demos out there but no production stuff 09:28:24 pre-procure them in keystone, using domains 09:28:54 oneswig: all moving very fast. Keystone was still busy changing token format until Kilo ! Shadow users and proper LDAP support appeared only in Juno or Icehouse. :) 09:29:00 there are both operational and management issues, demanding steps in terms of overall set up of a system able to accomodate users from SAML identity providers 09:29:04 CERN has federated the two Openstack they have, right? 09:29:29 is two-factor auth something that's considered with federation or is it usually handled separately? 09:29:37 dariov: not exactly. They use the CERN LDAP as far as I know. 09:29:42 dariov: they use cells 09:29:48 ah-ah, good to know 09:30:01 thanks 09:30:06 dariov: so they have everything attached to this external LDAP, but is only 1 as far as I know 09:30:18 they contributed a lot of upstream fixes to get it working 09:30:58 Guys, I dont have all the answers :) otherwise I would not push to organize the workshop :) but I feel the topic is of great interest :) 09:31:00 yes, the two different sites are not visible to CERN cloud users 09:31:14 daveholland: good question, my guess is that authentication is separated but can anyone comment? 09:31:41 please spread information as appropriate about this workshop, we will organize and support remote participation as well, 09:31:57 zioproto: definitely seems to be a relevant subject to me! 09:32:01 daveholland: I'd consider that to be separate from federation, at least logically 09:32:07 mario__, kudos for the remote partecipation 09:32:07 we have still 25 places available on Premises at GARR, Rome 09:32:14 zioproto: it is! 09:32:39 are you all aware of the effort towards a meeting specifically around scientific cloud federation at the Boston summit? 09:32:51 Again at this etherpad #link #link https://sandstorm.cloud.switch.ch/shared/WUO9KOOMpUqWNMphapnjSe2GpPNmTEXSP_6QzrA6pfM we collected the compatibility matrix of the current Identity Federation solutions until Liberty 09:33:05 there is an ASCI table almost at the end 09:34:08 got it thanks. 09:34:15 Any more on this topic? 09:34:21 b1airo: I am , are you talking about this #link https://docs.google.com/document/d/13cq5Nn-BFHbLsuw8boDLUyt291G86KbUukJws7VOHWI/edit ? 09:34:43 yes 09:34:45 please feel free to edit the shared agenda document proposing items you feel could be useful to discuss in Rome, propose a talk if you feel like, and, also, we have to define a skeleton for a way to tructure feedback consistently 09:34:48 verdurin: yes, the question was a bit tangential, wondering about the case of federating but only allowing federated uers who have 2fa 09:34:50 structure 09:36:24 move on to next topic ? 09:36:51 Thanks zioproto mario__ for joining and sharing those details 09:36:59 you are welcome ! 09:37:10 #topic Barcelona planning 09:37:11 feel free to further contact me and/or Saverio about it 09:37:21 Great thanks mario__ 09:37:32 you're welcome 09:37:58 So there was some discussion about posters at the WG session in Barcelona but the feeling is it may be something to plan ahead for Boston instead 09:38:53 We should also start gathering agenda items for discussion at the WG meeting 09:39:26 oneswig: there is a etherpad link ? 09:39:34 #link https://etherpad.openstack.org/p/scientific-wg-barcelona-agenda - fresh out of the oven 09:39:55 thanks 09:40:21 oh ok it is still empty 09:40:27 Given the BoF and the meeting, where do discussions on matters like federation fall? 09:40:40 BoF ? 09:40:49 I dont know this BoF acronym 09:40:59 Yes - Birds of a Feather (stick together) 09:41:35 I am editing the etherpad with this 09:42:05 In the meeting we should at least talk over the four activity areas kicked off in Austin at the meeting and talk over what has happened in the meantime 09:43:03 I was not able to join Austin. Do you have the Austin etherpad link ? 09:43:24 zioproto: think you could make a lightning talk from your google-ngrams item ? 09:43:37 oneswig: sure ! 09:43:50 #link what happened in Austin https://etherpad.openstack.org/p/scientific-wg-austin-summit-agenda 09:43:56 do we already know the timeslot and day ? I need to make sure I have in my calendar 09:44:32 zioproto: we are intending to have a set of lightning talks in the BoF, no schedule as yet 09:44:49 OK, but we know on what day ? 09:44:51 zioproto: all I know is Wednesday morning 09:44:57 perfect, I will take a not 09:44:59 note 09:45:19 we are working on Scientific Dataset and Hadoop/Spark. The idea is to implement at SWITCH something similar to Amazon Public Datasets 09:45:30 I can make a presentation about where we are so far, and the lesson learned 09:45:32 oneswig: i take it you have not heard anything more back from speakersupport? 09:45:46 b1airo: not that I'm aware of, no 09:45:58 the schedule has the BoF at Wednesday 12:15pm-12:55pm 09:46:06 zioproto: interesting, and when the federation's all in place will that end up with code moving to the data? 09:46:36 oneswig: yes, you will be able to start instances to our Openstack deployment and have the Data in the same datacenter 09:47:12 also together with GARR me and mario__ worked on replicating the data between SWITCH and GARR so we can host it with reduced redundancy and at a lower cost 09:47:49 sounds like a good vision 09:48:12 how much time is the lightnening talk ? 10 mins ? 09:48:21 so I can prepare the presentation accordingly 09:48:30 I would expect 5 minutes 09:49:06 ok, so it will be very quick :) 3 slides I guess :) 09:49:19 that kind of thing, yes 09:50:00 So one other item for the agenda for the meeting was the suggestion we have 3 co-chairs, geographically spread to Europe, Americas and APAC 09:50:17 In order to keep an eye on (and take part in) regional events more effectively 09:50:30 zioproto, beware lighting talks, they’re really crazy :-) 09:50:53 we (Sanger) can offer a few slides/few minutes about the private OpenStack/VMware/CloudForms system we built as a proof-of-concept? 09:51:15 daveholland: I am sure that would be interesting to many people 09:51:44 OK, I will make sure we have something 09:52:07 I will start to gather items for this and mail on the ops list 09:52:28 #action Stig to mail ops for BoF lightning talk subjects 09:53:02 Anyone else interested in putting in a lightning talk? 09:53:33 oneswig: possibly 09:53:54 verdurin: noted - possible topic to follow :-) 09:54:06 OK, last item here was the evening social on Thursday 09:54:21 oneswig: I went on the eventbrite and it was already fully booked :( 09:54:27 ... Which is full but we are looking to extend from 30 to 50 09:54:33 yahooo 09:54:49 oneswig, great! I’ll pass that on to our guys 09:54:58 zioproto: I'll put you on the list (we have 10 waiting) to make sure you get space if it goes through 09:55:11 10 including EBI gang 09:55:12 ok it is my + 1 09:55:37 I travel with my wife that is also Openstack operator in another istitution. She will kill me if I get the seat and she does not :) 09:55:45 :) 09:56:02 2 tickets down on the list 09:56:02 ha! 09:56:51 oneswig, should just be one from the EBI, not a gang :-) 09:57:04 Got it - David Ocana? 09:57:07 I am on the list but would appreciate +1 for my boss (Pete) if space allows 09:57:09 yep 09:57:16 Pete's down too 09:57:20 brill, ta 09:58:25 So hopefully we should know the score by the weekend. If we can't subsidise 100%, I think the next best is to partly-subsidise more people rather than fully-subsidise fewer. Any views on that? 09:58:31 so from SWITCH we are 4. Simon already registered on the event brite. 09:58:59 Is Mario #4? 09:59:06 no Mario is from GARR 09:59:06 Have to go - thanks all. 09:59:19 ah, we are out of time! 09:59:30 yeah agreed, i think most people would be more than happy to attend even if they with no subsidy 09:59:32 thank you for the good meeting ! 09:59:35 zioproto: Sofiane? 09:59:51 oneswig: Sofiane is from EPFL 09:59:58 I dont know if he knows about this dinner 10:00:01 I will tell him ! 10:00:17 OK zioproto let me know 10:00:21 SWITCH: Saverio Simon Valery and Harald 10:00:34 we are 4 travelling to BCN for the summit 10:00:42 and also I have my wife from University of Zurich 10:00:47 we all plan to attend the social dinner 10:00:53 but only simon registered 10:00:58 I hope this clears the confusion 10:01:00 OK I've updated - 1+4 10:01:10 OK all, must wrap up 10:01:15 thanks everyone, great session 10:01:18 #endmeeting