09:00:36 <oneswig> #startmeeting scientific-wg
09:00:40 <openstack> Meeting started Wed Nov  9 09:00:36 2016 UTC and is due to finish in 60 minutes.  The chair is oneswig. Information about MeetBot at http://wiki.debian.org/MeetBot.
09:00:42 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
09:00:44 <openstack> The meeting name has been set to 'scientific_wg'
09:00:52 <oneswig> b1airo: ah.  Never mind - half a Blair's better than none
09:00:57 <oneswig> #chair b1airo
09:00:58 <openstack> Current chairs: b1airo oneswig
09:01:07 <oneswig> just in case...
09:01:15 <oneswig> Good morning/evening all
09:01:42 <oneswig> #link agenda on the wiki https://wiki.openstack.org/wiki/Scientific_working_group#IRC_Meeting_November_9th_2016
09:02:23 <oneswig> This week, the agenda largely focuses on the discussions in the APAC timezone last week
09:02:36 <b1airo> Hi StefanPaetowJisc , sofianes
09:02:54 <oneswig> #link Last week's discussion http://eavesdrop.openstack.org/meetings/scientific_wg/2016/scientific_wg.2016-11-01-21.02.log.html#l-28
09:02:55 <StefanPaetowJisc> Good morning! *brighteyed* *bushytailed* ;-)
09:03:10 <sofianes> Hi b1airo, all
09:03:21 <oneswig> Hi StefanPaetowJisc sofianes, good morning indeed, unless you're a democrat :-)
09:03:36 <oneswig> (didn't take long)
09:03:47 <StefanPaetowJisc> Awww shucks. Oh. Hang on!
09:04:03 <b1airo> Uh oh, here we go
09:04:10 <StefanPaetowJisc> Everyone recovered from the shock yet? ;-)
09:04:33 <oneswig> It'll take ... I don't know how long it'll take actually
09:04:47 <oneswig> Anyway, on with the show
09:04:59 <oneswig> #topic Selection/confirmation of new activity areas
09:04:59 <priteau> Probably about 4 years
09:05:24 * dabukalam is experiencing a morning remarkably similar to one on the 24th June...
09:05:42 <StefanPaetowJisc> What's the ASCII emoticon for 'crying with laughter', or 'hysterical laughter'? ;-)
09:05:42 <oneswig> dabukalam: indeed! deja vu!
09:05:56 <StefanPaetowJisc> Anyway... let's get on with this.
09:06:02 * StefanPaetowJisc puts on his serious face
09:06:07 <oneswig> So following from the WG meeting in Barca and the IRC meeting last week, there were four good candidates for activity areas
09:06:10 <oneswig> to recap:
09:06:27 <oneswig> Telemetry and monitoring infra (oneswig and martial to lead)
09:06:41 <oneswig> Federation (aloga has volunteered)
09:07:10 <oneswig> Scientific datasets and data analytics (we don't have formal confirmation - zioproto was interested but wanted to check)
09:07:19 <oneswig> GPUs in virtualisation - powerd
09:07:24 <zioproto> hello
09:07:28 <zioproto> sorry I am late
09:07:43 <geo_> g'morning
09:07:44 <sofianes> I would like to contribute to the Scientific datasets and data analytics
09:07:47 <oneswig> zioproto: just in time :-) I was just about to say, "any objections to nominating zioproto" :-)
09:07:52 <sofianes> hi zioproto
09:08:05 <zioproto> Hi, so I accept the nomination
09:08:08 <zioproto> :)
09:08:16 <oneswig> sofianes: thanks, noted
09:08:19 <b1airo> oneswig: that was powerd and I (and we've since touched base and planning to meet up at SC next week)
09:08:28 <zioproto> but I have to warn you guys there is a 50% chance I will not make it to be in Boston
09:08:30 <oneswig> b1airo: aha, thanks, I'll add that
09:08:36 <oneswig> #action sofianes on datasets
09:08:40 <oneswig> #action b1airo on gpus
09:08:50 <enolfc> hi, I'm also interested in scientific datasets and data analytics
09:09:05 <oneswig> Hi enolfc thanks I'll add you to that
09:09:12 <oneswig> #action enolfc on datasets
09:09:37 <oneswig> I think it would be a good idea to clarify some purpose for each of these areas.
09:10:07 <StefanPaetowJisc> Federation I coud potentially help with... ;-)
09:10:18 <oneswig> StefanPaetowJisc: thanks, noted
09:10:26 <oneswig> #action StefanPaetowJisc on federation
09:10:45 <sofianes> I could help with clarifying datasets + analytics
09:11:19 <sofianes> together with zioproto, we are already takling part of the problematics in our projects
09:11:27 <oneswig> About scientific datasets: how do people envisage this - does it work as a general service or a domain-specific service
09:11:31 <oneswig> I saw this in the week
09:11:45 <oneswig> #link https://www.rd-alliance.org/groups/pid-collections-wg.html
09:11:52 <enolfc> you can also count me on federation
09:12:16 <oneswig> #action enolfc on federation
09:12:19 <oneswig> thanks enolfc
09:12:59 <oneswig> I already have an action (not done yet) from last week to define the telemetry and monitoring work I'm active on.
09:13:31 <sofianes> about datasets: I think that we need to work both on best practices in isolation (within one provide) and about potential federation accross different providers
09:13:55 <enolfc> for gpu, I will check with some EGI people that may want to contribute
09:13:57 <oneswig> sofianes zioproto: would you be able to come back to this meeting in 2 weeks with a description of what you have been working on so far and what your goals are?
09:14:17 <b1airo> enolfc: great!
09:14:37 <oneswig> enolfc: thanks that would be grand - I'd be interested to hear how GPUs fit into EGI anyway...
09:14:38 <sofianes> ok, I can prepare something
09:15:16 <oneswig> #action sofianes to describe use case and plans for scientific datasets in next EMEA meeting
09:15:22 <enolfc> oneswig, b1airo: I can bring the people working on that to describe what's available now
09:15:26 <oneswig> Thanks sofianes
09:16:34 <oneswig> enolfc: That would be great. We can put both datasets and gpus on the agenda for 2 weeks time
09:17:27 <zioproto> oneswig: yes, I can work with Sofiane. Should we prepare some slides for the next IRC meeting ? that is the idea ? in what form you think of this description?
09:17:58 <b1airo> Slides might be hard for irc :-)
09:17:58 <oneswig> zioproto: slides might be overkill, I'd be happy with text and discussion - how about you?
09:18:03 <sofianes> I was thinking about a descriptive document
09:18:43 <zioproto> ok
09:19:01 <oneswig> sofianes: if a link can be pasted into IRC, that's a great way of sharing.  Even an etherpad is fine for this
09:19:27 <sofianes> Ok, works for me
09:19:36 <oneswig> OK, was there anything more for WG activity areas?
09:20:05 <sofianes> Once the document is ready, I will post the link to the agenda for 2 weeks time
09:20:16 <oneswig> thanks sofianes
09:20:19 <oneswig> #topic Possibility of a tri-weekly meeting
09:20:59 <oneswig> Now we have 3 co-chairs around the globe, there was some discussion on the possibility of having meetings in a time zone for each geography
09:21:29 <oneswig> I recall this is a long shot with infra - IRC scheduling conflicts get trickier
09:21:38 <oneswig> But I have asked the question
09:22:12 <oneswig> I'll keep the group updated if it is possible (or not)
09:22:20 <b1airo> oneswig: did you ask on list somewhere?
09:22:34 <oneswig> openstack-infra - just before the meeting...
09:22:46 <StefanPaetowJisc> Sorry, quick question... is there s dedicated scientific-wg mailing list/
09:22:55 <priteau> oneswig: What is the problem with infra, not enough slots? I have seen that there is openstack-meeting-[234]
09:23:20 <oneswig> StefanPaetowJisc: no, we generally use openstack-operators, given the degree of overlap with the general use case
09:23:35 <StefanPaetowJisc> ok, ta. *makes note*
09:23:40 <oneswig> StefanPaetowJisc: user-committee for procedural matters
09:24:20 <oneswig> Although to be honest there's very little WG-specific activity on the lists currently
09:24:40 <oneswig> (... but perhaps there should be more)
09:25:26 <b1airo> There was (I thought) a sort of bizarre proposal earlier in the week that all WG comms should be over the user-committee ML
09:25:34 <oneswig> priteau: Partly it's expressing the scheduling, I think currently you can have weekly or two variants of bi-weekly.  You're right it's no bother to add more meeting rooms
09:26:07 <oneswig> b1airo: I think it was to create a new list, openstack-user, that ring a bell?
09:26:22 <b1airo> But we have usually found a lot of overlap with ops. I usually add both
09:26:54 <oneswig> I tend to get answers on the ops list whenever I post there.
09:27:12 <b1airo> Hmm didn't see that one oneswig - the one I'm talking about was related mostly to product-wg and private MLs
09:27:47 <oneswig> Now you're making me look!
09:28:07 <b1airo> :-)
09:28:38 <oneswig> uh, lets move on before I get lost in the archives
09:29:07 <oneswig> #topic Forum sessions at Boston summit
09:29:25 <oneswig> So we've barely done one summit and it's time to plan for the next...
09:29:59 <b1airo> Hi powerd, just got your email - answer: just confirmation from last week of our interest and enolfc (from EGI) mentioned potential interest
09:30:05 <oneswig> There were some significant changes planned from here on
09:30:17 <zioproto> I think we will need a bigger room for the BoF
09:30:30 <zioproto> the one in the 14th floor in BCN was too small
09:30:38 <oneswig> And one thing the WG has been asked to do is provide more input to core teams and project technical leads
09:31:14 <b1airo> I think for general non topic specific stuff we should have a BoF, lightening talks, and meeting
09:31:38 <oneswig> zioproto: true - at the time I suggested a room sized for a committee meeting.  I think with the fishbowl style of meetings they can grow bigger
09:31:43 <zioproto> oneswig: this means that we should arrive at the meeting in Boston with a list of BP and Bug reports, and then we should split during the Boston event and chase developers.
09:32:13 <zioproto> that is the only way to provide usefull input to developers, Blue Prints and Bug Reports.
09:32:29 <oneswig> zioproto: I think we've been asked to define what it means, but I take your point that this would be a useful form of direct input
09:33:07 <zioproto> Another thing we can submit is the users stories
09:33:33 <oneswig> So far there has been a positive discussion on making posters for user stories and pain points
09:34:11 <oneswig> Having these in a breakout area perhaps (although there might be a better way of presenting the messages?)
09:34:32 <zioproto> Being practical, so you expect for example we make a poster on Data Sets usage with Openstack ?
09:34:47 <oneswig> zioproto: Just that kind of thing
09:35:05 <oneswig> BTW any further activity on the federation user story from Rome?
09:35:20 <zioproto> Is still there on the etherpad
09:35:29 <zioproto> Who is leading the Federation task ?
09:35:43 <zioproto> I would be happy to share all the already done work
09:35:47 <oneswig> aloga has volunteered
09:36:19 <b1airo> oneswig: we need to get back to Khalil at some point too
09:36:22 <zioproto> aloga: we started to write a user story about identity federation #link https://etherpad.openstack.org/p/scientific-wg-rome-federated-identity-user-story
09:36:36 <zioproto> this is something that we can bring in Boston finalized
09:36:48 <aloga> I am aware of that, I connected remotely
09:36:57 <oneswig> b1airo: true, overdue
09:37:16 <aloga> however, there are some use cases that are not clear to me, namely the scenario 2
09:37:26 <aloga> that seems overkill to me
09:38:07 <aloga> (hi, btw, just arrived :) )
09:38:25 <oneswig> Morning aloga (btw:-)
09:38:52 <zioproto> aloga: that is a pain point. At the moment without a browser is difficult to use federated identity. That is why most of deployment require your first login with a browser, and they you get a token to configure your CLI.
09:39:03 <aloga> zioproto: why is it difficult?
09:39:10 <aloga> zioproto: it is possible with openid connect
09:39:34 <zioproto> aloga: but probably who wrote the use case is part of the eduGAIN federation that uses SAML
09:39:52 <oneswig> aloga: the demo from Andrea using OIDC had a number of HTTP redirects, and I think that was a problem for CLI access
09:39:57 <aloga> zioproto: yes, I guess that, but, telling a user to manage several identities is a totally overkill
09:40:18 <aloga> oneswig: that is if you only rely on the authz code grant type, but you can use password credentials as well
09:40:41 <StefanPaetowJisc> CLI access should not have a problem with HTTP connect if behind the scenes, provided it does not require user interaction
09:40:50 <StefanPaetowJisc> That's the classic problem with SAML
09:40:56 <aloga> my point here is that it is impossible to tell users "hey, you need to manage 100 identities to access 100 different sites"
09:41:22 <StefanPaetowJisc> SAML ECP does not require user interaction and hence is better suited for CLI access. Problem there is that virtually noone configures their IdPs to do ECP
09:41:40 <StefanPaetowJisc> (Shib v3 does this by default, Shib v2 was... problematic)
09:41:40 <oneswig> Thanks aloga StefanPaetowJisc - I wish there was somewhere where the OpenStack-specific knowledge was gathered so I could be better informed...
09:41:54 <aloga> StefanPaetowJisc: I totally agree
09:42:43 <aloga> I think the federation scenario 2 described in that document does not add any value to the users
09:42:54 <StefanPaetowJisc> However, problem with SAML ECP as it stands is that OASIS explicitly defined ECP as being non-proxyable, i.e. the classic EGI/ELIXIR/e-infrastructure scenarios of using 'proxy IdP' in a CLI environment is explicitly designed out
09:43:26 <b1airo> aloga: just skimming it for first time, but think I agree
09:43:47 <zioproto> aloga: do you find this documentation complete ? http://docs.openstack.org/security-guide/identity.html
09:43:54 <aloga> no
09:44:06 <zioproto> that is what I thought
09:44:19 <zioproto> feedback to documentation team
09:44:24 <zioproto> if we write the user story
09:44:34 <zioproto> the can improve the documentation
09:44:43 <zioproto> on how to configure things to make the user story
09:44:56 <StefanPaetowJisc> aloga, looking back at your notes on the 2nd user story (in the Rome document), be careful about the definition of 'federation'.
09:45:05 <aloga> zioproto: that documentation is quite obsolete IMO
09:45:06 <oneswig> ... and that's a great way of advocating our use case - and adding value
09:45:25 <aloga> StefanPaetowJisc: what do you mean?
09:47:36 <StefanPaetowJisc> I may misunderstand you, but I think generally we define 'federation' as 'being able to use my home credentials elsewhere' (i.e. logging into different openstack clouds with the same credential to do stuff), whereas apparently in Openstack World (I discovered this in keystone meetings), federation appears to mean 'being able to use one keystone credential in multiple openstack instances'
09:47:39 <verdurin> Morning. Sorry I couldn't join earlier.
09:47:44 <oneswig> aloga StefanPaetowJisc zioproto if we imported the etherpad into the user-stories repo, would you be able to shape it better using the gerrit review process? familiar with that?
09:47:48 <oneswig> Hi verdurin
09:48:05 <StefanPaetowJisc> So as long as we all are on the same page as to what 'federation' means in the story context, we're good ;-)
09:48:16 <aloga> StefanPaetowJisc: yes, we are on the same page
09:48:28 <StefanPaetowJisc> Ok! *thumbs up* :-)
09:48:33 <zioproto> I am familiar with the gerrit review process
09:49:04 <StefanPaetowJisc> Yes, I know Gerrit :-)
09:49:06 <aloga> StefanPaetowJisc: my point there is that you cannot tell users: "hey, login into keystone with your home idp credentials, but then, download an openrc file to use the cli"
09:49:08 <oneswig> aloga StefanPaetowJisc - so for the record which page - federation meaning using home credentials?
09:49:29 <zioproto> #action zioproto to clean the etherpad from Rome and push it into a gerrit review
09:49:46 <StefanPaetowJisc> oneswig: The Rome Etherpad (Scenario 2)
09:49:55 <oneswig> Thanks zioproto - will be great to get this into the system
09:50:04 <aloga> StefanPaetowJisc: because 1st. user has different credentials for the same site (one for CLI, one for web) and 2nd the user has potentially 100s of credentials to manage
09:50:10 <priteau> StefanPaetowJisc: what is the mode of federation is described described here? http://docs.openstack.org/security-guide/identity/federated-keystone.html
09:50:27 <dariov> hello people
09:50:29 <zioproto> StefanPaetowJisc: I think those are called in two different ways : "Idenitity Federation" and the latter is "Cloud Federation"
09:50:46 <enolfc> StefanPaetowJisc: there it basically describes how to plug external IdPs to keystone
09:50:50 <StefanPaetowJisc> oneswig: just clarifying that we all mean identity federation :-)
09:51:09 <zioproto> StefanPaetowJisc: anyway you are right there is a lot of confusion
09:51:12 <b1airo> aloga: i though that's what you meant, and I agree, nightmare for usability. Plus those people using multiple clouds are definitely going to be using APIs rather than dashboard
09:51:19 <StefanPaetowJisc> priteau: That's what zioproto refs to as 'identity federation'
09:51:21 <StefanPaetowJisc> :_)
09:51:21 <aloga> b1airo: indeed
09:51:37 <StefanPaetowJisc> b1airo: Quite.
09:52:06 <StefanPaetowJisc> aloga: Yes. Multiple credentials/credential files are a bizarre concept.
09:52:53 <oneswig> OK, we have a little time left, lets move on...
09:53:34 <oneswig> I hope we can gather the best practice (and the ideal practice) into a meaningful user story
09:53:36 <aloga> anyway, the concept is the same, if you use keystone-to-keystone federation and you consider 1 keystone as the "home" IdP
09:53:40 <aloga> ;-)
09:54:05 <aloga> but, just to be clear, I was not referring to ks-to-ks federation
09:54:20 <oneswig> #topic any other business
09:54:31 <oneswig> I'm going to roll all the last parts of the agenda into one!
09:54:40 <b1airo> Heh
09:54:49 <oneswig> Anyone want to share any particularly good talks they attended?
09:54:53 <zioproto> are may of us going to the ops- midcycle ?
09:55:20 <b1airo> I haven't done anything yet on the superuser SC summary post, if not before then on the plane
09:55:38 <oneswig> zioproto: I've missed the details - where and when?
09:55:43 <dabukalam> I like the idea of an OpenStack evening at SC16
09:55:56 <oneswig> #link I happened on this talk and liked it: https://www.openstack.org/videos/video/kvm-and-qemu-internals-understanding-the-io-subsystem
09:56:01 <zioproto> oneswig: when is March 2017, where vote between MIlano and Tokyo here http://doodle.com/poll/e7fcfhsf4s8cupyi
09:56:22 <zioproto> oneswig: March 15-16th 2017
09:56:31 <zioproto> Location yet to be defined
09:57:16 <oneswig> dabukalam: Codethink doing any activities at SC?
09:57:40 <b1airo> dabukalam: we may pull something together ad-hoc - looks like the Thursday evening is most likely free...?
09:57:48 <oneswig> There's an etherpad gathering together OpenStack-specific SC activities
09:57:53 <oneswig> Thursday's good for me
09:58:03 <dabukalam> Thursday is also good for me
09:58:15 <dabukalam> oneswig: we'll be there, wandering around
09:58:29 <dabukalam> maybe making an announcement, still unclear
09:58:50 <oneswig> ooh...
09:59:10 <StefanPaetowJisc> Sorry, no SC16 for me.
09:59:51 <dabukalam> I could find some potential venue and announce to the list?
09:59:56 <dabukalam> for openstack at SC?
10:00:00 <geo_> where's the OpenStack-specific SC etherpad?
10:00:06 <dabukalam> oh, is there one?
10:00:36 <b1airo> Ok, we're out of time I think. Great to get some new volunteers and interest!! Good discussion on federation too.
10:00:40 <oneswig> #linke SC activities https://etherpad.openstack.org/p/scientific-wg-supercomputing16
10:00:43 <oneswig> got it!
10:00:48 <dabukalam> oneswig: thanks
10:00:50 <oneswig> Thanks all
10:00:55 <geo_> thanks
10:00:57 <oneswig> #endmeeting