09:00:36 <oneswig> #startmeeting scientific-wg 09:00:40 <openstack> Meeting started Wed Nov 9 09:00:36 2016 UTC and is due to finish in 60 minutes. The chair is oneswig. Information about MeetBot at http://wiki.debian.org/MeetBot. 09:00:42 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 09:00:44 <openstack> The meeting name has been set to 'scientific_wg' 09:00:52 <oneswig> b1airo: ah. Never mind - half a Blair's better than none 09:00:57 <oneswig> #chair b1airo 09:00:58 <openstack> Current chairs: b1airo oneswig 09:01:07 <oneswig> just in case... 09:01:15 <oneswig> Good morning/evening all 09:01:42 <oneswig> #link agenda on the wiki https://wiki.openstack.org/wiki/Scientific_working_group#IRC_Meeting_November_9th_2016 09:02:23 <oneswig> This week, the agenda largely focuses on the discussions in the APAC timezone last week 09:02:36 <b1airo> Hi StefanPaetowJisc , sofianes 09:02:54 <oneswig> #link Last week's discussion http://eavesdrop.openstack.org/meetings/scientific_wg/2016/scientific_wg.2016-11-01-21.02.log.html#l-28 09:02:55 <StefanPaetowJisc> Good morning! *brighteyed* *bushytailed* ;-) 09:03:10 <sofianes> Hi b1airo, all 09:03:21 <oneswig> Hi StefanPaetowJisc sofianes, good morning indeed, unless you're a democrat :-) 09:03:36 <oneswig> (didn't take long) 09:03:47 <StefanPaetowJisc> Awww shucks. Oh. Hang on! 09:04:03 <b1airo> Uh oh, here we go 09:04:10 <StefanPaetowJisc> Everyone recovered from the shock yet? ;-) 09:04:33 <oneswig> It'll take ... I don't know how long it'll take actually 09:04:47 <oneswig> Anyway, on with the show 09:04:59 <oneswig> #topic Selection/confirmation of new activity areas 09:04:59 <priteau> Probably about 4 years 09:05:24 * dabukalam is experiencing a morning remarkably similar to one on the 24th June... 09:05:42 <StefanPaetowJisc> What's the ASCII emoticon for 'crying with laughter', or 'hysterical laughter'? ;-) 09:05:42 <oneswig> dabukalam: indeed! deja vu! 09:05:56 <StefanPaetowJisc> Anyway... let's get on with this. 09:06:02 * StefanPaetowJisc puts on his serious face 09:06:07 <oneswig> So following from the WG meeting in Barca and the IRC meeting last week, there were four good candidates for activity areas 09:06:10 <oneswig> to recap: 09:06:27 <oneswig> Telemetry and monitoring infra (oneswig and martial to lead) 09:06:41 <oneswig> Federation (aloga has volunteered) 09:07:10 <oneswig> Scientific datasets and data analytics (we don't have formal confirmation - zioproto was interested but wanted to check) 09:07:19 <oneswig> GPUs in virtualisation - powerd 09:07:24 <zioproto> hello 09:07:28 <zioproto> sorry I am late 09:07:43 <geo_> g'morning 09:07:44 <sofianes> I would like to contribute to the Scientific datasets and data analytics 09:07:47 <oneswig> zioproto: just in time :-) I was just about to say, "any objections to nominating zioproto" :-) 09:07:52 <sofianes> hi zioproto 09:08:05 <zioproto> Hi, so I accept the nomination 09:08:08 <zioproto> :) 09:08:16 <oneswig> sofianes: thanks, noted 09:08:19 <b1airo> oneswig: that was powerd and I (and we've since touched base and planning to meet up at SC next week) 09:08:28 <zioproto> but I have to warn you guys there is a 50% chance I will not make it to be in Boston 09:08:30 <oneswig> b1airo: aha, thanks, I'll add that 09:08:36 <oneswig> #action sofianes on datasets 09:08:40 <oneswig> #action b1airo on gpus 09:08:50 <enolfc> hi, I'm also interested in scientific datasets and data analytics 09:09:05 <oneswig> Hi enolfc thanks I'll add you to that 09:09:12 <oneswig> #action enolfc on datasets 09:09:37 <oneswig> I think it would be a good idea to clarify some purpose for each of these areas. 09:10:07 <StefanPaetowJisc> Federation I coud potentially help with... ;-) 09:10:18 <oneswig> StefanPaetowJisc: thanks, noted 09:10:26 <oneswig> #action StefanPaetowJisc on federation 09:10:45 <sofianes> I could help with clarifying datasets + analytics 09:11:19 <sofianes> together with zioproto, we are already takling part of the problematics in our projects 09:11:27 <oneswig> About scientific datasets: how do people envisage this - does it work as a general service or a domain-specific service 09:11:31 <oneswig> I saw this in the week 09:11:45 <oneswig> #link https://www.rd-alliance.org/groups/pid-collections-wg.html 09:11:52 <enolfc> you can also count me on federation 09:12:16 <oneswig> #action enolfc on federation 09:12:19 <oneswig> thanks enolfc 09:12:59 <oneswig> I already have an action (not done yet) from last week to define the telemetry and monitoring work I'm active on. 09:13:31 <sofianes> about datasets: I think that we need to work both on best practices in isolation (within one provide) and about potential federation accross different providers 09:13:55 <enolfc> for gpu, I will check with some EGI people that may want to contribute 09:13:57 <oneswig> sofianes zioproto: would you be able to come back to this meeting in 2 weeks with a description of what you have been working on so far and what your goals are? 09:14:17 <b1airo> enolfc: great! 09:14:37 <oneswig> enolfc: thanks that would be grand - I'd be interested to hear how GPUs fit into EGI anyway... 09:14:38 <sofianes> ok, I can prepare something 09:15:16 <oneswig> #action sofianes to describe use case and plans for scientific datasets in next EMEA meeting 09:15:22 <enolfc> oneswig, b1airo: I can bring the people working on that to describe what's available now 09:15:26 <oneswig> Thanks sofianes 09:16:34 <oneswig> enolfc: That would be great. We can put both datasets and gpus on the agenda for 2 weeks time 09:17:27 <zioproto> oneswig: yes, I can work with Sofiane. Should we prepare some slides for the next IRC meeting ? that is the idea ? in what form you think of this description? 09:17:58 <b1airo> Slides might be hard for irc :-) 09:17:58 <oneswig> zioproto: slides might be overkill, I'd be happy with text and discussion - how about you? 09:18:03 <sofianes> I was thinking about a descriptive document 09:18:43 <zioproto> ok 09:19:01 <oneswig> sofianes: if a link can be pasted into IRC, that's a great way of sharing. Even an etherpad is fine for this 09:19:27 <sofianes> Ok, works for me 09:19:36 <oneswig> OK, was there anything more for WG activity areas? 09:20:05 <sofianes> Once the document is ready, I will post the link to the agenda for 2 weeks time 09:20:16 <oneswig> thanks sofianes 09:20:19 <oneswig> #topic Possibility of a tri-weekly meeting 09:20:59 <oneswig> Now we have 3 co-chairs around the globe, there was some discussion on the possibility of having meetings in a time zone for each geography 09:21:29 <oneswig> I recall this is a long shot with infra - IRC scheduling conflicts get trickier 09:21:38 <oneswig> But I have asked the question 09:22:12 <oneswig> I'll keep the group updated if it is possible (or not) 09:22:20 <b1airo> oneswig: did you ask on list somewhere? 09:22:34 <oneswig> openstack-infra - just before the meeting... 09:22:46 <StefanPaetowJisc> Sorry, quick question... is there s dedicated scientific-wg mailing list/ 09:22:55 <priteau> oneswig: What is the problem with infra, not enough slots? I have seen that there is openstack-meeting-[234] 09:23:20 <oneswig> StefanPaetowJisc: no, we generally use openstack-operators, given the degree of overlap with the general use case 09:23:35 <StefanPaetowJisc> ok, ta. *makes note* 09:23:40 <oneswig> StefanPaetowJisc: user-committee for procedural matters 09:24:20 <oneswig> Although to be honest there's very little WG-specific activity on the lists currently 09:24:40 <oneswig> (... but perhaps there should be more) 09:25:26 <b1airo> There was (I thought) a sort of bizarre proposal earlier in the week that all WG comms should be over the user-committee ML 09:25:34 <oneswig> priteau: Partly it's expressing the scheduling, I think currently you can have weekly or two variants of bi-weekly. You're right it's no bother to add more meeting rooms 09:26:07 <oneswig> b1airo: I think it was to create a new list, openstack-user, that ring a bell? 09:26:22 <b1airo> But we have usually found a lot of overlap with ops. I usually add both 09:26:54 <oneswig> I tend to get answers on the ops list whenever I post there. 09:27:12 <b1airo> Hmm didn't see that one oneswig - the one I'm talking about was related mostly to product-wg and private MLs 09:27:47 <oneswig> Now you're making me look! 09:28:07 <b1airo> :-) 09:28:38 <oneswig> uh, lets move on before I get lost in the archives 09:29:07 <oneswig> #topic Forum sessions at Boston summit 09:29:25 <oneswig> So we've barely done one summit and it's time to plan for the next... 09:29:59 <b1airo> Hi powerd, just got your email - answer: just confirmation from last week of our interest and enolfc (from EGI) mentioned potential interest 09:30:05 <oneswig> There were some significant changes planned from here on 09:30:17 <zioproto> I think we will need a bigger room for the BoF 09:30:30 <zioproto> the one in the 14th floor in BCN was too small 09:30:38 <oneswig> And one thing the WG has been asked to do is provide more input to core teams and project technical leads 09:31:14 <b1airo> I think for general non topic specific stuff we should have a BoF, lightening talks, and meeting 09:31:38 <oneswig> zioproto: true - at the time I suggested a room sized for a committee meeting. I think with the fishbowl style of meetings they can grow bigger 09:31:43 <zioproto> oneswig: this means that we should arrive at the meeting in Boston with a list of BP and Bug reports, and then we should split during the Boston event and chase developers. 09:32:13 <zioproto> that is the only way to provide usefull input to developers, Blue Prints and Bug Reports. 09:32:29 <oneswig> zioproto: I think we've been asked to define what it means, but I take your point that this would be a useful form of direct input 09:33:07 <zioproto> Another thing we can submit is the users stories 09:33:33 <oneswig> So far there has been a positive discussion on making posters for user stories and pain points 09:34:11 <oneswig> Having these in a breakout area perhaps (although there might be a better way of presenting the messages?) 09:34:32 <zioproto> Being practical, so you expect for example we make a poster on Data Sets usage with Openstack ? 09:34:47 <oneswig> zioproto: Just that kind of thing 09:35:05 <oneswig> BTW any further activity on the federation user story from Rome? 09:35:20 <zioproto> Is still there on the etherpad 09:35:29 <zioproto> Who is leading the Federation task ? 09:35:43 <zioproto> I would be happy to share all the already done work 09:35:47 <oneswig> aloga has volunteered 09:36:19 <b1airo> oneswig: we need to get back to Khalil at some point too 09:36:22 <zioproto> aloga: we started to write a user story about identity federation #link https://etherpad.openstack.org/p/scientific-wg-rome-federated-identity-user-story 09:36:36 <zioproto> this is something that we can bring in Boston finalized 09:36:48 <aloga> I am aware of that, I connected remotely 09:36:57 <oneswig> b1airo: true, overdue 09:37:16 <aloga> however, there are some use cases that are not clear to me, namely the scenario 2 09:37:26 <aloga> that seems overkill to me 09:38:07 <aloga> (hi, btw, just arrived :) ) 09:38:25 <oneswig> Morning aloga (btw:-) 09:38:52 <zioproto> aloga: that is a pain point. At the moment without a browser is difficult to use federated identity. That is why most of deployment require your first login with a browser, and they you get a token to configure your CLI. 09:39:03 <aloga> zioproto: why is it difficult? 09:39:10 <aloga> zioproto: it is possible with openid connect 09:39:34 <zioproto> aloga: but probably who wrote the use case is part of the eduGAIN federation that uses SAML 09:39:52 <oneswig> aloga: the demo from Andrea using OIDC had a number of HTTP redirects, and I think that was a problem for CLI access 09:39:57 <aloga> zioproto: yes, I guess that, but, telling a user to manage several identities is a totally overkill 09:40:18 <aloga> oneswig: that is if you only rely on the authz code grant type, but you can use password credentials as well 09:40:41 <StefanPaetowJisc> CLI access should not have a problem with HTTP connect if behind the scenes, provided it does not require user interaction 09:40:50 <StefanPaetowJisc> That's the classic problem with SAML 09:40:56 <aloga> my point here is that it is impossible to tell users "hey, you need to manage 100 identities to access 100 different sites" 09:41:22 <StefanPaetowJisc> SAML ECP does not require user interaction and hence is better suited for CLI access. Problem there is that virtually noone configures their IdPs to do ECP 09:41:40 <StefanPaetowJisc> (Shib v3 does this by default, Shib v2 was... problematic) 09:41:40 <oneswig> Thanks aloga StefanPaetowJisc - I wish there was somewhere where the OpenStack-specific knowledge was gathered so I could be better informed... 09:41:54 <aloga> StefanPaetowJisc: I totally agree 09:42:43 <aloga> I think the federation scenario 2 described in that document does not add any value to the users 09:42:54 <StefanPaetowJisc> However, problem with SAML ECP as it stands is that OASIS explicitly defined ECP as being non-proxyable, i.e. the classic EGI/ELIXIR/e-infrastructure scenarios of using 'proxy IdP' in a CLI environment is explicitly designed out 09:43:26 <b1airo> aloga: just skimming it for first time, but think I agree 09:43:47 <zioproto> aloga: do you find this documentation complete ? http://docs.openstack.org/security-guide/identity.html 09:43:54 <aloga> no 09:44:06 <zioproto> that is what I thought 09:44:19 <zioproto> feedback to documentation team 09:44:24 <zioproto> if we write the user story 09:44:34 <zioproto> the can improve the documentation 09:44:43 <zioproto> on how to configure things to make the user story 09:44:56 <StefanPaetowJisc> aloga, looking back at your notes on the 2nd user story (in the Rome document), be careful about the definition of 'federation'. 09:45:05 <aloga> zioproto: that documentation is quite obsolete IMO 09:45:06 <oneswig> ... and that's a great way of advocating our use case - and adding value 09:45:25 <aloga> StefanPaetowJisc: what do you mean? 09:47:36 <StefanPaetowJisc> I may misunderstand you, but I think generally we define 'federation' as 'being able to use my home credentials elsewhere' (i.e. logging into different openstack clouds with the same credential to do stuff), whereas apparently in Openstack World (I discovered this in keystone meetings), federation appears to mean 'being able to use one keystone credential in multiple openstack instances' 09:47:39 <verdurin> Morning. Sorry I couldn't join earlier. 09:47:44 <oneswig> aloga StefanPaetowJisc zioproto if we imported the etherpad into the user-stories repo, would you be able to shape it better using the gerrit review process? familiar with that? 09:47:48 <oneswig> Hi verdurin 09:48:05 <StefanPaetowJisc> So as long as we all are on the same page as to what 'federation' means in the story context, we're good ;-) 09:48:16 <aloga> StefanPaetowJisc: yes, we are on the same page 09:48:28 <StefanPaetowJisc> Ok! *thumbs up* :-) 09:48:33 <zioproto> I am familiar with the gerrit review process 09:49:04 <StefanPaetowJisc> Yes, I know Gerrit :-) 09:49:06 <aloga> StefanPaetowJisc: my point there is that you cannot tell users: "hey, login into keystone with your home idp credentials, but then, download an openrc file to use the cli" 09:49:08 <oneswig> aloga StefanPaetowJisc - so for the record which page - federation meaning using home credentials? 09:49:29 <zioproto> #action zioproto to clean the etherpad from Rome and push it into a gerrit review 09:49:46 <StefanPaetowJisc> oneswig: The Rome Etherpad (Scenario 2) 09:49:55 <oneswig> Thanks zioproto - will be great to get this into the system 09:50:04 <aloga> StefanPaetowJisc: because 1st. user has different credentials for the same site (one for CLI, one for web) and 2nd the user has potentially 100s of credentials to manage 09:50:10 <priteau> StefanPaetowJisc: what is the mode of federation is described described here? http://docs.openstack.org/security-guide/identity/federated-keystone.html 09:50:27 <dariov> hello people 09:50:29 <zioproto> StefanPaetowJisc: I think those are called in two different ways : "Idenitity Federation" and the latter is "Cloud Federation" 09:50:46 <enolfc> StefanPaetowJisc: there it basically describes how to plug external IdPs to keystone 09:50:50 <StefanPaetowJisc> oneswig: just clarifying that we all mean identity federation :-) 09:51:09 <zioproto> StefanPaetowJisc: anyway you are right there is a lot of confusion 09:51:12 <b1airo> aloga: i though that's what you meant, and I agree, nightmare for usability. Plus those people using multiple clouds are definitely going to be using APIs rather than dashboard 09:51:19 <StefanPaetowJisc> priteau: That's what zioproto refs to as 'identity federation' 09:51:21 <StefanPaetowJisc> :_) 09:51:21 <aloga> b1airo: indeed 09:51:37 <StefanPaetowJisc> b1airo: Quite. 09:52:06 <StefanPaetowJisc> aloga: Yes. Multiple credentials/credential files are a bizarre concept. 09:52:53 <oneswig> OK, we have a little time left, lets move on... 09:53:34 <oneswig> I hope we can gather the best practice (and the ideal practice) into a meaningful user story 09:53:36 <aloga> anyway, the concept is the same, if you use keystone-to-keystone federation and you consider 1 keystone as the "home" IdP 09:53:40 <aloga> ;-) 09:54:05 <aloga> but, just to be clear, I was not referring to ks-to-ks federation 09:54:20 <oneswig> #topic any other business 09:54:31 <oneswig> I'm going to roll all the last parts of the agenda into one! 09:54:40 <b1airo> Heh 09:54:49 <oneswig> Anyone want to share any particularly good talks they attended? 09:54:53 <zioproto> are may of us going to the ops- midcycle ? 09:55:20 <b1airo> I haven't done anything yet on the superuser SC summary post, if not before then on the plane 09:55:38 <oneswig> zioproto: I've missed the details - where and when? 09:55:43 <dabukalam> I like the idea of an OpenStack evening at SC16 09:55:56 <oneswig> #link I happened on this talk and liked it: https://www.openstack.org/videos/video/kvm-and-qemu-internals-understanding-the-io-subsystem 09:56:01 <zioproto> oneswig: when is March 2017, where vote between MIlano and Tokyo here http://doodle.com/poll/e7fcfhsf4s8cupyi 09:56:22 <zioproto> oneswig: March 15-16th 2017 09:56:31 <zioproto> Location yet to be defined 09:57:16 <oneswig> dabukalam: Codethink doing any activities at SC? 09:57:40 <b1airo> dabukalam: we may pull something together ad-hoc - looks like the Thursday evening is most likely free...? 09:57:48 <oneswig> There's an etherpad gathering together OpenStack-specific SC activities 09:57:53 <oneswig> Thursday's good for me 09:58:03 <dabukalam> Thursday is also good for me 09:58:15 <dabukalam> oneswig: we'll be there, wandering around 09:58:29 <dabukalam> maybe making an announcement, still unclear 09:58:50 <oneswig> ooh... 09:59:10 <StefanPaetowJisc> Sorry, no SC16 for me. 09:59:51 <dabukalam> I could find some potential venue and announce to the list? 09:59:56 <dabukalam> for openstack at SC? 10:00:00 <geo_> where's the OpenStack-specific SC etherpad? 10:00:06 <dabukalam> oh, is there one? 10:00:36 <b1airo> Ok, we're out of time I think. Great to get some new volunteers and interest!! Good discussion on federation too. 10:00:40 <oneswig> #linke SC activities https://etherpad.openstack.org/p/scientific-wg-supercomputing16 10:00:43 <oneswig> got it! 10:00:48 <dabukalam> oneswig: thanks 10:00:50 <oneswig> Thanks all 10:00:55 <geo_> thanks 10:00:57 <oneswig> #endmeeting