#openstack-meeting log

11:00:19 <oneswig> #startmeeting scientific-sig
11:00:19 <opendevmeet> Meeting started Wed Jun 16 11:00:19 2021 UTC and is due to finish in 60 minutes.  The chair is oneswig. Information about MeetBot at http://wiki.debian.org/MeetBot.
11:00:19 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
11:00:19 <opendevmeet> The meeting name has been set to 'scientific_sig'
11:00:32 <oneswig> echo...
11:02:08 <oneswig> No fixed agenda for today but I did have a couple of items
11:09:19 <oneswig> Quiet session today - anybody participating?
11:11:13 <b1airo> evening
11:12:29 <oneswig> Hi b1airo, sorry was writing terms for a fair usage agreement
11:12:36 <oneswig> not something I do every day!
11:12:58 <oneswig> #chair b1airo
11:12:58 <opendevmeet> Current chairs: b1airo oneswig
11:13:15 <b1airo> gawd, sounds like a hell of a hobby
11:13:34 <oneswig> Sometimes you need one, it seems.
11:13:53 <oneswig> I was also looking through this that one of the team posted: https://changelog.com/posts/monoliths-are-the-future
11:16:36 <oneswig> The usage agreement is for the SMS Lab - our public-access bare metal cloud project for free software projects.
11:17:00 <b1airo> oh cool, worth doing then for sure
11:17:23 <oneswig> Yes!  It's not strictly public access, more that anyone can ask
11:17:59 <oneswig> Shaping up to be a fun effort all round.
11:19:18 <b1airo> that Kelsey piece rings true to some extent, but at a meta level i do wonder why our industry needs to spend so much time reminding ourselves that software is hard and technology is hyped
11:20:54 <oneswig> coupling with the (slanted) opinions of the Hashicorp guy, I wonder if all's going well in Kubernetes
11:21:54 <oneswig> Is there a software equivalent to the Peter Principle, in which a project develops increasing sophistication to the point where it buckles under its own complexity?
11:22:42 <b1airo> haha
11:23:59 <oneswig> Met somebody yesterday from your neck of the woods b1airo (well, Greta Point) in a local pub
11:24:20 <oneswig> He said the view from the canteen is the best
11:24:22 <b1airo> eh?! A NIWA'n ?
11:24:28 <oneswig> yup
11:25:28 <oneswig> Now an RSE at Cambridge University
11:25:50 <b1airo> that is funny. ex NIWA i take it? did they know the HPC crew?
11:26:17 <oneswig> I didn't get to go into details unfortunately
11:28:07 <oneswig> I was wondering about another SIG show-and-tell on control plane security monitoring.  One of our team has been working on this and it is looking neat.
11:28:12 <b1airo> so, ISC is coming up pretty soon... any thoughts on survey?
11:28:21 <oneswig> good question.
11:30:43 <oneswig> Who seeded the mentimeter presentation with questions?  Some of these are quite thorny
11:30:50 <b1airo> oh, that's topical - we've just put a 1-pager investment case together around security for our new infra... it's more focused on tenant-space and services that NeSI is running atop OpenStack, but obviously we need strong confidence in the control plane to underpin that
11:33:06 <oneswig> The question I might like to ask would be along the lines of "What is wrong with HPC in cloud?"
11:34:12 <oneswig> Asking someone what is wrong with what they are advocating is often interesting.  If they say nothing, it's usually discrediting
11:35:42 <b1airo> ahh i haven't looked yet, I think last time it was some combination of inputs - will take a peak over the weekend i think. guess what we need to do first is decide how we're using the survey - is it purely an adjacent thing that we might refer to, or will we use it as an interactive tool to drive the discussion
11:36:09 <b1airo> yep agreed
11:36:35 <oneswig> b1airo: might be good to talk to heikkine from Basel University - he's on Slack.  They've been working with Wazuh agents for deployed platforms (this is also what we are using for the control plane).
11:38:32 <b1airo> sounds like a good lead, suspect we'll be asking you more directly for a steer if it gets supported...
11:38:52 <oneswig> already looking forward to it.
11:39:42 <oneswig> b1airo: any other thoughts on new discussion content for the SIG?
11:41:16 <b1airo> one other thing I'm thinking of is the automation / control point / glue for taking action based on vulnerability scans, e.g., if we see something bad open to the Internet (where "bad" might mean exposing a critical vulnerability or against policy etc
11:43:42 <verdurin> That security monitoring is of interest to us too.
11:43:46 <oneswig> Good point.  There's hardening to prevent it, patching to fix it when we've discovered it, and incident response to fix it after someone else has abused it.  Each of those is a worthy subject for discussion
11:45:15 <oneswig> Hi verdurin
11:46:09 <verdurin> Hello. I managed to join even though I haven't updated my calendar entries for the time change yet...
11:46:18 <oneswig> I'll report back on options for a show-and-tell
11:46:48 <oneswig> verdurin: you managed to migrate from freenode as well
11:47:31 <verdurin> Must admit I tried libera first...
11:49:49 <oneswig> This ansible-hardening patch from May might be worth trying: https://github.com/openstack/ansible-hardening/commit/0114e44f3e9497a999ee923b807405f179f01d76
11:50:33 <b1airo> on other topics for the SIG - i'm interested in a discussion about multi-tenant managed service hosting, i.e., what do I need to offer and manage as part of a platform-service that let's RSEs deploy production science (web)services (specifically not HPC - though they might integrate with HPC)
11:51:29 <oneswig> That would certainly be interesting for a discussion, if we could gather a few options together.  Good idea
11:52:04 <oneswig> I'll try noting these
11:52:28 <oneswig> #action follow-up discussion on security monitoring, hardening, incident response
11:52:38 <oneswig> not sure if that worked.
11:53:13 <b1airo> i'm selfishly putting the service provider lens on it as that's where we can add value and scale, people can always do their own thing if they have fundamental issues with technology choices
11:53:56 <oneswig> #action b1airo platforms-as-a-service roundup
11:54:06 <oneswig> We'll see if they turn up in the minutes...
11:54:07 <b1airo> it's just a question of what we can support and provide SLAs etc for
11:54:17 <b1airo> 🤞
11:54:55 <oneswig> b1airo: I think everyone's a service provider, nothing selfish about it I'd say
11:55:55 <oneswig> verdurin: any further thoughts from you on future discussion topics?
11:55:56 <b1airo> i mean i guess there are people just running OpenStack for fun, but those kind of people also have dungeons...
11:57:04 <oneswig> I like the people who do it for fun at least as much as the people who do it for profit :-)
11:57:58 <oneswig> nearly at time - and I'd like to put the kettle on.  Any more to add?
11:58:07 <b1airo> who's holding the leather paddle?
11:58:27 <b1airo> 🥺
11:58:43 <oneswig> ha!  If I had a dungeon it would be used for wine storage!
11:59:23 <b1airo> i concur
12:00:16 <oneswig> Time to close.  Thanks b1airo verdurin
12:00:16 <oneswig> #endmeeting