21:00:02 <rbergeron> #startmeeting Cloud SIG 21:00:02 <zodbot> Meeting started Thu Sep 2 21:00:02 2010 UTC. The chair is rbergeron. Information about MeetBot at http://wiki.debian.org/MeetBot. 21:00:02 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 21:00:09 <rbergeron> #meetingname Cloud SIG 21:00:09 <zodbot> The meeting name has been set to 'cloud_sig' 21:00:18 <rbergeron> #chair jforbes gholms 21:00:18 <zodbot> Current chairs: gholms jforbes rbergeron 21:00:32 <rbergeron> #topic Roll Call! 21:00:38 * rbergeron looks around 21:00:44 * gholms hands out rolls 21:01:10 <rbergeron> i hope these are cinnamon and not wallpaper 21:01:17 <rbergeron> hey brianlamere :) 21:01:40 * rbergeron pokes jforbes 21:01:45 * jeevan_ullas 21:01:46 <brianlamere> greetings! 21:01:52 <rbergeron> how goes it? 21:02:17 <rbergeron> #topic EC2 feature status 21:02:37 * rbergeron wonders if jforbes is about and can give a quick update :) 21:03:50 <gholms> Maybe he will show up later? 21:04:02 <rbergeron> maybe! 21:04:22 <rbergeron> gholms: did you get any testing on euca2ools? 21:04:39 * rbergeron notes she was supposed to try and find a package for m2crypto for el5 and has not done so :\ 21:04:42 <brianlamere> there was a little bit of convo between Ben(the AWS guy I mentioned before), myself, and Matt(D); Ben was asking me a mirror/MM question, and I thought that Matt might be phenominally better/more appropriate to answer the question 21:04:57 <gholms> No karma, no bugs. Without karma I won't push it for another week. 21:05:19 <obino> gholms: are you talking of 1.3? 21:05:23 <gholms> obino: Yes 21:05:29 <brianlamere> did the Eucalyptus folks bite on joining the meeting? 21:05:32 <obino> then wait: we found a bug 21:05:37 <obino> did you talk with mitch? 21:05:40 <rbergeron> brianlamere: looks like it :) 21:05:46 <obino> brian: yes I'm graziano 21:05:55 <rbergeron> obino: glad you could make it :) 21:06:00 <obino> got a mishaps with IRC client and got a different nick 21:06:00 <gholms> obino: Briefly, though not about any bugs. Is he here today? 21:06:02 <brianlamere> oh sorry, guess I miss introductions when I'm 30 seconds late. ;) 21:06:03 <obino> :) 21:06:16 <brianlamere> obino: great to see ya here! 21:06:27 <obino> gholms: mitch is not here he's working testing the bug :) 21:06:31 <gholms> Ah 21:06:32 <obino> the bug is in euca-register 21:06:38 <obino> agasint eucalyptus only though 21:06:55 <obino> we have a fix and we'll push very soon 21:06:59 <gholms> Maybe that's why I didn't see it. 21:07:02 <obino> by the end of the week 21:07:17 <obino> I can hit you and mitch off line to coordinate if you want 21:07:43 <rbergeron> brianlamere: no worries :) 21:07:52 <gholms> obino: Works for me. Which bug is it? 21:08:13 <obino> let me check: I only have the internal RT number .. give me a sec 21:09:37 <gholms> #info euca2ools 1.3 in updates-testing; please test and add bugs/karma 21:09:57 <rbergeron> gholms: thanks for that. 21:11:49 <rbergeron> obino: so you are thinking about packaging eucalyptus to be *in* Fedora? Is that correct? 21:11:58 <gholms> #help Packager(s) needed for python26-m2crypto on el5 21:11:59 <obino> gholms: we don't have a bug report yet. Mitchwill create one and ad it to bugzilla too 21:12:09 <gholms> obino: That would be good; thanks. 21:12:19 <obino> rbergeron: we'd love to do so 21:12:59 <obino> we do have RPMs already for fedora, but we'll need help to get them in shape for fedora 21:13:09 <obino> mentor and coordination in particular :) 21:13:15 * rbergeron nods 21:13:26 <gholms> #info euca-register has an as-yet unfiled bug 21:13:41 <brianlamere> obino: so what other packages were you looking at getting in to Fedora? were you going to start with the entire Eucalyptus suite, or is there anything else like euca2ools that is useful on it's own 21:14:08 <obino> at this moment we only have eucalyptus and euca2ools 21:14:18 <obino> so the next one has to be the big one (eucalyptus) 21:14:45 <obino> gholms: forgive my naivite: what's #info? is a channel> 21:14:47 * rbergeron nods 21:14:48 <obino> ? 21:14:57 <gholms> obino: That's a command for the meeting logging bot. 21:15:00 <rbergeron> obino: it is for logging meetings 21:15:07 <obino> ahh thanks 21:15:12 * obino blushes 21:15:30 <rbergeron> turns things like that into http://meetbot.fedoraproject.org/fedora-meeting/2010-08-26/fedora-meeting.2010-08-26-21.00.html :) 21:15:39 <brianlamere> fair enough; it may make it better to have chunks of things; is there not management options, different backend options, etc? could those be broken out (such as eucalyptus-backend-mysql, eucalyptus-backend-postgres) etc? 21:16:21 <obino> at the moment we have it broken down by component 21:16:31 <obino> cloud, walrus, sc, cc and nc 21:16:37 <obino> we have a gl too 21:16:41 <gholms> Into separate RPMs? 21:16:45 <obino> yes 21:16:50 <obino> and we have 2 common 21:16:52 <gholms> That's a great start. 21:16:59 <obino> one for the C part and the second for the java part 21:17:08 <obino> the java part is the issue I think 21:17:12 <brianlamere> well while I'm not a fedora packager either, having them broken down (especially with large suites) is considered pretty important IIRC 21:17:13 <gholms> Are they posted anywhere? 21:17:28 <obino> on our download page for example 21:17:44 * gholms looks again 21:17:52 <obino> http://open.eucalyptus.com/wiki/EucalyptusInstallationFedora_v2.0 21:18:02 <obino> for example and some instructions 21:18:11 <gholms> Oh, you have a yum repo! 21:18:17 <obino> yes 21:18:21 <obino> is that good? 21:18:25 <obino> or bad? 21:18:30 <gholms> Definitely good. 21:18:35 * obino phew 21:19:05 <gholms> You should post the source RPMs alongside the binaries, too. :) 21:19:51 <brianlamere> heh - but there are a couple things that you should probably look to change a bit; I think just instructing people to disable their firewall might be a bit much, for example ;) do you have an actual list of ports and protocols that are used, so people can make the appropriate firewall rules? 21:19:54 <obino> hmm I'll mentioned that: we may need help to produce them 21:20:27 <obino> brianlamere: you are absolutely right 21:20:32 <obino> we know our ports 21:20:52 <rbergeron> obino: are you familiar with the packaging guidelines and so forth? I know some people have found them hard to locate in the past. 21:20:57 <obino> but when you start running instances you need to punch holes for the isntances services 21:21:08 <rbergeron> I can try and find you a mentor, but I can't provide any guarantees, unless someone around here wants to pipe up now :) 21:21:27 <brianlamere> have you all looked at selinux at all with Eucalyptus? That is a crazy question? 21:21:32 <obino> rbergeron: it would be great thanks! 21:21:47 <gholms> #help Packaging, SElinux help wanted for cleaning up eucalyptus 21:21:50 <obino> brianlamere: not really, we don't have selinux expert here 21:22:12 <ke4qqq> dwalsh and other SELinux people are typically thrilled to get involved with new apps getting selinux policy written 21:22:12 <brianlamere> well I mentioned I'd be happy to jump in and learn it with them ;) but I am very clearly not mentor-material 21:22:13 <gholms> I found this link really helpful: http://orcorc.blogspot.com/2010/07/selinux-sanity-outline.html 21:22:21 <obino> we know enough to say that selinux and apparmor creates problems to us :/ 21:22:31 <brianlamere> I've made many, many rpm packages - some for very large corporations - but all for internal use only 21:23:02 <rbergeron> gholms: is help a actual meetbot command?? 21:23:12 <rbergeron> ke4qqq: do you have a selinux highlight????? 21:23:42 <gholms> rbergeron: Confusingly enough, #help posts a call for help. #halp gives usage messages. 21:23:43 <brianlamere> obino: apparmor loses flexibility in it's quest to be easier; selinux policies aren't really that hard to set up once you've done a few and then they just "work" ;) 21:23:50 <obino> what's the best way to connect people? I will have to get engineers involved in the process, and I want to be sure we have a communication channel 21:24:19 <obino> would a wiki on our web site be a good start? 21:24:23 <obino> irc mainly? 21:24:26 <obino> mailing list? 21:24:31 <gholms> obino: Have engineers sign up on the Fedora cloud list for a start. 21:24:38 <jeevan_ullas> there is a #fedora-selinux for selinux stuff i am sure dgrift will be helpful 21:24:41 <obino> I'm trying to get them :) 21:24:45 <ke4qqq> rbergeron: I know enough to know eucalyptus would benefit with an introduction to dwalsh :) 21:25:15 <gholms> obino: There is also #fedora-cloud, though it's sparsely populated most of the time. 21:25:16 <ke4qqq> and literally he's said he'll spend the time making it work for groups that want help 21:25:28 <obino> please feel free to consider me the point of entry in eucalyptus 21:25:45 <obino> and send my email and contacts around as needed 21:25:51 <gholms> I have occasionally asked Scott Moser from Canonical questions about Ubuntu's EC2 setup. 21:26:06 <obino> we have an internal mailing list fedora@eucalyptus.com where I'm aseembling engineers and techinical writers 21:26:21 <gholms> Ah, that's what that address is for. 21:26:46 <obino> gholms: yes we work with scott too: and feel free to look for me or mitch directly if you need to 21:27:29 <obino> I;m trying to stay on IRC but lately I'm having 'time in front of my laptop' issues 21:28:35 <gholms> obino: One thing that probably needs fixing is eucalyptus-common-java, which bundles a bunch of jar files that shouldn't be bundled. 21:29:11 <gholms> We also need axis2c and rampartc to be submitted to Fedora since Eucalyptus depends on them. 21:29:14 <brianlamere> obino: (selfishly backing up a bit) is there a place where the ports/protocols to/from are listed? I had looked in the past and didn't find it 21:30:01 <obino> gholms: yes. we could probably start our experience with axis2c and ramparts which should be easier 21:30:22 <obino> brian: let me look at documentation ... but for now are 21:30:28 <obino> 8443 for webui 21:30:35 <obino> 8773 for cloud/walrus/sc 21:30:40 <obino> 8774 for CC 21:30:43 <obino> 8775 for NC 21:31:06 <gholms> #info eucalyptus needs to stop bundling axis2c, rampartc, a number of jar files before Fedora can accept it 21:31:13 <brianlamere> sounds like someone needs to just sit down and figure out what needs to be pulled out of the packages, figure out what dependencies (like the two just mentioned) exist that aren't packages already, and see what else would be needed. 21:31:37 <gholms> It looks like mdomsch made a first pass at that on the list this week. 21:31:55 <obino> we did package axis2s and rampartc ourselves, it willneed to be checked and cleaned 21:32:31 <obino> gholms: lp:629118 is the euca-register bug 21:32:35 <gholms> Thanks 21:34:36 <mdomsch> the jars are the most problematic I think 21:34:50 <mdomsch> but I'm the furthest thing from a java packager 21:34:53 * rbergeron apologizes for the lack of typing today - I'm off to the doctor in a bit to have my possibly damaged thumb investigated 21:35:19 <obino> mdimsch: I believe you :) 21:35:41 <obino> we have quite a few JARs dependencies 21:37:29 <gholms> Is there anything else we can do on the Eucalyptus front? 21:38:32 <obino> I think the firsts steps are to get coordinated: I'll set up a wiki, we have an internal mailing-list that anyone can send to, and then start working on what needs to be done 21:38:42 <obino> do you think is resonable? 21:39:29 <obino> and of course any suggestions recommendation are very welcomed 21:39:53 <gholms> What we should really do is add a Eucalyptus feature page on the Fedora wiki. 21:40:23 <gholms> If we do that then we will have a place for todo items, progress reports, test cases, and whatnot. 21:40:30 <rbergeron> or at least a Eucalyptus page. http://fedoraproject.org/wiki/Eucalyptus 21:40:47 <obino> ok, seems a good idea 21:41:06 <obino> may I ask for help in the setup? 21:41:16 <ke4qqq> yeah it strikes me that your constraint is packagers with knowledge of the guidelines and java, not eucalyptus specific expertise. 21:41:27 <rbergeron> and redirect it to Features/F15Eucalyptus if we get there in time. 21:41:36 <rbergeron> obino: do you have a Fedora account? 21:41:39 <gholms> Just make it Features/Eucalyptus. 21:41:49 <obino> on the wiki? 21:42:01 <obino> nope 21:42:08 <obino> how do I apply? 21:42:09 <gholms> obino: Anyone who makes a Fedora account at https://admin.fedoraproject.org/accounts/ can edit wiki pages. 21:42:28 <rbergeron> gholms: I think we like to try and avoid nested directories, ianweller could smack me around if i'm wrong and he's here 21:42:52 <gholms> rbergeron: Just following the standard for Fedora feature pages :q 21:43:53 <ianweller> features is a tiny tiny exception 21:43:58 <ianweller> because i'm too lazy to move them all 21:44:08 <gholms> Hehe, ok. 21:44:09 <ianweller> </wikiczar> 21:44:10 <rbergeron> okay then :) 21:44:45 <rbergeron> so putting something here http://fedoraproject.org/wiki/Features/Eucalyptus would be where to put it. 21:44:54 <gholms> Yes 21:44:58 <obino> I applied (after getting 3 captch wrong ... I may need an eye doctor) 21:45:15 <ianweller> those captchas are difficult. 21:45:18 <rbergeron> obino: yeah, captcha is no fun. 21:45:29 <obino> my login is graziano 21:45:40 * obino surprised is not taken already :) 21:46:00 <rbergeron> obino: the system should send you a password, and so forth. once you ahve all that business squared away you should be able to log into the wiki - nothing depends on us. 21:46:14 <obino> kk 21:46:23 <rbergeron> but if you want to look at some of the other pages that people have done for features, a list of features going into F14 is here - http://fedoraproject.org/wiki/FeatureList 21:46:39 <rbergeron> and some of them coudl probably be helpful as far as seeing what you might want to put on there. 21:47:12 <obino> ok, I'll look around and perhaps ask help on #fedora-cloud? 21:47:36 <gholms> Sounds like a plan. 21:47:41 <obino> or may I get you on email gholms? 21:48:13 <gholms> obino: Sure. The mailing list would probably be better than just me. 21:48:29 <gholms> obino: I think a good first step on the engineering front would be to get a couple people to split out axis2c and rampartc packages, then clean them up and submit them to Fedora. That way a couple Eucalyptus people can help co-maintain those and other Eucalyptus-related packages when they finally make it into Fedora. 21:48:36 <obino> k, I will use the mailing list: I wasn't sure it was the appropriate place 21:49:20 <obino> gholms: it seems a good idea. let me bring it up, and when I'm ready I'll perhaps ask on the mailing list the steps to take 21:49:33 <gholms> worksforme 21:49:44 <rbergeron> feel free to ask *anything* on the mailing list - it's the appropriate place for all questions cloudy :) 21:50:12 * rbergeron wonders if jforbes came back at all by chance? 21:50:31 <gholms> #info obino to work with other Eucalyptus engineers on Eucalyptus feature page and packages 21:50:35 <gholms> Ack! 21:50:38 <gholms> #undo 21:50:38 <zodbot> Removing item from minutes: <MeetBot.items.Info object at 0xfc27dd0> 21:50:43 <gholms> #agreed obino to work with other Eucalyptus engineers on Eucalyptus feature page and packages 21:51:22 <gholms> In reading through Ubuntu's cloud-init scripts I learned a few interesting things if anyone is interested in that. 21:51:24 <obino> feel free to mention fedora@eucalyptus.com as the point of contact for any question 21:51:41 <rbergeron> gholms: sure 21:51:43 <rbergeron> open floor? 21:51:48 <rbergeron> or not so much 21:51:51 <gholms> It's more EC2 stuff 21:52:02 * rbergeron just wanted to mention that the openstack swift package was approved by ianweller, thank you sir :) 21:52:14 <gholms> rbergeron: #info it! 21:52:22 <rbergeron> #info openstack-swift package was approved! 21:52:47 <rbergeron> okay - so back to cloud-init scripts :) 21:53:17 <gholms> cloud-init scripts do things like update packages, copy SSH keys, run user-defined scripts, and mount swap and ephemeral storage upon instance startup. 21:54:52 <gholms> Their mirror system is made up of one EC2 instance per region that runs its own APT mirror. Instances decide which mirrors to use by querying what zones they are in and using DNS CNAMEs to locate the nearest mirrors. 21:55:24 <gholms> This means that Canonical has to eat the costs of inter-zone data transfers since they use their mirrors' public IPs. 21:55:47 <ke4qqq> any idea what cost that is? or range? 21:55:57 <brianlamere> but if they were doing that on S3 on it wouldn't matter anyway 21:56:07 <gholms> But they aren't. 21:57:01 <brianlamere> which Ben has said Amazon already does with Fedora repos internally without issues; he also seems pretty certain Amazon would work with Fedora on S3 comps 21:57:12 <brianlamere> odd that they aren't; I wonder why not? 21:57:52 * rbergeron grins 21:58:16 <gholms> We can take a page from their setup by setting up buckets with region names in them, querying these region names upon startup, then substituting them into yum configs. 21:59:18 <brianlamere> aye; that's what I had suggested, and is why I mentioned I grabbed those bucket names so I could give them to whomever; bucket names are first-come, first-served, sucks to get all the names but one and have to go to a different scheme. heh 22:00:40 <brianlamere> to recap: I run a few large sites at EC2, with all the content coming from S3. So I'm quite used to EC2 heads with S3 content 22:01:08 <gholms> #idea Have an init script point yum configs at region-specific S3 bucket names 22:01:19 <rbergeron> is this stuff we need to wait on having stuff from jforbes for? 22:01:23 <rbergeron> or could we move ahead and set this stuff up? 22:01:37 <gholms> Do we have a credential set to use for this? 22:02:14 <brianlamere> that's more or less what I thought would be a good idea; at startup, simply point to the repo with the right bucket name. Or, somehow just make sure it's always on the top of the mirrorlist, always preferred? 22:02:56 <gholms> Mirrorlists are done on an IP block basis, so with EC2, where IP-to-region mappings are subject to change, that probably won't work. 22:03:18 <brianlamere> well the email I sent to the list "S3 accounts for repos" (which really should have been "S3 accounts per repo") is an item that needs to be addressed first; if that's not something that's a concern then ok, but if it is then the design needs to take that in mind 22:04:01 <gholms> brianlamere: Once we get said credentials will you have scripts for creating and/or updating said repos? 22:04:52 <brianlamere> gholms: yeah, that is an issue, but it can be resolved by simply adding all the S3 repos to the top of the mirrorlist, with the best-guess repo at the top; if the ACLs on the S3 repos are set, then you won't be able to reach the "wrong" one anyway, and you'll very quickly fail off to the "right" repo 22:05:22 <gholms> How do we know what IPs to add to the ACLs? 22:05:26 <brianlamere> (I say this because if the S3 repo has ACLs to only allow things within the region, then it will just fail for things outside the region) 22:06:12 <brianlamere> Ben said he'd help us with that; heck, he almost said he'd do it for us ;) there's actually an acl of some sort to do it not by IPs but just by internal-traffic-within-region...somehow. 22:06:49 <gholms> Can we mark that down as an action item, then? :) 22:06:52 <brianlamere> it's not an ACL that is set by nearly any of the tools out there; if one of us did it, we'd have to do direct REST commands, most likely (versus using happy tools like boto) 22:06:59 <rbergeron> folks, i have to run and do the school pickup thing; gholms, can you close outthe meeting when you all are done and i'll ship out logs later (along with those from last week, doh)? 22:07:08 <gholms> rbergeron: Sure 22:07:12 <rbergeron> thank you :) 22:10:26 <brianlamere> did that email I sent make sense, though? It affects design obviously, but really doesn't add too much more work. 22:10:51 <obino> I have to go afk: feel free to contact me offline 22:10:52 <gholms> It makes sense to me. 22:11:00 <gholms> obino: Thanks for coming! 22:11:08 <obino> thanks for having me :) 22:11:26 <gholms> Feel free to stop in at any other meeting we have. 22:11:36 <gholms> The same goes for the rest of you folks. 22:13:27 <gholms> I think we have the ideas down, so now we need to make it happen. 22:15:09 <brianlamere> I see Matt just timed out, but does anyone else know if MM is what sends the mirrorlist to a client? 22:15:16 <brianlamere> I assume it is... 22:15:21 <gholms> Yes it is. 22:16:41 <brianlamere> it sends mirrorlists tailored to the client requesting the list, right? or is it just a general list? 22:17:11 <brianlamere> I'm just wondering how the prefered mirror gets picked; does the client pick it, or does MM suggest it? 22:17:32 <gholms> It uses geolocation for every IP that hasn't been assigned a specific mirror. 22:17:49 <gholms> I'm not sure if one can assign a given IP block more than one mirror. 22:18:16 <brianlamere> ah, so if the primary is offline then you just fail to the general mirrorlist? 22:19:04 <gholms> ¯\(°_o)/¯ 22:19:18 <brianlamere> I ask because I'm just wondering where altering the mirror list needs to happen...on MM or on the client 22:19:44 <brianlamere> ok, I'll just ask on the list then ;) 22:19:46 <gholms> Maybe ask him offline? 22:20:43 <brianlamere> ok, yeah - I'll do that. 22:21:02 <gholms> Anyone else have stuff to talk about? 22:21:53 <gholms> #topic Open Floor 22:24:39 <gholms> Okee dokee, then. Thanks for coming, people! 22:24:42 <gholms> #endmeeting