cloud_sig
LOGS
21:00:02 <rbergeron> #startmeeting Cloud SIG
21:00:02 <zodbot> Meeting started Thu Sep  2 21:00:02 2010 UTC.  The chair is rbergeron. Information about MeetBot at http://wiki.debian.org/MeetBot.
21:00:02 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
21:00:09 <rbergeron> #meetingname Cloud SIG
21:00:09 <zodbot> The meeting name has been set to 'cloud_sig'
21:00:18 <rbergeron> #chair jforbes gholms
21:00:18 <zodbot> Current chairs: gholms jforbes rbergeron
21:00:32 <rbergeron> #topic Roll Call!
21:00:38 * rbergeron looks around
21:00:44 * gholms hands out rolls
21:01:10 <rbergeron> i hope these are cinnamon and not wallpaper
21:01:17 <rbergeron> hey brianlamere :)
21:01:40 * rbergeron pokes jforbes
21:01:45 * jeevan_ullas 
21:01:46 <brianlamere> greetings!
21:01:52 <rbergeron> how goes it?
21:02:17 <rbergeron> #topic EC2 feature status
21:02:37 * rbergeron wonders if jforbes is about and can give a quick update :)
21:03:50 <gholms> Maybe he will show up later?
21:04:02 <rbergeron> maybe!
21:04:22 <rbergeron> gholms: did you get any testing on euca2ools?
21:04:39 * rbergeron notes she was supposed to try and find a package for m2crypto for el5 and has not done so :\
21:04:42 <brianlamere> there was a little bit of convo between Ben(the AWS guy I mentioned before), myself, and Matt(D); Ben was asking me a mirror/MM question, and I thought that Matt might be phenominally better/more appropriate to answer the question
21:04:57 <gholms> No karma, no bugs.  Without karma I won't push it for another week.
21:05:19 <obino> gholms: are you talking of 1.3?
21:05:23 <gholms> obino: Yes
21:05:29 <brianlamere> did the Eucalyptus folks bite on joining the meeting?
21:05:32 <obino> then wait: we found a bug
21:05:37 <obino> did you talk with mitch?
21:05:40 <rbergeron> brianlamere: looks like it :)
21:05:46 <obino> brian: yes I'm graziano
21:05:55 <rbergeron> obino: glad you could make it :)
21:06:00 <obino> got a mishaps with IRC client and got a different nick
21:06:00 <gholms> obino: Briefly, though not about any bugs.  Is he here today?
21:06:02 <brianlamere> oh sorry, guess I miss introductions when I'm 30 seconds late. ;)
21:06:03 <obino> :)
21:06:16 <brianlamere> obino:  great to see ya here!
21:06:27 <obino> gholms: mitch is not here he's working testing the bug :)
21:06:31 <gholms> Ah
21:06:32 <obino> the bug is in euca-register
21:06:38 <obino> agasint eucalyptus only though
21:06:55 <obino> we have a fix and we'll push very soon
21:06:59 <gholms> Maybe that's why I didn't see it.
21:07:02 <obino> by the end of the week
21:07:17 <obino> I can hit you and mitch off line to coordinate if you want
21:07:43 <rbergeron> brianlamere: no worries :)
21:07:52 <gholms> obino: Works for me.  Which bug is it?
21:08:13 <obino> let me check: I only have the internal RT number .. give me a sec
21:09:37 <gholms> #info euca2ools 1.3 in updates-testing; please test and add bugs/karma
21:09:57 <rbergeron> gholms: thanks for that.
21:11:49 <rbergeron> obino: so you are thinking about packaging eucalyptus to be *in* Fedora? Is that correct?
21:11:58 <gholms> #help Packager(s) needed for python26-m2crypto on el5
21:11:59 <obino> gholms: we don't have a bug report yet. Mitchwill create one and ad it to bugzilla too
21:12:09 <gholms> obino: That would be good; thanks.
21:12:19 <obino> rbergeron: we'd love to do so
21:12:59 <obino> we do have RPMs already for fedora, but we'll need help to get them in shape for fedora
21:13:09 <obino> mentor and coordination in particular :)
21:13:15 * rbergeron nods
21:13:26 <gholms> #info euca-register has an as-yet unfiled bug
21:13:41 <brianlamere> obino: so what other packages were you looking at getting in to Fedora?  were you going to start with the entire Eucalyptus suite, or is there anything else like euca2ools that is useful on it's own
21:14:08 <obino> at this moment we only have eucalyptus and euca2ools
21:14:18 <obino> so the next one has to be the big one (eucalyptus)
21:14:45 <obino> gholms: forgive my naivite: what's #info? is a channel>
21:14:47 * rbergeron nods
21:14:48 <obino> ?
21:14:57 <gholms> obino: That's a command for the meeting logging bot.
21:15:00 <rbergeron> obino: it is for logging meetings
21:15:07 <obino> ahh thanks
21:15:12 * obino blushes
21:15:30 <rbergeron> turns things like that into http://meetbot.fedoraproject.org/fedora-meeting/2010-08-26/fedora-meeting.2010-08-26-21.00.html :)
21:15:39 <brianlamere> fair enough; it may make it better to have chunks of things; is there not management options, different backend options, etc?  could those be broken out (such as eucalyptus-backend-mysql, eucalyptus-backend-postgres) etc?
21:16:21 <obino> at the moment we have it broken down by component
21:16:31 <obino> cloud, walrus, sc, cc and nc
21:16:37 <obino> we have  a gl too
21:16:41 <gholms> Into separate RPMs?
21:16:45 <obino> yes
21:16:50 <obino> and we have 2 common
21:16:52 <gholms> That's a great start.
21:16:59 <obino> one for the C part and the second for the java part
21:17:08 <obino> the java part is the issue I think
21:17:12 <brianlamere> well while I'm not a fedora packager either, having them broken down (especially with large suites) is considered pretty important IIRC
21:17:13 <gholms> Are they posted anywhere?
21:17:28 <obino> on our download page for example
21:17:44 * gholms looks again
21:17:52 <obino> http://open.eucalyptus.com/wiki/EucalyptusInstallationFedora_v2.0
21:18:02 <obino> for example and some instructions
21:18:11 <gholms> Oh, you have a yum repo!
21:18:17 <obino> yes
21:18:21 <obino> is that good?
21:18:25 <obino> or bad?
21:18:30 <gholms> Definitely good.
21:18:35 * obino phew
21:19:05 <gholms> You should post the source RPMs alongside the binaries, too.  :)
21:19:51 <brianlamere> heh - but there are a couple things that you should probably look to change a bit; I think just instructing people to disable their firewall might be a bit much, for example ;)  do you have an actual list of ports and protocols that are used, so people can make the appropriate firewall rules?
21:19:54 <obino> hmm I'll mentioned that: we may need help to produce them
21:20:27 <obino> brianlamere: you are absolutely right
21:20:32 <obino> we know our ports
21:20:52 <rbergeron> obino: are you familiar with the packaging guidelines and so forth? I know some people have found them hard to locate in the past.
21:20:57 <obino> but when you start running instances you need to punch holes for the isntances services
21:21:08 <rbergeron> I can try and find you a mentor, but I can't provide any guarantees, unless someone around here wants to pipe up now :)
21:21:27 <brianlamere> have you all looked at selinux at all with Eucalyptus?  That is a crazy question?
21:21:32 <obino> rbergeron: it would be great thanks!
21:21:47 <gholms> #help Packaging, SElinux help wanted for cleaning up eucalyptus
21:21:50 <obino> brianlamere: not really, we don't have selinux expert here
21:22:12 <ke4qqq> dwalsh and other SELinux people are typically thrilled to get involved with new apps getting selinux policy written
21:22:12 <brianlamere> well I mentioned I'd be happy to jump in and learn it with them ;)  but I am very clearly not mentor-material
21:22:13 <gholms> I found this link really helpful:  http://orcorc.blogspot.com/2010/07/selinux-sanity-outline.html
21:22:21 <obino> we know enough to say that selinux and apparmor creates problems to us :/
21:22:31 <brianlamere> I've made many, many rpm packages - some for very large corporations - but all for internal use only
21:23:02 <rbergeron> gholms: is help a actual meetbot command??
21:23:12 <rbergeron> ke4qqq: do you have a selinux highlight?????
21:23:42 <gholms> rbergeron: Confusingly enough, #help posts a call for help.  #halp gives usage messages.
21:23:43 <brianlamere> obino:  apparmor loses flexibility in it's quest to be easier; selinux policies aren't really that hard to set up once you've done a few and then they just "work" ;)
21:23:50 <obino> what's the best way to connect people? I will have to get engineers involved in the process, and I want to be sure we have a communication channel
21:24:19 <obino> would a wiki on our web site be a good start?
21:24:23 <obino> irc mainly?
21:24:26 <obino> mailing list?
21:24:31 <gholms> obino: Have engineers sign up on the Fedora cloud list for a start.
21:24:38 <jeevan_ullas> there is a #fedora-selinux for selinux stuff i am sure dgrift will be helpful
21:24:41 <obino> I'm trying to get them :)
21:24:45 <ke4qqq> rbergeron: I know enough to know eucalyptus would benefit with an introduction to dwalsh :)
21:25:15 <gholms> obino: There is also #fedora-cloud, though it's sparsely populated most of the time.
21:25:16 <ke4qqq> and literally he's said he'll spend the time making it work for groups that want help
21:25:28 <obino> please feel free to consider me the point of entry in eucalyptus
21:25:45 <obino> and send my email and contacts around as needed
21:25:51 <gholms> I have occasionally asked Scott Moser from Canonical questions about Ubuntu's EC2 setup.
21:26:06 <obino> we have an internal mailing list fedora@eucalyptus.com where I'm aseembling engineers and techinical writers
21:26:21 <gholms> Ah, that's what that address is for.
21:26:46 <obino> gholms: yes we work with scott too: and feel free to look for me or mitch directly if you need to
21:27:29 <obino> I;m trying to stay on IRC but lately I'm having 'time in front of my laptop' issues
21:28:35 <gholms> obino: One thing that probably needs fixing is eucalyptus-common-java, which bundles a bunch of jar files that shouldn't be bundled.
21:29:11 <gholms> We also need axis2c and rampartc to be submitted to Fedora since Eucalyptus depends on them.
21:29:14 <brianlamere> obino:  (selfishly backing up a bit) is there a place where the ports/protocols to/from are listed?  I had looked in the past and didn't find it
21:30:01 <obino> gholms: yes. we could probably start our experience with axis2c and ramparts which should be easier
21:30:22 <obino> brian: let me look at documentation ... but for now are
21:30:28 <obino> 8443 for webui
21:30:35 <obino> 8773 for cloud/walrus/sc
21:30:40 <obino> 8774 for CC
21:30:43 <obino> 8775 for NC
21:31:06 <gholms> #info eucalyptus needs to stop bundling axis2c, rampartc, a number of jar files before Fedora can accept it
21:31:13 <brianlamere> sounds like someone needs to just sit down and figure out what needs to be pulled out of the packages, figure out what dependencies (like the two just mentioned) exist that aren't packages already, and see what else would be needed.
21:31:37 <gholms> It looks like mdomsch made a first pass at that on the list this week.
21:31:55 <obino> we did package axis2s and rampartc ourselves, it willneed to be checked and cleaned
21:32:31 <obino> gholms: lp:629118 is the euca-register bug
21:32:35 <gholms> Thanks
21:34:36 <mdomsch> the jars are the most problematic I think
21:34:50 <mdomsch> but I'm the furthest thing from a java packager
21:34:53 * rbergeron apologizes for the lack of typing today - I'm off to the doctor in a bit to have my possibly damaged thumb investigated
21:35:19 <obino> mdimsch: I believe you :)
21:35:41 <obino> we have quite a few JARs dependencies
21:37:29 <gholms> Is there anything else we can do on the Eucalyptus front?
21:38:32 <obino> I think the firsts steps are to get coordinated: I'll set up a wiki, we have an internal mailing-list that anyone can send to, and then start working on what needs to be done
21:38:42 <obino> do you think is resonable?
21:39:29 <obino> and of course any suggestions recommendation are very welcomed
21:39:53 <gholms> What we should really do is add a Eucalyptus feature page on the Fedora wiki.
21:40:23 <gholms> If we do that then we will have a place for todo items, progress reports, test cases, and whatnot.
21:40:30 <rbergeron> or at least a Eucalyptus page. http://fedoraproject.org/wiki/Eucalyptus
21:40:47 <obino> ok, seems a good idea
21:41:06 <obino> may I ask for help in the setup?
21:41:16 <ke4qqq> yeah it strikes me that your constraint is packagers with knowledge of the guidelines and java, not eucalyptus specific expertise.
21:41:27 <rbergeron> and redirect it to Features/F15Eucalyptus if we get there in time.
21:41:36 <rbergeron> obino: do you have a Fedora account?
21:41:39 <gholms> Just make it Features/Eucalyptus.
21:41:49 <obino> on the wiki?
21:42:01 <obino> nope
21:42:08 <obino> how do I apply?
21:42:09 <gholms> obino: Anyone who makes a Fedora account at https://admin.fedoraproject.org/accounts/ can edit wiki pages.
21:42:28 <rbergeron> gholms: I think we like to try and avoid nested directories, ianweller could smack me around if i'm wrong and he's here
21:42:52 <gholms> rbergeron: Just following the standard for Fedora feature pages  :q
21:43:53 <ianweller> features is a tiny tiny exception
21:43:58 <ianweller> because i'm too lazy to move them all
21:44:08 <gholms> Hehe, ok.
21:44:09 <ianweller> </wikiczar>
21:44:10 <rbergeron> okay then :)
21:44:45 <rbergeron> so putting something here http://fedoraproject.org/wiki/Features/Eucalyptus would be where to put it.
21:44:54 <gholms> Yes
21:44:58 <obino> I applied (after getting 3 captch wrong ... I may need an eye doctor)
21:45:15 <ianweller> those captchas are difficult.
21:45:18 <rbergeron> obino: yeah, captcha is no fun.
21:45:29 <obino> my login is graziano
21:45:40 * obino surprised is not taken already :)
21:46:00 <rbergeron> obino: the system should send you a password, and so forth. once you ahve all that business squared away you should be able to log into the wiki - nothing depends on us.
21:46:14 <obino> kk
21:46:23 <rbergeron> but if you want to look at some of the other pages that people have done for features, a list of features going into F14 is here - http://fedoraproject.org/wiki/FeatureList
21:46:39 <rbergeron> and some of them coudl probably be helpful as far as seeing what you might want to put on there.
21:47:12 <obino> ok, I'll look around and perhaps ask help on #fedora-cloud?
21:47:36 <gholms> Sounds like a plan.
21:47:41 <obino> or may I get you on email gholms?
21:48:13 <gholms> obino: Sure.  The mailing list would probably be better than just me.
21:48:29 <gholms> obino: I think a good first step on the engineering front would be to get a couple people to split out axis2c and rampartc packages, then clean them up and submit them to Fedora.  That way a couple Eucalyptus people can help co-maintain those and other Eucalyptus-related packages when they finally make it into Fedora.
21:48:36 <obino> k, I will use the mailing list: I wasn't sure it was the appropriate place
21:49:20 <obino> gholms: it seems a good idea. let me bring it up, and when I'm ready I'll perhaps ask on the mailing list the steps to take
21:49:33 <gholms> worksforme
21:49:44 <rbergeron> feel free to ask *anything* on the mailing list - it's the appropriate place for all questions cloudy :)
21:50:12 * rbergeron wonders if jforbes came back at all by chance?
21:50:31 <gholms> #info obino to work with other Eucalyptus engineers on Eucalyptus feature page and packages
21:50:35 <gholms> Ack!
21:50:38 <gholms> #undo
21:50:38 <zodbot> Removing item from minutes: <MeetBot.items.Info object at 0xfc27dd0>
21:50:43 <gholms> #agreed obino to work with other Eucalyptus engineers on Eucalyptus feature page and packages
21:51:22 <gholms> In reading through Ubuntu's cloud-init scripts I learned a few interesting things if anyone is interested in that.
21:51:24 <obino> feel free to mention fedora@eucalyptus.com as the point of contact for any question
21:51:41 <rbergeron> gholms: sure
21:51:43 <rbergeron> open floor?
21:51:48 <rbergeron> or not so much
21:51:51 <gholms> It's more EC2 stuff
21:52:02 * rbergeron just wanted to mention that the openstack swift package was approved by ianweller, thank you sir :)
21:52:14 <gholms> rbergeron: #info it!
21:52:22 <rbergeron> #info openstack-swift package was approved!
21:52:47 <rbergeron> okay - so back to cloud-init scripts :)
21:53:17 <gholms> cloud-init scripts do things like update packages, copy SSH keys, run user-defined scripts, and mount swap and ephemeral storage upon instance startup.
21:54:52 <gholms> Their mirror system is made up of one EC2 instance per region that runs its own APT mirror.  Instances decide which mirrors to use by querying what zones they are in and using DNS CNAMEs to locate the nearest mirrors.
21:55:24 <gholms> This means that Canonical has to eat the costs of inter-zone data transfers since they use their mirrors' public IPs.
21:55:47 <ke4qqq> any idea what cost that is? or range?
21:55:57 <brianlamere> but if they were doing that on S3 on it wouldn't matter anyway
21:56:07 <gholms> But they aren't.
21:57:01 <brianlamere> which Ben has said Amazon already does with Fedora repos internally without issues; he also seems pretty certain Amazon would work with Fedora on S3 comps
21:57:12 <brianlamere> odd that they aren't; I wonder why not?
21:57:52 * rbergeron grins
21:58:16 <gholms> We can take a page from their setup by setting up buckets with region names in them, querying these region names upon startup, then substituting them into yum configs.
21:59:18 <brianlamere> aye; that's what I had suggested, and is why I mentioned I grabbed those bucket names so I could give them to whomever; bucket names are first-come, first-served, sucks to get all the names but one and have to go to a different scheme.  heh
22:00:40 <brianlamere> to recap:  I run a few large sites at EC2, with all the content coming from S3.  So I'm quite used to EC2 heads with S3 content
22:01:08 <gholms> #idea Have an init script point yum configs at region-specific S3 bucket names
22:01:19 <rbergeron> is this stuff we need to wait on having stuff from jforbes for?
22:01:23 <rbergeron> or could we move ahead and set this stuff up?
22:01:37 <gholms> Do we have a credential set to use for this?
22:02:14 <brianlamere> that's more or less what I thought would be a good idea; at startup, simply point to the repo with the right bucket name.  Or, somehow just make sure it's always on the top of the mirrorlist, always preferred?
22:02:56 <gholms> Mirrorlists are done on an IP block basis, so with EC2, where IP-to-region mappings are subject to change, that probably won't work.
22:03:18 <brianlamere> well the email I sent to the list "S3 accounts for repos" (which really should have been "S3 accounts per repo") is an item that needs to be addressed first; if that's not something that's a concern then ok, but if it is then the design needs to take that in mind
22:04:01 <gholms> brianlamere: Once we get said credentials will you have scripts for creating and/or updating said repos?
22:04:52 <brianlamere> gholms:  yeah, that is an issue, but it can be resolved by simply adding all the S3 repos to the top of the mirrorlist, with the best-guess repo at the top; if the ACLs on the S3 repos are set, then you won't be able to reach the "wrong" one anyway, and you'll very quickly fail off to the "right" repo
22:05:22 <gholms> How do we know what IPs to add to the ACLs?
22:05:26 <brianlamere> (I say this because if the S3 repo has ACLs to only allow things within the region, then it will just fail for things outside the region)
22:06:12 <brianlamere> Ben said he'd help us with that; heck, he almost said he'd do it for us ;)  there's actually an acl of some sort to do it not by IPs but just by internal-traffic-within-region...somehow.
22:06:49 <gholms> Can we mark that down as an action item, then?  :)
22:06:52 <brianlamere> it's not an ACL that is set by nearly any of the tools out there; if one of us did it, we'd have to do direct REST commands, most likely (versus using happy tools like boto)
22:06:59 <rbergeron> folks, i have to run and do the school pickup thing; gholms, can you close outthe meeting when you all are done and i'll ship out logs later (along with those from last week, doh)?
22:07:08 <gholms> rbergeron: Sure
22:07:12 <rbergeron> thank you :)
22:10:26 <brianlamere> did that email I sent make sense, though?  It affects design obviously, but really doesn't add too much more work.
22:10:51 <obino> I have to go afk: feel free to contact me offline
22:10:52 <gholms> It makes sense to me.
22:11:00 <gholms> obino: Thanks for coming!
22:11:08 <obino> thanks for having me :)
22:11:26 <gholms> Feel free to stop in at any other meeting we have.
22:11:36 <gholms> The same goes for the rest of you folks.
22:13:27 <gholms> I think we have the ideas down, so now we need to make it happen.
22:15:09 <brianlamere> I see Matt just timed out, but does anyone else know if MM is what sends the mirrorlist to a client?
22:15:16 <brianlamere> I assume it is...
22:15:21 <gholms> Yes it is.
22:16:41 <brianlamere> it sends mirrorlists tailored to the client requesting the list, right?  or is it just a general list?
22:17:11 <brianlamere> I'm just wondering how the prefered mirror gets picked; does the client pick it, or does MM suggest it?
22:17:32 <gholms> It uses geolocation for every IP that hasn't been assigned a specific mirror.
22:17:49 <gholms> I'm not sure if one can assign a given IP block more than one mirror.
22:18:16 <brianlamere> ah, so if the primary is offline then you just fail to the general mirrorlist?
22:19:04 <gholms> ¯\(°_o)/¯
22:19:18 <brianlamere> I ask because I'm just wondering where altering the mirror list needs to happen...on MM or on the client
22:19:44 <brianlamere> ok, I'll just ask on the list then ;)
22:19:46 <gholms> Maybe ask him offline?
22:20:43 <brianlamere> ok, yeah - I'll do that.
22:21:02 <gholms> Anyone else have stuff to talk about?
22:21:53 <gholms> #topic Open Floor
22:24:39 <gholms> Okee dokee, then.  Thanks for coming, people!
22:24:42 <gholms> #endmeeting