June 3, 2014 Fedcloud Present: Boris Parák David Wallom Michel Drescher Miroslav Ruda Arad Bjoern Hagemeier David Blundell Diego Scardaci Emir Imamagic Esteban Freire (CESGA) Feyza Eryol (NGI_TR) Iván Díaz Álvarez Jan Meizner Kostas Koumantaros (GRNET) Luis Alves (CSC/NGI_FI) Małgorzata Krakowian (EGI.eu) Marios Chatziangelou (AppDB/IASA) Owen Synge Paul Millar Ruben (BIFI) Salvatore Stefano Nicotri (INFN Bari) Stuart Pullinger (STFC/APEL) Viet Tran (IISAS) Apologies: Andrea Cristofori David: We have today Glenn Mallone from Australia. Also a group with many resources. We also have new user communities. Approval of the Minutes (taken by Enol). Accounting actions ------------------ Action on various people which had to report back David: About the normalization of values, the charging Metric Stuart: No progress Stuart: There were complications with the SSM with the brokers. Perhaps we can repeat the processing. David: Perhaps starting with CESNET. Boris: the OCCI group is working in accounting extensions, I will contact them for more updates. Emir (Broker monitoring): No updates, today I will send you an update David: Roadmap for VO info on accounting records. Stuart: I had a chat with Boris, but no new information. We'll try new OpenNebula scripts wiht Boris. Image management ---------------- David: There is an action on Mirek about resoruce allocation: Mirek: I did start a discussion, but no news. Monitoring ---------- David: Emir, how is the monitoring going? Emir: I haven't had any time last week David: The ops thing have asked about the monitoring of Perun. How do we monitor this? Emir: We are monitoring Perun with NAGIOS, is it more than a VOMS server, we will do functional tests later. Emir: We could add a new service type to GOCDB Miroslav: It is OK Emir: The most important thing is adding it to GOCDB, then we can do alarms and A/R. We don't know if it would be national or site-based Marlgorzata: It should be a central service Boris: Even centrally it could be monitored locally. Miroslav: We should do first a good test for fedcloud first, step by step David: There is an action to came with a plan for Perun monitoring for Boris and Mirek. Information Discovery --------------------- Salvatore: No updates. There was an an script contributed by Álvaro. We are thinking of setting it up on several sites. We will update the mailing list this week. David: This is related with the work with e-grant Federated AAI ------------- Paul Millar: No updates for last week. I had a discussion about the Fed AAI scope. Other than that nothing new David: There was a presentation yesterday about the Umbrella service, perhaps it is a solution for some of our issues. Paul Millar: IMO, the federated identity needs a concrete solution for the problems that a spread-out community of users has. Umbrella worked for other people before, but I would not call it a Federeted identity. EGI SSO already provides this for EGI. In theory we could map SSO to x509. I believe this doesn't work. Kostas Koumantaros (GRNET): Why don't we use Edugain for this ? Paul: Edugain is Federated AAI, but we need all the software that works with SAML. The entry bar is low. At the moment the implications of coneccting with Edugain are not fully know. There are some questions still not adressed. Edugain is useful, but does not solve our problems. David: It is dependent on institutional ID, it would be difficult to get a federated id in this. Kostas: This is one of the benefits of Edugain. You have individual servers, and do not need a federation. We should try to follow policies that others are building. You can allow whoever you want with Edugain, not everyone. Paul Miller: Which benefits it offers? Kostas: It allows individual providers to allow or disallow concrete users David: It is difficult for indicidual users, but easier for groups. There are also problems with users not affiliated to academic instituitions. Paul: That is one solution, not very atractive. Other solution is to have "homeless" users with IDP. That is not very great also. A better concept is the "ID assertion" concept, which defines services that do not require passports. The homeless users are not vetted by an institution. We are dropping then to a lower lever of assurance. Kostas: This can produce great fragmentationworking on this David: When VOs are supported this will not be a problem. Kostas: We should use VOs as a established solution. It is like passports or credit cards. Edugain would do this for some of the simpler services David: I agree, that it is straightforward for academic users, and could be expanded for non-academic. This is one of the reasons we want a flexible model for communities. We have to use a mechanism as simple as possible. In the public cloud you only need a credit card number Image Management ---------------- Marios: We also had holidays. About the AppDB we have new monitoring. The Appliance for this: https://appdb.egi.eu/store/vappliance/fedcloud.monitoring.va In parallel we have new metrics and mechanisms in the APPDB database that are optional for managers. I sent an email to Owen with some open issues Owen: I haven't updated much. I made a new release of vmcatcher and included Esteban's fixes. We could have a meeting today Marios. I was busy this week, very little progress. Marios Chatziangelou (AppDB/IASA): Perfect Marios Chatziangelou (AppDB/IASA): we can arrange the day/time offline Marios Chatziangelou (AppDB/IASA): I really do not know yet what implementation we will follow on the site-bdii info update but if i am not mistaken an easy way of retrieving image metadata (including the mp_uri) from vmcatcher database using the image identifier as key, should be needed. Salvatore am i correct? Owen: I want to know how the get the vmcatcher, vmcaster and OCCI info from the BDII David: Salvatore is working on this. Brokering --------- Ivan: As you know, Alvaro left us two weeks ago, I will be replacing him, so everyone please redirect your mails to Alvaro to my mail. Since last week I was on holidays there were no updates on this. David Blundell: No updates on this. We will have a meeting to discuss this. David: In the F2F we discussed about some issues with this. Certification ------------- Michel: After the CF activities there were not any progress save from Jülich David: GSI is very interested on fed cloud rather than public cloud and the Jülich site. Michel: There is also a use case from Fraunhöfer. David: Yes, they would make an excellent use case. Michel: There is a question for Małgorzata. How can we speed the certification? It depends on the NGI? Małgorzata: It was more less done as a Integration task in EGI Inspire but it would be good to have it written down in a clear way David: Yes it takes a long time, but it can be done very quickly. Michel: It should be sped-up offline with Bjorn Kostas: The process is straightforward and takes 3-4 days. It is not the hard part David: Yes, it should be about stability of resources Ops status and issues (New section) Małgorzata: We have a new procedure to add sites, to be better included on the accounting. David: That is very interesting. It would be good to document the process Małgorzata: There are requirements if somebody wants to include something new Community News -------------- Diego: There is a new use case in fedcloud, with big requirements Two additional use cases, one from czech republic for human physiology. Another use case is from STK is is public admin and data preservation related. Both are very interested on using the FedCloud infrastructure. I am compiling their lists of requirements and asking sites to support them We are collecting info about the high level tools, and made documentation pages. For each fedcloud tool we will add a wiki page for users to use these tools. We are also compiling the documentation on how to exploit the infrastructure. David: Could you put these use of cases and lists on the wiki. Also a list of sites supporting them. Diego: Iw would go in this table https://wiki.egi.eu/wiki/Fedcloud-tf:Users:Communities David: The sites supporting them would go in a subtable. The number of new use cases is an important growth metric David: The next point is an AOB, How do we manage those communities unsupported by Perun? We should use VOMS directly? Diego: It depends on the concrete community. The biomed community already use VOMS and would not like to move to Perun. We could do things in a transparent way for them using Perun as a backend Kostas Koumantaros (GRNET): to get the list of user we (synnefo use the VOMS api to pull the list of users AFAIK) Michel Drescher: Oh, I consider asking people to move to a different VO management service will be outright impossible. Kostas Koumantaros (GRNET): yeah try that Boris: Yes it could be done with proxies or triggered changes. It could be slower, but nothing critical. Special Items ------------- David: Scenario Leaders, please update your changes before Wednesday. Michel: The deadline for the EC review, as for contract, ends new week. AOB --- David: About the vmcatcher changes Boris: Yes I will be involved in using Esteban's new code for vmcatcher and then propagating the new info in BDII Owen: De we hace a reliable way of getting UUID's from BDII Boris: Yes in OpenStack, not sure for OpenNebula Bjorn: I have an idea for that, but is still not implemented. Salvatore: It still not clear if the middleware of other elements will fill in this item. There are several approaches, none optimal, so we will summarize them and decide which solution is better. It will require effort on the middleware, so I will involve MW people in the decission. You will be able to follow this on the mailing list.