wiki:DevOps-2012-09-04
Last modified 7 years ago Last modified on 09/04/12 12:32:04

DevOps Weekly Meeting | September, 4 2012

Time & Location: 11am-12:30am in LHL164

Attending

2012-09-04 Agenda

  • Agenda bash
  • Research Computing Day 2012
    • pending: distribution of announcement to hpc-announce and message boards
    • HPC mailing list config
  • Virtual Machines
    • Defining secure container
      • further discussion of solutions for controlling traffic
        • if we use distinct IP net with 172.21.0.0/24 the same problem exists though so still need to control traffic with ebtables/iptables/routing table combo
    • Public IP to third party -- routing across subnets
  • Research storage pilot
    • ai: jpr, mhanby: tear down f5 test (vm, nfs3, and test data)
    • misc thoughts
      • undo cnet extension to infrastructure vm fab -- but consider leaving in place for vmware support? (per-hour charge)
      • name everthing cloud
      • re-purpose cloud-01 from esxi to kvm
      • should we have NFS3 as default vs NFS4 with ACLs; what's the deal with ACLs
      • hardware config
        • mirror ram in bios? depends on how redundant our storage fabric
    • use cases
      • how to preserve original data on Lustre project after computational runs
      • NFS4 access from labs (kerb and encryption)
      • ACLs on nfs4: create a project dir and have non-admin manage the entire subtree; maybe git and privileged processes?
      • loop devices vs. LVM container
      • drdb: test LVM and block-level replication still needed; test jpr and mhanby homes on this
      • crash plan client
      • TimeMachine? use case
        • good use case for app development and infrastructure devel
    • todo: contact i2 for box.net at level config options
      • dropbox-free supports sync box.net does not
      • need to understand sharing via box.net and authz & controls for over-users
    • open issues
      • how to define interfaces into a lab network
      • dealing with large files on the research storage
      • fold nas-03 & nas-04 into storage access
  • Backup scripts for apps failing due to account deactivation
  • MATLAB
    • outcomes of workshop on Thursday
    • ai: contact IT to update software downloads to allow fac/staff to see student license; avoid burdensome reclassification at Mathworks.
    • todo: matlab pool from outside of Cheaha

Summary

Discussion

How do we properly isolate or control traffic from the VM NAT'd networks through our cnet/rnet fabric onto the public net?

Please see DevOps-2012-08-28 for some context surrounding our secure containers discussion. The following image from that meeting is supplied for reference. The green boxes are the contextualization of secure containers in our virtualization environment. Secure virtual containers with virtual networks