Rucio Meeting

Name: Rucio Meeting
Start: 2022-03-03T15:00:00+01:00
End: 2022-03-03T17:00:00+01:00
Location: No location set

Thursday 3 Mar 2022, 15:00 → 17:00 Europe/Zurich

Martin Barisits (CERN)

- 15:00 → 15:05
  News¶ 5m
  March release schedule
  
  1.27.8 Mar-14
  
  1.28 code freeze Mar-16
  
  1.28.0rc1 Mar-18
  
  1.28.0 Mar-25
  
  1.28.1 ~Apr-04
  
  GSOC Project announcement next Monday
  
  Student influx to be expected then
- 15:05 → 16:40
  Rucio token evolution¶ 1h 35m
  - Introduction¶ 20m
    
    Speaker: Martin Barisits (CERN)
    
    2022-03 Token Workflow Evolution.pdf
  - Discussion¶ 1h 15m
    
    Dave: CILogon will be used for many experiments instead of INDIGO-IAM
    
    Support WLCG Common profile
    
    Probably no additional plugins needed
    
    Doug: Client workflows need to foresee that AT will timeout in long downloads
    
    Yes, needs to be part of the workflow
    
    Mario: Multiple Token Issuers possible? E.g. Cloud providers?
    
    Probably difficult,
    
    Petr: Cloud storage won't support the WLCG Token profile - It's a different thing
    
    Mark: How much development work is it?
    
    Extensive, will span the entire architecture, require changes in almost all components
    
    Stefan: Possible to make token scope limitation decisions outside of Rucio and remove that burden from the DDM?
    
    In terms of data embargos probably different, since the knowledge of the DDM system is needed to make the decision
    
    For some communities this might be possible though
    
    Dave: Every time you need to refresh a token it takes a user to do something in the webbrowser
    
    Look at htgettoken (vault server) for integration
    
    Makes it much easier for the user (Management of refresh tokens)
    
    Maithili: What about macaroons?
    
    and users without a Rucio account
    
    Macaroons could be a good option to give non-users a quick and easy way to access data
    
    We would need to look into it in detail and collect these usecases
    
    Steve: Dual X509 and Token deployment will probably be needed for many communities
    
    But also lots of ways to do this wrong
    
    Brandon: Some communities do want to read data from each others infrastructure
    
    Possible way to foresee this in the token workflows?
    
    Paul: If things need clarification in the Token document, please let us know
    
    e.g. can storage.create scoped tokens retrieve checksums?
    
    Paul: Advantages of Macaroons
    
    You can modify the tokens on the Rucio server side without have to do all the round-trips
    
    Gareth: DIRAC token workflows
    
    This would have to be checked together with DIRAC team
    
    Dave: Figures in the slides suggest that the rucio client itself requests AT for the user
    
    Martin: This is not the case, it's just simplified on the figure. User will request/provide AT to the clients, the clients will just user whatever is provided
    
    Doug: Where will the common testing of the functionality be done?
    
    Probably mostly in WLCG BDT
    
    What about non-WLCG communities?
    
    Needs to be discussed
- 16:40 → 16:55
  Community News & DevOps roundtable¶ 15m
  ATLAS
  
  CMS
  
  Fermilab/DUNE/Icarus/...
  
  Transfers failing at DUNE
  
  Belle II
  
  DIRAC
  
  PR merged - in which release?
  
  ESCAPE
  
  core dns issues for both ATLAS and ESCAPE
  
  Seems to be fixed
  
  --> Update core dns
  
  Radu saw some eMails for ATLAS, but not very recently
  
  List of daemons only able to run 1 instance? Not available in doc
  
  SKAO
  
  Token flow integration -> Some issues with poller/finisher
  
  3-monthly planning event next week
  
  Upgrade for Rucio 1.26 -> 1.27
  
  DOMA testbed
  
  Not running at the moment
- 16:55 → 17:00
  
  AOB¶ 5m

Choose timezone

Rucio Meeting