Focus on:  Hide Contributions
Login

Rucio Meeting

Europe/Zurich
Martin Barisits (CERN)
Videoconference
Rucio Development Meeting
Join
Zoom Meeting ID
413496641
Host
Martin Barisits
Alternative hosts
Cedric Serfon, Mario Lassnig, Dimitrios Christidis
Passcode
28849311
Useful links
Join via phone
Zoom URL
    • 1
      News
      • March release schedule
        • 1.27.8 Mar-14
        • 1.28 code freeze Mar-16
        • 1.28.0rc1 Mar-18
        • 1.28.0 Mar-25
        • 1.28.1 ~Apr-04
      • GSOC Project announcement next Monday
        • Student influx to be expected then
    • 2
      Rucio token evolution
      • a) Introduction
        Speaker: Martin Barisits (CERN)
        2022-03 Token Workflow Evolution.pdf
      • b) Discussion
        • Dave: CILogon will be used for many experiments instead of INDIGO-IAM
          • Support WLCG Common profile
          • Probably no additional plugins needed
        • Doug: Client workflows need to foresee that AT will timeout in long downloads
          • Yes, needs to be part of the workflow
        • Mario: Multiple Token Issuers possible? E.g. Cloud providers?
          • Probably difficult,
          • Petr: Cloud storage won't support the WLCG Token profile - It's a different thing
        • Mark: How much development work is it?
          • Extensive, will span the entire architecture, require changes in almost all components
        • Stefan: Possible to make token scope limitation decisions outside of Rucio and remove that burden from the DDM?
          • In terms of data embargos probably different, since the knowledge of the DDM system is needed to make the decision
          • For some communities this might be possible though
        • Dave: Every time you need to refresh a token it takes a user to do something in the webbrowser
          • Look at htgettoken (vault server) for integration
          • Makes it much easier for the user (Management of refresh tokens)
        • Maithili: What about macaroons?
          • and users without a Rucio account
          • Macaroons could be a good option to give non-users a quick and easy way to access data
            • We would need to look into it in detail and collect these usecases
        • Steve: Dual X509 and Token deployment will probably be needed for many communities
          • But also lots of ways to do this wrong
        • Brandon: Some communities do want to read data from each others infrastructure
          • Possible way to foresee this in the token workflows?
        • Paul: If things need clarification in the Token document, please let us know
          • e.g. can storage.create scoped tokens retrieve checksums?
        • Paul: Advantages of Macaroons
          • You can modify the tokens on the Rucio server side without have to do all the round-trips
        • Gareth: DIRAC token workflows
          • This would have to be checked together with DIRAC team
        • Dave: Figures in the slides suggest that the rucio client itself requests AT for the user
          • Martin: This is not the case, it's just simplified on the figure. User will request/provide AT to the clients, the clients will just user whatever is provided
        • Doug: Where will the common testing of the functionality be done?
          • Probably mostly in WLCG BDT
            • What about non-WLCG communities?
              • Needs to be discussed
    • 3
      Community News & DevOps roundtable
      • ATLAS
      • CMS
      • Fermilab/DUNE/Icarus/...
        • Transfers failing at DUNE
      • Belle II
      • DIRAC
        • PR merged - in which release?
      • ESCAPE
        • core dns issues for both ATLAS and ESCAPE
          • Seems to be fixed
          • --> Update core dns
        • Radu saw some eMails for ATLAS, but not very recently
        • List of daemons only able to run 1 instance? Not available in doc
      • SKAO
        • Token flow integration -> Some issues with poller/finisher
        • 3-monthly planning event next week
        • Upgrade for Rucio 1.26 -> 1.27
        • DOMA testbed
          • Not running at the moment
    • 4
      AOB
Powered by Indico v3.3.2-pre