BiLD (Bi-weekly DIRAC Development meeting) – 15/12/2022
On Zoom: André, Andrei, Alexandre, Christophe, Christopher, Daniela, Hideki, Simon, Janusz, Xiaomei, Vladimir
Apologies: Federico
Follow-up from previous meetings
- We did NOT have an hackathon on 8.1.0a6 because of too little to test. Instead, we had some really lengthy discussions on AuthZ/N:
- Last BiLD 2 weeks ago
DIRAC communities roundtable
LHCb:
Federico+Alexandre+Christophe+Christopher+Alexey
- LHCbDIRAC hackathon done on top of 8.0.5, no issues found in DIRAC
EGI
Andrei
- Set up 3 CloudCEs for 3 distinct VOs, using Application Credentials authentication method. 5 more CloudCEs were configured pending setting up dedicated Application Credentials.
- Using CloudCEs with tokens looks to be impossible with the currently available code of the Openstack libcloud driver. However, Application Credentials mechanism allows to bypass this issue.
ILC/CLIC/FCC/Calice:
André
- Set up Python3 test servers with 7.3 successfully
Belle2
Hideki
- v7r2 in production.
- SSL timeouts exception are not caught by the DIRAC Client. Issue to be opened but the v7r2 is rather old, probably it is solved already.
Juno
Xiaomei
Juno taking data in the beginning next year
- Federico Juno asking for direct tape access? DIRAC DMS tools are used to manage the tape storage.
- Running all the services on one server. Extra server can be configured to be ready to install extra instances of heavily used services.
- Need to create a transformation with several input files. Issue to be opened to describe the case.
GridPP:
Daniela+Simon+Janusz
- No changes in production, one pre-prod on v8.0.6 for AREX testing, also testing Andrei’s token code for the non-token case (as in “does it break anything”)
Topics from GitHub/Discussions or Google forum
only un-answered topics below:
Error in loading WebApp (5.0.1)
- Should always do
pip install WebAppDIRAC[server]
?
ERROR: DataString is getting too long
- DIRAC buffering. The coded “solution” was not accepted, a better one should be coded (suggestion is there)
Personal certificates with “sn” and “gn” fields not supported?
- from previous meeting Maybe update to VOMS2CSAgent?
Pilots/ARC “proxy not found”
- from previous meeting Andrei we should simply put by the default the bundling of the proxy in the pilots
…several others in https://github.com/DIRACGrid/DIRAC/discussions?discussions_q=is%3Aunanswered
from the forum: https://groups.google.com/g/diracgrid-forum/c/l1n_M4ZMDnM/m/K1x0ohbGAwAJ?pli=1
*
DIRAC releases
- v7r3
- v7.3.34 is the last one. Few fixes for AREX CE merged in branch.
- v8r0
- v8.0.6
- (#6596) HTCondorCE: use CS location Resources/Computing/CEDefaults/HTCondorCE instead of Resources/Computing/HTCondorCE
- v8r1
DIRAC projects
DIRAC:
Issues by milestone:
Other issues:
PRs discussed:
WebApp:
Pilot:
DIRACOS2:
- htcondor 9.0.x updated to fix scitokens support
- will need to update to OpenSSL 3 early next year as OpenSSL 1.1.1 will reach EOL soon
Documentation:
OAuth2:
tornado/HTTPs
- from previous meeting Federico for “full production” setup we are not there yet
- is nginx “mandatory”?
- Andrei there’s no “upload” solution for DIRAC SE
management
- from previous meeting 3 issues left, still valid
- Andrei Updated the script, should be uploaded here
diraccfg
- from previous meeting Christopher Do we want to make a release that drops support for py2?
COMDIRAC
- Daniela I’m trying to get this done inbetween various Christmas related items. I’m trying to get Simon to help, but he seems strangely reluctant.
DB12
Rucio
Tests
Release planning, tests and certification
Certification machines
- lbcertifdirac70 machine:
- maybe add an SSHCE site in DIRAC certification submitting to https://batchdocs.web.cern.ch/linuxhpc/index.html cluster ?
- Alexandre got an access, will be done through
diracgri
account
- Computing Element of each supported type should be configured (HTCondorCE, 2 ARCS (Alexandre (maybe use RALPP and Glasgow ? I can talk to them if there are issues --Daniela)), 1 Cloud (Daniela - this is already part of the tests), SSH). Consider OAuth tests as well - what is needed as far as certification servers configuration is concerned.
- Daniela: Enabled (and tested, at least with X509) WLCG VO for token testing. Needs update in puppet for /etc/grid-security/vomsdir and /etc/vomses, please.
- Christophe I’ll check and add it
- Daniela Still missing as of 14/12/22 A working config can be found at /cvmfs/grid.cern.ch/etc/grid-security/vomsdir/wlcg/ and /cvmfs/grid.cern.ch/etc/grid-security/vomses/wlcg-voms.cloud.cnaf.infn.it
- lbcertifdiracoauth machine:
Next hackathon(s)
AOB
Next hackathon: January 12th ?
Next BiLD: January 19th ?
LHCbDIRAC
- v10r4: deploy board in https://trello.com/b/kzUKdMts/deploy-v10r3
* - https://lhcb-auth.web.cern.ch/
- from previous meeting Andrei this is not properly configured yet. Not usable for Pilot submission yet (compute scopes not added).
- LHCbDIRAC hackathon
- puppet MR
- nest hackathon 19th Dec Monday
- from previous meeting Move from Jira to GitLab for issues
- Anyone would be against to move to using GitLab issues instead?
- For the existing ones: review, close if you can, or keep it to be moved for later.
- Jira history: not sure if it will be possible to keep it.
There are minutes attached to this event.
Show them.