WLCG DOMA BDT Meeting

Wednesday 3 May 2023, 16:30 → 17:30 Europe/Zurich

Brian Paul Bockelman (University of Wisconsin Madison (US)), Maria Arsuaga Rios (CERN), Petr Vokac (Czech Technical University in Prague (CZ))

Topic: WLCG DOMA BDT Meeting (twiki)

16:30 → 16:35 News

• ophaned gfal2-util package - FTS notified
• DPM support from EGI side ends in a month
  • support for migration to dCache
  • CERN support for DPM is just theoretical (zero effort already during last year)
  • experiments are generally happy they don't have to deal with yet another storage while configuring tokens
    • one or two T2 sites per experiment may become diskless or disappear because they don't have (any) manpower to support grid activities
• dCache shifted root directory (omnisession / storage-authz) - dangerous configuration in token age with capabilities(?!)
  • dCache provides configuration to shift namespace for authorized clients (e.g. root:/)
  • VO can see only part of their namespace (e.g. root:/dune)
    • DUNE seems to plan to use tokens that always starts with /dune path, e.g. storage.modify:/dune
    • global namespace for multi-VO dune dCache must look like, e.g. /dune/dune/RSE
      • where OIDC plugin configuration use something like
      • gplazma.oidc.provider!dune = https://cilogon.org/dune -profile=wlcg -prefix=/dune
      •  
  • in case dCache administrator makes a mistake and configure DUNE access to root:/
    • storage.modify:/ gives DUNE permission to destroy all dCache data
    • this would be critical security issue for multi-VO dCache
    • can we sufficiently trust dCache administrators?
      • actually this is not really different than setting wrong ACLs by storage administrator
      •  

16:35 → 17:00 Tape REST access

Speaker: Mihai PATRASCOIU (CERN)

17:00 → 17:09 Transfers with tokens

Speaker: Francesco Giacomini (INFN CNAF)

CMS Audience for storage

• rely just on https://wlcg.cern.ch/jwt/v1/any to allow fallback between storage

Andy: too specific tokens can really cause troubles debugging transfer failures - difficult infrastructure operation with fine grained tokens (we should not go for fine granularity just because it is available)

CMS TFC behavior explained

• not required on sites with namespace that is well organized according CMS requirements
• can be avoided also by using dCache symlinks
• works fine (secure) with tokens

17:09 → 17:10 Packet marking

LHCONE meeting in Prague https://indico.cern.ch/event/1234127/

Speakers: Marian Babik (CERN), Shawn Mc Kee (University of Michigan (US))

WG meeting tomorrow (https://indico.cern.ch/event/1281574/) - Scope of the SC23 demo will be discussed. We will also discuss plan to move packet marking meetings to LHCONE R&D calls (bi-weekly) and organise the first WG meeting on packet pacing.

UNL configuring their production XRootD to enable flow labelling (UDP fireflies), they will also deploy flowd to get the possibly to add additional functionality later on (packet marking, prometheus exporter, etc.).

Working on getting flowd packages in EPEL (el8, el9).

dCache prototype with flow labelling should be ready this week, the plan is to start testing at AGLT2 and provide feedback.

JISC (UK R&E) announced they have UDP firefly collector available.

17:10 → 17:25 WebDAV Error Message Improvement Project & unified error message format

Discuss with experts improvements in the error messages produced by failed transfers.
https://twiki.cern.ch/twiki/bin/view/LCG/WebdavErrorImprovement

Speaker: Stephan Lammel (Fermi National Accelerator Lab. (US))

17:25 → 17:30 AOB