WLCG DOMA BDT Meeting
Topic: WLCG DOMA BDT Meeting (twiki)
-
-
16:30
→
16:35
News 5m
- ophaned
gfal2-util
package - FTS notified - DPM support from EGI side ends in a month
- support for migration to dCache
- CERN support for DPM is just theoretical (zero effort already during last year)
- experiments are generally happy they don't have to deal with yet another storage while configuring tokens
- one or two T2 sites per experiment may become diskless or disappear because they don't have (any) manpower to support grid activities
- dCache shifted root directory (omnisession / storage-authz) - dangerous configuration in token age with capabilities(?!)
- dCache provides configuration to shift namespace for authorized clients (e.g.
root:/
) - VO can see only part of their namespace (e.g.
root:/dune
)- DUNE seems to plan to use tokens that always starts with
/dune
path, e.g.storage.modify:/dune
- global namespace for multi-VO dune dCache must look like, e.g.
/dune/dune/RSE
- where OIDC plugin configuration use something like
gplazma.oidc.provider!dune = https://cilogon.org/dune -profile=wlcg -prefix=/dune
- DUNE seems to plan to use tokens that always starts with
- in case dCache administrator makes a mistake and configure DUNE access to
root:/
storage.modify:/
gives DUNE permission to destroy all dCache data- this would be critical security issue for multi-VO dCache
- can we sufficiently trust dCache administrators?
- actually this is not really different than setting wrong ACLs by storage administrator
- dCache provides configuration to shift namespace for authorized clients (e.g.
- ophaned
-
16:35
→
17:00
Tape REST access 25mSpeaker: Mihai PATRASCOIU (CERN)
-
17:00
→
17:09
Transfers with tokens 9mSpeaker: Francesco Giacomini (INFN CNAF)
CMS Audience for storage
- rely just on https://wlcg.cern.ch/jwt/v1/any to allow fallback between storage
Andy: too specific tokens can really cause troubles debugging transfer failures - difficult infrastructure operation with fine grained tokens (we should not go for fine granularity just because it is available)
CMS TFC behavior explained
- not required on sites with namespace that is well organized according CMS requirements
- can be avoided also by using dCache symlinks
- works fine (secure) with tokens
-
17:09
→
17:10
Packet marking 1m
LHCONE meeting in Prague https://indico.cern.ch/event/1234127/
Speakers: Marian Babik (CERN), Shawn Mc Kee (University of Michigan (US))WG meeting tomorrow (https://indico.cern.ch/event/1281574/) - Scope of the SC23 demo will be discussed. We will also discuss plan to move packet marking meetings to LHCONE R&D calls (bi-weekly) and organise the first WG meeting on packet pacing.
UNL configuring their production XRootD to enable flow labelling (UDP fireflies), they will also deploy flowd to get the possibly to add additional functionality later on (packet marking, prometheus exporter, etc.).
Working on getting flowd packages in EPEL (el8, el9).
dCache prototype with flow labelling should be ready this week, the plan is to start testing at AGLT2 and provide feedback.
JISC (UK R&E) announced they have UDP firefly collector available.
-
17:10
→
17:25
WebDAV Error Message Improvement Project & unified error message format 15m
Discuss with experts improvements in the error messages produced by failed transfers.
https://twiki.cern.ch/twiki/bin/view/LCG/WebdavErrorImprovementSpeaker: Stephan Lammel (Fermi National Accelerator Lab. (US)) -
17:25
→
17:30
AOB 5m
-
16:30
→
16:35