WLCG DOMA BDT Meeting

Europe/Zurich
Brian Paul Bockelman (University of Wisconsin Madison (US)), Maria Arsuaga Rios (CERN), Petr Vokac (Czech Technical University in Prague (CZ))
Description

Topic: WLCG DOMA BDT Meeting (twiki)

Videoconference
WLCG DOMA BDT Meeting
Zoom Meeting ID
69074333781
Host
Petr Vokac
Useful links
Join via phone
Zoom URL
    • 16:30 16:35
      News 5m
      • ophaned gfal2-util package - FTS notified
      • DPM support from EGI side ends in a month
        • support for migration to dCache
        • CERN support for DPM is just theoretical (zero effort already during last year)
        • experiments are generally happy they don't have to deal with yet another storage while configuring tokens
          • one or two T2 sites per experiment may become diskless or disappear because they don't have (any) manpower to support grid activities
      • dCache shifted root directory (omnisession / storage-authz) - dangerous configuration in token age with capabilities(?!)
        • dCache provides configuration to shift namespace for authorized clients (e.g. root:/)
        • VO can see only part of their namespace (e.g. root:/dune)
          • DUNE seems to plan to use tokens that always starts with /dune path, e.g. storage.modify:/dune
          • global namespace for multi-VO dune dCache must look like, e.g. /dune/dune/RSE
            • where OIDC plugin configuration use something like
            • gplazma.oidc.provider!dune = https://cilogon.org/dune -profile=wlcg -prefix=/dune
            •  
        • in case dCache administrator makes a mistake and configure DUNE access to root:/
          • storage.modify:/ gives DUNE permission to destroy all dCache data
          • this would be critical security issue for multi-VO dCache
          • can we sufficiently trust dCache administrators?
            • actually this is not really different than setting wrong ACLs by storage administrator
            •  
    • 16:35 17:00
      Tape REST access 25m
      Speaker: Mihai PATRASCOIU (CERN)
    • 17:00 17:09
      Transfers with tokens 9m
      Speaker: Francesco Giacomini (INFN CNAF)

      CMS Audience for storage

      • rely just on https://wlcg.cern.ch/jwt/v1/any to allow fallback between storage

      Andy: too specific tokens can really cause troubles debugging transfer failures - difficult infrastructure operation with fine grained tokens (we should not go for fine granularity just because it is available)

      CMS TFC behavior explained

      • not required on sites with namespace that is well organized according CMS requirements
      • can be avoided also by using dCache symlinks
      • works fine (secure) with tokens
    • 17:09 17:10
      Packet marking 1m

      LHCONE meeting in Prague https://indico.cern.ch/event/1234127/

      Speakers: Marian Babik (CERN), Shawn Mc Kee (University of Michigan (US))

      WG meeting tomorrow (https://indico.cern.ch/event/1281574/) - Scope of the SC23 demo will be discussed. We will also discuss plan to move packet marking meetings to LHCONE R&D calls (bi-weekly) and organise the first WG meeting on packet pacing.

      UNL configuring their production XRootD to enable flow labelling (UDP fireflies), they will also deploy flowd to get the possibly to add additional functionality later on (packet marking, prometheus exporter, etc.).

      Working on getting flowd packages in EPEL (el8, el9).

      dCache prototype with flow labelling should be ready this week, the plan is to start testing at AGLT2 and provide feedback.

      JISC (UK R&E) announced they have UDP firefly collector available.

    • 17:10 17:25
      WebDAV Error Message Improvement Project & unified error message format 15m

      Discuss with experts improvements in the error messages produced by failed transfers.
      https://twiki.cern.ch/twiki/bin/view/LCG/WebdavErrorImprovement

      Speaker: Stephan Lammel (Fermi National Accelerator Lab. (US))
    • 17:25 17:30
      AOB 5m