PanDA Community forum

Thursday 10 Apr 2025, 17:00 → 18:10 Europe/Zurich

42/3-002 (CERN)

PanDA Community meeting

17:00 → 17:15 Investigation on slowdown of Rubin jobs at SLAC

Speaker: Zhaoyu Yang (Brookhaven National Laboratory (US))

17:15 → 17:55 Experiment round-table: issues, requests, feedback, status

17:15 ATLAS

Speakers: Dr Andreu Pacheco Pages (Institut de Física d'Altes Energies - Barcelona (ES)), Rodney Walker (Ludwig Maximilians Universitat (DE))

17:25 DarkSide-20k

Speaker: Dr Valerio Ippolito (INFN Sezione di Roma (IT))

• context: since December 2024, trying to setup a DarkSide k8s panda instance
  • based on the successful Panda-DOMA demonstrator
• status: not working yet
  • IAM-based authentication with experiment IAM
  • token-based authentication (although CNAF can also successfully handle VOMS-AA from experiment IAM)
• few main differences in use case w.r.t. for example ATLAS
  • we were proposed by CNAF to map automatically each IAM user to a different "darksideNNN" local user, based on wlcg.groups token field
    • this is different from the client id/secret workflow
    • temporary solution: CNAF allowed us to map our IAM client to a single, "service" account
  • we must pass the token scope to rucio, as that's how we deal with keeping data blind (and data and mc storage areas read-only to non-production users)
    • for example, IAM releases the storage.read:/blind scope only to users in a given IAM group (implemented with https://indigo-iam.github.io/v/v1.7.2/docs/reference/api/scope-policy-api/)
    • and the storage is configured to request that scope to be present
    • in this way rucio policies cannot circumvent the "blind data must be blind" requirement
    • that's why we cannot map all IAM users to a single service rucio account
    • the question is if this is possible when using rucio with panda
• many issues observed in the k8s deployment
  • beyond documentation/some level of hardcodedness, some instability in the setup seems to be making us lose time
  • having an example system which works out-of-the-box would be quite useful for newcomers
    • devil is in the details...
    • in any case, we are trying to document continuously what we do, so that this might be possible in the future 
• effort ongoing - many thanks to the continuing support from Edward, Wen, Paul, Fa Hui and other panda developers

17:35 Vera Rubin Observatory

Speaker: Brian Yanny (Fermilab)

17:45 PanDA for NP - AID2E and EIC

Speakers: Torre Wenaus (Brookhaven National Laboratory (US)), Wen Guan (Brookhaven National Laboratory (US)), Xin Zhao (Brookhaven National Laboratory (US))

17:55 → 18:00 AOB

Could we move meeting on the 15th of May (3rd Thursday) instead just for May?