DOMA / TPC Meeting

Europe/Zurich

Attending:

  • Al, Alessandra, AndreaC, Aresh, Brian, Dmitry, Fabrizio, Horst, Ian, Oliver, Katy, Paul, Petr, Simon, Tim

HTTP Updates:

  • Several things are broken, the dteam VOMS server appears to have changed their DN unexpectedly.
  • Potentially facepalm worthy!
  • Everything is dead in the water until this gets resolved (XRootD as well)!  Worst case is that we now have to bother many sites to upgrade.
    • Must have happened quite recently -- smoke tests got a good proxy this morning.
  • XRootD -> slipped in a small bugfix for handling of Want-Digest headers.
    • A bit of a bandaid -- want to come back and do the "real" work of digest priorities.
  • Brian still stumped on what's wrong at Caltech for what is going wrong with Macaroons there.
    • Probably a good idea to record the underlying filesystem in our endpoint table.  Not because we need to change tests but to help debug in the future...
  • Fabrizio:
    • AndreaC suggested setting up an IAM so we can start playing with this authorization service.
      • Initial discussion was about Kibana but evolved to AuthZ of file transfers instead.
      • This would be a step toward the full X509-free transfer layer.
      • The test instance could serve as a "dteam-like" instance for IAM.
    • What's the next step?  AndreaC: Probably best to deploy a fresh instance at INFN.
      • Brian: Agreed.  The important part is the backend, not CERN SSO support.
  • Paul:
    • Smoke tests now have a score to help track how reliable an endpoint is.  So far, so good.  Number of very reliable endpoints.
      • Now have GOCDB support to avoid docking folks during downtimes.
      • SciTokens PR is on-deck (merge conflict is now fixed).
    • pre-GDB (9 July) on dynafed.  Hope to use this as a mechanism to help resolve DynaFed issues in the TPC tests.

XRootD:

  • Various debugging sessions ongoing for understanding timeouts that Manchester is seeing.
    • In this case, it was an IPv6 issue.
  • A few other sites are failing:
    • Lancaster
    • Beijing - failing authz.
    • Nebraska needs to flip the switch to allow TPC in the config file.
    • DESY (prometheus) had some issues previously, but those appear to have been transient.
  • Al: found dCache is missing the implementation of a query about whether delegation is allowed.
    • Once that query was implemented (this morning), FNAL turned completely red.  Debugging in progress!
    • Maybe some "operation expired" are happening now.
  • Once the dashboard is back, probably need to bother sites to take a look at their failures.
  • Tim (RAL update):
    • All xrootd gateways have been updated to the latest 4.9.1 w/ configuration for TPC.
    • Everything is expected to work; looking forward to joining the ATLAS tests.
  • ATLAS-based tests are going forward.
    • Current hiccup is that only CERN FTS is sufficiently recent version of gfal & friends.  In EPEL-testing.
  • Alessandra has been working to adopt the WLCG DOMA http scale tests for the xrootd.  Have something working in a Docker container -- needs to transition this to CERN.
  • Al is working on the Xrootd smoke tests, but not yet completed -- got pulled on other items.
    • Question: is the twiki matrix correct?  Some seem suspicious.  Ale: should be -- let's get this well-maintained!
There are minutes attached to this event. Show them.
    • 17:30 17:50
      Xrootd Protocol Update 20m
      Speaker: Wei Yang (SLAC National Accelerator Laboratory (US))
    • 17:50 18:10
      HTTP Protocol Update 20m
      Speaker: Brian Paul Bockelman (University of Nebraska Lincoln (US))
    • 18:10 18:30
      Discussion 20m