Attending:
- Al, Alessandra, AndreaC, Aresh, Brian, Dmitry, Fabrizio, Horst, Ian, Oliver, Katy, Paul, Petr, Simon, Tim
HTTP Updates:
- Several things are broken, the dteam VOMS server appears to have changed their DN unexpectedly.
- Potentially facepalm worthy!
- Everything is dead in the water until this gets resolved (XRootD as well)! Worst case is that we now have to bother many sites to upgrade.
- Must have happened quite recently -- smoke tests got a good proxy this morning.
- XRootD -> slipped in a small bugfix for handling of Want-Digest headers.
- A bit of a bandaid -- want to come back and do the "real" work of digest priorities.
- Brian still stumped on what's wrong at Caltech for what is going wrong with Macaroons there.
- Probably a good idea to record the underlying filesystem in our endpoint table. Not because we need to change tests but to help debug in the future...
- Fabrizio:
- AndreaC suggested setting up an IAM so we can start playing with this authorization service.
- Initial discussion was about Kibana but evolved to AuthZ of file transfers instead.
- This would be a step toward the full X509-free transfer layer.
- The test instance could serve as a "dteam-like" instance for IAM.
- What's the next step? AndreaC: Probably best to deploy a fresh instance at INFN.
- Brian: Agreed. The important part is the backend, not CERN SSO support.
- Paul:
- Smoke tests now have a score to help track how reliable an endpoint is. So far, so good. Number of very reliable endpoints.
- Now have GOCDB support to avoid docking folks during downtimes.
- SciTokens PR is on-deck (merge conflict is now fixed).
- pre-GDB (9 July) on dynafed. Hope to use this as a mechanism to help resolve DynaFed issues in the TPC tests.
XRootD:
- Various debugging sessions ongoing for understanding timeouts that Manchester is seeing.
- In this case, it was an IPv6 issue.
- A few other sites are failing:
- Lancaster
- Beijing - failing authz.
- Nebraska needs to flip the switch to allow TPC in the config file.
- DESY (prometheus) had some issues previously, but those appear to have been transient.
- Al: found dCache is missing the implementation of a query about whether delegation is allowed.
- Once that query was implemented (this morning), FNAL turned completely red. Debugging in progress!
- Maybe some "operation expired" are happening now.
- Once the dashboard is back, probably need to bother sites to take a look at their failures.
- Tim (RAL update):
- All xrootd gateways have been updated to the latest 4.9.1 w/ configuration for TPC.
- Everything is expected to work; looking forward to joining the ATLAS tests.
- ATLAS-based tests are going forward.
- Current hiccup is that only CERN FTS is sufficiently recent version of gfal & friends. In EPEL-testing.
- Alessandra has been working to adopt the WLCG DOMA http scale tests for the xrootd. Have something working in a Docker container -- needs to transition this to CERN.
- Al is working on the Xrootd smoke tests, but not yet completed -- got pulled on other items.
- Question: is the twiki matrix correct? Some seem suspicious. Ale: should be -- let's get this well-maintained!
There are minutes attached to this event.
Show them.