Choose timezone
Your profile timezone:
Powered by Indico
v3.3.2-pre
Xrootd 4.11 problematic due to explosion of error messages in the log files on the server side that is not well understood. It is probably something that can be easily corrected or might not be due to xrootd but could be operationally problematic. It filled the disk of the test machine. Sites should wait to upgrade. It isn't in EPEL yet, so there is no danger of automatic upgrades.
RAL has a workaround for the DNS problem so they can wait to upgrade.
Clients instead contain an optimization that could be useful on FTS
In general we think it is better to wait before asking to upgrade even FTS instances.
Xrootd checksum missing at some sites and is switched off in the monitoring.
We need to switch it on both in the xrootd smoke tests and in rucio so we can tackle the sites that fail.
Al will take care of the smoke tests for rucio we need to ask Thomas.
Http monitoring for IPv6
DPM will have it soon
Paul looked into it for dcache and there is a problem with the library they use als performance markers very low level detail and it is not possible to distinguish between ipv6 and ipv4 transfers. Andrea suggests to simply use the IP address. Dcache will look at it again. Storm has the same problem as dcache because they use the same library
requests comes from hepix ipv6 group which relies on FTS to understand how many sites have Ipv6 in production
xrootd ipv6 monitoring not possible yet
smoke tests for the most part ok about a month ago surf-sara production and ndgf (pre-)production started to have problems due to a software upgrade on the machine that runs the tests: TLS was updated to 1.3 and 1.3 handshake is failing. Paul added a workaround to limit TLS to 1.2 for the sites that fail with this error. Andrea also reports that there were some failures for a day because prometheus failed. Not clear what was the problem there. Perhaps we can add a backup to prometheus in the tests, but maybe that is just OTT for the type of tests. It is clear that if all sites fail the problem is not the sites.
smoke tests now support atlas
ATLAS rucio tests had 2 end points AGLT2 and SURF-SARA failing because http was targeting scratch spaces setup for SRM. Dcahce needs special tags to enable protocols on space tokens.
DESY wants to be added to the ATLAS rucio tests because they updated dcache.
WLCG VO IAM
Andrea setup a IAM service for the WLCG VO we decided to use for the tokens testbed.
JWT profile from the auth group in addition to provide oidc user end point. The token will have scopes that provide authorization
two ways to encode authorization
scope based with a slight change in the name of capabilities
group based functionally equivalent to voms
People are invited to register and try a test client
Alessandra will test the admin interface
We are going to put the documented setup in the twiki included the details to enable x509 configuration so we can test in parallels tokens and x509
So far only storm and dcache can digest tokens but we are going to try and see what fails
xrootd-http depends on Brian
xrootd-xrootd may also be ok soon waiting for a TLS implementation
EOS and DPM and echo depend on xrootd
Andrea still has to update the google document following the comments two weeks ago
Token testbed will be a stable item in agenda now
Next meeting cancelled because of CHEP
Meeting afterwards is on the 20th of November