DOMA / TPC Meeting

Europe/Zurich
November 20, 2019
 
Attending: Andrea C, Andrea M, Brian B, Horst S, Oliver K, Riccardo M, Rizart D, Tim A, Wei Y.
 
CHEP summary:
  • Andrea C: After Hannah's talk, we started working on integrating WLCG IAM instance with CERN SSO.  Now working with Keycloak!
    • Can link this to existing accounts
  • Brian: After/during CHEP, added support for the WLCG profile to the scitokens-cpp client library.  Existing users just need to upgrade the shared library.
    • Andrea C: WLCG IAM instance should be able to produce these tokens!
    • This is now the default for new clients in this instance.
    • Example: https://wlcg.cloud.cnaf.infn.it/iam-test-client/
    • scitokens-cpp will translate scope names by default - but you can tell it to pass verbatim.
  • Brian and Katy put together a prototype of HTTP-TPC for RAL while at CHEP.  Hit issues with the name of the generated object (either one "/" too many or too few) but it appears to be very close.
    • TimA notes that they are setting up a new Ceph cluster at Glasgow which might benefit from this.
 
XRootD updates:
  • Starting to work through the list of working WLCG sites.  OU works and DPM works.  Looking at dCache and EOS now.
  • dCache endpoint we are using is likely OK for functional test but not the stress scripts (smaller VM-based deploys).
  • Talking with EOS, they are hitting a problem where the PSS (proxy) plugin can only work with passing through read / writes but not other metadata operations.  So, transfer can work but other things (stat) might not.
    • Al mentions that this explains why the failures occur in the smoke tests.  The TPC works (delegated proxy is available to the client) but GET / PUT / DELETE fails (no delegated proxy available).
    • If we figure this out, EOS should pass the smoke tests.
 
HTTP-TPC updates:
  • As mentioned, scitokens / WLCG JWT support is incoming for xrootd.
  • AC: No update for StoRM (post-CHEP haze 😉 )
  • AM:
    • Reworking the OIDC support inside FTS3.  Now using pyoidc internally.
    • Notes there were some discussions about post-SRM capabilities for transfers.  What happens when we want FTS to stage via one protocol and then transfer via another?  We think this would work but need an endpoint to test.
    • Maybe this is something we can include in the Rucio-based functional tests?
      • AM: Probably needs a small patch to Rucio since Rucio can only do tape staging SRM<->SRM.
  • BB: Who are the right folks to discuss the "x509-free" TPC?  We should have a working chat on improving the document and then present the results to this group at the next meeting.
    • AC: Brian and I are looking at the week of Jan 13 - 17 at CERN to host a hackathon for getting a demonstration of this workflow.  Will send a follow-up email to see everyone's availability (not all the right folks are here).
 
AOB:
  • TA: To answer Wei's "Can we put RAL in the stress test" -- there's quite a bit of ongoing production traffic, so we think we should be able to handle the extra load.  Will follow up in email.
  • This is Andrea Manzi's last week at CERN!  He's performed magic for many years with FTS3 and this group will certainly miss him.
There are minutes attached to this event. Show them.
    • 5:30 PM 5:45 PM
      Xrootd Protocol Update 15m
      Speaker: Wei Yang (SLAC National Accelerator Laboratory (US))
    • 5:45 PM 6:00 PM
      HTTP Protocol Update 15m
      Speaker: Brian Paul Bockelman (University of Nebraska Lincoln (US))
    • 6:00 PM 6:15 PM
      Token Authorization testbed 15m
    • 6:15 PM 6:35 PM
      Discussion 20m