DOMA / TPC Meeting

Wednesday 23 Sept 2020, 17:30 → 18:50 Europe/Zurich

Topic: WLCG DOMA TPC Meeting

Join Zoom Meeting
https://cern.zoom.us/j/99836057922?pwd=ZFhWN3NpYi9oZmwvM3pIRE9zdzFnZz09

Meeting ID: 998 3605 7922
Passcode: 733660
One tap mobile
+41315280988,,99836057922# Switzerland
+41432107042,,99836057922# Switzerland

Dial by your location
        +41 31 528 09 88 Switzerland
        +41 43 210 70 42 Switzerland
        +41 43 210 71 08 Switzerland
        +33 1 7037 2246 France
        +33 1 7037 9729 France
        +33 1 8699 5831 France
Meeting ID: 998 3605 7922
Find your local number: https://cern.zoom.us/u/aeB4ArMgmT

Experiments production

CMS

* Trivial file catalog not in sync CIEMAT (?)

* IN2P3 about to enable tpc both at the tier1 and at the tier2

* TIFR uses DPM, they updated to 1.14 andhadsome issues, now SRM works but not davs yet

* Brunel theconfiguration looks ok, but enabling the transfers in debug mode doesn't work. It is not clear why and phedex is a bit of a black box. Perhaps it should be put directly in production like it was done for MIT

* EOSCMS status at CERN is unknown. Diego will contact Maria to ask about it

ATLAS

* EOSATLAS was upgraded but we are still waiting for the configuration of HTTP-TPC

* MWT2 upgraded dcache, they are stable in the functional tests but there are problems with a switch so they'd prefer waiting to be put in production

* Added IN2P3-CPPM

* Total sites 13 (6dcache, 7 dpm)

* Due to a misocnfiguration in FTS xrootd-tpc from CTA was tested briefly and it works fine. http-tpc also was tested with SRM but it has a problem with macaroons. To generate a macaroon you  need the TURL in advance and in an SRM transfer it is not possible to know it.

Tokens

There was the hackaton last week Andrea gave a brief summary. It was considered useful and there was a lot of discussion and progress. The main point was that the smoke tests now test also OIDC and writing those helped discovering bugs in storm. There were discussions on htcondor and glide-ins,  Vault for kerberos integration as well as progress on storage.

Petr said as a user he finds cumbersome having to request a token for each scope and audience (Alessandra also found this part should be hidden from the user and done by the client) Andrea suggested to open issue in github. Petr asked further clarification on groups and roles. Andrea gave a mini tutorial on this and showed it is not much different from generating a proxy for Roles.

Wei asked clarifications about the difference between OSG site tokens and WLCG tokens. They are mostly compatible but have difference in scope

http-tpc

There was a discussion about TLS session caching and the fact that now it is disabled or needs to be disabled because gfal cannot handle it yet. The advantage of TLS caching is that since there are several step during a transfer, the authentication overhead is reduced, but overall it's an optimization and everything can work without it for the moment.

xrootd-tpc

There was a restricted meeting to talk about enabling the OSG site tokens in xrootd.

SRM/tape

People needed for this discussion couldn't attend this time next time will reiterate on LHCb and Paul's prototype for OIDC authorization with SRM and proposal for testing it.

17:30 → 17:50 Experiments production

Speakers: Alessandra Forti (University of Manchester (GB)), Diego Davila Foyo (Univ. of California San Diego (US)), Petr Vokac (Czech Technical University (CZ))

17:50 → 18:10 Token Authorization testbed

Speakers: Andrea Ceccanti (Unknown), Andrea Ceccanti (Universita e INFN, Bologna (IT)), Jaroslav Guenther (CERN)

18:10 → 18:15 HTTP Protocol Update

Speaker: Brian Paul Bockelman (University of Nebraska Lincoln (US))

18:15 → 18:20 Xrootd Protocol Update

Speaker: Wei Yang (SLAC National Accelerator Laboratory (US))

18:20 → 18:25 SRM - tape T0 - T1 transfers

18:25 → 18:30 AOB