(Extraordinary) Datalake DepOps meeting (Andrea chairing)

Europe/Paris
Description

Weekly meeting to discuss progress on EDLK JIRA issues: https://jira.skatelescope.org/issues/?filter=15115

Zoom room: https://skatelescope.zoom.us/j/97713259777?pwd=Q2EwSWZ3NkRaazFRSy9YT3Y5UmdJZz09

    • 11:00 AM 11:30 AM
      Hot topics

      ## RUCIO Scopes deletion campaign

      Riccardo: many unused scopes deleted and lifetime added where missing, situation is now under control.

      ## MaxSpace configuration in CRIC

      Riccardo: Some RSEs still need to fix their settings in CRIC.
      Here's the list of RSEs that need to be checked:

      ALPAMED-DPM
      AWS_WEBDAV check values carefully
      CNAF-STORM
      INFN-ROMA1
      JUPYTER-SCRATCH-EULAKE
      PIC-DCACHE check values carefully
      PIC-DCACHE-TAPE check values carefully
      PIC-INJECT check values carefully
      SARA-DCACHE

      Rizart: AuthZ in CRIC grant access to all RSEs configration, so be careful as this will not likely be fixed before DAC21. Let me know if you have issues.

      *ACTION*: RSE representatives should fix settings for the above RSEs.

      ## OIDC support in ESCAPE Rucio:

      Rizart: some bugs in RUCIO on the handling of the OIDC redirection, mostly affecting the RUCIO WebUI and users that do not come with their own token. Should be fixed in the latest RUCIO release that will be deployed as soon as it is released for ESCAPE RUCIO (before DAC21).

    • 11:30 AM 11:40 AM
      Datalake health

      ### PIC-DCache

      AuthN/Z status:
      - X.509/VOMS GREEN
      - OAuth GREEN

      Agustin: recently updated the dCache version in order to support token-based authn/z.

      ### LAPP-WebDAV

      AuthN/Z status:
      - X.509/VOMS RED
      - OAuth GREEN

      Paul: limitation in apache server so that you can have only auth method for an endpoint, so enabling both X.509 and OIDC causes issues. Investigating the possibilty of using different, auth-method specific endpoints.

      ### LAPP-DCache

      AuthN/Z status:
      - X.509/VOMS GREEN
      - OAuth RED

      Action(Frederic): Fix Lapp-DCache configuration

      ### INFN-ROMA1

      AuthN/Z status:
      - X.509/VOMS Mostly GREEN
      - OAuth RED

      AlessandraD: We will look with Alessandro De Salvo in adapting DPM config to support token-based auth for INFN-ROMA e INFN-Napoli RSEs. Where can I find more documentation on how to configure support for token-based authZ?

      Action(Andrea): Share pointers with AlessandraD

      ### INFN-NA

      AuthN/Z status:
      - X.509/VOMS Mostly GREEN
      - OAuth RED

      ### IN2P3-CC-LSST-*

      AuthN/Z status:
      - X.509/VOMS GREEN
      - OAuth GREEN

      No representative.

      ### GSI-ROOT

      AuthN/Z status:
      - X.509/VOMS GREEN
      - OAuth GREEN

      ### FAIR-ROOT

      AuthN/Z status:
      - X.509/VOMS GREEN
      - OAuth GREEN

      ### EULAKE-*

      AuthN/Z status:
      - X.509/VOMS GREEN
      - OAuth RED

      Action(Rizart): Fix token-based authz config for EULAKE

      ### DESY-DCACHE, SARA-DCACHE

      AuthN/Z status:
      - X.509/VOMS GREEN
      - OAuth ??

      For unknown reason, DESY-DCACHE and SARA-DCACHE is not tested by the OAuth testsuite.

      Action(Federica): understand why SARA-DCACHE and DESY-DCACHE are not tested

      ### CNAF-STORM

      AuthN/Z status:
      - X.509/VOMS GREEN
      - OAuth GREEN

      ### ALPAMED-DPM

      AuthN/Z status:
      - X.509/VOMS GREENish
      - OAuth RED

      ### SARA-SWIFT

      AuthN/Z status:
      - X.509/VOMS ??
      - OAuth ??

      Aleem: Signed URL issues. Upload works with rclone but not with rucio-upload

      Rizart:  some replication work with FTS, needs to be better understood

      Action(Aleem/Rizart): understand sara-swift RUCIO issues

       

    • 11:40 AM 12:00 PM
      AOB

      Rosie: should we have depops just right before the DAC21?

      Agreement on a depop meetings limited to Task Leaders and anyone interested at the beginning of the week.

      Action(Rosie): Define meeting time slot and send reminder.