AAI Integration & next steps

mercredi 31 août 2022, 10:00 → 11:00 Europe/Paris

Zoom

Ian Bird (LAPP)

https://cnrs.zoom.us/j/97043557130?pwd=YkdnSUR6dGFKb0dJbC9QY044b2dRZz09https://cnrs.zoom.us/j/97043557130?pwd=YkdnSUR6dGFKb0dJbC9QY044b2dRZz09

Summary of discussion:

• Status of IAM - EGI federation:
  • ESCAPE users can now log in to EGI Check-in with IAM providing attributes and authorisation.
  • Not yet able to to use a IAM token to run jobs on EGI - but this is a general problem, not specific to IAM, and a solution is being worked on in the EOSC-Future AAI task force.
• Resources:
  • EGI resources available at CNAF, Elena has configured a cluster there and is implementing REANA on it.
• Summary of the most direct way forward for ESCAPE:
  1. Continue to use the VRE (Jupyter hub, DLaaS, etc.) as now at CERN, but try and include a storage end-point from EGI-ACE resources into the data lake.  S3-compatible storage of 1 TB is requested initially.
     1. This would be used by Pooja's DM analysis
  2. Elena & Alba continue to deploy the REANA cluster onto EGI-ACE resources at CNAF, connecting to the data lake
     1. This would be useable for Jared's work

These would both be good initial integration examples, to show as demonstrations.  More complex workflows will need the full AAI federation in place and technical issues mentioned above resolved.

 

Will meet again in a couple of weeks to follow up on progress.

10:00 → 10:10 Update on status of IAM connection to EGI

Brief update, and what resources are available to ESCAPE

Orateurs: Gianni Dalla Torre, Ian Bird (LAPP)

Dear Ian,

I hope you are doing well.

 

I am happy to share two important updates for your EOSC Future use case:

1. The IAM team (supported by the Check-in team) has completed the alignment of IAM ESCAPE with two important AARC guidelines (AARC-002 and AARC-G069) related to the support of user groups and roles.
2. The previous step allowed the integration (point-to-point not yet through the EOSC AAI Federation) with EGI Check-in Infrastructure Proxy, making it possible for IAM ESCAPE users to access the EGI cloud resources behind Check-in.

From now ESCAPE users can register on their dedicated service https://iam-escape.cloud.cnaf.infn.it/  and access the EGI services by selecting Check-in and typing "escape" in the search bar to then enter your credentials.

 

The acceptance by the user of the Terms of Services policy of the Check-in service will be requested only on first access.

10:10 → 10:20 Update on ESCAPE testing

Orateurs: Alba Vendrell Moya (CERN), Mlle Elena Gazzarrini (CERN)

• Accessing the INFN CNAF Openstack Project works, agreed with Gianni that the resources we are going to be using longer term (till June 2023) are going to be around 40VCPUs + 80GB RAM + 400 GB
• Connected the oidc-agent to the token and the vo.projectescape has been correctly configured and can list the resources
• Through the IM dashboard (which also needed some help from their side for config) I spawned a cluster with above characteristics and am working on implementing Reana on it

10:20 → 10:40 Next steps

Orateur: Ian Bird (LAPP)

I think the test cases that we want to try should be the following (open to suggestions!):

 

1) try and use EGI cloud resources with an ESCAPE IAM token.  I hope Pooja could be our test user in this case, to run a simple job on an EGI cloud node, in preparation for moving her workflow into EOSC;

2) read data from the ESCAPE data lake from a job running on an EGI cloud node;

3) Ingest data into the data lake from EGI resources;

4) add EGI cloud storage to the data lake.

 

Items 1),2),3) are sequential, but 4) could be done independently.

 

5) Also setting up VRE in the EGI (EOSC) resources.

10:40 → 11:00 Discussion

Orateur: Ian Bird (LAPP)