Task Force (TF) workshop May 23-26, 2005

Participants:
Miguel Anjo (CERN Physics Database Consultant, came for short while on Wed. 25 May pm), Vincenzo Ciaschini (25-26 May), Maria Dimou, Joni Hahkala (with intervals), Tanya Levshina, Karoly Lorentey (23-25 May), Ian Neilson (23 May), Valerio Venturi(25-26 May)
and the VO managers on Thu 26 May pm.
Joel Closier (LHCb), Gabriele Carcassi (USAtlas, on the telephone by BNL), Alessandro de Salvo (ATLAS), Andrea Sciaba (CMS).
Apologies: .

Executive summary:

There are serious staffing problems for bug fixing, installation and testing required to complete this TF and provide a reliable, stable and performant VO Registration service for LHC Experiment VOs based on VOMRS-ORGDB-VOMS. In order of importance:

  1. Karoly's involvement for voms-admin maintenance in the future is a fraction of 25% of his time, for which he is funded to be a site administrator for a hungarian site. This is not sufficient due to open bugs in jra1mdw and lcgoperation and remaining work with the ORGDB API and the Oracle port of voms-admin. We need committed manpower on this.
  2. We need to harmonise the VOMS versions made available in glite and LCG2 Releases, with OSG inter-operability ensured and all based on Oracle (CERN physics' database group requirement). Problems:
    1. there are many open bugs still that affect the users and the VO managers. See pre-selected voms/vomrs related tickets.
    2. voms-admin 1.1.0 and voms 1.5.4 is planned for glite R1.2 and (partially) for LCG2 2_6_0 (see notes) but is it tested?
    3. voms-admin on Oracle is not complete, therefore vomrs on Oracle doesn't yet exist.
  3. ORGDB link performance is unacceptable. It is unclear when the email value matching will speed-up. Miguel Anjo said that indexing this field is intended but we don't know when. We can't show this service to the users.
  4. Today's VOMRS and (glite) VOMS installation on lcg-voms.cern.ch has unacceptable performance problems due to tomcat5. This is reported in savannah ticket 8956, Tanya ran extensive diagnostics but no response was received by the developers to improve this situation. This makes the glite VOMS server unusable today.
  5. A reliable config. files' backup, system administration and monitoring (via CERN FIO group) of the VOMS server hosts and reliable database backup/restore (via CERN physics' database group) of the VO database data is in principle accepted but does not yet exist.
  6. John Weigand is already assigned to another project. If FNAL management re-assigns Tanya to other tasks or gives her no additional programming help, the project can't be finished.
  7. Due to planned changes in the VOMRS (improvements) and VOMS (harmonisation with gLite R1.2 and Oracle port) software, continuous updates of the migration plan leave now very little time for users to re-register. This is unfair to the user community and can harm the 'popularity' of the service.

These concerns have been expressed at the February 2005 GDB, in the Deployment issues' note in March 2005, at the Taipei meeting on SC3 in April 2005, at the JSPG in June 2005.

Agenda: 

1. Comments on the previous meeting's notes
http://cern.ch/dimou/lcg/registrar/TF/meetings/2005-04-28  - All
                                                                                
2. Action list review - All
                                                                                
3. Discussion on voms code versions  - Vincenzo
                                                                                
4. Migration plan review Here is the latest plan now - All
                                                                                
5. VOMS Bugs' review - Vincenzo 
                                                                                
6. Test the glite installation procedure for voms-oracle on glite-voms.cern.ch - Vincenzo, Valerio, Karoly

7. Configure VOMRS on lcg-voms.cern.ch for VOs 'maria' and 'lhcb'  -  Maria, Tanya

8. Meet the LHC experiments' VO managers to explain the registration flow (graph), 
   demonstrate VOMRS (slides) and discuss the migration plan (plan) 
   - (all VO managers joined except the ALICE ones).

9. Next meeting.

1. Comments on the previous meeting's notes:

The notes were accepted without changes.

2. Action list review:

(*** ACTION 2004-09-17--9 ***) Maria will test VOMRS and make available to the TF a list of features. By the time these notes are written, Tanya announced mid-December 2004 the pre-alpha version https://hotdog62.fnal.gov:8443/vo-LCG/vomrs for testing. Also, early May Tanya brought up https://lcg-voms.cern.ch:8443/vo/Test/vomrs and https://lcg-voms.cern.ch:8443/vo-LCG_Test/vomrs . Maria should ask the experiment secretariats to include her in the experiments to be able to test.
PENDING Request sent to the secretariat in May. Atlas and Alice did not yet process the requests.

(*** ACTION 2004-09-17--12 ***) TF to re-discuss the Usage Rules re-acceptance prompt in more detail.
Comment just before the 2005-04-28 meeting:
Now that http://edms.cern.ch/document/573348 (VO Security Policy) should we ask the LHC Experiment VO managers to prepare their AUPs and link them from VOMRS (when installed at CERN)? The document is DRAFT.
CANCELLED. The new AUP is still in process within the JSPG and the VO Security Policy is unusable while draft. Link to today's Usage Rules still. Close at the next meeting.

(*** ACTION 2004-10-28--1***) Tanya to make a UML diagram in addition to the VOMRS Registration Process flow and to the VOMRS_new_req document they prepared with John.
Comment just before the 2005-04-28 meeting:
Now that Karoly's ORGDB modules are ready, it would be more helpful to make a diagram on each package involved where/when so that simple users/installers/VOmanagers can understand how the new structure works.
DONE. Here is the VO Registration graph. Close at the next meeting.

(*** ACTION 2004-11-29--1***) Karoly to make available a sceleton of Classes for VOMRS developers to use when interfacing to the ORGDB.
Discuss it when Tanya comes. This should be part of vomrs because it has nothing to do with gLite. Investigate if a CVS repository is needed for the lcg-foundation interface.
DONE. The software is in FNAL CVS. Close at the next meeting.

(*** ACTION 2005-01-18--1***) John and Tanya to update their CA management paper.
Comment just before the 2005-04-28 meeting:
The document source appears "Last saved 2005-01-10". The updates discussed are in the notes from the 2005-01-18 meeting.
DONE. Close at the next meeting.

3. Discussion on voms code versions

By the time these notes are written, voms 1.5.4 is the version of choice. The client has been tested by the Grid Deployment Team. The server will be available with glite R1.2 early July. It is not clear if anyone tested it.

4. Migration plan review

Here is the latest plan now. See concerns in the Executive summary above.

5. VOMS Bugs' review

Bug numbers 5834, 5836, 5856, 5860, 5863, 5887, 5937, 5961, 8490, 8491, 8573, 8639, 8641, 8697, 8756, 8700, 8799 and bugs related to glite installation/configuration scripts were extensively discussed. Developers should them up-to-date.

6. Test the glite installation procedure for voms-oracle

This was done by the developers on a test host. No testing was possible because voms-admin on Oracle didn't exist. A tool for migrating VOs from MySQL to Oracle is needed. This doesn't affect the LHC Experiment VO because VOMRS will take care of this.

7. Configure VOMRS on lcg-voms.cern.ch

This was done by Maria with walk-through by Tanya for a test VO 'maria' and LHCb. We noticed tremendous performance problems during phase II registration when the email of the user must be matched in ORGDB. We invited Miguel Anjo to the meeting, but there is no improvement available yet. Maria entered 4 savannah tasks on VOMRS notification templates. Tanya is working on VOMRS 1.1.2 incorporating these improvements.

8. Meet the LHC experiments' VO managers

We had no news from the ALICE VO management, despite the meeting reminders. People were positive about the new approach. We decided to meet again at the end of June but intermediate VOMRS improvements delayed the configuration of additional VOs.

9. Next checkpoint meeting:

A next meeting with the VO managers was decided for June 28 at 15 hrs CET. Given the VOMRS developments in June we should decide whether we keep that date!

Maria Dimou, IT/GD, Grid Infrastructure Services