Presentation: Service Challenge 3 & VOMS
	      ==========================	

	http://cern.ch/dimou/lcg/voms/taipei-voms-20050426.ppt

Written by: Maria Dimou-Zacharova 

Data based on VOMS status of 2005-04-25


-------- After the presentation -----------------
Feedback, written by Dave Kelsey.
 
1. Concern about lack of resources.
2. Concerns about registration of the "missing" users
3. Concerns about number of groups required (ATLAS 20)
                                                                                
But importantly, no disagreement with the proposed timetable etc. To
achieve this, the port to Oracle and then lots of testing are very
important. I think the Task Force should say what resources are really
required to achieve this. If not enough then we should make this message
very clear.
                                                                                
If the new VOMS service has problems, everything could stop working so it
has to be robust and fault tolerant.
                                                                                
-------- Before the presentation -----------------
Dave's questions and Maria's answers on the slide content:

> 
> Slide 2
> -------
> 
> September 2005 means 1st Sep or 30th Sep?

I see in http://cern.ch/LCG/C-RRB/2005-04/LCG_status.pdf the dates are not 
clear.

> I assume this is the "production phase" of SC3 after the tests have been
> made in July? 

I see in the above paper the name "stable test service".

> Are there any foreseen problems with the installation of
> VOMS and/or VOMRS? 

Many things change at the same time. There will be problems:
	glite-voms
	glite-voms oracle port
	introduction of vomrs
	new source of user personal data (orgdb)
	
> Is the Oracle support now done? If not, who will do
> it and how long will this take?

Please read http://cern.ch/dimou/lcg/registrar/TF/meetings/2005-03-22
and https://savannah.cern.ch/task/?func=detailitem&item_id=1376
Vincenzo does it and it is coming soon.

> Who will do the installation work? The
> machines are available? i.e. is their any interference with existing
> software on them? Is the link to ORGDB now fully working? Who will do
> the port of VOMS-Admin to Oracle? And how long will it take?

I'll do the installation, I'll need advice from my colleagues. Machines
are available, no existing software on them. The ORGDB link seems to work
from the FNAL tests. Karoly Lorentey will port voms-admin to Oracle. He
says, this will take a week. VOMRS will have to be changed again to 'talk'
to the new voms-admin. All this will take about a month.
 
> My general concern is that all of this work seems to have gone slower
> than originally hoped for, Karoly has left, and September is getting
> very close.
> 
> I guess Plan B, is that we stay with the existing VO-LDAP services, but
> is this an option? Or is Plan B to use the old VOMS? I have no feeling
> as to how urgent this is for SC3? We are all keen to move to VOMS/VOMRS,
> but if it is slower than Sep 2005, will this be a show-stopper? Is VOMS
> essential for SC3?  (I guess you will have had discussions with Jamie on
> this topic?)

I don't know how essential VOMS is for SC3. Plan B is VOMS like today, 
i.e. out of LDAP sync and no VOMRS. The transition plan I sent the Task
Force on March 24th and the VO managers on April 16th (and nobody objected 
to) http://cern.ch/dimou/lcg/registrar/TF/lhc-vos-transition.html
allows VOs to be "built" via VOMRS until Feb. 2006.
 
> Slide 3
> -------
> 
> I assume the aim of this slide is to give the reasons as to why VOMS
> will not be ready for the SC3 tests in July? How many bugs are open?

Yes. 200.

> What type of bugs and what priority? (any show-stoppers?) Why so many?

See 
http://cern.ch/dimou/lcg/voms/savannah_entries_on_VOMS_VOMRS.html
Savannah doesn't allow searching or sorting on priority across projects.
Several show-stoppers, I think, e.g. some of the job submitting problems
are related to VOMS:
https://savannah.cern.ch/search/?words=submit+job+&type_of_search=bugs&Search=Search&exact=1

> Does this suggest poor quality code that will cause problems during SC3?

It suggests that many packages change frequently and independently and 
don't automatically inter-work. 

> Do we need more testing before go into production? 

Yes.

> Is rate of fix bugs OK? i.e. are developers responding OK? 

Yes.

> Which
> Grid project is using which CVS repository? How did the proliferation
> come about? 

I don't fully know. History, convenience, different building methods. 
Partially answered in 
http://cern.ch/dimou/lcg/voms/voms-challenges.html
Following an announcement at the Grid Deployment Group Meeting on April 
8th 2005, we should only use the glite repository from now on. 

> How are the negotiations going re the reliable VOMS
> production service? When will this be fixed? Any problems? 

Negotiations started in November 2004
http://cern.ch/dimou/lcg/voms/server.html Still on-going. We had a meeting
on April 20 2005. The database service will be covered, it seems, when the
VOMS Oracle port will be ready. The sys.admin. and monitoring of the
servers is not yet taken over by the central CERN operations' team.

> How many
> months will the transition/reregistration take? (I need to read your
> document on this!) Can both systems co-exist during the transition?
> (guess we must have this!) How long and how complex will be the
> registration of all the current VO members not in ORGDB?

More than 6 months, see:
http://cern.ch/dimou/lcg/registrar/TF/lhc-vos-transition.html
Both systems can co-exist. Registration in ORGDB will be as efficient
as experiment secretariats are willing to be.

> Slide 4
> -------
> 
> On what timescale will we achieve the CVS unification?
> gLite and INFN *must* be the same. How and when do we achieve this?

We hope to do this real soon now. We will only download from the gLite 
site, we expect it to be simply a mirror of INFNforge. If this is not
the case, we have a problem but we 'll sort it by contacting the 
developers.

> Slide 5
> -------
> 
> Is there any news back from the VO managers on the missing people?

Some answers from ATLAS and CMS. There seems to be no problem by these VO
managers to prompt their users to register via the experiment secreatariat
in ORGDB before requesting to join the VO.

> Shouldn't we consider allowing the
> registration as long as they are in ORGDB somewhere (but not in the
> particular experiment)? Sure we did consider, so what are the arguments
> why we excluded this? If we do need to register these people in the
> experiments (also true for remote students etc etc) we need to start
> this process very soon, as I can imagine this could take months.

User and VO Registration Security policy obliges a user to be associated
with a VO before (s)he can become a member. We can't admit someone in the 
-say- Atlas VO just because he is in ORGDB somewhere, say HR dept.

> Any other important messages you want to give?

If SC3's success depends on VOMS high quality, availability and
performance (I don't know whether this is true), more resources should be
put in its maintenance, testing and deployment.

Maria.Dimou@cern.ch