Task Force (TF) tel. meeting October 24th, 2006
Last updated on 2006-11-06
Agenda
Now
in the indico agenda system
Present
tlevshin@fnal.gov, weigand@fnal.gov (Tanya Levshina and John Weigand; vomrs developers),
garzogli@fnal.gov, ruth@fnal.gov (Gabriele Garzoglio and Ruth Pordes; FNAL management),
andrea.ceccanti@cnaf.infn.it (voms-admin developer),
valerio.venturi@cnaf.infn.it, vincenzo ciaschini (voms developers)
vomrs-grid-support@cern.ch (Lanxin Ma, Maria Dimou, Ian Neilson),
roberto.bonvallet@cern.ch (vom(r)s monitors' developer)
Apologies: D.Kelsey.
Absent: Maarten.Litmaath@cern.ch (voms-aware services) and Joni.Hahkala@cern.ch (TF member)
Notes from the meeting
Agenda Item 1. "Generalised Attributes"
We agreed on this name for a new attribute that was mentioned so far with various names like:
- VO member shortname
- DN nickname
- special VOMS attribute
- VOMS alias
- VO-specific attribute
This request was discussed at the 2006-03-17 workshop, during the meeting with the VO Managers, presented by Joel Closier (LHCb VO-Admin). We had
agreed
that he would submit a document to explain the details. Unfortunately, this was not minuted so the necessary development effort was never coordinated within
the TF.
This experience shows that a twiki page listing all requirements is necessary. The CNAF guys will do this and send the URL to the whole TF. All
TF members will be authorised to edit that page. ACTION 1: Andrea/Vincenzo(Done)
Each developer implementing any of these requirements will open the necessary savannah tickets and link them from/to the twiki page.
Savannah is still our tool for detailed progress follow-up and inclusion in the gLite release.
Tanya checking Vincenzo's presentation at the EGEE06
conference pointed out -and Vincenzo confirmed- that the Generalised Attribute value can represent something different for every VO/user. She
expressed concern about the vagueness of this attribute's definition and management.
Everybody agreed that both vomrs and voms-admin have customers in various Grid
projects (EGEE, LCG, OSG, others). These customers are, sometimes, not only the VOs but also other VOMS-aware services.
Ruth said that Generalised Attributes seem to be meant for application management and not for registration management.
We should, therefore, probably re-evaluate the possibility to use a single interface (voms-admin) to manage them.
The consensus at the end of the discussion was:
- voms-admin is being enhanced to comply to the recent requirements of the Joint Security Policy Group (JSPG) with the exception, so far, of
sophisticated functionality, already existing in vomrs like the
link with an Organisational DataBase (ORGDB) or special handling of Groups/Roles.
- After documenting the voms-admin architecture and implementation of Generalised Attributes, vomrs developers are invited to deal with the porting
effort.
- Add all known requirements in the upcoming twiki page between now and January 2007.
- Include EGEE TCG, LCG and OSG management in the VOMRS BOF of the
January WLCG Collaboration Workshop to have all vom(r)s customers present and better coordinate the requirements' implementation, release and
deployment. Change the BOF description in the relevant agenda.
ACTION 2: Maria (Done)
- Expand our workshop's agenda to include the vomrs/voms-admin detailed discussions on the new APIs
appearing from voms-admin-1.17 onwards for use by vomrs. Meanwhile, Andrea will re-send the numbers of the savannah bugs fixed in the latest voms-admin
tags. ACTION 3: Andrea
- Involve the EGEE TCG in order to increase awareness of the required time for any component to go through the gLite release cycle (average 3
months) and the vomrs/voms-admin inter-dependence. This is not easy because no TF member belongs to the TCG. While writing these notes some relevant TCG pages were
found like:
Agenda Item 2. CA rollover
A person with 2 certificates (same DN/different CAs) is one record in the vomrs database.
A person with 2 certificates (regradless of DN,CA) is two entries in the voms database.
The CNAF guys will document how they intend to proceed with the handling of this. ACTION 4: Andrea/Vincenzo/Valerio
Agenda Item 3. Oracle
The voms-admin and vomrs development effort was discussed to use multiple listeners and OCI connections to the Oracle database. The discussion
was based on the summary table and the importance to coordinate with the
gLite integrator Joachim Flammer was underlined. Andrea can make a OCI option available soon ACTION 5: Andrea but Joachim has to parse the
option in the glite-voms-server-configuration script ACTION 5: Joachim. Tanya will also change the vomrs_configure script to give the installer
the option for 'oci' or 'thin' connection ACTION 5: Tanya Progress will be monitored via
savannah bug #19654.
Agenda Item 4. tomcat
The situation is monitored via
savannah bug #16843. As no test system showed the problem we
experience on the production servers, we 'll install jdk1.5 and closely observe tomcat memory usage while at CERN in the week of Jan.22nd 2007.
ACTION 6: Developers and Maria.
About the claimed wrong tomcat packaging in glite
Joachim should be reminded to comment. ACTION 7: Developers and Maria.
The idea to start the apache server and use it as a re-director to a number of tomcat processes to load-balance the handling of the ssl sessions
should be elaborated in the ticket. ACTION 8: Andrea
Agenda item 5. January VOM(R)S workshop agenda
The draft agenda was accepted with the additions of Ruth's suggestions and the recommendation to involve the Integration Team
for the Oracle OCI discussion. Maria has already invited testers and integrators who have booked their agendas. She will split the agenda items
throughout that week in the indico system. ACTION 9: Maria (Done)
Agenda item 6. AOB
Maria stressed the importance of bug voms-ping bug which
has already led us to service failures. The voms core developers are working on it and will comment in savannah. ACTION 10: Vincenzo/Valerio
Action List
Action# |
What |
Who |
When |
1 |
VOM(R)S requirements' twiki page |
Guys@CNAF |
Done |
2 |
Extend the attendance in WLCG Jan. 2007 BOF agenda page |
Maria |
Done |
3 |
Email the TF the bug numbers fixedin the latest voms-admin |
Andrea |
a.s.a.p. |
4 |
CA rollover handling in voms-admin and for voms-proxies |
Guys@CNAF |
a.s.a.p. |
5 |
Coordinate the implementation of OCI connection to Oracle |
Andrea, Joachim, Tanya |
a.s.a.p. |
6 |
Use jdk1.5 to monitor tomcat memory usage on the CERN production servers |
Developers, Maria |
Jan. 2007 VOM(R)S workshop |
7 |
Understand whether tomcat is wrongly packaged in gLite |
Developers, Maria |
a.s.a.p. |
8 |
Explain in savannah bug #16843 the use of apache as a
re-dicrector for tomcat |
Andrea |
a.s.a.p. |
9 |
Publish in indico the agreed Jan. 2007 VOM(R)S workshop agenda page |
Maria |
Dome |
10 |
Improve the voms-ping script |
Valerio, Vincenzo |
a.s.a.p. |
Notes by Maria Dimou with contribution from Gabriele and Vincenzo.