wiki:developers-meeting-20090812
Last modified 12 years ago Last modified on 08/14/09 12:11:06

[part of a series of meetings]

Participants

Timur, Vijay, Alex, Gene, Tanya; Gerd; Patrick, Owen, Paul

Agenda

[see box to the side]

PNFS / ACL issue

Patrick: we promised PNFS for ACLs, but this requires some tuning. There is a wiki page that describes the process.

Can people review this wiki page? Feedback to Irina.

Is Jon going to use ACLs? Timur: we don't have a use-case for this.

Updated release notes

1.9.3-1, 1.9.3-2, 1.9.3-3.

Status of work for 1.9.5

[standing item]

A (quick?) review of activity needed for the 1.9.5 release

New info service/info provider

Action: paul to submit this afternoon.

Active/passive fixes for SRM client

Timur: suspended until Dmitry is back. This is first 1st September.

Owen and Timur to discuss environment variables.

Moving tape protection inside pool manager

Nobody assigned to this yet.

Patrick and Irina to talk about this.

PnfsManager based listing in SRM

List patch can take a range; as needed by the SRM.

Update of using this in the SRM.

Refactoring of Pin manager

No-one at Fermi to review the SRM code changes, currently.

Terracotta and SRM

Patrick: is this a priority?

Timur: driven by external requirements. BNL cannot perform at current level. Already split into multiple parts, only the small part are currently in for review.

Working in parallel on pin manager, etc, but these changes are affected by the terracotta changes.

Patrick: review pin-manager is OK,

Gerd: will try to have a look.

PnfsManager based listing in dirDomain

Friday or early next week, Gerd will look into this.

Any other component doing listing?

There is a TCP connection between the dirDomain and the client.

(Different) Authorisation structure to propagate, can we use a single class for this?

Agreed.

Authorisation

gPlazma provides more than just the identity of the user.

When talking to the X509 libraries, we get a Principle.

Maybe we could extend or embed this Subject class within the gPlazma class.

Primary goal was to have mappings between structures, so haven't thought particularly how to better integrate with gPlazma.

PnfsManager based permission handling in all doors

Relevant for SRM: SRM doesn't support ACLs. Direct DB connection to ACL table. If you want to verify the ACLs inside the SRM would require Permission Handler that sends messages to PnfsManager, in a blocking fashion. This we want to avoid.

Once this is moved to the PnfsManager: just supply the correct Principle with the PnfsManager message and the PnfsManager will check with the ACLs.

SRM lack of support of ACLs is an issue for removing files.

Gerd has updated the GridFTP door; he can also do this for the dcap door.

Timur: after pin manager changes are done; would imagine weeks worth of work.

Listing support and permission handling support.

Is there a utility function for converting utility function to the Principle object? Yes.

All messages now support this: the change is in the Message base class, but only PnfsManager understanding this. Only enforces these changes on a very few specific operations: read, write, create, delete.

What happens with PnfsManager without ACLs

PnfsManager uses both the Unix and ACLs. Disabling ACLs means you get an always-yes reply, allowing fall-through to POSIX handler.

new http door with https support

About 60% done, but work on this is stalled on other activity. No commitment for this to go in, but it would be nice.

Marco is working on the bittorrent support, which is layered on this.

Patrick to chase this up.

xrootd mover reimplementation

Gerd: didn't expect to have any more excuses, but hardware was delivered.

Plan to do something soon.

the p2p trigger-on-load

Paul: need to submit new code for review.

Timing

Gerd noted that we have the next three and half weeks to finish the bulk of the work.

Patrick mentioned the plan is to cut the 1.9.5 branch on 18th September.

Issues from yesterday's Tier-1 meeting

[standing item]

BNL: Status of Solaris client

Pedro reported that Phenix experiment *needs* the dcap client.

Owen reported he now has root on a development machine. The Globus packages are being awkward to install.

Patrick: to ask Oferrind about Phenix usage: Kerborised dcap or Globus dcap. If they intend to use GSI-based dcap, whether they have experience installing Globus on Solaris machines.

Owen has contact details for a Globus person responsible for packaging.

BNL: split personality

Pedro reported a very speculative idea: splitting their dCache instance into two, but hiding this split from end-users. How to do this for dcap clients?

Owen asked whether there would be a problem with the wormholes? Patrick:

Timur: Talked to Pedro after the meeting yesterday. There is a process that will redirect clients to the correct instance. The bigger issue is whether they can get the improvements they want. They're doing tests just now.

Timur reported that downtime is an issue for BNL: they estimate it will take them a week but they want to do this in a day.

Pedro is testing only the NFS server.

Gerd to forward his results when doing "ls" (with a suitable to explanation) to Pedro.

Released of new 1.9.2-11

Done, available from:

http://www.dcache.org/downloads/1.9/index2.shtml

Put a note saying there's a bug.

How to test gPlazma plugins? Different VO memberships can be triggered through different gPlazma, so a user with multiple VO memberships can trigger authorisation through different plugins.

Timur to talk to Tanya to ask her how they do testing in OSG.

Outstanding RT Tickets

[standing item]

RT 4708: XML parser vulnerability

We need to look through our code, looking for where we use Xerxes.

Gerd's quick look finds this gPlazma jpox gPlamza srmclient sasml batik.

Timur: is there something that potential coding issue? No, just replacing the package with the latest version.

RT 4621: ROOT with broken dcap

Tigran needs to handle this one.

RT 4670: ReplicaManager broken after upgrade to 1.9.4-1

Known problem: ticket needs closing. Owen to close this ticket.

RT 4705: Problem with srm client tools 2.1.0

Patrick to look into this one.

RT 4712: retry setting for suspended files

Problem comes under load.

Patrick Paul Owen to look at this.

Review of RB requests

DTNM

Proposed: same time, next week.

Work for people

Patrick

  • (w/ Paul & Owen) look into ticket RT 4712
  • ask Oferrind about Phenix usage (Kerborised dcap or GSI dcap).
  • talk with Irina about moving tape protection into PoolManager.
  • ask Tanya about getting https support into new door.

Paul

  • Submit info work for review
  • Submit p2p work for review
  • (w/ Patrick & Owen) look into ticket RT 4712