OSCARS meeting (MADDEN+ETAP)

Tuesday 24 Mar 2026, 11:00 → 12:00 Europe/Rome

Zoom link

• MADDEN planning document
• Gitlab group

Please provide short status reports on issues assigned to you:

• Lia
• Nikita
• Andres
• Matti

• Hot topics:
  
  • CVMFS plugin development (Nikita): follow up with Andrij
  • RucioFS (Matti): add oidc-authentication and distribute with documentation
    • We had a long discussion about how authentication is done in RucioFS. RucioFS doesn't do authentication by itself. It sends the credentials to the Rucio server in the API call. The credential (e.g. which X509 proxy to use) is configured in the RucioFS config file and is unique, not user dependent. So there is the problem that if RucioFS is installed on a machine that is shared among users of different experiments, the current authentication becomes useless. Note from Andres after the meeting: In CVMFS-for-data, the authentication is per user. I think we ultimately have to do the same in RucioFS. That is, the credential should be taken from a user-dependent location like the Rucio client does. The authentication should also be done when accessing cached information. The authentication can be cached for a duration of X minutes. Maybe it is as simple as running a "rucio whoami" before every RucioFS command?
  • Nikita noted from the Rucio documentation here that Rucio now requires only one client in Indigo IAM instead of two. Nikita made the change for CE Rucio and it seems to work fine (i.e. authentication via tokens still works). We will wait some time to make sure no problems appear and only then Lia will implement the same in ET Rucio.
  • Multi-RI implementations:
    •  PR approved (fix client side), rebase due to coding style (Matti) waiting for review
      •  Test it and provide instructions for ETAP people
    • PR to Rucio (server side), Matti created a new issue, waiting for review.
      • Rucio developers requested to change the way the shared identity (in our case etreader) is treated in the DB.
      • Once this PR is merged, we will upgrade both CE and ET Rucio servers with multi-RI implementation and test it.  (Lia, Nikita)

 

• From last weeks:
  
  • Custom policy package in CE server was added. Now need to remove admin rights for everyone (issue).
  • Once Rucio servers 38 and 39 are deployed, Andres will prepare a new image with the corresponding rucio client

 

• Miscellaneous:

  • join Rucio group of interest on hierarchical file structure: not yet created (Nikita to follow up on this)
  • CHEP abstract accepted
  • follow up with ETAP and OSB about needs for MDC (new joint coordination by EIB-OSB div 10?)
  • WP3 multi-RI metadata queries: Discuss with Paul for HSF cond DB, and with Valentin for Rucio metadata

   

11:00 → 11:20 Discussion

11:20 → 11:40 MADDEN status report

Speakers: Andres Tanasijczuk (Universite catholique de Louvain), Federica Legger, Lia Lavezzi (INFN Torino), Matti Jansson, Nikita Avdeev

LIA:

• Rucio 38 in production, but still need to remove the lost-RSEs hacking the DB
• working on the policy package for "rule update"
• xRIDGE setup: we can use the production instance
• PIC RSE is available, see issue. For xRIDGE it is fine, but we will need to setup groups.
• still need to setup the FTS transfer (mail by Giovanni to CERN guys)
• we need to fill the "xRIDGE goal" document

11:40 → 12:00 ETAP status report

Speaker: Paul Laycock