OSG Technology Area Meeting, 13 December 2022

• Coordinates: Conference: +1-415-655-0002, PIN: 146 266 9392, https://morgridge-org.zoom.us/j/91987518094 (password sent separately)
• Attending: BrianL, Carl, Derek, Mat, TimT

Announcements

Triage Duty

• This week: Carl
• Next week: Mat
• 10 (+2) open FreshDesk tickets
• 0 (+0) open GGUS ticket

Jira (as of Monday)

• JIRA tickets exploding; moved a lot from IN PROG to OPEN.

# of tickets	Δ	State
246	+2	Open
20	+1	Selected for Dev
20	+3	In Progress
18	+0	Dev Complete
2	-2	Ready for Testing
6	+6	Ready for Release

OSG Software Team

• Kubernetes Hackathon today
  • AI (Carl): sort out COManage issues with Topology ITB; if they cannot be solved this afternoon, add a config knob to disable the feature so it does not block testing of other Topology changes
  • AI (BrianL, Mat): investigate issues with Flux on osgdev
  • AI (BrianL, Mat): deploy us-west-1 OSDF origin based on the Helm chart
  • AI (Mat): Fix the OSG (not CMS) Frontera Hosted CE
• Doc focus Friday
• AI (Mat):
  • Deploy OSPool environment changes from "main-canary" to "main" and "main-gpu"
  • Deploy OSPool prepare-job-hook into "main-canary"
  • Add extra debugging to XRootD
• AI (Carl):
  • Continue package rebuilds of OSG 3.6 packages signed with the pre-3.6 key
  • EL9 support next items:
    • Test yum installing software from our EL9 repos to verify that the new GPG key works
    • Build a table of RPMs that need to be built for EL9
• AI: add resource-based OSDF lookups to Topology and the xcache container
• AI (BrianL): NVidia GPU osgvo-docker-pilot

Discussion

• Building NVidia GPU-based pilot images exposed some architectural issues with the way we use GitHub Actions for image building. Some redesign will be needed.

• Resource-based OSDF lookups for Topology may not be urgent since UC-Leuvain can have multiple services in a single resource.

• There is a problem with how duplicate "issuer" sections in xrootd-scitokens config are combined; Topology will need to be modified to not create issuer sections with the same name and instead combine namespaces using the same issuer in a sensible manner. Note that "base path" in the xrootd-scitokens config can be a comma-separated list.

• Code freeze for HTCondor 10.0.1 and 10.2.0 is today; this will include thinpool provisioning and the OSDF client. Partial EL9 builds (i.e. without cgroups) succeed but the UW EL9 repositories will need to be configured to not use SHA1 checksums because they are forbidden by EL9.

Support Update

• Generally, Snowmass tickets should be assigned to Collaboration Support

OSG Release Team

• Ready for Testing
  • osg-scitokens-mapfile 11
    • Support HEPCloud factory
  • XRootD 5.5.1
    • Fixes critical issue with XRootD FUSE mounts via xrdfs
  • CVMFS 2.10.0
    • Release Notes for CernVM-FS 2.10.0
  • GlideinWMS 3.9.6
    • adds token (and hybrid) support for Clouds (AWS/GCE)
  • XCache 3.3.0
    • Removed X.509 proxy requirement for an unauthenticated stash-cache instance
  • Vault 1.12.1
    • includes a fix to prevent a potential denial of service attack for HA installations
  • HTCondor 10.0.0
    • Please consult the upgrade guide for major differences
    • Upgrading from an 9.0 LTS version to an 10.0 LTS version of HTCondor
    • In particular, consult the second section of things to be aware of when upgrading
• Ready for Release
  • Nothing yet

Discussion

• condor 10.0.0 / with upgrading from 9->10;
  • with gotchas:
    • mapfile pcre2 character classes
    • trust domain used to be derived from condor host; if trust domain changes need to re-issue tokens. THIS MAY BREAK SITES. Sites may not want to re-issue tokens; may want to go back to trust domain based on condor host.
    • Used to specify gpus with requirements section; now there's a request-gpu keyword: end users will have to change how they're doing this.