[Discuss] Globus retirement considerations in WLCG
Maarten Litmaath
Maarten.Litmaath at cern.ch
Tue Apr 21 23:34:34 CEST 2020
Hi Mischa, all,
to get edit permission on WLCG Twiki pages, you also need to subscribe here:
https://e-groups.cern.ch/e-groups/EgroupsSubscription.do?egroupName=wlcg-external
And if you let me know, I can speed up the approval... :-)
I will contact the URT and let you know of further dependencies discovered.
________________________________________
From: Mischa Salle [msalle at nikhef.nl]
Sent: 21 April 2020 23:15
To: Maarten Litmaath
Cc: Maarten Litmaath via discuss; Brian Hua Lin
Subject: Re: [Discuss] Globus retirement considerations in WLCG
Hi Maarten, all,
On Tue, Apr 21, 2020 at 09:03:36PM +0000, Maarten Litmaath wrote:
> Hi Mischa, all,
> I have added potential LCMAPS dependencies to the set we have so far:
>
> https://twiki.cern.ch/twiki/bin/view/LCG/GlobusRetirement#LCMAPS
>
> I propose we ask on the UMD Release Team list if any other products
> have a dependency on Globus either directly or e.g. through LCMAPS.
that sounds like a good idea, could you to ask them (I'm still trying to
catch up on emails)?
Btw, I can see the twiki page even without logging in, but cannot edit
the page when I'm logged in with my external account.
Mischa
>
> ________________________________________
> From: Mischa Salle [msalle at nikhef.nl]
> Sent: 21 April 2020 22:31
> To: Maarten Litmaath
> Cc: Maarten Litmaath via discuss; Brian Hua Lin
> Subject: Re: [Discuss] Globus retirement considerations in WLCG
>
> Hi Maarten, all,
>
> On Tue, Apr 21, 2020 at 06:34:12PM +0000, Maarten Litmaath wrote:
> > Hi Mischa, all,
> > which products do we know depend on LCMAPS?
> not sure, but I'm pretty sure the ARC CE does (and the CREAM CE but
> that's already out of support end of this year).
> Furthermore, it's of course still used in gridftp and gsissh when doing
> VOMS-based mappings via the lcas-lcmaps-gt-interface callout.
> Then there is a plugin for xrootd to use LCMAPS (probably from BrianB)
> and it could also be that SToRM is using LCMAPS (AndreaC will know).
> I think that's probably all for software that might still be needed in
> 2022 but I might have missed things.
> We could check which products in the UMD have an RPM dependency on
> LCMAPS but that could be misleading if it's indirect.
>
> Mischa
>
> > ________________________________________
> > From: Mischa Salle [msalle at nikhef.nl]
> > Sent: 20 April 2020 10:19
> > To: Maarten Litmaath via discuss
> > Cc: Brian Hua Lin; Maarten Litmaath
> > Subject: Re: [Discuss] Globus retirement considerations in WLCG
> >
> > Hi all,
> >
> > On Tue, Apr 07, 2020 at 10:00:23PM +0000, Maarten Litmaath via discuss wrote:
> > > Hi Brian, all,
> > > it is good that we still have more than 1.5 years to sort things out, thanks!
> > >
> > > My main concern is with MyProxy: I suspect WLCG and/or various other
> > > communities we care about will still be needing it beyond that time frame.
> > >
> > > We probably will need to revisit this business in the course of next year.
> >
> > I think there are several separate issues we have to keep in mind:
> > - first of all, many especially smaller communities in Europe will
> > probably not easily move from proxy certs to some form of tokens.
> > - There are several parts of the gridcf that are still quite widely used
> > I think:
> > - gridftp (server and client)
> > - myproxy
> > - gsi-openssh
> > plus several of the gsi-based libraries that are dependencies for
> > tools like LCMAPS and probably others.
> > In particular the client tools need to be supported until all the
> > relevant services are no longer using (only) proxies.
> > - I actually don't know how the ARC-CE is doing things, and whether they
> > have plans to move away from certificates. If not, that most probably
> > requires support for (part of) the gct.
> >
> > I doubt that we can expect all these dependencies to be solved before
> > January 2022, but perhaps I'm too pessimistic.
> >
> > Concerning support, I think one of the bigger problem is that we'll at
> > some point need to patch to accept TLS1.3 (and higher), which is less
> > trivial than just doing minor updates. Several tools can be made gct
> > free (such as most of LCMAPS and myproxy) but that also would take
> > effort.
> >
> > Mischa
> >
> >
> > >
> > > ________________________________________
> > > From: Brian Lin [blin at cs.wisc.edu]
> > > Sent: 07 April 2020 21:18
> > > To: discuss at gridcf.org
> > > Cc: Maarten Litmaath
> > > Subject: Re: [Discuss] Globus retirement considerations in WLCG
> > >
> > > Hi Maarten,
> > >
> > > FWIW, with the current OSG timeline, the OSG will continue to support
> > > the GCT until January 2022 so that's the earliest you can expect OSG
> > > effort to drop off.
> > >
> > > As for MyProxy, Dave Dykstra has been investigating HashiCorp's Vault,
> > > which seems like it could be a token-based replacement and hopefully
> > > that would require less effort than removing the GSI dependencies.
> > >
> > > Thanks,
> > > Brian
> > >
> > > On 4/7/20 12:28 PM, Maarten Litmaath via discuss wrote:
> > > > Hi all,
> > > > does anyone have comments / thoughts about this matter? Thanks!
> > > >
> > > > ________________________________________
> > > > From: discuss [discuss-bounces at gridcf.org] on behalf of Maarten Litmaath via discuss [discuss at gridcf.org]
> > > > Sent: 30 March 2020 22:45
> > > > To: discuss at gridcf.org
> > > > Cc: Maarten Litmaath
> > > > Subject: [Discuss] Globus retirement considerations in WLCG
> > > >
> > > > Dear Grid Community Forum,
> > > > in the WLCG Management Board meeting of March 17 there was a discussion about
> > > > a possible retirement timeline for the remaining WLCG dependencies on Globus:
> > > >
> > > > https://indico.cern.ch/event/870359/#9-globus-retirement-planning
> > > >
> > > > Prompted by the plans and timelines that already exist in OSG:
> > > >
> > > > https://opensciencegrid.org/technology/policy/gridftp-gsi-migration/
> > > >
> > > > For WLCG, removing the dependency on GridFTP is being tackled in the TPC WG
> > > > of the DOMA project:
> > > >
> > > > https://twiki.cern.ch/twiki/bin/view/LCG/ThirdPartyCopy
> > > >
> > > > Currently, GridFTP is also being used for job submissions to CREAM instances,
> > > > which should all be gone by the end of this year, and ARC CE instances,
> > > > which already support HTTPS as an alternative.
> > > >
> > > > While it looks viable for WLCG not to depend on GridFTP by the end of 2021,
> > > > can we actually remove Globus as a build dependency from the various storage
> > > > service implementations (which ones?) that currently make use of it?
> > > >
> > > > Also taking into account that other communities may be unable to replace
> > > > X509 certificates with tokens as "quickly" as WLCG hopes to do, implying
> > > > there may need to remain code in the affected implementations that is able
> > > > to deal with X509 somehow?
> > > >
> > > > Next we come to GSI. Besides its use in conjunction with GridFTP and SRM,
> > > > WLCG has a critical dependency on it through MyProxy! For as long as we
> > > > need the latter, I suspect it would not be a big deal to support GSI in
> > > > addition, but it would be nicer if MyProxy were made independent of it...
> > > >
> > > > Next we come to the Grid CF build infrastructure: what would be the plan
> > > > for when it can no longer make use of OSG effort or resources?
> > > >
> > > > What are your thoughts about these matters? Was anything missed? Thanks!
> > > >
> > > > _______________________________________________
> > > > discuss mailing list
> > > > discuss at gridcf.org
> > > > https://mailman.egi.eu/mailman/listinfo/discuss
> > > >
> > > > _______________________________________________
> > > > discuss mailing list
> > > > discuss at gridcf.org
> > > > https://mailman.egi.eu/mailman/listinfo/discuss
> > >
> > >
> > > _______________________________________________
> > > discuss mailing list
> > > discuss at gridcf.org
> > > https://mailman.egi.eu/mailman/listinfo/discuss
> >
> > --
> > Nikhef Room H155
> > Science Park 105 Tel. +31-20-592 5102
> > 1098 XG Amsterdam Fax +31-20-592 5155
> > The Netherlands Email msalle at nikhef.nl
> > __ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
>
> --
> Nikhef Room H155
> Science Park 105 Tel. +31-20-592 5102
> 1098 XG Amsterdam Fax +31-20-592 5155
> The Netherlands Email msalle at nikhef.nl
> __ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email msalle at nikhef.nl
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
More information about the discuss
mailing list