Notes from Wahid: Anyway in the end we did manage to discuss some stuff: Hepix (Chris:) Restricting users from particular IP ranges to lustre filesystem AFS: found and fixed a performance problem - locking by particular active user. IPv6 for AFS: take a year and half and cost 250 k . Is it needed LHC experiments claim vital for them (WAN access ) .. feedback to Dave kelsey welcome in ceph or afs talk: Layout of disks - switched from hw to sw raid - getting stripe size v. imp otherwise read before write ceph: CERN playing with it. Caused a meltdown with too many disks. Also performance slower than expected - but in discussion Ian pointed out that there are 2 copies so maybe write not returning after second write. purpose ? Storage for VM images. Storm: Support not great in that lead developer has left. New guys seem keen but this is second time it has happened. Chris wouldn't recommend storm for new sites at the moment. DPM community : (1stt) Meeting on Tue Promise on VFS plugin - czech guys are working on it - may offer some alternative for lustre sites. Very promising overall - but that is mainly because CERN is putting in more effort than pledged (Fabrizio is 100% then the also have some of David Smith ; Martin as well as some on special projects like DMLite commands and hdfs backends) . That may not last. GridPP has mainly committed to the things it is doing anyway : admin tools; documentation ; support; testing - but maybe more formalised and will go to dav meetings. http : WebDav proxy - chris saw some performance impact of using it. https for the authentication and http for the transfer - not done in storm - could put them in touch. Ewan pointed out some security issues with that in the chat window. ACTION: Wahid will check the permsissions reading with webdav issue. ie that you can read files you shouldn't. (Chris apparently has the file he tried in his gridpp talk) . Chat window: [10:00:04] Wahid Bhimji is this the right gridpp storage meeting to be in - I saw there were 2 booked [10:05:38] Wahid Bhimji can't hear you chris [10:05:46] Adam Huffman Can't hear Chris either [10:06:38] Queen Mary, U London London, U.K. audio broken. What's the phone bridge number [10:07:41] Adam Huffman There's a cloud meeting on Friday, so no need to discuss it now, really [10:07:45] Jeremy Coles For reference the phone number is on the ops agenda header +44 131 474 4520. [10:17:21] Brian Davies fure alaram, go tot gio. [10:17:41] Wahid Bhimji somehow my mike has stopped working !! [10:18:18] Wahid Bhimji arrrgh this meeting is destined to failure [10:18:58] Wahid Bhimji can't find restart audio in seevough [10:19:11] Wahid Bhimji maybe lets give up - yes indeed jens's item [10:19:47] Sam Skipsey Hello in there. [10:19:52] Ewan Mac Mahon Hi. [10:19:54] Sam Skipsey I'm in the same room as Wahid, so this might work.. [10:20:13] Wahid Bhimji left [10:20:15] Christopher Walker joined [10:20:55] Alessandra Forti at EGI it the situation was presented as really negative [10:21:05] Wahid Bhimji joined [10:21:28] Ewan Mac Mahon Hopefully it doesn't need to last for too much longer anyway. [10:21:37] Sam Skipsey Yeah, we were a little concerned by the git-hub thing in the EGI storm talk... [10:21:39] Ewan Mac Mahon It'll all be plain gridftp at some point. [10:22:14] Ewan Mac Mahon Or webdav. [10:23:20] Alessandra Forti or xrootd [10:25:14] Ewan Mac Mahon Maybe. I wonder if xrootd's time will have passed before it's widely used. I sort-of hope that if we're going to make a big jump, we make a big jump to something non-HEP specific. [10:25:46] Ewan Mac Mahon There's nothing wrong with xrootd, but I'm not sure there's a lot it can do that we couldn't do atop something more standard. [10:26:01] Ewan Mac Mahon e.g. webdav for WAN, posix file:// for local access. [10:27:11] Alessandra Forti I do hope too but Fabrizio told me there is a lot of resitance [10:27:56] Brian Davies back [10:30:11] Ewan Mac Mahon For normal webby things, doing that sort of https->http switch is generally frowned on. [10:30:24] Ewan Mac Mahon It's not the most securest thing ever. [10:30:58] Wahid Bhimji we don't really need an encrypted steam right [10:32:34] Ewan Mac Mahon Well, maybe. The problem with it in normal webby use is that you authenticate over https, get a session identifier, use that over http, someone sniffs that session identifier, and then they're you, with all the access rights of your session. [10:33:13] Ewan Mac Mahon We'd need an approach that avoids that - one is full time https, another may be the very short lived tokens idea, or maybe a short-lived and single purpose token - [10:33:42] Ewan Mac Mahon so the token would only allow you to do the operation that you'd negotiated over https, not 'anything in general as that user'.