Software Update

Brian Lin

OSG/PATh Staff Meeting—June 28, 2023

Core mission: provide a well-tested, integrated software stack for sites to contribute resources to the OSG

2

Who we are

• Team of ~1.5 FTE working at the CHTC based out of UW–Madison
• New team member, Matt Westphall, joined the team at the end of May
• Long time OSG/CHTC staff member Carl Edquist departed the team in February

3

Pictured left to right: Carl Edquist, Brian Lin, Mat Selmeci, Matt Westphall

Enterprise Linux 9

• Initial EL9 release of OSG 3.6 at the end of March!
• EL9 adoption seems low so far
• 1 out of 130 CEs reporting to the OSG Central Collector (only 14 EL8)
• BNL/FNAL are dipping their toes
• There be dragons: updates to cryptographic defaults have turned up some hard-to-debug errors in the past. We have some test packages available for troubleshooting but haven’t received feedback.
• Concerns: RedHat have stopped pushing RHEL sources to the public (https://www.redhat.com/en/blog/furthering-evolution-centos-stream) and now only CentOS Stream sources are available (i.e., RHEL upstream). Alma and Rocky (based on RHEL) have indicated that they will find a long-term solution
• https://almalinux.org/blog/impact-of-rhel-changes/
• https://rockylinux.org/news/brave-new-world-path-forward/

4

Hosted CEs

• Not much Software Team development: mostly coordinating with HTCSS and Hosted CE Ops
• Re-added support for glidein startd’s to report back to their Hosted CE after this functionality was lost in the token transition
• Created build pipeline for our Helm charts (i.e., packaging of services for Kubernetes): https://github.com/osg-htc/helm-charts. Now PATh controls the Hosted CE build pipeline from HTCSS source → RPM → container image → chart.

5

Open Science Data Federation

• Deployed the the PATh Facility OSDF Origin, the first production origin using our Helm chart! Includes LDAP-integration to support private user areas with POSIX mounts on the AP
• Much improved support for reading and writing authenticated data using SciTokens
• All new OSPool Access Points will have directories made visible in the OSDF
• Experiments in progress for exposing data from S3 and remote HTTP servers (contributed by Todd Miller and Justin Hiemstra)
• OSDF work expected to accelerate thanks to new CHTC team members

6

Operations

• OSPool
• Deployed container universe!
• Contributed to the effort to allow CHTC users to flock out to the OSPool
• Working with the OSPool Ops and CHTC Infrastructure Services teams to align AP configurations across UW–Madison and University of Chicago
• Tiger
• Assisted with Kubernetes 1.21 → 1.23 and Flux v1 → v2 upgrades
• Provided support for internal Certificate Authority rollover
• PATh Facility
• Deployed the first Helm-based production OSDF origin
• Most-of-the-way through a remote Flux-based deployment to the TACC-run Kubernetes cluster, a setup similar to the way we deploy to SDSC Expanse and NRP Nautilus
• Mild concern: InCommon CAs to be retired May 2025 (https://ca.cilogon.org/retirement)

7

OSG 3.7

• Major admin-visible change: we plan on tightly coupling OSG release series and HTCSS major version support lifecycles
• Minor admin-visible changes: ‘release’ repo will be renamed to ‘main-release’
• Internal changes: investigating Yubikey-based package signing for improved security
• OSG 3.6 support timeline currently undecided. Likely shortened due to June 2024 EL7 end-of-life and syncing with HTCSS support lifecycles
• Targeting release for August 2023 alongside HTCSS 11

8

9

10

Delta since the Jan 19, 2023 staff meeting

Questions?

11