Infrastructure meetings take place every other Thurs. at 9:00 Pacific on the BlueJeans infrastructure-meeting channel: https://bluejeans.com/383721668

Date



 
 
 
 
 
 
 
 
 


  • Discussion items

Item

Who

Notes

Review of last meeting notes

Michelle Butler

  • Maintenance went just fine except the Qserv master 01's board replacement didn't work, and didn't get fixed until Saturday afternoon. New board didn't work, and required IBM's help with bios settings and other "things" to see the HDD and allow for booting.

Procurement

Unknown User (mbutler)

moving along. will be posted soon. Michelle will be working with Wil O'Mullane on the budget and what to order based on the budget, and the wants/needs of the Tcams and what was posted on the DM procurement page that John Swinbank created.

PDAC K8 into K8 commonFritz Mueller and Unknown User (mbutler)

next week after Fritz is back, will meet with him and Matt Long about getting the K8 pdac environment into the K8 commons. There was a discussion about the authentication for the SUI applications, and it wasn't determined if the k8 move to the commons should be delayed due to this functionality not working... or if it wouldn't cause anymore problems to the config by moving it since it's not working already. Unknown User (xiuqin) brought up this problem. Kian-Tat Lim and Brian Van Klaveren are going to work on this determination and a possible fix.


Security awareness

Unknown User (mbutler)

Current security warning on all machines, and have a work around installed yesterday, but it won't outlast a reboot. systems will be rebooted when the patch is available.
A&A discussion

Unknown User (mbutler)

A machine deployment discussion for the A&A systems (LDAP and Kerberos) for the spectragraph and Chile and Summit.
Qserv-master 2Unknown User (mbutler)Qserv master 02 deployed. (mbutler got it mixed up.. and will be deployed this next week) Sorry for the mistake that it was ready for work.
PDAC StatusGregory Dubois-FelsmannAbove about the K8 into the common is all I got here.
Topics for next meeting



Action items

Please enter action items in the form

Responsible Person, Due Date, Description



  • No labels

1 Comment

  1. Brian Van Klaveren

    Loi was using this container for the implementation of oauth2_proxy:

    https://hub.docker.com/r/colemickens/oauth2_proxy/tags/

    It seems like the issue with CILogon may possibly be in a callback to CILogon (with the authorization code) from lsst-pdac.ncsa.illinois.edu, though it may be a software configuration issue, either at the ingress controller in how it should forward OAuth-related requests to a a container for oauth2_proxy, or configuration of that container itself.

    Loi says he registered a new OAuth2 client for lsst-pdac.illinois.edu, and was using the aforementioned oauth2_proxy container with k8s ingress controller (nginx). This should be enough for this to work. During the login phase, a user agent (browser) is supposed be redirected to CILogon with a client id and a redirect URL (e.g. lsst-pdac.illinois.edu), to which CILogon will verify that it knows about the redirect URL, and it will finally send a challenge as a callback to the client url, where the client will present it's secret.


    Christine Banek did have some issues talking to the public internet with k8s commons, but they have been occasional and aren't occurring right now.


    A review of the access log for the ingress controller and/or oauth2_proxy should provide more insight into what's going on.