Counting of users and their distribution with Check-in

tiziana · October 23, 2018, 4:02pm

Dear Operations and UCST team

The operations portal has been providing various important metrics based on VOMS, like the history of registered users per VO, the distribution by discipline, etc.

I would like the operations team to assess the changes needed with the introduction of Check-in, for example one extension to the operations portal I foresee is the tracking of registered VOs and users registered in Perun. A more complete assessment should be conducted.

For your reference, these are the reports pages from the operations portal: https://operations-portal.egi.eu/metrics/metricsReportsList/vo/2018-10-01%2000:00:00

Please comment Tiziana

brucellino · October 23, 2018, 9:47am

Hi @tiziana thanks for the post - interesting issue to have to deal with. Can we move this to an open category so that others (ie, CheckIn and Operations Portal developers) can see it, or do you want it private to EGI?

brucellino · October 23, 2018, 10:03am

Do you mean that you want to have proper synchronisation between the users registered in Perun, and what the Operations Portal shows?

Given that

there is more than one group management system
users can use several identity providers, and do not always link them to a unique ID in CheckIn
not all groups are using VOMS

I can see that some work would be required to give a more holistic picture of our user communities, compared to what the operations portal currently does.

To help the discussion along, can you come up with a few example questions you’d like to have answers to? I can image things like :

how many total individuals users does EGI serve?
how has the VO xyz evolved over the last period in terms of membership?
how many total users does community ABC have, including those registered in their VOMS?

Is this more or less on track?

enolfc · October 23, 2018, 2:53pm

Also we need to consider not just Perun but also the communities managed in the Comanage groups at Check-in itself.

Back in the day when we started to look solutions for user provisioning/de-provisioning in cloud services (which at the end is synchronising users between systems) we looked into SCIM. That should allow to query the users of a given group which is what we need at the end. I know there was some research on that from Nicolas but AFAIK never went beyond discussion.

BTW, isn’t operations-portal already getting that info from Perun? How does it work for ELIXIR: https://operations-portal.egi.eu/metrics/oneYearVoCaMetricsReports/vo/vo.elixir-europe.org/2018-10 ? is that by looking into the VOMS that is managed by Perun?

Diego_Scardaci · October 23, 2018, 4:07pm

The operations portal already supports Perun as backend of a VO (in addition to VOMS). This work has been done during EGI-Engage and finalised in the 2017:

https://rt.egi.eu/rt/Ticket/Display.html?id=10111

Ops portal is also already able to gather the user list of a VO from Perun.

Anyway, I think this feature was never used for a production VO yet. So, it would be useful if the ops team checks and validates the current status.

Cheers, Diego

tiziana · October 23, 2018, 4:03pm

It is on track, so far we never cared about counting the number of individuals, just number of users, as the counting process is incomplete (e.g. all users using robots cannot be identified), the issue of counting multiple times the same individual is not major

tiziana · October 23, 2018, 4:05pm

Ok, this answers completely my question. I have no idea if any VO has been put in production using PERUN. Does anyone know?

brucellino · October 23, 2018, 4:12pm

There are a few. We can get this data from the enrollmentURL part of the VO Card. See e.g.

http://cclavoisier01.in2p3.fr:8080/lavoisier/vo-idcard?accept=json

and filter for Perun.

I count 14 e.g. fedcloud.egi.eu…

Diego_Scardaci · October 23, 2018, 4:23pm

We cannot refer to the enrollmentURL to check if a VO is completely managed by Perun and Ops Portal gets user list from it.

Indeed, it was usual, before completing the integration Ops POrtal/Perun, having VO managed in Perun but with VOMS as backend. Such cases were managed as standard VO “VOMS based” in the Ops Portal setting as VOMS the VOMS used as backend in Perun.

A classical example of this setup is the fedcloud.egi.eu VO.

I would suggest to directly ask Cyril if we have now VO purely based on Perun. He should know.

If not, we should test the feature with some dummy VO.

tiziana · October 24, 2018, 6:47am

Diego and Enol, thanks for the explanation.

I opened a ticket to the Operations Portal team for getting confirmation that counting with Perun is working as expected. I included a question concerning Comanage, which is the issue raised by Enol.

https://ggus.eu/index.php?mode=ticket_info&ticket_id=137909

Tiziana

Cyril_Lorphelin · October 24, 2018, 9:33am

Hi Diego

I’ve answered into the GGUS ticket

tiziana · October 26, 2018, 2:37pm

It appears the Operations Portal is not yet instrumented to count VOs and users registered in VO natively supported in CoManage. A development requirement is tracked in Jiira: https://jira.eosc-hub.eu/browse/EOSCWP10-38