ICAT Collaboration Meeting - 25th July 2024
Attendance
Attendees:
- Rolf Krahl
- Salman Matalgah
- Louise Davies
- Kirsty Syder (leaving 13.55)
- Marjolaine Bodin
- Kevin Phipps
- Malik Almohammad
- Marcus Lewerenz
- Patrick Austin
- Viktor Bozhinov
Agenda
Site Updates
SESAME
SESAME DataPortal is open to public. Doing some maintenance & monitoring.
KP: Security audit? outcomes? MA: before cybersecurity assessment, need to work through challenges. e.g. was uses glassfish, used new version of glassfish. Services were on LAN, then each service are in individual environments. DataPortal is open to public, backend is not. SM: Cybersecurity assessment was on LAN, resolved those issues. We'll have another assessment now we're open to public. Can share at next meeting. Biggest is 2FA - which is complicated.
HZB
Still working on getting SSO servers running. Trying to get prototype up by EOY. Working on central experimental storage, kept on disk for period of time, before removed. Working on Sample DB. Separate from ICAT but connected. Entry in Sample DB has 1-to-1 equivalency to ICAT sample. Going to use ICAT to authz to Sample DB.
Kevin: ask about authn? You need to move to MFA before opening ICAT again? Do you have MFA for HZB but not ICAT? or not in place for org at all?
Rolf: For all external logins, for those outside MFA is required. Not as many of these. Since that was the first issue, not a central sign on / keycloak for users (have it for staff but not guests) that is the user id problem we need to solve. ATM doens't make sense to equip ICAT with this as it would only help 10% of them anyway. Proper SSO will have to be first, and have MFA.
ESRF
Still working on MX integration into DataPortal. Working on processed data Sample tracking, merging ICAT & ispyb systems DESY visit, presented ICAT + DataPortal September internal meeting, DB admins scared of size of DB (especially datafile table) Propose splitting table on disk? Need to ensure maintanability & stability of DB
KP: how many datafiles? MB: Don't know the number but can check and add this later. KP: DLS Datafiles table is ~5 billion. Maybe 6. We also have this concern. DB is very big. We don't get too many concerns from Database admins actually, but some of the queries. LIKE queries with wildcards can be very slow. MB: For sure less than this. Try not to update Datafiles and only do inserts. DBAs concerned about size. Maybe gain performance. Will disucss. KP: would be interesting to know your conclusions. PA: just splitting for load? or hot/cold DB MB: early, but could split on date e.g. but will keep us informed
Not possible to cast in a query number as string? LD: maybe create an issue on icat.server to have technical discussion? RF: JPQL queries are all strings anyway MB: no, "CAST" keyword is not recognised even though valid JPQL PA: there is logic for processing parts of JPQL query so maybe could be possible to add
RK: sample tracking - done via ispyb which is based on ICAT? MB: no, two systems. One ICAT and one ispyb. Different beamlines use different ones. Goal is to merge them both into one. RK: Aren't you changing ispyb into using ICAT backend anyway? MB: yep, for sample tracking need a few adjustments (ispyb used more fields e.g.), rework labels for parcels etc.
ISIS
ISIS have rolled out (yesterday) to point to Rocky 9 and the new version of DG v2 which runs against icat.server 6.1 and icat.lucene 3.0.
Will Taylor keen to get opinions on anyone that uses the icatadmin (netifly app).
RK: Using the icat.server snapshot for ISIS? LD: Yes, they do not care about this. Full release will come later. PA: Wanted to do preproduction testing with DLS before making full release.
DLS
No updates. Dealing with ongoing problems resulting from server migration from CentOS 7 to Rocky 9. Looking to get next version of DataGateway & icat.lucene for DLS. Maybe Sept/Oct.
CLF/EPAC
New laser Facility will be using ICAT. STFC people are working on this as well.
Component Updates
icat.server & icat.lucene & icat.utils
Release soon (maybe Sept/Oct), but snapshots are working in ISIS production
ids.server
Bugfix release 2 weeks ago. File system locking - major design flaw, for shared locks file system lock obtained for all locks, but Java can only have single file system lock on a given file. Trivial code change, but issue could have crashed ids.server if you use that feature. Also backported fix to v1 as well as v2.
Marcus working on refactoring, but going to take a while
AOB
Logbooks
MB: working on new DataPortal based on micro-frontends. Logbooks would be one of those micro-frontends. Did presentation ~a month ago of logbooks to beamline staff & got good feedback. New DataPortal release in Sept/Oct maybe. Biggest feedback is google docs like notepad. Tried last year with Etherpad but buggy. Scientists pushing for google docs. RK: HZB had feature requests which were postponed until after new DataPortal architecture. Would like to revisit these/have a meeting MB: can do, maybe September? RK: one example is config, current config is in Dockerfile, HZB would like it in runtime.
RK: in September I will be in ESRF for NOBUGS so maybe can discuss there! MB: might need a refresher, might be better to have online meeting beforehand. Can propose some dates
icatproject website
MA: I want to add a facility page for SESAME to the website
LD: https://github.com/icatproject/icatproject.github.io - it's a github pages repo, just read the README to learn how to contribute and create a PR for your changes for one of us to review. We'll just have to check you have access rights to icatproject github org - just message me on Slack or email me with your github usernames.
NOBUGS ICAT F2F?
Metadata catalogue satellite meeting on Friday afternoon. Includes both ICAT and SciCAT. Don't think there's a specific ICAT meeting.