General information

Middleware

UMD

• CentOS8 discussion still ongoing
• UMD 4 June update
  • ARC 6.12.0 will be included in the upcoming release (end of June)
  • other products to be included: HTcondor, gfal2, lcmaps-plugins, xrootd 5.1.1, StoRM 1.11.21, DDNS probe
• repository frontend web pages restored as static pages

Preview repository

• released on 2021-05-20:
  • Preview 2.33.0 (CentOS 7): ARC 6.11.0, STORM 1.11.20 and 1.11.21, VOMS 04-21
• released on 2021-06-10
  • Preview 2.34.0 (CentOS 7): ARC 6.12.0, CVMFS 2.8.1, xrootd 5.2.0

Operations

ARGO/SAM

• New version of the APEL Pub and Sync metrics deployed on the test instance (GGUS 140317), no particular issue with the probes so far:
  • https://argo-mon-devel.egi.eu/nagios/cgi-bin/status.cgi?servicegroup=SERVICE_APEL&style=detail
• HTCondor-CE probes
  • deployed on secmon and pakiti: GGUS 150006
  • working on the probe for the host certificate validity check: GGUS 147386
    • new version of the probe under test, to be deployed on the devel instance
    • to query remote HTCondor-CEs for their host certificate using the following:

$ python -c 'import htcondor; ad = htcondor.Collector("collector2.opensciencegrid.org:9619").locate(htcondor.DaemonTypes.Schedd, "hosted-ce10.opensciencegrid.org"); print htcondor.SecMan().ping(ad, "READ")["ServerPublicCert"]' | openssl x509 -noout -subject -enddate
subject= /CN=hosted-ce10.opensciencegrid.org
notAfter=Apr 26 12:26:42 2021 GMT

FedCloud

• cASO upgade campaign on OpenStack sites
• badging

Feedback from DMSU

New Known Error Database (KEDB)

The KEDB has been moved to Jira+Confluence: https://confluence.egi.eu/display/EGIKEDB/EGI+Federation+KEDB+Home

• problems are tracked with Jira tickets to better follow-up their evoulution
• problems can be registered by DMSU staff and EGI Operations team

Verify configuration records

On a yearly basis, the information registered into GOC-DB need to be verified. NGIs and RCs have been asked to check them. In particular:

1. NGI managers should review the people registered and the roles assigned to them, and in particular check the following information:
   • E-Mail
   • ROD E-Mail
   • Security E-Mail

NGI Managers should also review the status of the "not certified" RCs, in according to the RC Status Workflow;

1. RCs administrators should review the people registered and the roles assigned to them, and in particular check the following information:
   • E-Mail
   • telephone numbers
   • CSIRT E-Mail

RC administrators should also review the information related to the registered service endpoints.

The process should be completed by July 2nd.

List of tickets.

Monthly Availability/Reliability

• Under-performed sites in the past A/R reports with issues not yet fixed:
  • NGI_FRANCE: https://ggus.eu/index.php?mode=ticket_info&ticket_id=152253
    • AUVERGRID: Long downtime connected to IN2P3-LPC site
  • NGI_HR: https://ggus.eu/index.php?mode=ticket_info&ticket_id=148518
    • egee.irb.hr: major upgrade from CentOS 6 to CentOS 7; tests currently fail due to UNKNOWN status returned
  • NGI_IT: https://ggus.eu/index.php?mode=ticket_info&ticket_id=150818
    • INFN-PISA: HTCondorCE and SRM failures
  • NGI_UA: https://ggus.eu/index.php?mode=ticket_info&ticket_id=152258
    • UA-BITP: authentication issues with one of the nagios servers, fixed; additionally, power supply issues at the resource center
    • UA-KNU: storage system degradation
  • ROC_LA: https://ggus.eu/index.php?mode=ticket_info&ticket_id=148956
    • CBPF: DPM updated; SRM failures due to information not properly published, fixed; other SRM failures due to available space
  • ROC_LA: https://ggus.eu/index.php?mode=ticket_info&ticket_id=150817
    • ICN-UNAM: replaced CREAM-CE; SE certificate expired; new failures with HTCondorCE; problems disappeared after re-installation; further failures on the CE.
• Under-performed sites after 3 consecutive months, under-performed NGIs, QoS violations: (June 2021):
  • NGI_RO: https://ggus.eu/index.php?mode=ticket_info&ticket_id=152839
    • CLOUDIFIN: problem with wsgi-keystone-oidc-voms and EGI Check-in (GGUS 151538) between April and May; crashing of Nova service on some new compute nodes (new resources were added to the site) in the second half of June; statistics are now improving; nn the entire period the users were not affected and all of the existing VMs were running without any problems.
  • NGI_UA: https://ggus.eu/index.php?mode=ticket_info&ticket_id=152841
    • UA-NSCMBR
  • Russia: https://ggus.eu/index.php?mode=ticket_info&ticket_id=152840
    • RU-SARFTI
    • RU-SPbSU
• sites suspended:

IPv6 readiness plans

• please provide updates to the IPv6 assessment (ongoing) https://wiki.egi.eu/w/index.php?title=IPV6_Assessment
• if any relevant, information will be summarised at OMB

APEL migration from ActiveMQ to ARGO Message Service (AMS)

• ActiveMQ dismissed on July 8th: for security reasons it is not possible maintain it any longer.
  • Scheduled Donwtime: https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=30888 https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=30889
• Migration insructions (HTCondorCE, Storage, and Cloud accounting): https://github.com/apel/ssm/blob/dev/migrating_to_ams.md
• ARC 6.12.0 released, instructions:
  • http://www.nordugrid.org/arc/releases/6.12/release_notes_6.12.html
  • all the sites with ARC-CE need to update to this version
• Recommended versions:
  • Apel Clien: 1.9.0
  • APEL SSM: 3.2.0
• Cloud accounting campaign:
  • list of tickets
• HTCondorCE and Storage accounting campaign:
  • list of tickets
• ARC-CE and storage accounting campaign:
  • list of tickets
• Most common issues:
  • mismatch between the host certificate subject registered in GOCDB and the real DN
  • SAN field missing / wrongly defined in the host certificate
  • DNS entries not completely defined
  • same host used to send different types of accounting records
• a new version of ARGO Message Service mitigates the problems related to DNS entries and the SAN field:
  • https://ggus.eu/index.php?mode=ticket_info&ticket_id=151104

Prerequisites for using AMS

• A valid host certificate from an IGTF Accredited CA.
• A GOCDB 'Site' entry flagged as 'Production'.
• A GOCDB 'Service' entry of the correct service type flagged as 'Production'. The following service types are used:
  • For Grid accounting use 'gLite-APEL'.
  • For Cloud accounting use 'eu.egi.cloud.accounting'.
  • For Storage accounting use 'eu.egi.storage.accounting'.
• The 'Host DN' listed in the GOCDB 'Service' entry must exactly match the certificate DN of the host used for accounting. Make sure there are no leading or trailing spaces in the 'Host DN' field.

Monitoring of the accounting data

To ensure the monitoring of the publication of the accounting data, one CE per site needs to be registered as "APEL" service endpoint.

• http://goc-accounting.grid-support.ac.uk/rss/SITE-NAME_Pub.html
• http://goc-accounting.grid-support.ac.uk/rss/SITE-NAME_Sync.html

AOB

Next meeting

Aug