General information


Middleware


UMD

  • CentOS Stream 8 now the recommended OS for new installations
  • C8->CS8 migrations recommended
  • CS9 will be supported by CERN and FNAL
  • middleware: recommended path is C7->CS9 (we will probabily skip CS8)
  • new release https://repository.egi.eu/UMD/4.15.1.html
    • ARC-CE 6.13.0 bug fixes release
    • Xrootd 5.3.1 bug fixes release
    • CERN EOS 5.0.2 new release of EOS Open Storage which provides a storage solution large amounts of physics data and user files, with a focus on interactive and batch analysis.
    • dCache 6.2.31 security vulnerability fix
    • Infrastructure Manager Nagios probe 1.3.1
    • GridFTP 13.21.1 minor bug fix of some Globus packages
    • gfal2 2.19.2 regular update of the gfal clientes
    • gfal2-utils 1.6.0 regular update of the gfal2-utils clientes
    • EGI CVMFS 3.3.16 new release for the EGI default configuration meta-package configured for EGI.
    • CVMFS 2.8.2 patch release containing bug fixes for clients and new diagnostics commands for the client.
    • HTCondor 9.0.1 New major release of HTCondor
    • HTCondor-CE 5.1.3 New Major Reelase of the HTCondor-CE

Preview repository

  • released on 2021-06-10
  • released on 2021-08-11
    • Preview 2.35.0 (CentOS 7): APEL SSM 3.2.1, DPM/DMLite 1.15.0 and 1.15.1, frontier-squid 4.15.2, xrootd 5.3.0
  • We stopped the release of Preview since it doesn't seem to be used very much, and it is also easier to catch the last version of the products from EPEL or the product teams repos prior the release in UMD.

Operations

ARGO/SAM

  • probe for checking the HTCondorCE host certificate validity deployed in production (GGUS 147386):
  • Memory limits set by the ARC-CE probe: https://ggus.eu/index.php?mode=ticket_info&ticket_id=155081
    • the default is 512MB, but they were increased because failures on some sites
      • 1GB for normal test jobs, 1.5GB for security jobs
      • these limits seem to high for a simple test jobs that is expected to run fast and with low demand
    • request to come back to the default limits and let the probe use particular settings in CEs if any
    • a proposal could be:
      • sites with particular environment settings can define the values on GOCDB using the extension properties
      • the probe is executed with its default values unless there is something else defined on GOCDB
        • there is already an option to use for setting a value different from the configuration files. To verify it is suitable to our case

FedCloud

Feedback from DMSU

New Known Error Database (KEDB)

The KEDB has been moved to Jira+Confluence: https://confluence.egi.eu/display/EGIKEDB/EGI+Federation+KEDB+Home

  • problems are tracked with Jira tickets to better follow-up their evoulution
  • problems can be registered by DMSU staff and EGI Operations team

Monthly Availability/Reliability

Documentation

IPv6 readiness plans

Transition from X509 to federated identities (AARC profile token)

  • WLCG is testing aai tokens (WLCG profile) as authz system for accessing the middleware, with Indigo IAM as a replacement of VOMS
  • In Feb 2022 OSG will fully move to token-based AAI, abandoning X509 certificates
  • HTCondorCE: replacement of Grid Community Toolkit
    • The long-term support series (9.0.x) from the CHTC repositories will support X509/VOMS authentication through Sep 2022
    • Starting in 9.3.0 (released in October), the HTCondor feature releases does NOT contain this support
    • EGI sites are recommended to stay with the long-term support series for the time being

What we need to know in preparation of the transition:

Checking the middleware compliance with the AARC Profile token:

Need to check the awareness and readiness of users communities:

  • which GRID services do they use
    • Compute: ARC-CE
    • Compute: HTCondorCE
    • Storage: SRM
    • Storage: webdav/http
    • Storage: GridFTP
  • do you interact directly with Compute and Storage services (e.g., through command line) or do you use a tool (e.g., DIRAC, data transfer tools, data management tools, etc.) available to your VO?

  • do you own and need a personal X509 certificate to access the services or can you use a federated identity (e.g., institutional identity, social account, etc.)
  • are they familiar with AAI identities
  • are they ready for the switch

Migration of the VOs from VOMS to Check-in

  • transition period where both X509 and tokens can be used
    • delays in updating the GRID elements to the latest version compliant with tokens
    • not all if the middleware products can be compliant with tokens at the same time
    • the same VO has to interact with element supporting different authentications

AOB

  • DPM migration
  • New benchmark replacing HEP-SPEC06

Next meeting

Feb

  • No labels