General information

EGI Core Services: new bidding ongoing

• The bidding for the EGI Services covering 2024-01 - 2026-12 was announced last December
  • applications/expression of interest were received and under discussion with the suppliers
  • NGIs can still send their Expression of Interests for the 2nd level Support Activity
• EGI Core services delivered in best effort mode between July and December 2023
  • Broadcast circulated on July 6th
  • Gap between EGI-ACE project (ended in June 2023) and the EOSC procurement that is going to fund them (starting from Jan 2024)
  • ensured continuous operation and security system maintenance

Middleware

UMD

• moving the UMD infrastructure to production.
• new UMD update to be announced soon.

Operations

Accounting Repository

Pub/Sync system taken offline for a security issue. APEL Repository operation unaffected, but Repository test is provided via the pub/sync hosts.

ARGO/SAM

• Monitoring of xrootd endpoints
  • some endpoints are exposed outside the site in read-only mode
  • the new service type "eu.egi.readonly.xrootd" was created for this purpose (see GGUS 160848)
  • new version of the xrootd probe executing only "read" tests: to be added in UMD and deployed in ARGO (GGUS 163071)
• New version of srm probe to be deployed (GGUS 162411) and to be included in UMD (GGUS 162424)
  • support for py3 only
  • support for SRM+HTTPS
  • updated default Top-BDII endpoint

FedCloud

• Need for the FedCloud sites to perform a risk assessment to ensure that adequate measures are in place to mitigate the risk of users data loss.

Feedback from DMSU

New Known Error Database (KEDB)

The KEDB has been moved to Jira+Confluence: https://confluence.egi.eu/display/EGIKEDB/EGI+Federation+KEDB+Home

• problems are tracked with Jira tickets to better follow-up their evolution
• problems can be registered by DMSU staff and EGI Operations team

Monthly Availability/Reliability

Under-performed sites in the past A/R reports with issues not yet fixed:

• AsiaPacific: https://ggus.eu/index.php?mode=ticket_info&ticket_id=165199
  • INDIACMS-TIFR:
• NGI_BG: https://ggus.eu/index.php?mode=ticket_info&ticket_id=164857
  • BG05-SUGrid: Site in downtime due to hardware problems.
• NGI_DE: https://ggus.eu/index.php?mode=ticket_info&ticket_id=162630
  • UNI-SIEGEN-HEP: SRM failures
• NGI_GRNET: https://ggus.eu/index.php?mode=ticket_info&ticket_id=164544
  • GRNET-OPENSTACK: cloud infrastructure not working, fixed.
• NGI_IT: https://ggus.eu/index.php?mode=ticket_info&ticket_id=165200
  • INFN-FRASCATI: SRM protocol was disabled after the migration to dCache but the info in GOCDB wasn't updated.
  • INFN-PISA: information on GOCDB about webdav to be fixed. 
• NGI_IBERGRID: https://ggus.eu/index.php?mode=ticket_info&ticket_id=165201
  • NCG-INGRID-PT: failures due to the file naming convention used by the metric; more entropy is needed…
• NGI_UK: https://ggus.eu/index.php?mode=ticket_info&ticket_id=165202
  • UKI-SOUTHGRID-SUSX: IGTF packages not updated in time; other failures in Febvruary.
• ROC_LA: https://ggus.eu/index.php?mode=ticket_info&ticket_id=165196
  • ATLAND: information on GOCDB about webdav to be fixed. 

Under-performed sites after 3 consecutive months, under-performed NGIs, QoS violations: (Feb 2024):

• NGI_IBERGRID: https://ggus.eu/index.php?mode=ticket_info&ticket_id=165489
  • CESGA:
• NGI_PL: https://ggus.eu/index.php?mode=ticket_info&ticket_id=165490
  • CYFRONET-CLOUD:

sites suspended: 

IPv6 readiness plans

• please provide updates to the IPv6 assessment (ongoing) https://wiki.egi.eu/w/index.php?title=IPV6_Assessment
• if any relevant, information will be summarised at OMB

Campaign to upgrade HTCondor to version 10 with SSL authentication enabled

• The campaign to decommission HTCondor <= 9 was started
  • Upgrade to HTCondor 10 (or 23) with SSL authentication enabled
• Tickets to sites created at the beginning of November 2023
• Details in this page.

Important for the sites:

• Please start collecting information from the VOs you support about the DNs that should be mapped on your endpoints
• Mapping for the ops VO - at least the following certificates:
  • EGI Monitoring Service:
    • "/DC=EU/DC=EGI/C=GR/O=Robots/O=Greek Research and Technology Network/CN=Robot:argo-egi@grnet.gr"
    • "/DC=EU/DC=EGI/C=HR/O=Robots/O=SRCE/CN=Robot:argo-egi@cro-ngi.hr"
  • EGI Security monitoring:
    • "/DC=EU/DC=EGI/C=GR/O=Robots/O=Greek Research and Technology Network/CN=Robot:argo-secmon@grnet.gr"

Important for the VOs:

• update the condor-client as well in coordination with the sites

Monitoring:

• CE client updated also on ARGO (GGUS 163583)
• To be clarified with the developers if the current version of the probe can work also with Check-in tokens.

Accounting of HTC jobs using token-based authentication

• Transition period where the Computing Elements are supporting different authentication methods (X509 personal certificates + VOMS, and tokens) in order to allow the VOs an easier migration towards token-based authentication.
• Already a few cases of VOs using only tokens, and it was noticed that our middleware is not able to gather the associated accounting information as instead it should.
• Need to find a solution (either temporary or for the long-term) valid for any kind of CE and any kind of token profile
  • Involving CE developers, APEL Accounting team, AAI team
• Git-hub issue and GGUS 155987
• Grand Unified Token (GUT) profile WG

New server for dteam VO

• The current VOMS server voms2.hellasgrid.gr is going to be decommissioned soon.
• CERN provided an Indigo IAM server to replace it: https://dteam-auth.cern.ch/
  • Users have been imported from the voms server
  • for the time being, new memberships will still be handled with the voms server
• The sites need to update their configuration as soon as possible
  • Created the rpm wlcg-iam-lsc-dteam containing the .lsc file of the new server
• Follow the instruction in https://twiki.cern.ch/twiki/bin/view/LCG/VOMSLSCfileConfiguration

Configuration example for dteam VO:

----------------------------------------------------------------------
# ls -l /etc/grid-security/vomsdir/dteam/
total 8
-rw-r--r--. 1 root root 102 Dec  6 22:04 voms-dteam-auth.cern.ch.lsc
-rw-r--r--. 1 root root 129 Jan 19  2017 voms2.hellasgrid.gr.lsc
----------------------------------------------------------------------
# cat /etc/grid-security/vomsdir/dteam/voms-dteam-auth.cern.ch.lsc
/DC=ch/DC=cern/OU=computers/CN=dteam-auth.cern.ch
/DC=ch/DC=cern/CN=CERN Grid Certification Authority
----------------------------------------------------------------------
# cat /etc/grid-security/vomsdir/dteam/voms2.hellasgrid.gr.lsc
/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr
/C=GR/O=HellasGrid/OU=Certification Authorities/CN=HellasGrid CA 2016
----------------------------------------------------------------------

• The information about the "vomses" file for the UI will be added to the wiki mentioned above within a few days, waiting for more sites updating their configuration.
• Broadcast circulated to the sites on Dec 7th

New benchmark HEPscore23

The benchmark HEPscore23 is replacing the old Hep-SPEC06

Recent activities:

• Some tests in particular with sites sending normalised reports were performed.
• APEL
  • APEL client 1.9.2 released that adds basic HEPscore23 publishing using existing message format
    • It needs to be added to UMD
  • APEL server release candidate in testing
    • Test sending of old format normalised records to new APEL server software at Portal
    • Create an update schema to apply to Repository database during rollout
  • Working on python 3 compatibility and EL8/EL9
  • Testing a fix in ARC-CE for the proper configuration of HEPscore23
• Accounting Portal
  • Implementation of new features
    • General data filtering by benchmark
    • Specific data filtering by benchmark
    • Custom plots according to the benchmark data filtering
  • Staging environment (https://accounting-staging.egi.eu)
• Expected completion: mid-March
• Please contact us if you'd like to make tests with the new benchmark
• Information for testing the publication of accounting records with the new benchmark:
  • https://twiki.cern.ch/twiki/bin/view/LCG/ChangesForHEPscore#Testing

HEPSCORE application:

• link to the gitlab page: https://gitlab.cern.ch/hep-benchmarks/hep-score

April 2023 GDB:

• presentations about the new benchmark

Feb 2024 WLCG Operations Coordination meeting:

• presentations about HEPscore23 and APEL status

Monitoring of webdav and xrootd protocols/endpoints

• 93 tickets were created requesting to update the information for monitoring webdav and xrootd endpoints
  • Extension Properties to set:
    • webdav:
      • Name: ARGO_WEBDAV_OPS_URL
      • Value: webdav URL containing also the VO ops folder, for example: https://darkstorm.cnaf.infn.it:8443/webdav/ops or https://hepgrid11.ph.liv.ac.uk/dpm/ph.liv.ac.uk/home/ops/
    • xrootd:
      • Name: ARGO_XROOTD_OPS_URL
      • Value: XRootD base SURL to test (the path where ops VO has write access, for example: root://eosatlas.cern.ch//eos/atlas/opstest/egi/, root://recas-se-01.cs.infn.it:1094/dpm/cs.infn.it/home/ops/, root://dcache-atlas-xrootd-ops.desy.de:2811/pnfs/desy.de/ops or similar)
  • Reference: https://docs.egi.eu/internal/configuration-database/adding-service-endpoint/#webdav
  • Link to the broadcast circulated in October 2022
  • 79 tickets were solved (5 Unsolved)
• From Nov 6th ARGO retrieves the endpoint url information only from the extension properties.

AOB

Next meeting

April