Difference between revisions of "Agenda-02-09-2013"
(19 intermediate revisions by the same user not shown) | |||
Line 14: | Line 14: | ||
=== 1. Middleware releases and staged rollout === | === 1. Middleware releases and staged rollout === | ||
==== 1.1 News from URT ==== | ==== 1.1 News from URT ==== | ||
* StoRM 1.11.2 still not released | |||
** The PT found an issue (fixed) during the testing and the fix is currently under testing (within days if everything goes well). | |||
* Gridsite 2.1.3(UMD-3) and 1.7.28(UMD-2) | * Gridsite 2.1.3(UMD-3) and 1.7.28(UMD-2) | ||
** To be released during this week by PT | ** To be released during this week by PT | ||
Line 69: | Line 71: | ||
* apel - 2.2.0 | * apel - 2.2.0 | ||
** vulnerability bug fix | ** vulnerability bug fix | ||
<blockquote style="background: lightgrey; color: black; border: solid thin gray;"> | |||
U.Tigerstedt asked if there have been progresses in testing IPv6 capabilities of the components, in particular the VOMS service. | |||
EGI SA2 will start such tests in the coming days. | |||
</blockquote> | |||
=== 1.3 Next UMD releases === | === 1.3 Next UMD releases === | ||
Line 95: | Line 102: | ||
I will open GGUS tickets vs these sites. | I will open GGUS tickets vs these sites. | ||
==== 2.3 CVMFS webinar ==== | ==== 2.3 Registering Argus services in GOCDB ==== | ||
==== 2. | The implementation of the [https://wiki.egi.eu/wiki/EGI_CSIRT:Central_emergency_suspension_project emergency user suspension] framework requires the registration of the ARGUS services in GOCDB. | ||
* Please, register the ARGUS services and add the host DN in GOCDB | |||
* Do NGI deploy NGI-level instance of ARGUS? | |||
** Also test instances will be needed to test the suspension framework | |||
<blockquote style="background: lightgrey; color: black; border: solid thin gray;"> | |||
A.Paolini (NGI_IT) and D.Crooks (NGI_UK) will report about the status of the respective NGIs | |||
<br> | |||
More information about the central emergency user suspension can be found [https://wiki.egi.eu/wiki/EGI_CSIRT:Central_emergency_suspension_project here] | |||
</blockquote> | |||
==== 2.4 UserDN publication in the accouting records ==== | |||
Reminder: follow with sites generating alarms for non published User DN. Currently only few sites have 'critical' failures on that check: | |||
*AM-02-SEUA | |||
*RO-09-UTCN | |||
*RO-11-NIPNE | |||
*MY-UM-CRYSTAL | |||
*MY-UPM-BIRUNI-01 | |||
39 APEL services are returning [https://midmon.egi.eu/nagios/cgi-bin/status.cgi?servicegroup=SERVICE_APEL&style=detail&servicestatustypes=8&hoststatustypes=15 'Unknown'], many of them are sites not publishing accounting at all. | |||
==== 2.5 CVMFS webinar ==== | |||
Catalin Condurache (STFC) will present a webinar about a CVMFS infrastructure for EGI VOs. | |||
*Date: Thurs 5 Sep 2013 | |||
*Time: 11:00 - 11:45 CEST (plus Q&A) | |||
*[https://operations-portal.egi.eu/broadcast/archive/id/999 Announcement] | |||
*The complete Abstract for the presentation and the registration details are available at [https://indico.egi.eu/indico/conferenceDisplay.py?confId=1809 the indico page] | |||
** Please register if you are planning to attend. | |||
==== 2.6 AAI workshop at TF Madrid ==== | |||
AAI workshop on '''Tuesday September 17th at 11:00''' | AAI workshop on '''Tuesday September 17th at 11:00''' | ||
Line 115: | Line 151: | ||
=== 3. AOB === | === 3. AOB === | ||
==== 3.2 Next meeting ==== | ==== 3.2 Next meeting ==== | ||
September 23rd, h14:00 Amsterdam time. | |||
=== 4. Minutes === | |||
==== Participants ==== | |||
Alessandro Paolini | |||
Apostolos Vogklis | |||
David Crooks | |||
Emir Imamagic | |||
Feyza Eryol | |||
Joao Pina | |||
Luis Alves | |||
Mathilde Romberg | |||
Nikola Grkic | |||
Pavlos Daoglou | |||
Peter Slizik | |||
Peter Tylka | |||
Raul Lopes | |||
Ulf Tigerstedt | |||
Vanessa HAMAR | |||
Apostolos Voglis | |||
Comments and questions have been added in the agenda directly |
Latest revision as of 18:15, 5 September 2013
Audio conference link | Conference system is Adobe Connect, no password required. |
Audio conference details | Indico page |
1. Middleware releases and staged rollout
1.1 News from URT
- StoRM 1.11.2 still not released
- The PT found an issue (fixed) during the testing and the fix is currently under testing (within days if everything goes well).
- Gridsite 2.1.3(UMD-3) and 1.7.28(UMD-2)
- To be released during this week by PT
- Not in EPEL yet (gridsite PT is not releasing yet in EPEL)
- Single fix for a problem affecting delegation
- DPM v 1.8.7
- Need to remove packages from the EMI repositories before releasing in EPEL
- FTS3 almost all in EPEL
- dCache 2.2.15 released
- Not the SHA-2 compliant version for UMD-2
- 2.2.16 will include sha-2 support and will be released tomorrow (Tuesday)
- Globus 3.2.2
- Bug fix release from IGE
- GridWay
- GSI-SSHTerm
- BES-GRAM
- Globus Info Provider Service
1.2 Staged rollout updates
New In SR:
- cream-torque v. 2.1.1
- Wrong time format for and Bad timezone format
- emi-cluster v. 2.0.1
- Wrong GLUE output format in a CREAM+Cluster installation and Generated configuration files conflict with CREAM ones
Presently under Staged Rollout:
- emi-ui - 3.0.2
- gridsite - 2.1.2
- This is a hotfix for GridSite, allowing the previously disallowed dash character in delegation IDs. Delegation IDs containing non-alphanumeric characters other than a dot, coma, underscore or dash are rejected. It also properly sets the type of proxy before calling the signing function from caNl.
- canl - 2.1.2
- This is a hotfix for a bug whereby the type of proxy to sign whas erroneously hard-coded to a single value for different types of proxies, most importantly affecting RFC proxies.
- gridsite - 2.1.2
- cream - 1.16.1
- Authentication and authorization in the CREAM service now makes use of the CAnL library. The gLite security libraries are no more required.
- blah - 1.20.2
- Memory leak in BNotifier
- bdii-site - 1.2.1
- This new version of the site BDII contains a fix in the ldap info provider script to set to 'Unknown' cached GLUE state attributes. Bug fixes:BUG #101709: Set to 'Unknown' ldap info provider cached state attributes for the site BDII.
- bdii-top - 1.1.1
- This version of the top BDII fixes a bug in the publication of delayed delete GLUE entries. A new plugin is responsible for publishing cached entries with value 'Unknown' in the corresponding GLUE state attributes. This version also includes a bug fix in the glite-info-update-endpoints script.
- wms - 3.6.0
- This version solves the problem with Argus and WMS integration (SL6).
- voms - 3.2.0
- VOMS Admin now supports Group managers, a mechanism which allow the hierarchical dispatching of the notification resulting from user VO membership and group membership requests.
- apel - 2.2.0
- vulnerability bug fix
U.Tigerstedt asked if there have been progresses in testing IPv6 capabilities of the components, in particular the VOMS service. EGI SA2 will start such tests in the coming days.
1.3 Next UMD releases
A new update for UMD-3 will be released as soon as the test of GSIssh is completed. If StoRM is released in the meantime it will be also added to this release.
2 Operational issues
2.1 Updates from DMSU
Nothing to report.
2.2 Host name in the host certificates
As reported in several GGUS tickets (Rules for issuing certificates for hosts with an alias, Problems related to a myproxy service). Host certificates must have the hostname used to reach the service in either the CN or DNS fields (Common Name and Alternate Subject Name). Please make sure to provide all the needed information to your CA when requesting a new host certificate.
Following up the problems reported in the myproxy GGUS ticket, I checked the certificates of the myproxy services registered in GOCDB and identified 7 instances with wrong certificate details:
- lcg00127.grid.sinica.edu.tw
- lcgrbp01.gridpp.rl.ac.uk
- myproxy.cern.ch
- myproxy.cnaf.infn.it
- myproxy.grid.am
- myproxy.hellasgrid.gr
- myproxy.ipb.ac.rs
I will open GGUS tickets vs these sites.
2.3 Registering Argus services in GOCDB
The implementation of the emergency user suspension framework requires the registration of the ARGUS services in GOCDB.
- Please, register the ARGUS services and add the host DN in GOCDB
- Do NGI deploy NGI-level instance of ARGUS?
- Also test instances will be needed to test the suspension framework
A.Paolini (NGI_IT) and D.Crooks (NGI_UK) will report about the status of the respective NGIs
More information about the central emergency user suspension can be found here
2.4 UserDN publication in the accouting records
Reminder: follow with sites generating alarms for non published User DN. Currently only few sites have 'critical' failures on that check:
- AM-02-SEUA
- RO-09-UTCN
- RO-11-NIPNE
- MY-UM-CRYSTAL
- MY-UPM-BIRUNI-01
39 APEL services are returning 'Unknown', many of them are sites not publishing accounting at all.
2.5 CVMFS webinar
Catalin Condurache (STFC) will present a webinar about a CVMFS infrastructure for EGI VOs.
- Date: Thurs 5 Sep 2013
- Time: 11:00 - 11:45 CEST (plus Q&A)
- Announcement
- The complete Abstract for the presentation and the registration details are available at the indico page
- Please register if you are planning to attend.
2.6 AAI workshop at TF Madrid
AAI workshop on Tuesday September 17th at 11:00
The "Changing the AAI services landscape" workshop focuses on the IOTA
"Identifier-Only" assurance level under definition within IGTF.
The aim is to define a complete and adequate assurance framework for the various services in EGI, taking into account work already done by the communities themselves, the NGIs, and the resource centres, and to prevent duplication of effort within that trust chain.
The IOTA profile under development aims to define a lighter weight vetting framework to complement already available data to reach an acceptable level of assurance -- taking into account both flexibility for users and VREs and the value of the resources protected by these 'IOTA credentials'.
The target of the session is:
- Present the new Identifier-Only Trust Assurance (IOTA) profile to the EGI communities.
- Get feedback from the EGI resource providers about the profile profile minimum requirements to enable the CAs in the resource centres for specific services and/or specific communities.
- Get feedback from the EGI user communities about how a differentiate level of assurance 'can bring in'/'reach out to' new users.
3. AOB
3.2 Next meeting
September 23rd, h14:00 Amsterdam time.
4. Minutes
Participants
Alessandro Paolini Apostolos Vogklis David Crooks Emir Imamagic Feyza Eryol Joao Pina Luis Alves Mathilde Romberg Nikola Grkic Pavlos Daoglou Peter Slizik Peter Tylka Raul Lopes Ulf Tigerstedt Vanessa HAMAR Apostolos Voglis
Comments and questions have been added in the agenda directly