Difference between revisions of "URT:Agenda-2018-10-08"
(→Globus) |
imported>Litmaath (→Globus) |
(No difference)
|
Revision as of 16:33, 8 October 2018
Meeting
- Calendar: https://indico.egi.eu/indico/categoryDisplay.py?categId=107
- meetings are on GoToMeeting
News
- UMD 4.8.0. planned for *end of October*
- preparing CMD-OS/CMD-ONE update
- asked security contact for each product, please fill it in https://wiki.egi.eu/wiki/UMD_products_ID_cards
- open issues with 4.7.1
- Maarten asking for fixing https://ggus.eu/index.php?mode=ticket_info&ticket_id=136074#update#51
- issue with bouncycastle requiring bouncycastle1.58-pkix https://ggus.eu/index.php?mode=ticket_info&ticket_id=136364
- proposal (Bruce Becker) to describe UMD products with a standard JSON schema
- see https://community.egi.eu/t/package-json-for-umd-products/203
- proposal for the bdii was merged a few days ago, resulting in https://github.com/EGI-Foundation/bdii/blob/master/codemeta.json
UMD4
In Verification
- apel ssm 2.3.0
- storm 1.11.14
- dpm 1.10.2
- xroot 4.8.4
Under Staged Rollout
NA
Ready to be Released
NA
CMD-OS
In Verification
- OOI 1.2.0
- rOCCI-cli 4.10.2
In Staged Rollout
NA
Ready to be released
NA
CMD-ONE
In verification
NA
In Staged Rollout
- rocci-cli 4.10.2
- rocci-server 2.0.4
- keystorm 1.1.0
- cloudkeeper 1.6.0
- cloudkeeper-one 1.3.0
- cloud-info-provider 0.9.1
Ready to be released =
NA
Updates from Technical Providers
APEL
Frontier
Indigo-DataCloud
dCache
NTR
DPM/LFC
dmlite 1.10.4 in EPEL6 and EPEL7 stable
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-766ee4f28b
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3bc292f74f
dpm-xrootd 3.6.6 in EPEL testing
Data management clients
New gfal release ( 2.16)
http://dmc.web.cern.ch/release/gfal2-2160
will notify when it will be pushed to EPEL
FTS
FTS 3.8.0 has been tagged
https://gitlab.cern.ch/fts/fts3/tags/v3.8.0
will notify when it will be pushed to EPEL
ARC
There will be an ARC 5 update involving how ARC counts held jobs in Condor. Expected to be released this week or next.
ARC 6 - we are aiming at an alpha release expected this week. Is a very early test-release. Bugs are expected. Testers are welcome.
CREAM
CentOS 7 packages for "CREAM nagios probes": work in progress
QCG
Globus
Grid Community Toolkit (GCT)
As you should be aware, the developers announced that the support of the Globus Toolkit would end on 1 Jan 2018. The development did not completely stop, and there have been updates from the original developers during 2018, which we have packaged for Fedora, EPEL and Debian. When the end of support was announced, a community effort to keep up the maintenance of the toolkit was established [1]. The Grid Community Forum's fork of the Globus Toolkit, named Grid Community Toolkit [2] has been in preparation for some time. And there is now an update in EPEL testing based on the GCT version of the toolkit:
EPEL testing 2018-09-22:
- EPEL7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8aebaba2a9
- EPEL6: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d19f4f231e
This update is a drop in replacement, keeping the names of the libraries and binaries in the toolkit, keeping the package names in the repositories and keeping library sonames the same as in the Globus Toolkit.
Most of the changes to the code in the GCT release with respect to the latest Globus Toolkit release were already present in the packages in the repositories due to patches applied in the packaging.
This update has been 14 days in EPEL testing and can be pushed to EPEL stable. The update has received a +1 karma from Andrea Manzi. There is no negative feedback I am aware of.
globus-gssapi-gsi and TLS 1.2
As previously reported, the globus-gssapi-gsi package currently in EPEL stable (version 13.10-1) changed the default minimum TLS version to 1.2. It is possible to change it to 1.0 (the old default) or 1.1 in /etc/grid-security/gsi.conf or using environment variables.
Unfortunately this change turned out to be more disruptive than anticipated. By the time I was made aware of the problems, the update had already been pushed to EPEL stable. Two separate issues have been reported:
- In versions of globus-gssapi-gsi before 11.26 (January 2016) there was a bug that meant that using the FORCE_TLS option meant forcing TLS 1.0, i.e. it also disabled TLS 1.1 and 1.2, and not only SSLv3. So sites that have such old versions installed and also have set the FORCE_TLS option (which was not the default) could not be contacted by clients that requested TLS version 1.2 as the minimum. The number of sites affected by this issue is expected to be small, and they can be fixed by upgrading and/or configuration.
- The other issue is sites deploying the BeStMan SRM server. This uses a java / jetty / jglobus implementation of GSI and not the Globus Toolkit. Efforts to persuade this implementation to accept a TLS 1.2 connection has so far not been successful. The number and size of sites affected by this issue is not insignificant and includes e.g. the CERN EOS.
- Update Oct 8: CERN EOS BeStMan SRM has been patched (using a JGlobus patch from FNAL). WLCG is preparing a broadcast about other (potentially) affected services using old versions of Java or Globus.
TLS 1.0 and 1.1 are recommended not to be used due to security concerns, so long term it makes sense to set the default minimum TLS version to 1.2. However, in order to limit the disruption, the configuration file in the globus-gssapi-gsi version currently in EPEL testing (14.7-2) have been patched to set the default minimum TLS version to 1.0.
xrootd
caNl
BDII
CentOS 7 packages for "BDII nagios probes": work in progress
WN/UI
Preview
- 2018-08-06
- Preview 1.19.0 AppDB info (sl6): ARGUS 1.7.2, CGSI-gSOAP 1.3.11, CREAM 1.16.7, davix 0.6.8, dCache 3.2.27, frontier-squid 3.5.27-5.2, STORM 1.11.14, xrootd 4.8.4
- Preview 2.19.0 AppDB info (CentOS 7): CGSI-gSOAP 1.3.11, CREAM 1.16.7, davix 0.6.8, dCache 3.2.27, frontier-squid 3.5.27-5.2, xrootd 4.8.4
- gathering information for the new update: DPM 1.10.4, gFal2 2.16.0, gfal2-python 1.9.4, FTS 3.8.0, ...
AOB
nagios probes on CentOS 7
to assess:
- SRM probes (maintained by dCache PT): https://ggus.eu/index.php?mode=ticket_info&ticket_id=136736 (no reply yet)
- ARGUS: nagios-plugins-argus https://ggus.eu/index.php?mode=ticket_info&ticket_id=136697 (no reply yet)
- UNICORE: https://ggus.eu/index.php?mode=ticket_info&ticket_id=136705
- need to ask PL-Grid about the nagios probes,
- verify and discuss offline the status about the UNICORE and EGI interactions.
planned/in progress:
- BDII: glue-validator nagios-plugins-bdii https://ggus.eu/index.php?mode=ticket_info&ticket_id=136695 (on hold until December)
- CREAMCE: glite-ce-cream-cli https://ggus.eu/index.php?mode=ticket_info&ticket_id=136700
- The package for the CREAM probe will be delivered with the next update of CREAM on UMD. At the moment there's no release date for update 1.16.8, we're collecting several bug fixes for different components;
- NGI ARGUS probes (security) https://ggus.eu/index.php?mode=ticket_info&ticket_id=136737
- just one probe from secmon set: https://github.com/ARGOeu/secmon-probes/blob/master/src/probes/argus-ban
- discuss internally if deploying all secmon probes on production ARGO instances or extract this probe in a new repo.
available:
- ARC-CE: nordugrid-arc-nagios-plugins nordugrid-arc-nagios-plugins-egi https://ggus.eu/index.php?mode=ticket_info&ticket_id=136699 (SOLVED)
- The ARC probes and associated client utilities are released for CentOS/SL 7 in the NorduGrid repository.
- FTS probes are available falso for CentOS 7: https://gitlab.cern.ch/fts/nagios-plugins-fts/blob/master/README.md
- QCG: https://ggus.eu/index.php?mode=ticket_info&ticket_id=136704
- already provided for CentOS 7;
- DPM/LFC: nagios-plugins-lfc https://ggus.eu/index.php?mode=ticket_info&ticket_id=136698 (SOLVED)
- there are no plans for future developments of LFC Nagios probes
- Packages are provided in EPEL 6 and 7 and source code is source packages and in the lcgdm svn repository
- the official repos are here, and they are released from time to time, mainly depending on the needs of the DPM project:
- (browser) https://svnweb.cern.ch/trac/lcgdm/browser/nagios-plugins
- (read only) http://svn.cern.ch/guest/lcgdm/nagios-plugins
- (r/w) https://<yourlogin>@svn.cern.ch/reps/lcgdm/nagios-plugins
Next meeting
- Oct 22th, 2018