URT:Agenda-2018-03-19
Meeting
- Calendar: https://indico.egi.eu/indico/categoryDisplay.py?categId=107
- meetings are on GoToMeeting
News
- UMD4.6.1 released
- APEL-SSM 2.2.0 - Added a check that certificates have not expired before starting SSM. SSL errors now propagated out properly and saved for received messages. Trimmed down the number of log messages generated for receivers. Added python-devel build requirement for non fedora-packager OSs (CentOS)
- DPM 1.9.2 - This update includes releases 1.9.2 and lcgdm 0.19.0. It contains a fix for dpm-listspaces wrongly reporting 0 free space for pools See http://lcgdm.web.cern.ch/dpm-192-release
- XRootD 4.7.1 - various bug fixes https://github.com/xrootd/xrootd/blob/v4.7.1/docs/ReleaseNotes.txt
- CVMFS server 2.4.4 - fix registration of chunk hashes without bulk hash and non-SHA1 hash algorithm: fix on geoapi. See http://cvmfs.readthedocs.io/en/2.4/cpt-releasenotes.html
- CVMFS 2.4.4 - react to a change of DNS server on macOS. See http://cvmfs.readthedocs.io/en/2.4/cpt-releasenotes.html
- APEL 1.6.1 - various fixes and improvements https://github.com/apel/apel/releases/tag/1.6.1-1
- frontier-squid 3.5.27-3.1 - includes an important configuration change to enable frontier clients to clear out certain types of cached errors
- Next release is regular release UMD 4.7.0 (April)
- UMD3 shutdown end of April
- tests with umd-release upgrade are OK
- broadcast sent to NGIs/sites/VOs https://operations-portal.egi.eu/broadcast/archive/2023
- updates will no longer enter UMD3
- feedback: mpi-start package missing in UMD4/SL6 -> maintenance and usage on grid to be evaluated in order to include it
UMD4
In Verification
- nagios-promoo 1.5.0
- arc 15.03.18
- StoRM 1.11.13
Under Staged Rollout
- apel-ssm 2.2.0
- dpm 1.9.2
- davix 0.6.7
- dpm 1.9.2
- lcgdm 0.19.0
Ready to be Released
- jocci-api 0.2.6
- cvmfs-server 2.4.4
- cvmfs 2.4.4
- xroot 4.7.1
- gridftp 12.4.1
- gram-client 13.19.1
CMD-OS
In Verification
- rocci-cli 4.10.2
- cloudkeeper 1.6.0
- ooi 1.2.0
- gridsite 2.3.4
- cloudkeeper-one 1.3.0
In Staged Rollout
- cloud-info-provider 0.8.4
- cloudkeeper-os 0.9.4
- cloudkeeper 1.5.1
Ready to be released
NA
CMD-ONE
In verification
- cloudkeeper 1.6.0
In Staged Rollout
- gridsite 2.3.4
- cloud-info-provider 0.8.4
- rocci-cli 4.10.2
- rocci-server 2.0.4
- cloudkeeper 1.5.1
- cloudkeeper-one 1.2.5
- keystorm 1.1.0
Ready to be released
NA
Updates from Technical Providers
APEL
Frontier
Indigo-DataCloud
dCache
DPM/LFC
NTR
Data management clients
NTR
FTS
- FTS REST 3.7.1 pushed to EPEL testing. Last package from FTS 3.7.x to be pushed. When in Stable the whole FTS 3.7 components can be included in UMD4
- Missing dep for fts-monitoring on EL6 ( django has been retired from EPEL6).
ARC
NTR (updated 19.03)
QCG
Globus
xrootd
caNl
Preview
- Released on 2018-03-07:
- Preview 1.17.0 AppDB info (sl6): APEL Client/Server 1.6.1, frontier-squid 3.5.27-3.1, FTS 3.7.8, srm-ifce 1.24.3, STORM 1.11.13, xrootd 4.8.1
- Preview 2.17.0 AppDB info (CentOS 7): APEL Client/Server 1.6.1, frontier-squid 3.5.27-3.1, FTS 3.7.8, srm-ifce 1.24.3, xrootd 4.8.1
AOB
products that need to download from VOMS the list of users
VOMS allows to every owner of a IGTF certificate to download the list of users. This is not compliant with the European GDPR, since VO membership is considered sensitive data., so that VOMS needs to implement a stricter ACL to the users list.
In order to understand how to proceed, first of all we need to figure out all the use cases: please let us know if any of your products needs to get the users DN for performing the authentication and authorisation mechanism (i.e. grid-mapfile generation containing the users certificate subject).
For some products it would be possible switching to the VOMS-based authentication/authorisation. In particular there are these cases:
- ARC-CE: is there any documentation describing this setting that the site-administrators can look at for applying the change? Any particular use-case preventing this change?
- Maiken will check and get back to it.
- DPM/LFC: the grid-mapfile with users' DNs is necessary for allowing the web access, but for the usual functionalities it isn't (would not): is that correct? is there any way for changing the access through web browser? I seem to remember that for example STORM doesn't need the users DN grid-mapfile for making the user access via webdav (I don't know exactly the access mechanism), but maybe this is just a webdav feature...
- dCache: it can be configured for using VOMS-based authentication, but the web access would still require the users' DNs
- WLCG VOBOX: I haven't understand if it can switch to the new grid-mapfile stile. In any case, there are (should be) few VOBOX instances around, compared to the amount of other products servers, so adding their certificate DNs into Voms-admin and maintaining them could be only a little blood bath...
- EOS is not voms aware (how many VOs are using it, and how many instances?)
- OSG GUMS: to be phased out
- VO-specific services: few instances, few VOs; it should be quite manageable
noarch packages depend on x86-64
when trying to install the following “noarch” packages on ppc64le system, some of them still required x86-64 dependency:
fts-rest-3.5.4-1.el7.centos.noarch.rpm fts-rest-cloud-storage-3.5.4-1.el7.centos.noarch.rpm fts-rest-http-authz-signed-cert-3.5.4-1.el7.centos.noarch.rpm fts-rest-oauth2-3.5.4-1.el7.centos.noarch.rpm fts-rest-selinux-3.5.4-1.el7.centos.noarch.rpm glexec-wrapper-scripts-0.0.7-1.el7.noarch.rpm mkgltempdir-0.0.5-1.el7.noarch.rpm nordugrid-arc-aris-5.3.1-1.el7.centos.noarch.rpm nordugrid-arc-ca-utils-5.3.1-1.el7.centos.noarch.rpm nordugrid-arc-client-tools-1.0.7-1.el7.centos.noarch.rpm nordugrid-arc-compute-element-1.0.7-1.el7.centos.noarch.rpm nordugrid-arc-doc-2.0.15-1.el7.centos.noarch.rpm nordugrid-arc-gridmap-utils-5.3.1-1.el7.centos.noarch.rpm nordugrid-arc-information-index-1.0.7-1.el7.centos.noarch.rpm nordugrid-arc-ldap-infosys-5.3.1-1.el7.centos.noarch.rpm nordugrid-arc-ldap-monitor-5.3.1-1.el7.centos.noarch.rpm nordugrid-arc-nagios-plugins-doc-1.9.1-0.rc1.el7.centos.noarch.rpm nordugrid-arc-nagios-plugins-egi-1.9.1-0.rc1.el7.centos.noarch.rpm nordugrid-arc-ws-monitor-5.3.1-1.el7.centos.noarch.rpm qcg-appscripts-4.0.0-18.centos7.noarch.rpm qcg-broker-4.2.0-6.centos7.noarch.rpm qcg-broker-client-4.2.0-4.centos7.noarch.rpm qcg-comp-egi-is-provider-4.0.0-5.centos7.noarch.rpm qcg-egi-is-conf-4.0.0-1.centos7.noarch.rpm qcg-ntf-egi-is-provider-4.0.0-1.centos7.noarch.rpm qcg-ntf-nagios-probe-4.0.0-1.noarch.rpm
other AOB
- Next meeting: Apr 9th, 2017 https://indico.egi.eu/indico/event/3931/