Difference between revisions of "Agenda-02-09-2013"

Audio conference link	Conference system is Adobe Connect, no password required.
Audio conference details	Indico page

1. Middleware releases and staged rollout

1.1 News from URT

• StoRM 1.11.2 still not released
  • The PT found an issue (fixed) during the testing and the fix is currently under testing (within days if everything goes well).
• Gridsite 2.1.3(UMD-3) and 1.7.28(UMD-2)
  • To be released during this week by PT
  • Not in EPEL yet (gridsite PT is not releasing yet in EPEL)
  • Single fix for a problem affecting delegation
• DPM v 1.8.7
  • Need to remove packages from the EMI repositories before releasing in EPEL
• FTS3 almost all in EPEL
• dCache 2.2.15 released
  • Not the SHA-2 compliant version for UMD-2
  • 2.2.16 will include sha-2 support and will be released tomorrow (Tuesday)
• Globus 3.2.2
  • Bug fix release from IGE
  • GridWay
  • GSI-SSHTerm
  • BES-GRAM
  • Globus Info Provider Service

1.2 Staged rollout updates

New In SR:

• cream-torque v. 2.1.1
  • Wrong time format for and Bad timezone format

• emi-cluster v. 2.0.1
  • Wrong GLUE output format in a CREAM+Cluster installation and Generated configuration files conflict with CREAM ones

Presently under Staged Rollout:

• emi-ui - 3.0.2
  • gridsite - 2.1.2
    • This is a hotfix for GridSite, allowing the previously disallowed dash character in delegation IDs. Delegation IDs containing non-alphanumeric characters other than a dot, coma, underscore or dash are rejected. It also properly sets the type of proxy before calling the signing function from caNl.
  • canl - 2.1.2
    • This is a hotfix for a bug whereby the type of proxy to sign whas erroneously hard-coded to a single value for different types of proxies, most importantly affecting RFC proxies.

• cream - 1.16.1
  • Authentication and authorization in the CREAM service now makes use of the CAnL library. The gLite security libraries are no more required.
  • blah - 1.20.2
    • Memory leak in BNotifier

• bdii-site - 1.2.1
  • This new version of the site BDII contains a fix in the ldap info provider script to set to 'Unknown' cached GLUE state attributes. Bug fixes:BUG #101709: Set to 'Unknown' ldap info provider cached state attributes for the site BDII.

• bdii-top - 1.1.1
  • This version of the top BDII fixes a bug in the publication of delayed delete GLUE entries. A new plugin is responsible for publishing cached entries with value 'Unknown' in the corresponding GLUE state attributes. This version also includes a bug fix in the glite-info-update-endpoints script.

• wms - 3.6.0
  • This version solves the problem with Argus and WMS integration (SL6).

• voms - 3.2.0
  • VOMS Admin now supports Group managers, a mechanism which allow the hierarchical dispatching of the notification resulting from user VO membership and group membership requests.

• apel - 2.2.0
  • vulnerability bug fix

1.3 Next UMD releases

A new update for UMD-3 will be released as soon as the test of GSIssh is completed. If StoRM is released in the meantime it will be also added to this release.

2 Operational issues

2.1 Updates from DMSU

Nothing to report.

2.2 Host name in the host certificates

As reported in several GGUS tickets (Rules for issuing certificates for hosts with an alias, Problems related to a myproxy service). Host certificates must have the hostname used to reach the service in either the CN or DNS fields (Common Name and Alternate Subject Name). Please make sure to provide all the needed information to your CA when requesting a new host certificate.

Following up the problems reported in the myproxy GGUS ticket, I checked the certificates of the myproxy services registered in GOCDB and identified 7 instances with wrong certificate details:

• lcg00127.grid.sinica.edu.tw
• lcgrbp01.gridpp.rl.ac.uk
• myproxy.cern.ch
• myproxy.cnaf.infn.it
• myproxy.grid.am
• myproxy.hellasgrid.gr
• myproxy.ipb.ac.rs

I will open GGUS tickets vs these sites.

2.3 CVMFS webinar

Catalin Condurache (STFC) will present a webinar about a CVMFS infrastructure for EGI VOs.

• Date: Thurs 5 Sep 2013
• Time: 11:00 - 11:45 CEST (plus Q&A)
• Announcement
• The complete Abstract for the presentation and the registration details are available at the indico page
  • Please register if you are planning to attend.

2.4 AAI workshop at TF Madrid

AAI workshop on Tuesday September 17th at 11:00

The "Changing the AAI services landscape" workshop focuses on the IOTA "Identifier-Only" assurance level under definition within IGTF.

The aim is to define a complete and adequate assurance framework for the various services in EGI, taking into account work already done by the communities themselves, the NGIs, and the resource centres, and to prevent duplication of effort within that trust chain.

The IOTA profile under development aims to define a lighter weight vetting framework to complement already available data to reach an acceptable level of assurance -- taking into account both flexibility for users and VREs and the value of the resources protected by these 'IOTA credentials'.

The target of the session is:

• Present the new Identifier-Only Trust Assurance (IOTA) profile to the EGI communities.
• Get feedback from the EGI resource providers about the profile profile minimum requirements to enable the CAs in the resource centres for specific services and/or specific communities.
• Get feedback from the EGI user communities about how a differentiate level of assurance 'can bring in'/'reach out to' new users.

3. AOB

3.2 Next meeting

September 23rd, h14:00 Amsterdam time.

4. Minutes