Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Agenda-02-09-2013

From EGIWiki
Revision as of 18:15, 5 September 2013 by Psolagna (talk | contribs) (→‎2.3 Registering Argus services in GOCDB)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Audio conference link Conference system is Adobe Connect, no password required.
Audio conference details Indico page



1. Middleware releases and staged rollout

1.1 News from URT

  • StoRM 1.11.2 still not released
    • The PT found an issue (fixed) during the testing and the fix is currently under testing (within days if everything goes well).
  • Gridsite 2.1.3(UMD-3) and 1.7.28(UMD-2)
    • To be released during this week by PT
    • Not in EPEL yet (gridsite PT is not releasing yet in EPEL)
    • Single fix for a problem affecting delegation
  • DPM v 1.8.7
    • Need to remove packages from the EMI repositories before releasing in EPEL
  • FTS3 almost all in EPEL
  • dCache 2.2.15 released
    • Not the SHA-2 compliant version for UMD-2
    • 2.2.16 will include sha-2 support and will be released tomorrow (Tuesday)
  • Globus 3.2.2
    • Bug fix release from IGE
    • GridWay
    • GSI-SSHTerm
    • BES-GRAM
    • Globus Info Provider Service

1.2 Staged rollout updates

New In SR:

  • cream-torque v. 2.1.1
    • Wrong time format for and Bad timezone format
  • emi-cluster v. 2.0.1
    • Wrong GLUE output format in a CREAM+Cluster installation and Generated configuration files conflict with CREAM ones


Presently under Staged Rollout:

  • emi-ui - 3.0.2
    • gridsite - 2.1.2
      • This is a hotfix for GridSite, allowing the previously disallowed dash character in delegation IDs. Delegation IDs containing non-alphanumeric characters other than a dot, coma, underscore or dash are rejected. It also properly sets the type of proxy before calling the signing function from caNl.
    • canl - 2.1.2
      • This is a hotfix for a bug whereby the type of proxy to sign whas erroneously hard-coded to a single value for different types of proxies, most importantly affecting RFC proxies.
  • cream - 1.16.1
    • Authentication and authorization in the CREAM service now makes use of the CAnL library. The gLite security libraries are no more required.
    • blah - 1.20.2
      • Memory leak in BNotifier
  • bdii-site - 1.2.1
    • This new version of the site BDII contains a fix in the ldap info provider script to set to 'Unknown' cached GLUE state attributes. Bug fixes:BUG #101709: Set to 'Unknown' ldap info provider cached state attributes for the site BDII.
  • bdii-top - 1.1.1
    • This version of the top BDII fixes a bug in the publication of delayed delete GLUE entries. A new plugin is responsible for publishing cached entries with value 'Unknown' in the corresponding GLUE state attributes. This version also includes a bug fix in the glite-info-update-endpoints script.
  • wms - 3.6.0
    • This version solves the problem with Argus and WMS integration (SL6).
  • voms - 3.2.0
    • VOMS Admin now supports Group managers, a mechanism which allow the hierarchical dispatching of the notification resulting from user VO membership and group membership requests.
  • apel - 2.2.0
    • vulnerability bug fix

U.Tigerstedt asked if there have been progresses in testing IPv6 capabilities of the components, in particular the VOMS service. EGI SA2 will start such tests in the coming days.

1.3 Next UMD releases

A new update for UMD-3 will be released as soon as the test of GSIssh is completed. If StoRM is released in the meantime it will be also added to this release.

2 Operational issues

2.1 Updates from DMSU

Nothing to report.

2.2 Host name in the host certificates

As reported in several GGUS tickets (Rules for issuing certificates for hosts with an alias, Problems related to a myproxy service). Host certificates must have the hostname used to reach the service in either the CN or DNS fields (Common Name and Alternate Subject Name). Please make sure to provide all the needed information to your CA when requesting a new host certificate.

Following up the problems reported in the myproxy GGUS ticket, I checked the certificates of the myproxy services registered in GOCDB and identified 7 instances with wrong certificate details:

  • lcg00127.grid.sinica.edu.tw
  • lcgrbp01.gridpp.rl.ac.uk
  • myproxy.cern.ch
  • myproxy.cnaf.infn.it
  • myproxy.grid.am
  • myproxy.hellasgrid.gr
  • myproxy.ipb.ac.rs

I will open GGUS tickets vs these sites.

2.3 Registering Argus services in GOCDB

The implementation of the emergency user suspension framework requires the registration of the ARGUS services in GOCDB.

  • Please, register the ARGUS services and add the host DN in GOCDB
  • Do NGI deploy NGI-level instance of ARGUS?
    • Also test instances will be needed to test the suspension framework

A.Paolini (NGI_IT) and D.Crooks (NGI_UK) will report about the status of the respective NGIs
More information about the central emergency user suspension can be found here

2.4 UserDN publication in the accouting records

Reminder: follow with sites generating alarms for non published User DN. Currently only few sites have 'critical' failures on that check:

  • AM-02-SEUA
  • RO-09-UTCN
  • RO-11-NIPNE
  • MY-UM-CRYSTAL
  • MY-UPM-BIRUNI-01

39 APEL services are returning 'Unknown', many of them are sites not publishing accounting at all.


2.5 CVMFS webinar

Catalin Condurache (STFC) will present a webinar about a CVMFS infrastructure for EGI VOs.

  • Date: Thurs 5 Sep 2013
  • Time: 11:00 - 11:45 CEST (plus Q&A)
  • Announcement
  • The complete Abstract for the presentation and the registration details are available at the indico page
    • Please register if you are planning to attend.

2.6 AAI workshop at TF Madrid

AAI workshop on Tuesday September 17th at 11:00


The "Changing the AAI services landscape" workshop focuses on the IOTA "Identifier-Only" assurance level under definition within IGTF.

The aim is to define a complete and adequate assurance framework for the various services in EGI, taking into account work already done by the communities themselves, the NGIs, and the resource centres, and to prevent duplication of effort within that trust chain.

The IOTA profile under development aims to define a lighter weight vetting framework to complement already available data to reach an acceptable level of assurance -- taking into account both flexibility for users and VREs and the value of the resources protected by these 'IOTA credentials'.

The target of the session is:

  • Present the new Identifier-Only Trust Assurance (IOTA) profile to the EGI communities.
  • Get feedback from the EGI resource providers about the profile profile minimum requirements to enable the CAs in the resource centres for specific services and/or specific communities.
  • Get feedback from the EGI user communities about how a differentiate level of assurance 'can bring in'/'reach out to' new users.

3. AOB

3.2 Next meeting

September 23rd, h14:00 Amsterdam time.

4. Minutes

Participants

Alessandro Paolini
Apostolos Vogklis
David Crooks
Emir Imamagic
Feyza Eryol
Joao Pina
Luis Alves
Mathilde Romberg
Nikola Grkic
Pavlos Daoglou
Peter Slizik
Peter Tylka
Raul Lopes
Ulf Tigerstedt
Vanessa HAMAR
Apostolos Voglis

Comments and questions have been added in the agenda directly

Retrieved from "https://wiki.egi.eu/w/index.php?title=Agenda-02-09-2013&oldid=59635"