Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Agenda-10-02-2014"

From EGIWiki
Jump to navigation Jump to search
 
(25 intermediate revisions by 3 users not shown)
Line 14: Line 14:
= 1. Middleware releases and staged rollout =
= 1. Middleware releases and staged rollout =
== 1.1 News from URT ==
== 1.1 News from URT ==
EMI released updates for EMI-3 and EMI-2:
*[http://www.eu-emi.eu/releases/emi-3-monte-bianco/updates/-/asset_publisher/5Na8/content/update-13-03-02-2014-v-3-7-1-1 EMI-3 update 13] containing updates for:
** gLite-proxyrenewal
** caNL
** StoRM
* [http://www.eu-emi.eu/emi-2-matterhorn/updates/-/asset_publisher/9AgN/content/update-22-03-02-2014-v-2-10-6-1 EMI-2 update 22] containing updates for:
** proxyrenewal 1.3.35
Other updates from PTs:
* DPM/LFC inclusion of STAR accounting to be used off of the shelf
* FTS3 release in EPEL
* WMS update by the end of February


== 1.2 UMD release ==
== 1.2 UMD release ==


https://wiki.egi.eu/wiki/UMD-3:UMD-3.4.0
* '''UMD [http://repository.egi.eu/2014/01/29/release-umd-3-4-0/ 3.4.0]''' was released 29/01/2014 and contained the following components:
 


* CREAM TORQUE v. 2.1.2: This release fixes the wrong total cpu count from PBS infoprovider together with a dependency issue with lcg-info-dynamic-scheduler
* CREAM TORQUE v. 2.1.2: This release fixes the wrong total cpu count from PBS infoprovider together with a dependency issue with lcg-info-dynamic-scheduler
Line 34: Line 48:


* GridSite v. 2.2.0 : This is a minor release of GridSite addressing the issue of key lengths being hard-coded at 512 bits. It increases the default key length to 1024 bits, and exposes new functions in the API to accepts custom key lengths.
* GridSite v. 2.2.0 : This is a minor release of GridSite addressing the issue of key lengths being hard-coded at 512 bits. It increases the default key length to 1024 bits, and exposes new functions in the API to accepts custom key lengths.
* '''UMD-2''' (UMD 2.80 [http://repository.egi.eu/category/umd_release_candidates/umd_2_rc2/ RC]):
** proxyrenewal 1.3.35
** gridsit v. 1.7.29
** Globus-proxy-utils v. 5.0.6
** cream v. 1.14.6
* UMD-2 is considered under security support, but update Gridsite, glite-px and globus-proxy-utils in order to make them compatible with the latest openssl updates. Since UMD-2 will start the decommissioning process soon, only a verification will be performed.


== 1.3 Staged rollout updates ==
== 1.3 Staged rollout updates ==
Line 44: Line 66:
*** gridftp v. 5.2.5
*** gridftp v. 5.2.5
*** gram5 v. 5.2.5
*** gram5 v. 5.2.5
** '''canl v. 2.2.1'''
** '''glite-proxyrenewal v. 2.1.3'''
** '''gridsite v. 2.2.1'''


=== 1.3.1 WMS issues ===
=== 1.3.1 WMS issues ===
Line 49: Line 74:
* At the moment there are 5 major open issues with WMS:  
* At the moment there are 5 major open issues with WMS:  
** There are two problems regarding with the proxies that in some cases can '''still generate 512 bits proxies''':
** There are two problems regarding with the proxies that in some cases can '''still generate 512 bits proxies''':
*** The WMS Purger still uses 512 bits which is hard-coded and can update wms's proxy with the worng 512 bits ([Problem  https://issues.infn.it/jira/browse/WMS-114 NOTES).  
*** The WMS Purger still uses 512 bits which is hard-coded and can update wms's proxy with the wrong 512 bits ([https://issues.infn.it/jira/browse/WMS-114 NOTES]).  
*** The glite-wms-create-proxy.sh uses an undefined GLOBUS_LOCATION env var which avoids the invocation of grid-proxy-init, which by default produces 1024bit proxies. The missing variable its solved by the WMS purger which then generates 512 bits proxies. ([https://issues.infn.it/jira/browse/WMS-113 NOTES]).
*** The glite-wms-create-proxy.sh uses an undefined GLOBUS_LOCATION env var which avoids the invocation of grid-proxy-init, which by default produces 1024bit proxies. The missing variable its solved by the WMS purger which then generates 512 bits proxies. ([https://issues.infn.it/jira/browse/WMS-113 NOTES]).
**  Issues introduced only in 3.6.2 (UMD not affected):
**  Issues introduced only in 3.6.2 (UMD not affected):
** WMProxy still uses the low-level symlink call which doesn't support heading dash ("-") in the filenames ([https://issues.infn.it/jira/browse/WMS-115 NOTES]).
** WMProxy still uses the low-level symlink call which doesn't support heading dash ("-") in the file names ([https://issues.infn.it/jira/browse/WMS-115 NOTES]).
** Bad exception handling in ICE prevents the user from getting a readable error message ([https://issues.infn.it/jira/browse/WMS-116 NOTES]).
** Bad exception handling in ICE prevents the user from getting a readable error message ([https://issues.infn.it/jira/browse/WMS-116 NOTES]).
** Problem on glite-wms-wmproxy-api-java with TERENA certificate ([https://issues.infn.it/jira/browse/WMS-117 NOTE])
** Problem on glite-wms-wmproxy-api-java with TERENA certificate ([https://issues.infn.it/jira/browse/WMS-117 NOTE])
Line 61: Line 86:


== 1.4 Next releases ==
== 1.4 Next releases ==
* UMD-2 this week
* UMD-3 next week


= 2. Operational issues =
= 2. Operational issues =
Line 70: Line 97:
For [https://wiki.egi.eu/wiki/Software_Retirement_Calendar#Decommissioning_Calendar_EMI2 EMI 2] the end of security support is: 30-04-2014. And unsupported services must be either decommissioned, upgraded or in downtime after ''31 May 2014''.
For [https://wiki.egi.eu/wiki/Software_Retirement_Calendar#Decommissioning_Calendar_EMI2 EMI 2] the end of security support is: 30-04-2014. And unsupported services must be either decommissioned, upgraded or in downtime after ''31 May 2014''.


A broadcast will be sent today to sites and NGIs.  
A broadcast has been sent to sites and NGIs.  
 
Broadcast text:
 
<pre>
Dear Resource Centre Administrators and VO Managers.
 
The EMI-2 software will reach end of security updates and support on 30-04-2014
(http://www.eu-emi.eu/releases#MajRel).
 
In compliance to the EGI Service Operations Security Policy (https://documents.egi.eu/document/669) [1], unsupported software SHOULD be decommissioned before its End of Security Updates and Support, and MUST be retired no later than 1 month after its End of Security Updates and Support. After this date, if a critical vulnerability were to emerge in the software, EGI CSIRT can request the service to be turned off immediately [2].
 
Because of this, as of March 03 2014, Resource Centre Administrators will start getting alerts about EMI 2 products deployed in their site. The list of the affected service end-points will be available on the Operations Dashboard of your site: https://operations-portal.egi.eu/dashboard.
 
Purpose of these alarms is to:
1- pro-actively alert administrators about the need to upgrade EMI-2 services before they reach end of security updates and support;
2- collect information about decommissioning/upgrade plans of the affected products.
 
IMPORTANT. According to the EGI decommissioning policy [2], the decommissioning deadline expires one month after the end of security updates and support of the software.
For EMI 2 products this is: 31-05-2014 [3].
 
EMI 2 software versions are in general detected through nagios tests, which query the information discovery system (BDII), on whose accuracy they depend on.
 
Please get in touch with your NGI operations staff for more information, or open a GGUS ticket.
 
Best wishes
Peter Solagna - EGI Operations
 
[1] a Resource Centre Administrator ''SHOULD follow IT security best practices that include pro-actively applying software patches, updates or configuration changes related to security''.
[2] https://wiki.egi.eu/wiki/PROC16#Policy
[3] https://wiki.egi.eu/wiki/Software_Retirement_Calendar#Decommissioning_Calendar_EMI2
</pre>


=== List of affected products ===
=== List of affected products ===
Line 116: Line 112:
*StoRM ''older'' than v.1.11.0
*StoRM ''older'' than v.1.11.0
*VOMS v.2.*
*VOMS v.2.*
== 2.2 NGI Argus status ==
The following table has been prepared by Sven Gabriel and shows the status of GGUS tickets opened to track the deployment of Argus services at NGI level.
{|border="1" class="wikitable sortable" border="1
|- style="background-color:lightgray;"
!Resp. Unit
!Status
!Hostname
!DN
!Central Instance Connect
!Nagios (Updated Ban Info)
|-
|NGI_MARGI || assigned || NONE || || ||
|-
|ROC_Russia || solved || b4ng.jinr.ru || /C=RU/O=RDIG/OU=hosts/OU=jinr.ru/CN=b4ng.jinr.ru || || ||
|-
|ROC_LA || in progress || argus.hpc.utfsm.cl || /C=CL/O=REUNACA/O=REUNA/OU=UTFSM/CN=argus.hpc.utfsm.cl || || ||
|-
|ROC_Canada || closed || roc-policy.triumf.ca || /C=CA/O=Grid/OU=triumf.ca/CN=roc-policy.triumf.ca|| || ||
|-
|ROC_Asia/Pacific || in progress || argus02.grid.sinica.edu.tw || /C=TW/O=AS/OU=GRID/CN=argus02.grid.sinica.edu.tw || || ||
|-
|NGI_ZA || closed || NONE || || ||
|-
|NGI_UK || in progress || argusngi.gridpp.rl.ac.uk || /C=UK/O=eScience/OU=CLRC/L=RAL/CN=argusngi.gridpp.rl.ac.uk || || ||
|-
|NGI_UA || closed || argus.grid.org.ua || /DC=org/DC=ugrid/O=hosts/O=KNU/CN=argus.grid.org.ua NiP|| || ||
|-
|NGI_TR || closed || nagios.ulakbim.gov.tr || /C=TR/O=TRGrid/OU=TUBITAK-ULAKBIM/CN=nagios.ulakbim.gov.tr || || ||
|-
|NGI_SK || closed || argus.slovakgrid.sk || /C=SK/O=SlovakGrid/O=IISAS/CN=argus.slovakgrid.sk || || ||
|-
|NGI_SI || closed || argus.sling.si || /C=SI/O=SiGNET/O=SLING/CN=argus.sling.si || || ||
|-
|NGI_RO || in progress || TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB|| || ||
|-
|NGI_PL || on hold || TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB|| || ||
|-
|NGI_NL || closed || argus.grid.sara.nl || /O=dutchgrid/O=hosts/OU=sara.nl/CN=argus.grid.sara.nl || || ||
|-
|NGI_NDGF || closed || liuske.csc.fi || NO DN REGISTERED IN GOC-DB|| || ||
|-
|NGI_ME || solved || TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB|| || ||
|-
|NGI_MD || closed || node01-02.imi.renam.md || NO DN REGISTERED IN GOC-DB || N2 || ||
|-
|NGI_IT || solved || argus-it.cnaf.infn.it || NO DN REGISTERED IN GOC-DB|| || ||
|-
|NGI_IL || in progress || TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB || N3 || ||
|-
|NGI_IBERGRID || closed || rargus.ifca.es || /DC=es/DC=irisgrid/O=ifca/CN=host/rargus.ifca.es || || ||
|-
|NGI_HU || closed || grid146.kfki.hu || NO DN REGISTERED IN GOC-DB || || ||
|-
|NGI_HR || in progress || TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB || || ||
|-
|NGI_GRNET || closed || argus-ngi.core.hellasgrid.gr /C=GR/O=HellasGrid/OU=athena.hellasgrid.gr/CN=argus-ngi.core.hellasgrid.gr || || ||
|-
|NGI_GE || closed || argus.sg.grena.ge || /DC=ORG/DC=SEE-GRID/O=Hosts/O=Georgian Research ..../CN=argus.sg.grena.ge |||| ||
|-
|NGI_FRANCE || in progress || TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB|| || || ||
|-
|NGI_FI || closed || liuske.csc.fi || SEE NGI_NDGF || ||
|-
|NGI_DE || solved || TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB || N3 || ||
|-
|NGI_CZ || closed || ngiargus.grid.cesnet.cz || /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=argus.grid.cesnet.cz || || ||
|-
|NGI_CYGRID || closed || argus.grid.ucy.ac.cy ? || /C=CY/O=CyGrid/O=HPCL/CN=argus.grid.ucy.ac.cy ? N3 || ||
|-
|NGI_CH || in progress || TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB, || || ||
|-
|NGI_BY || in progress || TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB|| || ||
|-
|NGI_BG || solved || argus.ipp.acad.bg ? || /DC=bg/DC=acad/O=hosts/O=IICT-BAS/OU=GTA/CN=argus.ipp.acad.bg ? N3|| || ||
|-
|NGI_BA || closed || TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB|| || ||
|-
|NGI_ARMGRID || solved || argus.grid.am || /C=AM/O=ArmeSFo/O=IIAP NAS RA/OU=HPC Laboratory/CN=argus.grid.am || || ||
|-
|NGI_AL || closed || ONE SITE IN THAT NGI, THIS ONE IS CLOSED|| || ||
|-
|NGI_AEGIS || closed || argus.ipb.ac.rs || /C=RS/O=AEGIS/OU=Institute of Physics Belgrade/CN=host/argus.ipb.ac.rs|| || ||
|}
== 2.3 GLUE2 validation ==
No improvements in the last weeks, please follow up with your sites:
*[https://indico.egi.eu/indico/materialDisplay.py?contribId=0&materialId=2&confId=1858 Sites publishing obsolete entries]
*[https://indico.egi.eu/indico/materialDisplay.py?contribId=0&materialId=1&confId=1858 Sites publishing non permitted default values]


= 3. AOB  =
= 3. AOB  =

Latest revision as of 02:44, 25 March 2014

Audio conference link Conference system is Adobe Connect, no password required.
Audio conference details Indico page



1. Middleware releases and staged rollout

1.1 News from URT

EMI released updates for EMI-3 and EMI-2:

Other updates from PTs:

  • DPM/LFC inclusion of STAR accounting to be used off of the shelf
  • FTS3 release in EPEL
  • WMS update by the end of February

1.2 UMD release

  • UMD 3.4.0 was released 29/01/2014 and contained the following components:
  • CREAM TORQUE v. 2.1.2: This release fixes the wrong total cpu count from PBS infoprovider together with a dependency issue with lcg-info-dynamic-scheduler
  • ARC-CE v. 4.0.0: This is a major release of ARC-CE and include updates for both server and client tools. Among several new features now ARC client tools use by default the new client-side BDB job storage if available this leads to an backwards incompatible since jobs stored in xml file will not be accessed.
  • QCG COMP v. 3.2.0 : This release provides and optimization of the GetFactoryAttributes method together with an extension element in SLURM module and some bug fixes.
  • BDII-CORE v. 1.5.5: On this release there a new version of glite-yaim-bdii that sets the top BDII cache validity to 4 days by default. Also this release also contains a new version of glue-validator-cron that logs only the results for full EGI profile GLUE 2 validation.
  • BDII-TOP v. 1.1.4: This release decommissions the FCR (Freedom of Choice of Resources) mechanism that is no longer needed in the top BDII.

Messaging:

  • QCG NOTIFICATION v. 3.2.0 : This release provides server improvements like the option for disabling Current Messages and several bugfixes.
  • GridSite v. 2.2.0 : This is a minor release of GridSite addressing the issue of key lengths being hard-coded at 512 bits. It increases the default key length to 1024 bits, and exposes new functions in the API to accepts custom key lengths.
  • UMD-2 (UMD 2.80 RC):
    • proxyrenewal 1.3.35
    • gridsit v. 1.7.29
    • Globus-proxy-utils v. 5.0.6
    • cream v. 1.14.6
  • UMD-2 is considered under security support, but update Gridsite, glite-px and globus-proxy-utils in order to make them compatible with the latest openssl updates. Since UMD-2 will start the decommissioning process soon, only a verification will be performed.

1.3 Staged rollout updates

  • Currently in staged rollout:

1.3.1 WMS issues

  • At the moment there are 5 major open issues with WMS:
    • There are two problems regarding with the proxies that in some cases can still generate 512 bits proxies:
      • The WMS Purger still uses 512 bits which is hard-coded and can update wms's proxy with the wrong 512 bits (NOTES).
      • The glite-wms-create-proxy.sh uses an undefined GLOBUS_LOCATION env var which avoids the invocation of grid-proxy-init, which by default produces 1024bit proxies. The missing variable its solved by the WMS purger which then generates 512 bits proxies. (NOTES).
    • Issues introduced only in 3.6.2 (UMD not affected):
    • WMProxy still uses the low-level symlink call which doesn't support heading dash ("-") in the file names (NOTES).
    • Bad exception handling in ICE prevents the user from getting a readable error message (NOTES).
    • Problem on glite-wms-wmproxy-api-java with TERENA certificate (NOTE)

1.3.2 CREAM_SLURM

  • Cream-slurm v. 1.0.1 as some problem with accounting that many records not being published even if jobs successfully finished. This is under investigation so if you are planning to deploy cream-slurm I would delay it until putting into production.

1.4 Next releases

  • UMD-2 this week
  • UMD-3 next week

2. Operational issues

2.1 Report from DMSU

Nothing to report

2.1 EMI-2 decommision calendar

According to the EGI decommissioning policy, the decommissioning deadline expires one month after the end of security updates and support of the software. For EMI 2 the end of security support is: 30-04-2014. And unsupported services must be either decommissioned, upgraded or in downtime after 31 May 2014.

A broadcast has been sent to sites and NGIs.

List of affected products

  • ARC v2.*
  • ARGUS v1.5.*
  • BDII Site older than v1.2.0
  • BDII Top older than v1.1.0
  • CREAM v1.14.*
  • dCache v2.2.*
  • DPM older than v1.8.6
  • EMI-UI v2.*
  • EMI-WN v2.*
  • FTS v.2.2.8
  • StoRM older than v.1.11.0
  • VOMS v.2.*

2.2 NGI Argus status

The following table has been prepared by Sven Gabriel and shows the status of GGUS tickets opened to track the deployment of Argus services at NGI level.

Resp. Unit Status Hostname DN Central Instance Connect Nagios (Updated Ban Info)
NGI_MARGI assigned NONE
ROC_Russia solved b4ng.jinr.ru /C=RU/O=RDIG/OU=hosts/OU=jinr.ru/CN=b4ng.jinr.ru
ROC_LA in progress argus.hpc.utfsm.cl /C=CL/O=REUNACA/O=REUNA/OU=UTFSM/CN=argus.hpc.utfsm.cl
ROC_Canada closed roc-policy.triumf.ca /C=CA/O=Grid/OU=triumf.ca/CN=roc-policy.triumf.ca
ROC_Asia/Pacific in progress argus02.grid.sinica.edu.tw /C=TW/O=AS/OU=GRID/CN=argus02.grid.sinica.edu.tw
NGI_ZA closed NONE
NGI_UK in progress argusngi.gridpp.rl.ac.uk /C=UK/O=eScience/OU=CLRC/L=RAL/CN=argusngi.gridpp.rl.ac.uk
NGI_UA closed argus.grid.org.ua /DC=org/DC=ugrid/O=hosts/O=KNU/CN=argus.grid.org.ua NiP
NGI_TR closed nagios.ulakbim.gov.tr /C=TR/O=TRGrid/OU=TUBITAK-ULAKBIM/CN=nagios.ulakbim.gov.tr
NGI_SK closed argus.slovakgrid.sk /C=SK/O=SlovakGrid/O=IISAS/CN=argus.slovakgrid.sk
NGI_SI closed argus.sling.si /C=SI/O=SiGNET/O=SLING/CN=argus.sling.si
NGI_RO in progress TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB
NGI_PL on hold TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB
NGI_NL closed argus.grid.sara.nl /O=dutchgrid/O=hosts/OU=sara.nl/CN=argus.grid.sara.nl
NGI_NDGF closed liuske.csc.fi NO DN REGISTERED IN GOC-DB
NGI_ME solved TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB
NGI_MD closed node01-02.imi.renam.md NO DN REGISTERED IN GOC-DB N2
NGI_IT solved argus-it.cnaf.infn.it NO DN REGISTERED IN GOC-DB
NGI_IL in progress TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB N3
NGI_IBERGRID closed rargus.ifca.es /DC=es/DC=irisgrid/O=ifca/CN=host/rargus.ifca.es
NGI_HU closed grid146.kfki.hu NO DN REGISTERED IN GOC-DB
NGI_HR in progress TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB
NGI_GRNET closed argus-ngi.core.hellasgrid.gr /C=GR/O=HellasGrid/OU=athena.hellasgrid.gr/CN=argus-ngi.core.hellasgrid.gr
NGI_GE closed argus.sg.grena.ge /DC=ORG/DC=SEE-GRID/O=Hosts/O=Georgian Research ..../CN=argus.sg.grena.ge
NGI_FRANCE in progress TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB
NGI_FI closed liuske.csc.fi SEE NGI_NDGF
NGI_DE solved TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB N3
NGI_CZ closed ngiargus.grid.cesnet.cz /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=argus.grid.cesnet.cz
NGI_CYGRID closed argus.grid.ucy.ac.cy ? /C=CY/O=CyGrid/O=HPCL/CN=argus.grid.ucy.ac.cy ? N3
NGI_CH in progress TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB,
NGI_BY in progress TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB
NGI_BG solved argus.ipp.acad.bg ? /DC=bg/DC=acad/O=hosts/O=IICT-BAS/OU=GTA/CN=argus.ipp.acad.bg ? N3
NGI_BA closed TO BE FOLLOWED UP, NO NGI-ARGUS in GOC-DB
NGI_ARMGRID solved argus.grid.am /C=AM/O=ArmeSFo/O=IIAP NAS RA/OU=HPC Laboratory/CN=argus.grid.am
NGI_AL closed ONE SITE IN THAT NGI, THIS ONE IS CLOSED
NGI_AEGIS closed argus.ipb.ac.rs /C=RS/O=AEGIS/OU=Institute of Physics Belgrade/CN=host/argus.ipb.ac.rs

2.3 GLUE2 validation

No improvements in the last weeks, please follow up with your sites:

3. AOB

3.1 Next meeting

4. Minutes