Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Agenda-2018-05-14"

From EGIWiki
Jump to navigation Jump to search
 
(5 intermediate revisions by 2 users not shown)
Line 6: Line 6:
= Middleware  =
= Middleware  =


* UMD4.6.1 released http://repository.egi.eu/2018/03/14/release-umd-4-6-1/
* UMD4.7.0 in progress
** APEL-SSM 2.2.0 - Added a check that certificates have not expired before starting SSM. SSL errors now propagated out properly and saved for received messages. Trimmed down the number of log messages generated for receivers. Added python-devel build requirement for non fedora-packager OSs (CentOS)
** only ARC 15.03.18 under verification
** DPM 1.9.2 - This update includes releases 1.9.2 and lcgdm 0.19.0. It contains a fix for dpm-listspaces wrongly reporting 0 free space for pools See http://lcgdm.web.cern.ch/dpm-192-release
** XRootD 4.7.1 - various bug fixes https://github.com/xrootd/xrootd/blob/v4.7.1/docs/ReleaseNotes.txt
** CVMFS server 2.4.4 - fix registration of chunk hashes without bulk hash and non-SHA1 hash algorithm: fix on geoapi. See http://cvmfs.readthedocs.io/en/2.4/cpt-releasenotes.html
** CVMFS 2.4.4 - react to a change of DNS server on macOS. See http://cvmfs.readthedocs.io/en/2.4/cpt-releasenotes.html
** APEL 1.6.1 - various fixes and improvements https://github.com/apel/apel/releases/tag/1.6.1-1
** frontier-squid 3.5.27-3.1 - includes an important configuration change to enable frontier clients to clear out certain types of cached errors


* Next release is regular release UMD 4.7.0 (April/May)
* '''UMD3 shutdown in progress''', will disappear soon https://ggus.eu/index.php?mode=ticket_info&ticket_id=135100
** it seems that also UMD1 and UMD2 were still published, they have been shut down


* '''UMD3 shutdown end of April'''
* CMD-OS update for Mitaka/Ubuntu in preparation: the following products are ready but missing a staged rollout report, '''please candidate as Early Adopter!'''
** tests with umd-release upgrade are OK
** cloud-info-provider 0.9.1
** broadcast sent to NGIs/sites/VOs https://operations-portal.egi.eu/broadcast/archive/2023
** cloudkeeper 1.6.0
** updates will no longer enter UMD3
** cloudkeeper-os 0.9.9
** feedback: mpi-start package missing in UMD4/SL6 -> maintenance and usage on grid to be evaluated in order to include it
 
*CMD-OS update still in preparation: found SR for cloudkeeper, but unable to get packages for Ubuntu; no way to include yet user id isolatin patch for Mitaka/Ubuntu


== Preview repository  ==
== Preview repository  ==
*Release on 2018-03-07:
** '''[[Preview 1.17.0]]''' [https://appdb.egi.eu/store/software/preview.repository/releases/1.0/1.17.0/ AppDB info] (sl6): APEL Client/Server 1.6.1, frontier-squid 3.5.27-3.1, FTS 3.7.8, srm-ifce 1.24.3, STORM 1.11.13, xrootd 4.8.1
** '''[[Preview 2.17.0]]''' [https://appdb.egi.eu/store/software/preview.repository/releases/2.0/2.17.0/ AppDB info] (CentOS 7): APEL Client/Server 1.6.1, frontier-squid 3.5.27-3.1, FTS 3.7.8, srm-ifce 1.24.3, xrootd 4.8.1


= Operations  =
= Operations  =


== ARGO/SAM  ==
== ARGO/SAM  ==
 
*  excluding org.nordugrid.ARC-CE-sw-csh from CRITICAL and OPERATOR profile https://ggus.eu/index.php?mode=ticket_info&ticket_id=134956
<br>


== FedCloud  ==
== FedCloud  ==
* starting decommissioning campaign for old OpenStack and OpenNebula versions: all software must follow https://documents.egi.eu/public/ShowDocument?docid=1475 , so out of support software/versions should go through decommissioning procedure https://wiki.egi.eu/wiki/PROC16
* 23 sites: 15 Openstack, 7 OpenNebula; '''OpenNebula 4 to be decommissioned, OpenStack <Ocata and !=Mitaka/Xenial LTS to be decommissioned'''
* EGI Operations is going to asking sites about plans (no hard suspensions) for the update to a supported version (timeline, which version, feedback (using CMD? Using dockers? Using FedCloud appliance?) )


*hardening FedCloud Appliances in App-DB (in progress)<br>
*cloudkeeper for OpenStack (the vmcatcher replacement) cannot yet be distributed for Mitaka/Ubuntu through CMD (missing packages), proposed to FedCloud TF an installation campaign to bypass (this time) the UMD process


== Feedback from Helpdesk  ==
== Feedback from Helpdesk  ==
Line 99: Line 88:
|}
|}


If there isn't any email contact defined at the service endpoint level, it will be used the site contact. '''Please review your contacts'''. (the notifications are not implemented yet in ARGO)
If there isn't any email contact defined at the service endpoint level, it will be used the site contact. '''Please review your contacts'''.


'''NOTE''': It is not mandatory for the sites
'''NOTE''': It is not mandatory for the sites
Line 155: Line 144:
'''Connection error''':
'''Connection error''':


*NGI_FI https://ggus.eu/index.php?mode=ticket_info&ticket_id=133872 (SOLVED, the service has been marked as not production and not monitored, ARGUS enabled authorisations are in practise not used in NGI_FI).
*NGI_FI https://ggus.eu/index.php?mode=ticket_info&ticket_id=133872 (SOLVED, the service has been marked as not production and not monitored, ARGUS enabled authorisations are in practice not used in NGI_FI).
*NGI_HR https://ggus.eu/index.php?mode=ticket_info&ticket_id=133867 (the server will be reinstalled on CentOS7)
*NGI_HR https://ggus.eu/index.php?mode=ticket_info&ticket_id=133867 (the server will be reinstalled on CentOS7)
*ROC_LA https://ggus.eu/index.php?mode=ticket_info&ticket_id=133866 (SOLVED, upgraded to version 1.7.2 and installed the new the host certificate)
*ROC_LA https://ggus.eu/index.php?mode=ticket_info&ticket_id=133866 (SOLVED, upgraded to version 1.7.2 and installed the new the host certificate)
Line 242: Line 231:


= AOB  =
= AOB  =
*NGI_FRANCE reorganizing the '''national operations following a''' '''distributed model''' (not anymore operated by <span class="im">CC-IN2P3</span>); are other NGIs reorganising as well? how? do you have suggestions?
*do you have suggestions to '''improve the EGI Operations''' meeting itself or to '''improve the distribution of the items discussed/reported between EGI Operations and OMB'''?


== Next meeting  ==
== Next meeting  ==


*'''May 14th, 2018'''
*'''June 11th, 2018''' https://indico.egi.eu/indico/event/4074/

Latest revision as of 11:04, 14 May 2018

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators


General information

Middleware

  • UMD4.7.0 in progress
    • only ARC 15.03.18 under verification
  • CMD-OS update for Mitaka/Ubuntu in preparation: the following products are ready but missing a staged rollout report, please candidate as Early Adopter!
    • cloud-info-provider 0.9.1
    • cloudkeeper 1.6.0
    • cloudkeeper-os 0.9.9

Preview repository

Operations

ARGO/SAM

FedCloud

  • starting decommissioning campaign for old OpenStack and OpenNebula versions: all software must follow https://documents.egi.eu/public/ShowDocument?docid=1475 , so out of support software/versions should go through decommissioning procedure https://wiki.egi.eu/wiki/PROC16
  • 23 sites: 15 Openstack, 7 OpenNebula; OpenNebula 4 to be decommissioned, OpenStack <Ocata and !=Mitaka/Xenial LTS to be decommissioned
  • EGI Operations is going to asking sites about plans (no hard suspensions) for the update to a supported version (timeline, which version, feedback (using CMD? Using dockers? Using FedCloud appliance?) )


Feedback from Helpdesk

yearly review of the information registered into GOC-DB

2018-05-09

On a yearly basis, the information registered into GOC-DB need to be verified. NGIs and RCs have been asked to check them. In particular:

  1. NGI managers should review the people registered and the roles assigned to them, and in particular check the following information:
    • E-Mail
    • ROD E-Mail
    • Security E-Mail
NGI Managers should also review the status of the "not certified" RCs, in according to the RC Status Workflow;
  1. RCs administrators should review the people registered and the roles assigned to them, and in particular check the following information:
    • E-Mail
    • telephone numbers
    • CSIRT E-Mail
RC administrators should also review the information related to the registered service endpoints.

The process should be completed by June 6th.

To track the process, a series of tickets has been opened.

Notifications from ARGO about the nagios probes failures

In the process of implementing the notification system in ARGO, it has been recently introduced the following changes in GOC-DB:

  • Notifications flag at the site level
  • Notifications flag at the service endpoint level

In this way ARGO will retrieve from GOC-DB the information about the sites and services whom sending the email notification and the related recipients.

The logic of the notifications is the following:

Site Service Notify?
Y Y Y
Y N N
N Y N
N N N

If there isn't any email contact defined at the service endpoint level, it will be used the site contact. Please review your contacts.

NOTE: It is not mandatory for the sites

Monthly Availability/Reliability

suspended sites:

NGI ARGUS servers not properly configured

IMPORTANT: The ARGUS version that fixes the PAP permissions has been released in UMD 4.6: http://repository.egi.eu/2017/12/18/release-umd-4-6-0/ Please update to this version.

As reported by EGI-CSIRT during the February OMB, several NGI ARGUS servers are not properly configured and they are not passing the nagios tests (eu.egi.Argus-DNs probe):

https://argo-mon.egi.eu/nagios/cgi-bin/status.cgi?servicegroup=SERVICE_ngi.ARGUS&style=detail

How the probe works:

  • Central Argus server suspend 1 fake DN each day
  • Argo looks for this DN in NGI Arguses

Requirements for passing the test:

  • NGI Argus must be configured to fetch DNs
  • Argo must be able to connect to NGI Argus
  • Argo DN must be authorized to query DNs

Information about the nagios errors and possible solutions: https://wiki.egi.eu/wiki/EGI_CSIRT:Central_emergency_suspension#NGI_Argus_Monitoring

Information on global banning set-up: https://wiki.nikhef.nl/grid/Argus_Global_Banning_Setup_Overview#NGI_Argus

Authorization error:

Connection error:

Decommissioning EMI WMS

WMS servers can be decommissioned. Please follow the procedure PROC12. The plan is:

  • Starting from January 2018, put the WMS servers in draining: this will block the submission of new jobs and will allow the jobs previously submitted to finish
    • inform in advance your users that you are going to put in draining and then dismiss the WMS servers (as per PROC12)
    • there might be several VOs enabled on your WMS servers: in case only few of them need to use the service for few weeks more, you might disable the other VOs
  • On Dec 14th EGI Operations sent a new broadcast to the VOs reminding the users the forthcoming WMS decommission
  • From March, the nagios probe eu.egi.sec.WMS will return a CRITICAL status for the servers still in production, and the ROD teams will open a ticket to the sites that haven't finished the decommission process yet

WMS servers in downtime on GOC-DB

16 WMS still registered on GOC-DB as production and monitored (1 month ago they were 32)

Status on nagios

IPv6 readiness plans

webdav probes in OPERATORS profile

The webdav probes was included in the ARGO_MON_OPERATORS profile after the approval in the January OMB: in this way the failures will generate an alarm on the dashboard, and the ROD teams can open a ticket to the failing sites. If no particular issue occurs, and if at least 75% of webdav endpoint are passing the tests, the probes will be added in the ARGO_MON_CRITICAL profile, so the results of these probes will be taken into account for the A/R figures.

List of sites that not have completed the configuration yet:

List of sites that disabled webdav: UNIGE-DPNC, GR-01-AUTH, HG-03-AUTH, CETA-GRID, WUT

Storage accounting deployment

During the September meeting, OMB has approved the full-scale deployment of storage accounting. The APEL team has tested it with a group of early adopters sites, and the results prove that storage accounting is now production-ready.

Storage accounting is currently supported only for the DPM and dCache storage elements therefore only the resource centres deploying these kind of storage elements are requested to publish storage accounting data.

In order to properly install and configure the storage accounting scripts, please follow the instructions reported in the wiki: https://wiki.egi.eu/wiki/APEL/Storage

IMPORTANT: be sure to have installed the star-accounting.py script v1.0.4 (http://svnweb.cern.ch/world/wsvn/lcgdm/lcg-dm/trunk/scripts/StAR-accounting/star-accounting.py)

After setting up a daily cron job and running the accounting software, look for your data in the Accounting Portal: http://goc-accounting.grid-support.ac.uk/storagetest/storagesitesystems.html. If it does not appear within 24 hours, or there are other errors, please open a GGUS ticket to APEL who will help debug the process.

IMPORTANT: Do not encrypt the storage records with your host certificate, please comment out the “server_cert” variable in sender.cfg

List of sites already publishing and of tickets opened is reported here. Several sites are not publishing the storage accounting data yet. NGIs please follow-up with the sites the configuration of the script in order to speed-up the process.

AOB

Next meeting