Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "PROC17 Decommissioning of service type"

From EGIWiki
Jump to navigation Jump to search
(Created page with "{{Template:Op menubar}} {{Template:Doc_menubar}} {{TOC_right}} <br> {{Ops_procedures |Doc_title = Service type decommission |Doc_link = https://wiki.egi.eu/wiki/PROC17 |Versio...")
 
(16 intermediate revisions by 2 users not shown)
Line 2: Line 2:


<br> {{Ops_procedures
<br> {{Ops_procedures
|Doc_title = Service type decommission
|Doc_title = Decommissioning of service type  
|Doc_link = https://wiki.egi.eu/wiki/PROC17
|Doc_link = https://wiki.egi.eu/wiki/PROC17
|Version = 1.0
|Version = 8 June 2016
|Policy_acronym = OMB
|Policy_acronym = OMB
|Policy_name = Operations Management Board
|Policy_name = Operations Management Board
|Contact_group = operations at mailman.egi.eu
|Contact_group = operations@egi.eu
|Doc_status = Draft
|Doc_status = Final
|Approval_date =  
|Approval_date = 16.07.2013
|Procedure_statement = A procedure for removal of service type from production infrastructure.  
|Procedure_statement = A procedure for removal of service type from production infrastructure.  
|Owner = Matthew Viljoen
}}  
}}  


= Overview  =
= Overview  =


The Service type decommission procedure was created to define steps which have to be taken to remove service type from prodcution infrastructure. <br>
The Service type decommission procedure was created to define steps which have to be taken to remove a service type from the production infrastructure.  


= Terminology =
= Definitions =


'''Support deadline'''
Please refer to the [[Glossary|EGI Glossary]] for the definitions of the terms used in this procedure.
*from this day service type is unsupported
*sites '''should not''' register retired services in production infrastructure
*NGIs and sites should start action to move their services to supported versions


'''Decommission deadline'''
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", “MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
*from this day '''no services for the retired service type can be present in production infrastructure'''
*in case of violation security team can remove the site from production infrastructure
*service type is removed from operations tools


= Steps  =
= Steps  =


Following steps are taken since '''support deadline''' is known for COO
The process starts when the COO opens a GGUS ticket to the Operations SU (via GGUS). Each step which require contact with other teams should be done through GGUS as well (as a child ticket to the main one).


# COO on OMB announce '''decommission deadline''' for service migration
This procedure is run if a software related to the service type is unsupported or it was decided to change the name of the service type.
# The broadcast is send to NGi managers and Site administrators
# NGI managers announce the information to the sites
# Documentation about service X should re-classified as obsoleted (I would not remove it from our wiki, but I would just reclassify it)
# Security probe is developed for the security nagios that extracts hostnames from GOCDB and BDII associated to type X and raises critical alarm in the security dashboard
#* ROD teams followup the service migration till the decommission deadline - site admins should provide migration or decommission plan


After '''Decommision deadline'''
{| class="wikitable"
# Probes for the service are removed from profiles:
|-
#*ROC
! <br>
#*ROC_OPERATORS
! Responsible
#*ROC_CRITICAL
! Action
#*the SAM probes at the earliest convenience are removed from the SAM release
|- valign="top"
# CSIRT team followup the migration and if needed suspend sites which didn't migrate
| 1
# If a service specific SU in GGUS exists, the SU should be removed from GGUS
| COO
# The service type should be disabled in GOCDB (i.e. service entries can no more declared to be of service type X), but existing instances associated to type X continue to exist
|
# Security probe can be removed (should we do that?)
Decides and announce&nbsp; '''decommission deadline''' for the service type to OMB


== TODO ==
Information is send in Operations Monthly broadcast to NGI managers, Site administrators and VO managers by Operations<br>


* involve quattor WG
|- valign="top"
| 2
| Nagios team
| A security probe is developed for the security nagios that extracts hostnames from GOCDB and BDII associated to the decommissioned service type and raises critical alarm in the security dashboard
|- valign="top"
| 3
| Operations <br>
| Followup the process until the decommission deadline
|}


unresponsive sites handling process
<br>
# NGI will be requested by EGI.eu operations to contact site administrators to provide upgrade plans in the site ticket, DEADLINE MON 12/11
# EGI.eu operations will send a VO broadcast warning VO managers about sites risking suspension
# In case of no reply from site administrators, the NGI operations management (NGI manager or deputy, security officer) will be requested to put the affected service end-point in downtime, DEADLINE MON 19/11
# In case of no action by NGI, EGI CSIRT will suspend the site (after MON 19/11)


I would suggest the following procedure for EGI-CSIRT Security Officer on Duty
After '''Decommission deadline'''
(SOOD), handling sites that qualified for suspension:
# Open ticket in RT ask COO to suspend site X  (CCing  Site/NGI-Manager, Site/NGI-Security-Contact)
# Site/NGI can give a comment here, if we see suddenly some activity from the site we can offer that the site goes immediately in Downtime.
# within 24 hours COO gives the green/red light for Suspension in the ticket
# After having received an OK from COO, SOOD changes the sites "certification status" to "Suspended"


This is in EGI-CSIRT Critical Vulnerability Operational Procedure: https://documents.egi.eu/secure/RetrieveFile?docid=283&version=9&filename=EGI-CSIRT-Procedure-CriticalSecurity-V8.pdf Skipping the extensive communication part which has for these sites already proven to not work, thus we might want to jump directly to
<br>


==
{| class="wikitable"
 
|-
4.5 Carry out Site suspension
! <br>
! Responsible
! Action
|- valign="top"
| 1
| SAM&nbsp;team
| Probes for the service type are removed from profiles:
*ROC
*ROC_OPERATORS
*ROC_CRITICAL
*the SAM probes at the earliest convenience are removed from the SAM release.


Site suspension WILL be carried out by the EGI CSIRT co-ordinator or deputy. Site suspension is carried out by changing the status of the site in the GOCDB to ‘suspended’.  
|- valign="top"
   
| 2 <br>
==
| GGUS
| If for the service type specific SU in GGUS exists, the SU should be removed from GGUS.
|- valign="top"
| 3
| GOCDB
| The service type should be disabled in GOCDB (i.e. service entries can no more declared to be of the service type), but not removed.
|- valign="top"
| 4
| Operations<br>
| Information about service type decommissioning is send in Operations Monthly broadcast to NGI managers, Site administrators and VO managers by Operations
|}


= Revision history  =
= Revision history  =
Line 86: Line 95:
! Date  
! Date  
! Comments
! Comments
|-
| 1.0
| M. Krakowian
| 19 August 2014
| Change from COD to Operations Support team
|-
|-
|  
|  
|  
| Alessandro Paolini
|  
| 2016-06-08
|  
| "EGI Operations Support" was decommissioned, changed all the references to "Operations"
|}
|}


[[Category:Operations_Procedures]]
[[Category:Operations_Procedures]]

Revision as of 15:48, 7 January 2019

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators




Title Decommissioning of service type
Document link https://wiki.egi.eu/wiki/PROC17
Last modified 8 June 2016
Policy Group Acronym OMB
Policy Group Name Operations Management Board
Contact Group operations@egi.eu
Document Status Final
Approved Date 16.07.2013
Procedure Statement A procedure for removal of service type from production infrastructure.
Owner Matthew Viljoen


Overview

The Service type decommission procedure was created to define steps which have to be taken to remove a service type from the production infrastructure.

Definitions

Please refer to the EGI Glossary for the definitions of the terms used in this procedure.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", “MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Steps

The process starts when the COO opens a GGUS ticket to the Operations SU (via GGUS). Each step which require contact with other teams should be done through GGUS as well (as a child ticket to the main one).

This procedure is run if a software related to the service type is unsupported or it was decided to change the name of the service type.


Responsible Action
1 COO

Decides and announce  decommission deadline for the service type to OMB

Information is send in Operations Monthly broadcast to NGI managers, Site administrators and VO managers by Operations

2 Nagios team A security probe is developed for the security nagios that extracts hostnames from GOCDB and BDII associated to the decommissioned service type and raises critical alarm in the security dashboard
3 Operations
Followup the process until the decommission deadline


After Decommission deadline



Responsible Action
1 SAM team Probes for the service type are removed from profiles:
  • ROC
  • ROC_OPERATORS
  • ROC_CRITICAL
  • the SAM probes at the earliest convenience are removed from the SAM release.
2
GGUS If for the service type specific SU in GGUS exists, the SU should be removed from GGUS.
3 GOCDB The service type should be disabled in GOCDB (i.e. service entries can no more declared to be of the service type), but not removed.
4 Operations
Information about service type decommissioning is send in Operations Monthly broadcast to NGI managers, Site administrators and VO managers by Operations

Revision history

Version Authors Date Comments
1.0 M. Krakowian 19 August 2014 Change from COD to Operations Support team
Alessandro Paolini 2016-06-08 "EGI Operations Support" was decommissioned, changed all the references to "Operations"