Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Talk:SiteCertMan

From EGIWiki
Jump to navigation Jump to search


Questions

Site registration procedure

Check https://cic.gridops.org/index.php?section=rc&page=configuration

Is the "site working hours" attribute mandatory?

Alessandro would propose to modify the point 3 in this way. 

3) site-admins side:
    a) register in GOC-DB requesting the admin role for the own site
    b) at least one person (non necessarily a site-admin) have to request the Security Officer role
    c) after the roles approvation, fill in any missing information, including the services to be monitored
    d) notify the NGI managers when done

Is it still necessary to open a GGUS ticket asking for the site to be registered in GGUS? From what we have seen the sites appear already after a certain time after they have been registered - as candidate. Check whether this also works in the case of NGI'zed GGUS instances.

Eventually expand a bit on:

How to apply for ops VO?

How to apply for dteam VO?

How to apply for any VO?

Tiziana: some security aspects could be checked. For example, that the local security mailing list is open to third party posting, and that its archives are not accessible to the wide public.

Gonçalo: Security contacts entry shouldn't be empty. The address should work. Check Security blacklists.

Andres: recommend to have only one address in the security contacts field. Usually more than one person should get this mail in the end, so it can make sense to put the name of a mailinglist in there. Be aware that it configured as Tiziana suggested above.

Tiziana: a site needs to sign the site-NGI OLA (the ex egee SLD document)

Site certification procedure

expand like in https://twiki.cnaf.infn.it/twiki/bin/view/Sandbox/SiteCertification ?

Gonçalo would like to include some extra suggestions to what Alessandro proposes:

      1. lcg-CE checks ###
   1./ Normally, we also check if the lcg-CE gridftp server is working (with a globus-url-copy). We also test uberftp.
           globus-url-copy -dbg -v -vb file:/home/csys/goncalo/teste.txt gsiftp://ce02.lip.pt/tmp/txt
           uberftp ce02.lip.pt

   2./ We test first the fork Job Manager before sending a job via the LRMS Job Manager. This will give you a faster answer regarding the correct mapping of the user.
           globus-job-run ce02.lip.pt:2119/jobmanager-fork /bin/pwd
      1. CREAM-CE ###
   1./ Same as 1) for the lcg-CE
      1. SE ###
   1./ We normally check if srm commands do work (ex: srmls, srmcp and srmrm)

   2./ We test lcg_utils tools to store date in the SE by adding the ldap string of the site in a dummy top-bdii, and pointing the UI env var LCG_GFAL_INFOSYS to that dummy BDII.


How long should an initial maintenance downtime last? 2 weeks? Maybe shorter? For experienced sites/NGI's a couple of days for the whole procedure could be sufficient. And additional maintenance downtime can always be defined.

Before the end of the maintenance downtime, check eg. gridview for availability/reliability forecast.

Should the GSTAT requirement be removed? Rather not (Goncalo in response to Alessandro)

Expand on how to properly publishing accounting data?

Other references

https://wiki.egi.eu/wiki/Operations:Site_Certification

https://www.italiangrid.org/grid_operations/site_manager/register_new_site/detailed_information

Retrieved from "https://wiki.egi.eu/w/index.php?title=Talk:SiteCertMan&oldid=6382"