Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "URT:Agenda-2018-05-28"

From EGIWiki
Jump to navigation Jump to search
(Created page with "= Meeting = *Calendar: https://indico.egi.eu/indico/categoryDisplay.py?categId=107 * meetings are on GoToMeeting = News = == UMD4 == === In Verification === * StoRM v1....")
 
 
(23 intermediate revisions by 7 users not shown)
Line 5: Line 5:


= News  =
= News  =
* CMD-OS 1.2.0 released
** cloudkeeper 1.6.0 (NEW) - Cloudkeeper checks the EGI App DB for new or updated images that need to be supported on the site. It downloads images and registers them with OpenNebula, so that they can be used in resource instantiation.
** cloudkeeper-os 0.9.9 (NEW) - Cloudkeeper-os is able to manage OpenStack cloud - upload, update and remove images and templates representing EGI AppDB appliances. cloudkeeper-os runs as a server listening for gRPC communication usually from core cloudkeeper component.
** cloud-info-provider 0.9.1 - makes OCCI optional, avoiding failures if no OCCI endpoint is configured; updates on documentation, now stored on a dedicated EGI Foundation github store
* UMD 4.7.0 scheduled for June


== UMD4  ==
== UMD4  ==


=== In Verification  ===
=== In Verification  ===


* StoRM v1.11.13
* StoRM v1.11.13
* APEL update 1.6.2
* APEL update 1.6.2
* ARC 5.4.2 (15.03u18)
* ARC 5.4.2 (15.03u18)
* gfal2 2.15.4
* srm-ifce
* storm 1.11.13
* Xroot 4.8.3


=== Under Staged Rollout  ===
=== Under Staged Rollout  ===
* davix 0.6.7
* davix 0.6.7


=== Ready to be Released  ===
=== Ready to be Released  ===
Line 30: Line 41:


=== In Staged Rollout  ===
=== In Staged Rollout  ===
 
NA
* cloudkeeper 1.6.0
* cloudkeeper-os 0.9.9
* cloud-info-provider 0.9.1


=== Ready to be released  ===
=== Ready to be released  ===
NA
NA


Line 76: Line 83:
== Data management clients  ==
== Data management clients  ==


New gfal2 major release in EPEL ( 2.15.4 )
NTR
 
* http://dmc.web.cern.ch/release/gfal2-2154
* http://dmc.web.cern.ch/release/gfal2-2153
* http://dmc.web.cern.ch/release/gfal2-2152
* http://dmc.web.cern.ch/release/gfal2-2.15.1
* http://dmc.web.cern.ch/release/gfal2-2.15.0


== FTS  ==
== FTS  ==


FTS 3.7.8 in EPEL
NTR


https://fts.web.cern.ch/sites/fts.web.cern.ch/themes/fts-webpage/releases-jekyll/releases/2018/01/30/FTS_3_7_8/
== ARC  ==
NTR on ARC 5 end.


== ARC  ==
We sorted out submission problems for the verification process w/Pablo and Joao. Problem was due to wrong permissions on hostkey file, time module missing, users not added to grid-map file.  
Nothing to report for ARC 5.


We are working on ARC 6. Hope for a release candidate before summer. Testing during summer. Release fall.
In ARC 6 the host-certif and time module problems would be reported since the arc-config-checker runs automatically (whereas in ARC 5 it does not).


== CREAM ==
== CREAM ==
 
New release of CREAM CE for SL6 (internal certification).
* Broken link on SL6 ( https://issues.infn.it/jira/browse/CREAM-186 )
Critical issue: https://issues.infn.it/jira/browse/CREAM-186


== QCG  ==
== QCG  ==
Line 103: Line 104:
== Globus ==
== Globus ==


'''Globus Toolkit update''' in EPEL testing 2018-04-09, in EPEL stable 2018-04-25:
'''Globus Toolkit update''' in EPEL testing 2018-05-05, in EPEL stable 2018-05-21:
 
* EPEL 7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8dfeea4e1b
* EPEL 6: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1017874535
 
Updated packages:
 
* globus-gridftp-server-control (6.1)
** Don't error if acquire_cred fails when vhost env is set
 
* globus-ftp-control (8.3)
** Default to host authz when using tls control channel
 
* globus-xio (5.17)
** Fix udp dual stack sockets when ipv6only is the default
 
* globus-xio-udt-driver (1.29)
* globus-gsi-sysconfig (8.1)
* globus-gssapi-gsi (13.5)
* globus-common (17.4)
* globus-gridftp-server (12.5)
** Minor fixes, mostly related to windows
 
'''Globus Toolkit update''' in EPEL testing 2018-05-05, not yet in EPEL stable:


* EPEL 7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2c0106fe5e  
* EPEL 7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2c0106fe5e  
Line 141: Line 119:
== xrootd ==
== xrootd ==


'''xrootd 4.8.2''' in EPEL testing 2018-04-15, in EPEL stable 2018-04-30:
'''xrootd 4.8.3''' in EPEL testing 2018-05-03, in EPEL stable 2018-05-19:
 
* EPEL 7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f676b11c72
* EPEL 6: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-362e34159c
 
'''xrootd 4.8.3''' in EPEL testing 2018-05-03, not yet in EPEL stable:


* EPEL 7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-484cbdbb17
* EPEL 7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-484cbdbb17
Line 152: Line 125:


== caNl  ==
== caNl  ==
== BDII ==
== WN/UI ==


= Preview  =
= Preview  =
*last release in March
*to include in the next update: frontier squid 3.5.27, xrootd 4.8.3, gfal2 2.15.5, APEL 1.6.2


= AOB =
= AOB =
== bouncycastle updates in EPEL ==
== bouncycastle updates in EPEL ==
== voms-proxy-java3 ==
== VOMS in CentOS7/EPEL7 ==


The bouncycastle updates in EPEL are now in EPEL stable since 2018-04-08:
*Next meeting: '''Jun 25th, 2018''' (11th is CANCELLED)
 
* EPEL 7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-50d69f64bd
* EPEL 6: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-71db8f6f28
 
These updates also contain updated canl-java, voms-api-java and voms-clients-java packages.
 
Despite spending more than two month in EPEL testing and the testing that had been done on the voms-clients-java update in EPEL 6, a minor glitch when upgrading from the old UMD package was discovered when the update was pushed to EPEL stable:
 
* https://ggus.eu/index.php?mode=ticket_info&ticket_id=134483
 
An updated voms-clients-java package (3.3.0-2.el6) was created to address this issue:
 
* https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-01eb003c2c
 
Available in EPEL testing 2018-04-12 and in EPEL stable 2018-04-27.
 
== products that need to download from VOMS the list of users ==
 
VOMS allows to every owner of a IGTF certificate to download the list of users. This is not compliant with the European GDPR, since VO membership is considered sensitive data., so that VOMS needs to implement a stricter ACL to the users list.
 
In order to understand how to proceed, first of all we need to figure out all the use cases: please let us know if any of your products needs to get the users DN for performing the authentication and authorisation mechanism (i.e. grid-mapfile generation containing the users certificate subject).
 
For some products it would be possible switching to the VOMS-based authentication/authorisation. In particular there are these cases:
*ARC-CE: is there any documentation describing this setting that the site-administrators can look at for applying the change? Any particular use-case preventing this change?
** Maiken will check and get back to it.
*DPM/LFC: the grid-mapfile with users' DNs is necessary for allowing the web access, but for the usual functionalities it isn't (would not): is that correct? is there any way for changing the access through web browser? I seem to remember that for example STORM doesn't need the users DN grid-mapfile for making the user access via webdav  (I don't know exactly the access mechanism), but maybe this is just a webdav feature...
*dCache: it can be configured for using VOMS-based authentication, but the web access would still require the users' DNs
*WLCG VOBOX: I haven't understand if it can switch to the new grid-mapfile stile. In any case, there are (should be) few VOBOX instances around, compared to the amount of other products servers, so adding their certificate DNs into Voms-admin and maintaining them could be only a little blood bath...
*EOS is not voms aware (how many VOs are using it, and how many instances?)
*OSG GUMS: to be phased out
*VO-specific services: few instances, few VOs; it should be quite manageable
*QCG may be configured to use VOMS, however the primary authentication/authorization mechanism (configured in majority of current deployments) is based on grid-mapfiles.
 
== noarch packages depend on x86-64 ==
 
when trying to install the following “noarch” packages on ppc64le system, some of them still required x86-64 dependency:
 
<pre>
fts-rest-3.5.4-1.el7.centos.noarch.rpm
fts-rest-cloud-storage-3.5.4-1.el7.centos.noarch.rpm
fts-rest-http-authz-signed-cert-3.5.4-1.el7.centos.noarch.rpm
fts-rest-oauth2-3.5.4-1.el7.centos.noarch.rpm
fts-rest-selinux-3.5.4-1.el7.centos.noarch.rpm
 
glexec-wrapper-scripts-0.0.7-1.el7.noarch.rpm
 
mkgltempdir-0.0.5-1.el7.noarch.rpm
 
nordugrid-arc-aris-5.3.1-1.el7.centos.noarch.rpm
nordugrid-arc-ca-utils-5.3.1-1.el7.centos.noarch.rpm
nordugrid-arc-client-tools-1.0.7-1.el7.centos.noarch.rpm
nordugrid-arc-compute-element-1.0.7-1.el7.centos.noarch.rpm
nordugrid-arc-doc-2.0.15-1.el7.centos.noarch.rpm
nordugrid-arc-gridmap-utils-5.3.1-1.el7.centos.noarch.rpm
nordugrid-arc-information-index-1.0.7-1.el7.centos.noarch.rpm
nordugrid-arc-ldap-infosys-5.3.1-1.el7.centos.noarch.rpm
nordugrid-arc-ldap-monitor-5.3.1-1.el7.centos.noarch.rpm
nordugrid-arc-nagios-plugins-doc-1.9.1-0.rc1.el7.centos.noarch.rpm
nordugrid-arc-nagios-plugins-egi-1.9.1-0.rc1.el7.centos.noarch.rpm
nordugrid-arc-ws-monitor-5.3.1-1.el7.centos.noarch.rpm
 
qcg-appscripts-4.0.0-18.centos7.noarch.rpm
qcg-broker-4.2.0-6.centos7.noarch.rpm
qcg-broker-client-4.2.0-4.centos7.noarch.rpm
qcg-comp-egi-is-provider-4.0.0-5.centos7.noarch.rpm
qcg-egi-is-conf-4.0.0-1.centos7.noarch.rpm
qcg-ntf-egi-is-provider-4.0.0-1.centos7.noarch.rpm
qcg-ntf-nagios-probe-4.0.0-1.noarch.rpm
</pre>
 
== other AOB ==
 
*Next meeting: '''May 28th, 2018'''  
[[Category:URT]]
[[Category:URT]]

Latest revision as of 15:42, 28 May 2018

Meeting

News

  • CMD-OS 1.2.0 released
    • cloudkeeper 1.6.0 (NEW) - Cloudkeeper checks the EGI App DB for new or updated images that need to be supported on the site. It downloads images and registers them with OpenNebula, so that they can be used in resource instantiation.
    • cloudkeeper-os 0.9.9 (NEW) - Cloudkeeper-os is able to manage OpenStack cloud - upload, update and remove images and templates representing EGI AppDB appliances. cloudkeeper-os runs as a server listening for gRPC communication usually from core cloudkeeper component.
    • cloud-info-provider 0.9.1 - makes OCCI optional, avoiding failures if no OCCI endpoint is configured; updates on documentation, now stored on a dedicated EGI Foundation github store
  • UMD 4.7.0 scheduled for June

UMD4

In Verification

  • StoRM v1.11.13
  • APEL update 1.6.2
  • ARC 5.4.2 (15.03u18)
  • gfal2 2.15.4
  • srm-ifce
  • storm 1.11.13
  • Xroot 4.8.3

Under Staged Rollout

  • davix 0.6.7

Ready to be Released

NA

CMD-OS

In Verification

  • OOI 1.2.0
  • Gridsite 2.3.4
  • rocci cli 4.10.2

In Staged Rollout

NA

Ready to be released

NA

CMD-ONE

In verification

  • cloudkeeper 1.6.0
  • cloudkeeper-one 1.3.0
  • cloud-info-provider 0.9.1

In Staged Rollout

  • gridsite 2.3.4
  • cloud-info-provider 0.8.4
  • rocci-cli 4.10.2
  • rocci-server 2.0.4
  • cloudkeeper 1.5.1
  • cloudkeeper-one 1.2.5
  • keystorm 1.1.0

Ready to be released

  • site-bdii 1.2.1

Updates from Technical Providers

APEL

Frontier

Indigo-DataCloud

dCache

DPM/LFC

NTR

Data management clients

NTR

FTS

NTR

ARC

NTR on ARC 5 end.

We sorted out submission problems for the verification process w/Pablo and Joao. Problem was due to wrong permissions on hostkey file, time module missing, users not added to grid-map file.

In ARC 6 the host-certif and time module problems would be reported since the arc-config-checker runs automatically (whereas in ARC 5 it does not).

CREAM

New release of CREAM CE for SL6 (internal certification). Critical issue: https://issues.infn.it/jira/browse/CREAM-186

QCG

Globus

Globus Toolkit update in EPEL testing 2018-05-05, in EPEL stable 2018-05-21:

Updated packages:

  • globus-net-manager (0.18)
    • Fix pre-connect not using changed remote contact
  • myproxy (6.1.29)
    • Fix -Werror=format-security errors

xrootd

xrootd 4.8.3 in EPEL testing 2018-05-03, in EPEL stable 2018-05-19:

caNl

BDII

WN/UI

Preview

  • last release in March
  • to include in the next update: frontier squid 3.5.27, xrootd 4.8.3, gfal2 2.15.5, APEL 1.6.2

AOB

bouncycastle updates in EPEL

voms-proxy-java3

VOMS in CentOS7/EPEL7

  • Next meeting: Jun 25th, 2018 (11th is CANCELLED)
Retrieved from "https://wiki.egi.eu/w/index.php?title=URT:Agenda-2018-05-28&oldid=99347"