URT:Agenda-2018-09-24

From EGIWiki
Revision as of 14:37, 24 September 2018 by Jstarek (talk | contribs) (dCache: no news to report)
Jump to: navigation, search

Meeting

News


UMD4

In Verification

  • apel ssm 2.3.0
  • storm 1.11.14
  • dpm 1.10.2
  • xroot 4.8.4

Under Staged Rollout

NA

Ready to be Released

NA

CMD-OS

In Verification

  • OOI 1.2.0
  • rOCCI-cli 4.10.2

In Staged Rollout

NA

Ready to be released

NA

CMD-ONE

In verification

NA

In Staged Rollout

  • rocci-cli 4.10.2
  • rocci-server 2.0.4
  • keystorm 1.1.0
  • cloudkeeper 1.6.0
  • cloudkeeper-one 1.3.0
  • cloud-info-provider 0.9.1

Ready to be released =

NA

Updates from Technical Providers

APEL

Frontier

Indigo-DataCloud

dCache

NTR

DPM/LFC

NTR

Data management clients

New gfal release ( 2.16)

http://dmc.web.cern.ch/release/gfal2-2160

will notify when it will be pushed to EPEL

FTS

FTS 3.8.0 has been tagged

https://gitlab.cern.ch/fts/fts3/tags/v3.8.0

will notify when it will be pushed to EPEL

ARC

There will be an ARC 5 update involving how ARC counts held jobs in Condor. Expected to be released this week or next.


ARC 6 - we are aiming at an alpha release expected this week. Is a very early test-release. Bugs are expected. Testers are welcome.

CREAM

CentOS 7 packages for "CREAM nagios probes": work in progress

QCG

Globus

The update that was listed as being in EPEL testing at the previous meeting is now in EPEL stable:

EPEL testing 2018-09-06, EPEL stable 2018-09-21:

Grid Community Toolkit (GCT)

As you should be aware, the developers announced that the support of the Globus Toolkit would end on 1 Jan 2018. The development did not completely stop, and there have been updates from the original developers during 2018, which we have packaged for Fedora, EPEL and Debian. When the end of support was announced, a community effort to keep up the maintenance of the toolkit was established [1]. The Grid Community Forum's fork of the Globus Toolkit, named Grid Community Toolkit [2] has been in preparation for some time. And there is now an update in EPEL testing based on the GCT version of the toolkit:

EPEL testing 2018-09-22:

This update is a drop in replacement, keeping the names of the libraries and binaries in the toolkit, keeping the package names in the repositories and keeping library sonames the same as in the Globus Toolkit.

Most of the changes to the code in the GCT release with respect to the latest Globus Toolkit release were already present in the packages in the repositories due to patches applied in the packaging.

globus-gssapi-gsi and TLS 1.2

As reported at the last meeting, the globus-gssapi-gsi package in the update that was then in EPEL testing (version 13.10-1) changed the default minimum TLS version to 1.2. It is possible to change it to 1.0 (the old default) or 1.1 in /etc/grid-security/gsi.conf or using environment variables.

Unfortunately this change turned out to be more disruptive than anticipated. By the time I was made aware of the problems, the update had already been pushed to EPEL stable. Two separate issues have been reported:

  • In versions of globus-gssapi-gsi before 11.26 (January 2016) there was a bug that meant that using the FORCE_TLS option meant forcing TLS 1.0, i.e. it also disabled TLS 1.1 and 1.2, and not only SSLv3. So sites that have such old versions installed and also have set the FORCE_TLS option (which was not the default) could not be contacted by clients that requested TLS version 1.2 as the minimum. The number of sites affected by this issue is expected to be small, and they can be fixed by upgrading and/or configuration.
  • The other issue is sites deploying the BeStMan SRM server. This uses a java / jetty / jglobus implementation of GSI and not the Globus Toolkit. Efforts to persuade this implementation to accept a TLS 1.2 connection has so far not been successful. The number and size of sites affexted by this issue is not insignificant and includes e.g. the CERN EOS.

TLS 1.0 and 1.1 are recommended not to be used due to security concerns, so long term it makes sense to set the default minimum TLS version to 1.2. However, in order to limit the disruption, the configuration file in the globus-gssapi-gsi version currently in EPEL testing (14.7-2) have been patched to set the default minimum TLS version to 1.0.

xrootd

caNl

BDII

CentOS 7 packages for "BDII nagios probes": work in progress

WN/UI

Preview

  • 2018-08-06
    • Preview 1.19.0 AppDB info (sl6): ARGUS 1.7.2, CGSI-gSOAP 1.3.11, CREAM 1.16.7, davix 0.6.8, dCache 3.2.27, frontier-squid 3.5.27-5.2, STORM 1.11.14, xrootd 4.8.4
    • Preview 2.19.0 AppDB info (CentOS 7): CGSI-gSOAP 1.3.11, CREAM 1.16.7, davix 0.6.8, dCache 3.2.27, frontier-squid 3.5.27-5.2, xrootd 4.8.4
  • gathering information for the new update: DPM 1.10.3, ...

AOB

nagios probes on CentOS 7

to assess:

planned/in progress:

available:

Next meeting