URT:Agenda-22-06-2015

From EGIWiki
Revision as of 14:23, 22 June 2015 by Jknilsen (talk | contribs) (ARC)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Adobe connect direct link Conference system is on adobe connect, no password required.
Indico page for the meeting


News

UMD releases status


Status of the products verification/staged rollout

Released

    • ARGUS-PAP, v. 1.6.4
    • dCache server, v.2.10.24

Under Staged Rollout

  • gfal2-python 1.8.1
  • gfal2 2.9.1
  • srm-ifce 1.23.1
  • storm 1.11.9

In Verification

  • Globus components (GridFTP,MyProxy,Gram5,globus-default-security)
  • Dcache 2.10.31
  • gfal2-plugin-xrootd 0.3.4
  • squid 2.7.24

Ready to be released:

  • cream 1.16.5 (sl6)
  • apel 1.4.1
  • srm-ifce 1.22.1
  • glexec (lcmaps and c-pap)
  • storm 1.11.8
  • gfal2 2.8.4
  • dpm-xroot 3.5.2 (new)
  • xroot 4.1.1 (new)
  • cvmfs 2.1.20
  • gfal2-python 1.7.1
  • fetch-crl 3.0.16

Rejected

  • cream 1.16.5 (sl5): Under Investigation
  • -----

Timeline for the next UMD updates

  • End May

New UMD release process timeline

  • Wiki updated: [1]
  • The Wiki pages are being re-structured so the location may change.

Updates from the product teams

This section is directly contributed by the product teams. Please, add under your section the scheduled releases with a short comment about the updates introduced and where they are going to be released (EMI repositories, EPEL, private repositories ecc), linking external pages with these information is ok, but please add at least the expected date of the next release. It is important to discuss, within the URT, changes that may affect directly or indirectly other products. The text will be copied into the agenda of the next URT meeting, PT will just need to check that all the information are up to date. Please, feel free to alter the template if it doesn't feet with your needs.

APEL

  • Release version 1.4.0 Released: 2013-02-16
    • Main changes: (including other products affected)
    • Other information:

ARC

Argus

  • ARGUS PAP v. 1.6.2
    • Released on: 2015-02-09
    • Main changes: fix for "SSL authentication errors for the pap-admin client after the upgrade to the latest JRE"

dCache

  • Release version 2.10.33 Expected: next UMD release
    • Main changes: see appdb
    • Other information:

BDII

  • Release version x.y.z Expected: 2013-xx-yy
    • Main changes: (including other products affected)
    • Other information:

DPM/LFC

  • DPM
    • DPM-Xrootd 3.5.2 is in EPEL stable
    • this is the first version of the component compatible with xrootd4

Data management clients

    • gfal2 2.9.1
    • gfal2-python 1.8.1
    • gfal2-utils 1.2.1
    • gfal2-plugin-xrootd 0.4.0
    • srm-ifce 1.23.1

will ask our colleagues at T0 to prepare the verification reports

FTS

Frontier-Squid

EMIR

  • Release version: ; Expected:
    • Main changes:
    • Other information:

UNICORE

(expected in the course of 2015 that we will publish packages for UMD via AppDB at https://appdb.egi.eu/store/software/unicore

For now, packages for UNICORE 7.2.0 can be downloaded from

Debian: http://unicore-dev.zam.kfa-juelich.de/release-candidates/core/7.2.0-packages/deb

RPM: http://unicore-dev.zam.kfa-juelich.de/release-candidates/core/7.2.0-packages/rpm

RPM packages were tested on Centos 6, so SL6 will be fine. SL5 is NOT supported any more.

Changes are listed with respect to the last UNICORE version available in UMD which is 6.6.0


  • UCC 7.x Expected on: TBD
    • Main changes: (including other products affected)
    • Other information:

LB

  • Release version x.y.z Expected: 2013-xx-yy
    • Main changes: (including other products affected)
    • Other information:

Gridsite

  • Release version x.y.z Expected: 2013-xx-yy
    • Main changes: (including other products affected)
    • Other information:

Proxyrenewal

  • Release version x.y.z Expected: 2013-xx-yy
    • Main changes: (including other products affected)
    • Other information:

CANL

  • Release version x.y.z Expected: 2013-xx-yy
    • Main changes: (including other products affected)
    • Other information:

gLite-security

  • Release version w.k.j Expected on: 2013-xx-yy
    • Main changes: (including other products affected)
    • Other information:

gLExec-wn

  • LCMAPS-plugins-C-PEP & EES(+xacml library)
  • Release version x.y.z Expected: 2013-xx-yy
    • Main changes: (including other products affected)
    • Other information:

CREAM

  • BLAH
  • Release version x.y.z Expected: 2013-xx-yy
    • Main changes: (including other products affected)
    • Other information:


CREAM GE utils

  • Release version X.Y.Z Expected: 2015-XX-YY
    • Main changes:
    • Other information:

STORM

VOMS

  • Release versions:
    • VOMS Admin server v. 3.3.
    • VOMS Clients v. , VOMS API Java v.
    • VOMS C APIs, native clients and server v.
  • Released version - VOMS Admin server v. 3.3.2 - released: 28.01.2015

WMS

  • Release version x.y.z Expected: 2013-xx-yy
    • Main changes: (including other products affected)
    • Other information:

Globus

The updated globus-gssapi-gsi version 11.16 in EPEL testing changed the default name compatibility mode from "HYBRID" to "STRICT_RFC2818". This caused some issues when tested on some deployed systems. See the GGUS ticket for details:

https://ggus.eu/index.php?mode=ticket_info&ticket_id=114076

To remedy this upstream issued an updated version 11.18 that changed the default back to HYBRID. However, upstream considers this to be a temporary measure, and would like to change the default to "STRICT_RFC2818" eventually.

The EPEL update request has been modified to now use the 11.18 version.

The issues in the GGUS ticket were mainly due to configuration mistakes such as a reverse DNS lookup pointing to the wrong name or host certificates that didn't have the hostname listed in alt subject names and are basically understood.

You can test the impact of different name compatibility mode settings on your software by changing the name resolution mode in the configuration file /etc/grid-security/gsi.conf (introduced in version 11.15) or by using the GLOBUS_GSSAPI_NAME_COMPATIBILITY environment variable. The environment variable has precedence over the config file setting.

The "HYBRID" setting in addition to the RFC 2818 way of doing name comparison also accepts the old GT2 way of doing this, which includes accepting matching to the name from the reverse DNS lookup. This by some is considered a security problem, and changing the default to "STRICT_RFC2818" will avoid this.

More details about the different name compatibility modes from /etc/grid-security/gsi.conf is copied below:

# GSSAPI Name compatiblity mode when trying to determine
# if a host certificate is legitimate. GSI predates RFC2818,
# so there are some old, less-secure, practices by default.
# The different modes are:
# STRICT_GT2:
#     Strictly backward-compatible with GT 2.0 name matching. 
#     X.509 subjectAltName values are ignored. Names with
#     hyphens are treated as wildcarded such that 
#     host-ANYTHING.example.com will match a certificate named
#     host.example.com. The name matching will rely on canonical
#     host (as resolved via getnameinfo) name associated with
#     a connection's IP addresses.
# STRICT_RFC2818:
#     Support RFC 2818 server identity processing. Hyphen 
#     characters are treated as normal part of a host name. 
#     dnsName and ipAddress subjectAltName extensions are matched
#     against the host and port passed to GSSAPI. If subjectAltName 
#     is present, X.509 SubjectName is ignored. 
# HYBRID:
#     Support a hybrid of the two previous name matching algorithms,
#     liberally matching both hyphen wildcards, canonical names
#     associated with IP addresses, and subjectAltName extensions.
#     This has been the default since GT 4.2

This update is currently being pushed to EPEL stable, and the GGUS ticket was closed with the following resolution: "Problem is well understood and many options now exist for the short term and plans for the medium term."

The upstream developers say: "We'll probably be including the change to strict by default as part of the 6.1 release later this year."

So consider this a heads up for reintroducing the change in default.

Another set of updates was released by upstream last week. Changes are minor but includes an update to myproxy to fix a glitch in its RFC2818 support.

History of Globus updates in EPEL (since GT 6.0)

QCG

Next Release is planned for UMD update in May.

  • GPU support in QCG-Broker/Client
  • VO support in QCG-Broker/Client


  • Due to missing elements in GLUE2 schema (reported many times long time ago) some warnings are still reported by glue-validator:
    • W037 Description: Wrong type
    • W037 Affected attribute: GLUE2ServiceType
    • W037 Published value: ['org.qcg.notification']
    • W037 Description: Wrong type
    • W037 Affected attribute: GLUE2EndpointInterfaceName
    • W037 Published value: ['org.oasis.notification']
    • W037 Description: Wrong type
    • W037 Affected attribute: GLUE2ServiceType
    • W037 Published value: ['org.qcg.computing']
  • In preparation for the subsequent udpate:
    • several updates of the packages, including new versions of QCG-Broker (support for voms) and QCG-Computing services.

xrootd

xrootd 4.2.1 available in EPEL.

After two weeks in EPEL testing the updates have been pushed to EPEL stable 2015-06-20. No feedback was recieved during the period the updates spent in testing. Hopefully this means that no problems were found during testing. (It can also mean noone bothered to do any testing, but you are not that careless - right?)

Report from WLCG MW Officer

Other topics

Actions (done and in progress)

Java 7

EPEL 7

  • Next UMD will support CentOS7
  • It is important to know the status of the support of CentOS7 for the components in UMD, and if there is no support yet which the plans are. Please keep your information up to date: Status of support of EPEL 7 (SL7/CentOS7)
  • The UMD4 will support EPEL7 and Ubuntu.
  • The first release of UMD4 will be on Sept2015.

AOB

  • Next meeting 20 July 2015 , 15:00 CET

Minutes

Audio conference details

Room link: http://connect.ct.infn.it/egi-inspire-sa1-ter/

Please provide you Name and product team/affiliation as Guest Name.

In left top corner you will find "Meeting->Audio Setup Wizard" Button which will help you to configure your audio.

You can test Your Computer with this link http://connect.ct.infn.it/common/help/en/support/meeting_test.htm

Adobe Connect tutorials: http://tv.adobe.com/show/learn-adobe-connect-8/

Adobe connect is flash-based, please if you have issues with your configuration try Chrome as browser.

Back to the URT agendas list page: URT_meetings_agendas