Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @


From EGIWiki
Jump to navigation Jump to search
Main operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security

Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators

Back to

General information



  • CentOS8 discussion still ongoing
  • migration of Software Provisioning infrastructure to IBERGRID still ongoing
    • finalised the migration, we are making a test release for UMD4, if everything works we will make a new April update
    • CMD new major release planned in parallel, for Ubuntu 20 and CentOS7

Preview repository



  • Site-BDII metrics org.bdii.Entries and org.bdii.Freshness removed from ARGO_MON_CRITICAL profile
    • the metrics are still kept in the ARGO_MON_OPERATORS profiles
    • it is still an important service to support infrastructure oversight activities
  • HTCondor-CE probes
    • deployed on secmon and pakiti: GGUS 150006
    • working on the probe for the host certificate validity check: GGUS 147386
      • With 8.9.12 installed (expected the week of Mar 15), you should be able to query remote HTCondor-CEs for their host certificate using the following:
$ python -c 'import htcondor; ad = htcondor.Collector("").locate(htcondor.DaemonTypes.Schedd, ""); print htcondor.SecMan().ping(ad, "READ")["ServerPublicCert"]' | openssl x509 -noout -subject -enddate
subject= /
notAfter=Apr 26 12:26:42 2021 GMT
    • emi.cream.CREAMCE*
    • eu.egi.CREAM*


Feedback from DMSU

Monthly Availability/Reliability

IPv6 readiness plans

APEL migration from ActiveMQ to ARGO Message Service (AMS)

  • Migration insructions:
  • ActiveMQ is going to be dismissed at the end of May
  • Releasing a new version of Apel Client (1.9.0) compatible with the new AMS protocol when used to trigger the publication of the accounting records
    • APEL SSM works fine since 2.4.0 version
  • The accounting component of ARC-CE still uses the STOMP protocol to send the message records
    • The developers are working on a new version compatible with AMS
    • some sites will be asked to test the new version when available
  • Cloud accounting campaign:
  • HTCondorCE and Storage accounting campaign:
  • Most common issues:
    • mismatch between the host certificate subject registered in GOCDB and the real DN
    • SAN field missing / wrongly defined in the host certificate
    • DNS entries not completely defined
    • same host used to send different types of accounting records
  • a new version of ARGO Message Service mitigates the problems related to DNS entries and the SAN field:

Prerequisites for using AMS

  • A valid host certificate from an IGTF Accredited CA.
  • A GOCDB 'Site' entry flagged as 'Production'.
  • A GOCDB 'Service' entry of the correct service type flagged as 'Production'. The following service types are used:
    • For Grid accounting use 'gLite-APEL'.
    • For Cloud accounting use ''.
    • For Storage accounting use ''.
  • The 'Host DN' listed in the GOCDB 'Service' entry must exactly match the certificate DN of the host used for accounting. Make sure there are no leading or trailing spaces in the 'Host DN' field.

Feedback from NGI_FRANCE

On the Cloud infra, several tickets have been open to switch to the new messaging system. It would be nice to have the following RPMs made available from CMD repo, and not only from UMD:

  • apel-ssm-2.4.1-1.el7.noarch
  • python-argo-ams-library-0.5.1-1.el7.noarch

In addition, many Cloud sites are now using OpenStack Stein or newer. These version are provided with python-daemon = 2.2.3-1.el7. It conflicts with the requirement of apel-ssm ( python-daemon < 2.2.0)

Feedback from URT:

  • there is new apel-ssm 3.0.0 version under untested repo and this new version solves the dependency issue of requirement python-daemon <= 2.2.0.
  • there is also the new python-argo-ams 0.54 library

ARC-CE probe failing due to UMD repositories being down

Job terminated as Failed. - Failed in data staging: Failed checking source replica Failed to obtain information about file: Failed to connect to - JID: gsi 

CREAM-CE Decommission

  • End of Security Updates and Support: 31st Dec 2020
  • Decommissioning deadline: 31st Jan 2021
  • PROC16 Decommission of unsupported software
  • Decommissioning start date: Oct 1st 2020
  • Nov 1st: probe returns CRITICAL status, alarms created on the ROD dashboard, ROD teams start to create tickets
  • 1st Feb 2021: EGI Ops will start chasing the sites still providing CREAM-CE endpoints
    • By this time service end-points which couldn't be upgraded should be put into downtime by site admin or ROD
  • 1st March 2021: Sites still deploying unsupported service endpoints risk suspension, unless documented technical reasons prevent a Site Admin from updating these endpoints.
  • Tickets opened: 49
  • Please note that at least one CE endpoint should be associated to the APEL service type in order to monitor the publication of the accounting data, as explained here
    • If the CE you are going to remove was also registered as APEL service type, do not forget to move the APEL service type to a different CE endpoint.

VOMS upgrade to CentOS 7

  • VOMS for CentOS 7 released Nov 23rd with UMD 4.12.13
    • VOMS Admin 3.8.0, VOMS Server 2.0.15
  • VOMS endpoints registered on GOCDB as production and monitored: 41
    • Provided by 33 sites
  • list of ticket opened: GGUS
    • total: 31. Solved: 19.
  • the VOMS servers need to be published in the BDII in order to easily collect the deployed version


Next meeting

12th Apr 2021