Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @


From EGIWiki
Jump to navigation Jump to search
Main operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security

Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators

Back to

General information



Preview repository

  • released on 2021-04-09
  • next release: ARC 6.11.0, STORM 1.11.20, VOMS 04-21



  • HTCondor-CE probes
    • deployed on secmon and pakiti: GGUS 150006
    • working on the probe for the host certificate validity check: GGUS 147386
      • With 8.9.12 installed (expected the week of Mar 15), you should be able to query remote HTCondor-CEs for their host certificate using the following:
$ python -c 'import htcondor; ad = htcondor.Collector("").locate(htcondor.DaemonTypes.Schedd, ""); print htcondor.SecMan().ping(ad, "READ")["ServerPublicCert"]' | openssl x509 -noout -subject -enddate
subject= /
notAfter=Apr 26 12:26:42 2021 GMT
    • a new version of HTCondor (9.0.0) will be added to the UMD Test repo and then the probe can be deployed on the testing instance of ARGO


Feedback from DMSU

New Know Error Database (KEDB)

The KEDB has been moved to Jira+Confluence:

  • problems are tracked with Jira tickets to better follow-up their evoulution
  • problems can be registered by DMSU staff and EGI Operations team

Monthly Availability/Reliability

IPv6 readiness plans

APEL migration from ActiveMQ to ARGO Message Service (AMS)

  • Migration insructions:
  • ActiveMQ is going to be dismissed at the end of May
  • Releasing a new version of Apel Client (1.9.0) compatible with the new AMS protocol when used to trigger the publication of the accounting records
    • APEL SSM works fine since 2.4.0 version
  • The accounting component of ARC-CE still uses the STOMP protocol to send the message records
    • The developers are working on a new version compatible with AMS
    • some sites will be asked to test the new version when available
  • Cloud accounting campaign:
  • HTCondorCE and Storage accounting campaign:
  • Most common issues:
    • mismatch between the host certificate subject registered in GOCDB and the real DN
    • SAN field missing / wrongly defined in the host certificate
    • DNS entries not completely defined
    • same host used to send different types of accounting records
  • a new version of ARGO Message Service mitigates the problems related to DNS entries and the SAN field:

Prerequisites for using AMS

  • A valid host certificate from an IGTF Accredited CA.
  • A GOCDB 'Site' entry flagged as 'Production'.
  • A GOCDB 'Service' entry of the correct service type flagged as 'Production'. The following service types are used:
    • For Grid accounting use 'gLite-APEL'.
    • For Cloud accounting use ''.
    • For Storage accounting use ''.
  • The 'Host DN' listed in the GOCDB 'Service' entry must exactly match the certificate DN of the host used for accounting. Make sure there are no leading or trailing spaces in the 'Host DN' field.

CREAM-CE Decommission

  • End of Security Updates and Support: 31st Dec 2020
  • Decommissioning deadline: 31st Jan 2021
  • PROC16 Decommission of unsupported software
  • Decommissioning start date: Oct 1st 2020
  • Nov 1st: probe returns CRITICAL status, alarms created on the ROD dashboard, ROD teams start to create tickets
  • 1st Feb 2021: EGI Ops will start chasing the sites still providing CREAM-CE endpoints
    • By this time service end-points which couldn't be upgraded should be put into downtime by site admin or ROD
  • 1st March 2021: Sites still deploying unsupported service endpoints risk suspension, unless documented technical reasons prevent a Site Admin from updating these endpoints.
  • Tickets opened: 49
  • Please note that at least one CE endpoint should be associated to the APEL service type in order to monitor the publication of the accounting data, as explained here
    • If the CE you are going to remove was also registered as APEL service type, do not forget to move the APEL service type to a different CE endpoint.

VOMS upgrade to CentOS 7

  • VOMS for CentOS 7 released Nov 23rd with UMD 4.12.13
    • VOMS Admin 3.8.0, VOMS Server 2.0.15
  • VOMS endpoints registered on GOCDB as production and monitored: 41
    • Provided by 33 sites
  • list of ticket opened: GGUS
    • total: 31. Solved: 20.
  • the VOMS servers need to be published in the BDII in order to easily collect the deployed version


Next meeting

14th Jun 2021