Operations portal

v6.2 - 2021-10-19

This service is provided by CCIN2P3, and funded by the European Union’s Horizon 2020 research and innovation programme

logo ccin2p3 logo egi logo eosc

Latest news

Survey over users authentication method: migration from X509 personal certificates to federated identities based on tokens

January 28, 2022 14:02 | Alessandro Paolini
More details

Survey over users authentication method: migration from X509 personal certificates to federated identities based on tokens

Dear VO managers,

this year an important change is going to happen to the middleware that you use daily to run your analysis, simulations, and to manage your data:
the authentication and authorisation mechanism will move from X509 personal certificates to federated identities based on tokens.

This means that in order to access all of the EGI services you will need to use your academic/social account, and this account needs to be registered in EGI Check-in (see for example https://docs.egi.eu/users/check-in/signup/ ).

The EGI Cloud Compute service (https://docs.egi.eu/users/cloud-compute/) already moved time ago to the usage of federated identities as authentication system, so the services we refer to are the ones historically called "grid services" such as Computing Elements and Storage Elements (using protocols like SRM, webdav/http, GridFTP, etc.).

We would like to implement this change in a smooth way, and we expect to have a transition period where both X509 and federated identities tokens can be used.
During this transition phase there might be delays in updating the GRID elements to the latest version compliant with tokens, not all of the middleware products will be compliant with tokens at the same time, and the same VO will have to interact with element supporting different authentication methods.

In order to better plan this huge change in the usage of our Infrastructure, we would really appreciate to have your feedback about your experience with the aforementioned services: we ask you to reply to some questions with the aim to understand how this change will affect your normal workflow and to implement it in a way as much transparent to you as possible.

The survey will take only a few minutes to be filled in and it is oriented to the VO managers: we would like to have one reply per VO.
Of course, before replying to the survey, you can collect the relevant information from the most-active users, or in case you can also ask one of them to reply on behalf of your VO.

Llnk to the survey: https://survey.egi.eu/812154?lang=en

Please reply to the survey by Thu 24th February.

Thanks for your collaboration,
EGI Operations

January 28, 2022 14:02
by Alessandro Paolini

EGI Trust Anchor release 1.114-1

January 18, 2022 12:05 | Joao Antonio Tomasio Pina
More details

EGI Trust Anchor release 1.114-1

Dear all,

EUGridPMA has announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs has been packaged for EGI.

Please upgrade until 2022.01.24 at your earliest convenience. When this time is over, SAM will throw critical errors on CA tests if old CAs are still detected.

Please check https://wiki.egi.eu/wiki/EGI_IGTF_Release for more details
EGI UMD software provisioning Team

The following notes accompany this version:
------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
https://wiki.egi.eu/wiki/EGI_IGTF_Release
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.114-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.114-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.113 to 1.114
---------------------------
(l7 January 2022)

* Extended validity for SlovakGrid issuing CA (SK)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

IMPORTANT NOTICE:
This release contains a new "cam" (combined assurance/adequacy) package
based on the approved policy on differentiated assurance. See details on
the EGI Wiki at https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
TECHNICALLY THIS MEANS THAT
you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update. See
https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
OTHERWISE
just only install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

Policy on Acceptable Authentication Assurance (Updated 1 Feb 2017)
------------------------------------------------------------------
If a VO registration service or e-Infrastructure registration service is
accredited by EGI to meet the approved authentication assurance, an IGTF
"DOGWOOD" accredited Authority - used solely in combination with said
registration service - is also adequate for user authentication. See
the policy at https://documents.egi.eu/document/2930 for details.
This additional restriction policy must be implemented by each service
in the authorization software. The "combined assurance" model package MUST NOT
be installed unless the additional authorization is in place. You will need
to reconfigure and may need to install upgrades.

Version information: ca-policy-egi-combined-adequacy-model = 1.114-1

January 18, 2022 12:05
by Joao Antonio Tomasio Pina

GGUS is back

December 16, 2021 10:48 | Renato Santana
More details

GGUS is back

Dears,

GGUS is back.
It has been informed that a power outage was the issue cause.

Cheers,
Renato
EGI-Operations OD

December 16, 2021 10:48
by Renato Santana

GGUS is down

December 16, 2021 09:23 | Renato Santana
More details

GGUS is down

Dears,

GGUS has been down since yesterday (15th/DEC) evening CET, due to a problem with its DB.

Here is the DT:
https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=31571

Experts are looking into the problem and more news will be sent soon.

Cheers,
Renato
EGI Operations - OD

December 16, 2021 09:23
by Renato Santana

testtesttest

December 16, 2021 09:23 | Alessandro Paolini
More details

testtesttest

testttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt

December 16, 2021 09:23
by Alessandro Paolini

GOCDB at risk Wednesday 15th December from 17:00 to 21:00 UTC

December 14, 2021 16:42 | Rose Cooper
More details

GOCDB at risk Wednesday 15th December from 17:00 to 21:00 UTC

Dear all,

We would like to make you aware that GOCDB will be operating at risk, with likely disruption, on Wednesday 15th December from 17:00 to 21:00 UTC. This is due to an urgent intervention on the RAL core network.

We have declared a "warning" downtime for this period: https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=31554

The failover will remain available throughout this work at https://gocdb.hartree.stfc.ac.uk/.

We would like to thank you in advance for your understanding and we apologise for the short notice and for any
disruption or inconvenience this may cause.

Thanks,
The GOCDB team

December 14, 2021 16:42
by Rose Cooper

More news

GOCDB no longer at risk due to networking changes

November 30, 2021 15:34 | Greg Corbett
More details

GOCDB no longer at risk due to networking changes

Dear all,

Following yesterday’s disruption to the STFC network, the site-wide work that was being undertaken (and would have continued until Dec 10th) has been paused until early next year. As a result, GOCDB should no longer be considered at risk.

Thanks,
The GOCDB Team

November 30, 2021 15:34
by Greg Corbett

APEL and GOCDB degraded availability

November 29, 2021 16:34 | Greg Corbett
More details

APEL and GOCDB degraded availability

Dear all,

Following a change to the RAL network today, as part of the wider ongoing work, STFC’s externally connectivity has been degraded. This seems to be effecting some users more than others, with some users seeing connections that are slow or intermittent and other users not being able to connect at all.

This change will now be rolled back, resulting in a period of network outage between 16:30 and 17:00 UTC.

As a result of this degradation:
- There may be delays in data reaching the EGI Accounting Portal.
- GOCDB (goc.egi.eu and gocdb.hartree.stfc.ac.uk) may have been unavailable to certain users throughout the day.

Apologies for any inconvenience this is causing,

The APEL and GOCDB Team

November 29, 2021 16:34
by Greg Corbett

ce01-htc.cr.cnaf.infn.it:9619 decommissioning

November 22, 2021 15:03 | Stefano Dal Pra
More details

ce01-htc.cr.cnaf.infn.it:9619 decommissioning

we are dismissing the HTCONDOR-CE
ce01-htc.cr.cnaf.infn.it:9619
(cfr. ggus ticket:
https://ggus.eu/index.php?mode=ticket_info&ticket_id=155019 )

The CE currently is on scheduled down until 30/11/2021 and we do not plan to reactivate it.

Regards
Stefano

November 22, 2021 15:03
by Stefano Dal Pra

GOCDB operating AT RISK between 22/11/21 until 10/12/21

November 19, 2021 14:36 | Greg Corbett
More details

GOCDB operating AT RISK between 22/11/21 until 10/12/21

Dear all,

We would like to make you aware that GOCDB will be operating at risk from 22nd November until 10th December. This is due to site-wide work being undertaken which involves some major changes to the RAL network.

We have declared a "warning" downtime for this period: https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=31434

There are a series of changes as part of this work, with multiple site network routers being updated. Some of these will directly affect networks that underpin service components of GOCDB. We will declare specific downtimes for these periods, and have already done so for the 30th November and 2nd December.

30th November, PM - Requests to goc.egi.eu will be served by the read only failover: https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=31435
2nd December, AM - goc.egi.eu will be down: https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=31438

The failover will remain available throughout this work at https://gocdb.hartree.stfc.ac.uk/.

We would like to thank you in advance for your understanding and we apologise for the short notice and for any disruption or inconvenience this may cause.

Thanks,
The GOCDB Team

November 19, 2021 14:36
by Greg Corbett

vomsmania.cnaf.infn.it certificate update

November 15, 2021 08:01 | Diego Michelotto
More details

vomsmania.cnaf.infn.it certificate update

Dear all,

we have recently updated the vomsmania.cnaf.infn.it certificate, this the new subject and issuer:

subject: /DC=org/DC=terena/DC=tcs/C=IT/ST=Roma/O=Istituto Nazionale di Fisica Nucleare - INFN/CN=vomsmania.cnaf.infn.it
issuer: /C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4

Please update your configurations as soon as possible.

Diego
NGI_IT

November 15, 2021 08:01
by Diego Michelotto

Decommissioning of LFCs at JP-KEK-CRC-02

November 8, 2021 23:51 | Go Iwai
More details

Decommissioning of LFCs at JP-KEK-CRC-02

As described in https://confluence.egi.eu/display/EGIPP/PROC12+Production+Service+Decommissioning, I am writing this to notify and track the decommissioning of the following services hosted at JP-KEK-CRC-02:

kek2-lfc.cc.kek.jp (Central-LFC)
kek2-lfc03.cc.kek.jp (Central-LFC)
kek2-lfcb1.cc.kek.jp (Local-LFC)
kek2-lfcb2.cc.kek.jp (Local-LFC)

The following timeline will be applied for the decommissioning steps:

Thu, November 4th - Announcement: Creating a GGUS ticket (*1) and EGI Broadcast.

Fri, November 19th - Start the downtime (*2) with Warning of Severity six weeks before the service decommission. The services as a read-only mode will be provided until the end of the day of services. Please keep in mind no longer available to register any new data on or after this date.

Thu, December 16th - Service will be decommissioned and removed from the GOCDB. The database backup and logs on the services must be secured and preserved at least 90 days from this date.

Sincerely yours,
Go

[1] https://ggus.eu/index.php?mode=ticket_info&ticket_id=154776
[2] https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=31357

November 8, 2021 23:51
by Go Iwai

Decommissioning of ARC-CEs at JP-KEK-CRC-02

November 1, 2021 23:53 | Go Iwai
More details

Decommissioning of ARC-CEs at JP-KEK-CRC-02

As described in https://wiki.egi.eu/wiki/PROC12_Production_Service_Decommissioning, I am writing this to notify and track the decommissioning of the following services hosted at JP-KEK-CRC-02:

kek2-ce01.cc.kek.jp (ARC-CE)
kek2-ce02.cc.kek.jp (ARC-CE)

The following timeline will be applied for the decommissioning steps:

Tue, November 2nd - Announcement: Creating a GGUS ticket [1] and EGI Broadcast

Wed, November 17th - Start the downtime with Warning of Severity two weeks before the service decommission. Jobs will be allowed to submit and run until the end of the day of services. Jobs must complete and secure outputs before the end of the service. Several queues, which name ends with _heavy, for a very long time running job are going to close on Monday, November 22nd, 2021.

Mon, December 3rd - Service will be decommissioned and removed from the GOCDB. The service to be replaced for decommissioning ARC-CEs has been running on kek2-ce03.cc.kek.jp and kek2-ce04.cc.kek.jp. The service quality is near the production level. All jobs should be submitted to these new ARC-CEs on and after this date.

Sincerely yours,
Go

*1 https://ggus.eu/index.php?mode=ticket_info&ticket_id=154729

November 1, 2021 23:53
by Go Iwai

Decommissioning of the CAMK site

October 9, 2021 09:05 | Jerzy Borkowski
More details

Decommissioning of the CAMK site

CAMK site will be decommissioned soon.

CAMK site supports vo.hess-experiment.eu and vo.cta.in2p3.fr VOs. AFAIK CAMK SEs do not store any big data belonging to the HESS/CTA VOs (VO managers may want to verify this).

https://ggus.eu/index.php?mode=ticket_info&ticket_id=154368

Timeline:
2021-10-09 - announcement
2021-10-23 - deadline for VO managers replies/actions
2021-10-23 - start of downtime
2021-11-30 - removal from GOCDB

regards,

Jerzy Borkowski

October 9, 2021 09:05
by Jerzy Borkowski

EGI Trust Anchor release 1.113-1

October 6, 2021 07:57 | Joao Antonio Tomasio Pina
More details

EGI Trust Anchor release 1.113-1

Dear all,

EUGridPMA has announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs has been packaged for EGI.

Please upgrade until 2021.09.12 at your earliest convenience. When this time is over, SAM will throw critical errors on CA tests if old CAs are still detected.

Please check https://wiki.egi.eu/wiki/EGI_IGTF_Release for more details
EGI UMD software provisioning Team

The following notes accompany this version:
European Grid Infrastructure EGI Trust Anchor release 1.113 2021.10.04

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
https://wiki.egi.eu/wiki/EGI_IGTF_Release
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.113-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.113-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.112 to 1.113
---------------------------
(4 October 2021)

* Suspended MD-GRID CA due to network resolution issues (MD)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

IMPORTANT NOTICE:
This release contains a new "cam" (combined assurance/adequacy) package
based on the approved policy on differentiated assurance. See details on
the EGI Wiki at https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
TECHNICALLY THIS MEANS THAT
you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update. See
https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
OTHERWISE
just only install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

Policy on Acceptable Authentication Assurance (Updated 1 Feb 2017)
------------------------------------------------------------------
If a VO registration service or e-Infrastructure registration service is
accredited by EGI to meet the approved authentication assurance, an IGTF
"DOGWOOD" accredited Authority - used solely in combination with said
registration service - is also adequate for user authentication. See
the policy at https://documents.egi.eu/document/2930 for details.
This additional restriction policy must be implemented by each service
in the authorization software. The "combined assurance" model package MUST NOT
be installed unless the additional authorization is in place. You will need
to reconfigure and may need to install upgrades.

Version information: ca-policy-egi-combined-adequacy-model = 1.113-1

October 6, 2021 07:57
by Joao Antonio Tomasio Pina

Home

Broadcast

Downtimes

VO Management

VO List

Dashboard

Metrics

SLA

v6.2 - 2021-10-19

Latest news

Survey over users authentication method: migration from X509 personal certificates to federated identities based on tokens

EGI Trust Anchor release 1.114-1

GGUS is back

GGUS is down

testtesttest

GOCDB at risk Wednesday 15th December from 17:00 to 21:00 UTC

GOCDB no longer at risk due to networking changes

APEL and GOCDB degraded availability

ce01-htc.cr.cnaf.infn.it:9619 decommissioning

GOCDB operating AT RISK between 22/11/21 until 10/12/21

vomsmania.cnaf.infn.it certificate update

Decommissioning of LFCs at JP-KEK-CRC-02

Decommissioning of ARC-CEs at JP-KEK-CRC-02

Decommissioning of the CAMK site

EGI Trust Anchor release 1.113-1