Operations portal

Home Broadcast Downtimes VO Management Metrics ROD Dashboard COD Dashboard Security Dashboard VO Dashboard

Operations Portal is an EGI service provided by CCIN2P3,
co-funded by EGI.eu and EGI-Engage

For any contact, use this section: Contact Us

The Operations Portal is a central portal for the EGI operations management that offers a different capabilities, such as the broadcast tool, VO management facilities and various of dashboards (Security, VO and Operations) to facilitate infrastructure oversight.

Latest news

EGI Trust Anchor release 1.94-1
October 29, 2018 17:46
Joao Antonio Tomasio Pina
more details

EGI Trust Anchor release 1.94-1

Dear all,

EUGridPMA have announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs have been packaged for EGI.
This release brings some changes at the level of the meta-pakage names so please read the release notes carefully and upgrade until 2018.11.05 at your earliest convenience. When this timeout is over, SAM will throw critical errors on CA tests if old CAs are still detected.

Please check https://wiki.egi.eu/wiki/EGI_IGTF_Release for more details

EGI UMD software provisioning Team

The following release notes accompany this release:
European Grid Infrastructure EGI Trust Anchor release 1.94 2018.10.29

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
https://wiki.egi.eu/wiki/EGI_IGTF_Release
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.94-1 with Classic, SLCS and MICS profiles, encoded in
meta-package "ca-policy-egi-core-1.94-1" (new installs) and "lcg-CA-1.94-1"
(for sites upgrading from EGEE/JSPG releases).

IMPORTANT NOTICE:
Sites that need compliance with the WLCG policy should install BOTH packages,
or you will miss out the CERN WLCG IOTA CA specific exception. Details, see:
https://documents.egi.eu/document/2745

Please review the documentation for the new software that will be needed
to support differentiated assurance and the Collaborative Assurance Model.
We ask for your support in implementing the requisite changes, and deploy
new trust anchor meta-packages and the new local policies only in unison.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.93 to 1.94
-------------------------
(29 Oct 2018)

* extended validity period for the ArmeSFo CA (AM)
* withdrawn expiring DFN-SLCS CA (DE)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Version information: ca-policy-egi-core = 1.94-1

October 29, 2018 17:46
by Joao Antonio Tomasio Pina

Important notice concerning the support of TLS v1.2 on EGI
October 29, 2018 13:00
litmaath
more details

Important notice concerning the support of TLS v1.2 on EGI

Dear colleagues,
on Sep 21 a Globus update in the EPEL repositories made TLS v1.2
the only version to be supported for security handshakes in GSI.
The concerned package was globus-gssapi-gsi-13.10.

Unfortunately, it quickly became clear that a significant number
of grid services in EGI are not ready for that change and started
running into failures.

We therefore asked for the minimum supported version to be set to
TLS v1.0 again in /etc/grid-security/gsi.conf:

MIN_TLS_PROTOCOL=TLS1_VERSION_DEPRECATED

Version globus-gssapi-gsi-14.7-2 has that _temporary_ workaround
and is available in EPEL since Oct 16.

The UMD currently has globus-gssapi-gsi-13.5 which also is fine
for the time being.

However, as we still want to be able to exclude TLS < v1.2 in the
near future, all potentially affected services should be checked
and updated as needed.

Such services may directly depend on Globus themselves,
but could also be based on Java instead.

Of particular concern are SRM, GridFTP, CE and Argus services.

Standard SRM services listen on port 8443 (dCache), 8444 (StoRM) or
8446 (DPM), while the BeStMan SRM may listen on a non-standard port.
The CREAM CE service listens on port 8443. GridFTP servers used by
CREAM, ARC and SE head nodes listen on port 2811, while the port may
be unpredictable on SE disk servers. Argus listens on port 8154.

To test your SRM, CREAM, Argus or any other HTTPS service,
please run a command like this:

openssl s_client -tls1_2 -connect HOST:PORT 2>&1 < /dev/null |
egrep '^New|Protocol|known|Bad|refused|route'

The following output is a sign of _failure_:

New, (NONE), Cipher is (NONE)

To test a GridFTP server, you normally need a valid VOMS proxy:

env GLOBUS_GSSAPI_MIN_TLS_PROTOCOL=TLS1_2_VERSION uberftp HOST pwd

If any one of those commands fails due to the TLS v1.2 requirement:
please update Java/Globus on the affected service to a recent version,
restart the service and try again.

For the BeStMan SRM one would need to update the "jglobus" package to
version jglobus-2.1.0-10bh available from the EGI third party repository,
and restart the service:

http://repository.egi.eu/community/software/third.party.distribution/

As JGlobus and BeStMan are both unsupported, please look into replacing
such services with alternatives that are supported.

We will need to set a deadline for TLS v1.2 support to early 2019
and will let you know when the timeline has become clearer.

Please report issues you encounter through GGUS etc.

October 29, 2018 13:00
by litmaath

BEgrid-BELNET occi-server downtime
October 16, 2018 13:34
STEPHANE GERARD stgerard@vub.ac.be
more details

BEgrid-BELNET occi-server downtime

Dear,

On Friday 19th of October from 8 AM to 6 PM, we will switch our cloud end-point rocci.iihe.ac.be to occi-server version 2. As a result, during this downtime, it will not possible to create VMs or to manage the life cycle of your existing VMs in our site. However, this should not impact the VMs themselves.

Sorry for the inconvenience.

Regards,
Stéphane Gérard

October 16, 2018 13:34
by STEPHANE GERARD stgerard@vub.ac.be

Decommissioning of old ARC-CEs at TOKYO-LCG2
September 28, 2018 01:39
KISHIMOTO Tomoe
more details

Decommissioning of old ARC-CEs at TOKYO-LCG2

Dear All,

This is to inform you that the following hosts (services) at TOKYO-LCG2 will be decommissioned.

lcg-ce11.icepp.jp (ARC-CE)
lcg-ce12.icepp.jp (ARC-CE)

The downtime will start on 26/10/2018 00:00 (UTC). The services will be disabled and removed directory after the downtime.

Best regards,
Tomoe

September 28, 2018 01:39
by KISHIMOTO Tomoe

EGI Trust Anchor release 1.93-1
September 24, 2018 15:49
Joao Antonio Tomasio Pina
more details

EGI Trust Anchor release 1.93-1

Dear all,

EUGridPMA have announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs have been packaged for EGI.
This release brings some changes at the level of the meta-pakage names so please read the release notes carefully and upgrade until 2018.10.01 at your earliest convenience. When this timeout is over, SAM will throw critical errors on CA tests if old CAs are still detected.

Please check https://wiki.egi.eu/wiki/EGI_IGTF_Release for more details

EGI UMD software provisioning Team

The following release notes accompany this version:
European Grid Infrastructure EGI Trust Anchor release 1.39 2018.09.24

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
https://wiki.egi.eu/wiki/EGI_IGTF_Release
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.93-1 with Classic, SLCS and MICS profiles, encoded in
meta-package "ca-policy-egi-core-1.93-1" (new installs) and "lcg-CA-1.93-1"
(for sites upgrading from EGEE/JSPG releases).

IMPORTANT NOTICE:
Sites that need compliance with the WLCG policy should install BOTH packages,
or you will miss out the CERN WLCG IOTA CA specific exception. Details, see:
https://documents.egi.eu/document/2745

With the introduction of combined assurance/adequacy, the EGEE compatibility
RPM (lcg-CA) can no longer be supported, and -when still installed- will be
obsoleted. The proper dependency packages are: ca-policy-_body_-_class_ and
these have been installed automatically as dependencies since 2010.

Release 1.89 introduced support for differentiated assurance in the EGI
trust fabric infrastructure in the form of an additional trust anchor
meta-package, which replaces the specific policy mechanism described above.
Please review the documentation for the new software that will be needed
to support differentiated assurance and the Collaborative Assurance Model.
We ask for your support in implementing the requisite changes, and deploy
new trust anchor meta-packages and the new local policies only in unison.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.92 to 1.93
-------------------------
(24 Sep 2018)

* Updated contact information for HellasGrid-CA (GR)
* Removed superseded IGCA CA (IN)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Version information: ca-policy-egi-core = 1.93-1

ChangeLog:
Update of the EGI Trust Anchors to release 1.93-1

September 24, 2018 15:49
by Joao Antonio Tomasio Pina

Upgrade ARC/condor Batchsystem to CentOS7
September 13, 2018 11:27
Sophie Ferry
more details

Upgrade ARC/condor Batchsystem to CentOS7

Dear all,
An outage of the ARC-CE [node16] (and condor workernodes) at GRIF-IRFU is scheduled on Monday. September 17th at 9a.m. to Tuesday,September 18th at 4p.m. in order to upgrade all servers to **CentOS7**.
We will not drain the batch. Remaining idle or running jobs will be killed.
The CREAM-CE [node74] will remain in production in SL6, for the time being.

Best Regards,
The GRIF-IRFU team.

September 13, 2018 11:27
by Sophie Ferry

>>> More news <<<

RAL IPv6 Outage
August 24, 2018 21:13
darren moore
more details

RAL IPv6 Outage

RAL's IPv6 issues have been resolved. All IPv6 reliant services are now back in production.

August 24, 2018 21:13
by darren moore

IPv6 Outage
August 24, 2018 17:15
darren moore
more details

IPv6 Outage

Tier-1 at RAL is currently experiencing an outage of IPv6. This is impacting some services including FTS and GOCDB. We are currently working on this issue and will provide status updates as appropriate.

August 24, 2018 17:15
by darren moore

Retirement of DESY-HH CREAM CEs plus torque/mysched grid-cr{0,1}.desy.de
August 22, 2018 15:35
Andreas Gellrich
more details

Retirement of DESY-HH CREAM CEs plus torque/mysched grid-cr{0,1}.desy.de

Hi *,
we are starting to gradually retire our CREAM + TORQUE/MySched computing resources now.
The CEs will vanish by end of September 2018.

Best regards,
Andreas

August 22, 2018 15:35
by Andreas Gellrich

lfc.grid.sara.nl will be decommissioned on 13 August 2018
August 1, 2018 18:10
Coen Schrijvers
more details

lfc.grid.sara.nl will be decommissioned on 13 August 2018

The LFC is not being used anymore by any user nor is it supported anymore by NGI_NL. All local users have been moved or migrated over the last year. We will decommission the LFC on 13 August 2018 at 17:00 CET.

August 1, 2018 18:10
by Coen Schrijvers

GOCDB issues resolved
July 25, 2018 14:34
george ryall
more details

GOCDB issues resolved

The issues affecting GOCDB since roughly midday BST have now been resolved (initially timing out beyond the landing page and being inaccessible over IPv6). The power work in the machine room that hosts GOCDB continues and it should be considered at risk until the end of the working day.

Thanks,
GOCDB team

July 25, 2018 14:34
by george ryall

GOCDB inaccessable
July 25, 2018 13:04
george ryall
more details

GOCDB inaccessable

Power suply testing work at RAL appears to have interfered with access to the database that underpins the GOCDB service. GOCDB had been marked as at risk for this week because of the risk we felt this work posed. We actively working on resolving hte underlying issue.

A further message will follow when service is restored.

Thanks for your patiance,

George

July 25, 2018 13:04
by george ryall

EGI Operations Broadcast - July 2018
July 16, 2018 16:05
Vincenzo Spinoso spinoso@infn.it
more details

EGI Operations Broadcast - July 2018

1) UMD 4.7.0 released

UMD 4.7.0 released on July 11th, containing the following updates. See the release notes for further details: http://repository.egi.eu/2018/07/11/release-umd-4-7-0/

* CentOS7: davix 0.6.7, ARC 15.03.18, APEL 1.6.2-1, APEL-SSM 2.2.1, gfal2 2.15.4, srm-ifce 1.24.3, FTS 3 7.8, XROOTD 4.8.2, dCache 3.2.21, VOMS clients 3.3.0, MyProxy 6.1.29, CERN Frontier squid 3.5.27-4.1, CernVM-FS server 2.5.0, yaim-core 5.1.6, globus gridftp 12.5.1

* SL6: davix 0.6.7, ARC 15.03.18, APEL 1.6.2-1, APEL-SSM 2.2.1, gfal2 2.15.4, srm-ifce 1.24.3, FTS 3 7.8, StoRM 1.11.13, XROOTD 4.8.2, dCache 3.2.21, MyProxy 6.1.29, VOMS clients 3.3.0, yaim-core 5.1.6, CERN Frontier squid 3.5.27-4.1, CernVM-FS server 2.5.0, globus gridftp 12.5.1, canl 2.5.0, bouncycastle 1.58-1

2) UMD 4.7.0 canl/bouncycastle upgrade breaks CREAM/SL6!

There is an issue with CREAM/SL6 related to this new UMD 4.7.0 release for canL-java and voms-api-java. The CREAM team is preparing an emergency fix and will release packages by the end of the week; meanwhile sites are asked *not to upgrade* their CREAM installations until a new broadcast from EGI Operations announces the corresponding new UMD fix release to the NGIs/sites.

July 16, 2018 16:05
by Vincenzo Spinoso spinoso@infn.it

Decommissioning of RUG-CIT resources
July 10, 2018 10:03
F. Dijkstra P114691@rug.nl
more details

Decommissioning of RUG-CIT resources

Dear all,

Since our Grid resources are almost 7 years old, we have decided to retire them. The only service that is still in use by some VOs is the CREAM CE. cygnus.grid.rug.nl The storage services have been decommissioned earlier.

The services will be switched off on August 1st 2018.

Kind regards,

Fokke Dijkstra

July 10, 2018 10:03
by F. Dijkstra P114691@rug.nl

Decommissionning
July 6, 2018 15:22
STEPHANE GERARD stgerard@vub.ac.be
more details

Decommissionning

Dear beapps users and managers,

We will decommission the BEgrid LFC service hosted by lfc01.begrid.be.
As this service is not used anymore since years, we will stop it today (6th of July 2018) and it will be removed on Monday 9th of July 2018.

Regards,

Stéphane Gérard

July 6, 2018 15:22
by STEPHANE GERARD stgerard@vub.ac.be