Dears,

The service sbgcloud.in2p3.fr - eu.egi.cloud.vm-management.occi service is in the process of being decommissioned. The timeline is the following:
* 2019-03-12: start of the decommissioning procedure
* 2019-03-12: broadcast to the supported VOs
* 2019-04-01: start of the downtime
* 2019-04-29: the service will be stopped and removed from the GOCDB

Please not that the IN2P3-IRES Cloud resources remain accessible to the EGI communities through the Nova service (sbgcloud.in2p3.fr - org.openstack.nova).

Best regards,

Jerome Pansanel

Dear all,

EUGridPMA have announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs have been packaged for EGI.

Please upgrade until 2019.03.04 at your earliest convenience. When this timeout is over, SAM will throw critical errors on CA tests if old CAs are still detected.


Please check https://wiki.egi.eu/wiki/EGI_IGTF_Release for more details

EGI UMD software provisioning Team


The following notes accompany this release:
European Grid Infrastructure EGI Trust Anchor release 1.96 2019.02.25

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
https://wiki.egi.eu/wiki/EGI_IGTF_Release
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.96-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.96-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

IMPORTANT NOTICE:
This release contains a new "cam" (combined assurance/adequacy) package
based on the approved policy on differentiated assurance. See details on
the EGI Wiki at https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
TECHNICALLY THIS MEANS THAT
you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update. See
https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
OTHERWISE
just only install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

With the introduction of combined assurance/adequacy, the EGEE compatibility
RPM (lcg-CA) can no longer be supported, and - when still installed - will be
obsoleted. The proper dependency packages are: ca-policy-_body_-_class_ and
these have been installed automatically as dependencies since 2010.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/


Changes from 1.95 to 1.96
-------------------------
(25 Feb 2019)

* withdrawn superseded QuoVadis-Grid-ICA (1st gen) CA (BM)
* added new trust anchor MD-Grid-CA-T for rollover of existing CA (MD)
* discontinued expiring 2009 series MD-Grid-CA (MD)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Policy on Acceptable Authentication Assurance (Updated 1 Feb 2017)
------------------------------------------------------------------
If a VO registration service or e-Infrastructure registration service is
accredited by EGI to meet or exceed the approved authentication assurance
profiles, an IGTF accredited Authority meeting the Assurance Profile DOGWOOD
- used solely in combination with said registration service - is also
adequate for user authentication. This policy has been adopted on Feb 1st,
2017, and is available at https://documents.egi.eu/document/2930
In the PKI Technology Rendering, EGI thus approves the IGTF SLCS, MICS, and
Classic APs for general use (egi-core), and in addition the IOTA AP for use
in combination with VO registration services that themselves meet the
aforementioned requirements. This additional restriction must be implemented
by each service in the authorization software. The "combined assurance"
model package must not be installed unless the additional authorization is
in place. You will need to reconfigure and may need to install upgrades.

Version information: ca-policy-egi-combined-adequacy-model = 1.96-1

The cream CE marcream01.in2p3.fr and marcream02.in2p3.fr will be decomissioned end of March.
The ressources of IN2P3-CPPM are available with the ARC CE
marcce01.in2p3.fr .
Please use the arc ce as soon as possible. The ressource linked to the creams are decreased everyday.

Contact us if you have problems.

Edith for CPPM team

The ARC CE at Liverpool, which supports SL6 worker nodes, will be stopped 1 March 2019. A downtime will be declared to cover this period.

VOs that have used the system will be notified. An alternative ARC service exists, using CentOS7 workers, on hepgrid5.ph.liv.ac.uk. A HTCondor-CE, using CentOS7 workers, is on hepgrid6.ph.liv.ac.uk

(https://wiki.egi.eu/wiki/PROC12_Production_Service_Decommissioning)

Dear site managers,

The cclcgvomsli01.in2p3.fr.lsc for the VO Biomed need to be updated.
The new configuration is here : https://cclcgvomsli01.in2p3.fr:8443/voms/biomed/configuration/configuration.action.

The details can be found in previous broadcasts :
https://operations-portal.egi.eu/broadcast/archive/2314 (2019-02-11)
https://operations-portal.egi.eu/broadcast/archive/2299 (2019-02-04)

Regards,
Christelle Eloto on behalf of the IN2P3-CC Grid Team

Dear site and VO managers,

This announcement follows the broadcast https://operations-portal.egi.eu/broadcast/archive/2299 of February the 4th.

The server certificate on cclcgvomsli01.in2p3.fr has been renewed from a new CA.
The CA DN is now "/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services".
The LSC files on all of "VOMS-aware" services have to be updated according to the following configuration details for each VO:

BIOMED
https://cclcgvomsli01.in2p3.fr:8443/voms/biomed/configuration/configuration.action

VO.AGATA.ORG
https://cclcgvomsli01.in2p3.fr:8443/voms/vo.agata.org/configuration/configuration.action

VO.CTA.IN2P3.FR
https://cclcgvomsli01.in2p3.fr:8443/voms/vo.cta.in2p3.fr/configuration/configuration.action

VO.FORMATION.IDGRILLES.FR
https://cclcgvomsli01.in2p3.fr:8443/voms/vo.formation.idgrilles.fr/configuration/configuration.action

VO.FRANCE-ASIA.ORG
https://cclcgvomsli01.in2p3.fr:8443/voms/vo.france-asia.org/configuration/configuration.action

VO.FRANCE-GRILLES.FR
https://cclcgvomsli01.in2p3.fr:8443/voms/vo.france-grilles.fr/configuration/configuration.action

VO.GRIDCL.FR
https://cclcgvomsli01.in2p3.fr:8443/voms/vo.gridcl.fr/configuration/configuration.action

VO.IPNL.IN2P3.FR
https://cclcgvomsli01.in2p3.fr:8443/voms/vo.ipnl.in2p3.fr/configuration/configuration.action

VO.LPSC.IN2P3.FR
https://cclcgvomsli01.in2p3.fr:8443/voms/vo.lpsc.in2p3.fr/configuration/configuration.action

VO.MURE.IN2P3.FR
https://cclcgvomsli01.in2p3.fr:8443/voms/vo.mure.in2p3.fr/configuration/configuration.action

VO.RENABI.FR
https://cclcgvomsli01.in2p3.fr:8443/voms/vo.renabi.fr/configuration/configuration.action


Best regards,
Christelle Eloto on behalf of the IN2P3-CC Grid Team