Operations Portal

This service is provided by CCIN2P3, and funded by the European Union’s Horizon 2020 research and innovation programme

Latest news

• EGI Trust Anchor release 1.123-1

September 4, 2023 16:52 | Joao Pina
More details

EGI Trust Anchor release 1.123-1

Dear all,

EUGridPMA has announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs has been packaged for EGI.

Please upgrade until 2023.09.11 at your earliest convenience. When this time is over, SAM will throw critical errors on CA tests if old CAs are still detected.

The following release notes accompany this version:

European Grid Infrastructure EGI Trust Anchor release 1.123 2022.09.04

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
the EGI operations manual HOWTO-01 at https://edu.nl/envyq
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.123-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.123-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.122 to 1.123
---------------------------
(4 September 2023)

* Add ECC private trust hierarchy for GEANT (Research and Education) TCS (EU)
* Added accrdited private trust eMudhra IGTF root and issuers (IN)

NOTICE: in future releases we will move to a new RSA-2048 GPG package signing
key. The new public key file, GPG-KEY-EUGridPMA-RPM-4, is distributed with
this and subsequent releases. You can retrieve the new public key file from
https://dl.igtf.net/distribution/GPG-KEY-EUGridPMA-RPM-4

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Policy on Acceptable Authentication Assurance
---------------------------------------------
If a Community or e-Infrastructure registration service is accredited by EGI
to meet the approved authentication assurance level, also an IGTF "DOGWOOD"
accredited Authority, used in combination with such a service, is sufficient.
HOWTO01, https://edu.nl/envyq#combined-assuranceadequacy-model has the details.

TECHNICALLY THIS MEANS ...
that you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update.
OTHERWISE
just ONLY install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

Version information: ca-policy-egi-combined-adequacy-model = 1.123-1

September 4, 2023 16:52
by Joao Pina

• Decommissionement of sbgse1.in2p3.fr DPM-related services

August 10, 2023 16:07 | Jerome Pansanel
More details

Decommissionement of sbgse1.in2p3.fr DPM-related services

Dears,

Due to the end of life of the DPM component, the sbgse1.in2p3.fr server will be decommissioned.

The timeline of this decommission is the following:
* 2023-08-10: creation of the ticket
* 2023-08-10: broadcasting the information to all supported VOs
* 2023-08-10: creation of the downtime
* 2023-08-28: start of the downtime
* 2023-09-29: the service is set to "production=N" "monitored=N" in the GOCDB
* 2023-09-30: all services are stopped
* 2023-09-30: the server is removed from the GOC DB

The procedure can be followed on:
https://ggus.eu/index.php?mode=ticket_info&ticket_id=163052

The data hosted by this service will not be available after the end of the procedure. They can be moved to sbgdcache.in2p3.fr, the new storage endpoint hosted at IN2P3-IRES, using the WebDAV or xRootD protocols.

Best,

Jerome

August 10, 2023 16:07
by Jerome Pansanel

• EGI Trust Anchor release 1.122-1

August 8, 2023 18:26 | Joao Pina
More details

EGI Trust Anchor release 1.122-1

Dear all,

EUGridPMA has announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs has been packaged for EGI.

Please upgrade until 2023.07.14 at your earliest convenience. When this time is over, SAM will throw critical errors on CA tests if old CAs are still detected.

The following release notes accompany this version:

European Grid Infrastructure EGI Trust Anchor release 1.122 2022.08.07

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
the EGI operations manual HOWTO-01 at https://edu.nl/envyq
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.122-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.122-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.121 to 1.122
---------------------------
(7 August 2023)

* Added private trust hierarchy for GEANT (Research and Education) TCS (EU)
* Added accredited eMudhra joint public trust root and issuing CAs (IN)
* Added private trust eMudhra IGTF root and issuers as experimental (IN, US)

NOTICE: in future releases we will move to a new RSA-2048 GPG package signing
key. The new public key file, GPG-KEY-EUGridPMA-RPM-4, is distributed with
this and subsequent releases. You can retrieve the new public key file from
https://dl.igtf.net/distribution/GPG-KEY-EUGridPMA-RPM-4

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Policy on Acceptable Authentication Assurance
---------------------------------------------
If a Community or e-Infrastructure registration service is accredited by EGI
to meet the approved authentication assurance level, also an IGTF "DOGWOOD"
accredited Authority, used in combination with such a service, is sufficient.
HOWTO01, https://edu.nl/envyq#combined-assuranceadequacy-model has the details.

TECHNICALLY THIS MEANS ...
that you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update.
OTHERWISE
just ONLY install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

Version information: ca-policy-egi-combined-adequacy-model = 1.122-1

August 8, 2023 18:26
by Joao Pina

• Decommissioning of INFN-PADOVA-STACK Resource Centre

July 27, 2023 17:18 | Marco Verlato
More details

Decommissioning of INFN-PADOVA-STACK Resource Centre

Dear all,

this is to inform you that after 10 years of operations the INFN-PADOVA-STACK cloud site with its Nova API and Horizon dashboard services is scheduled to be decommissioned.

The site will be put in downtime since the 11 of August 2023 to prevent any further usage.

Best regards,
Marco

July 27, 2023 17:18
by Marco Verlato

• Decommissioning of vo.fuvex.es

July 19, 2023 15:05 | Matthew Viljoen
More details

Decommissioning of vo.fuvex.es

Deregistration of the VO vo.fuvex.es has commenced and will take effect on 19 August 2023.

The vo.fuvex.es VO was created to support the access of the Fuvex SME users to Cloud Compute resources at SCAI during the EGI-ACE project. With the end of the project the access to the service will be not be continued, so the VO is not needed anymore.

July 19, 2023 15:05
by Matthew Viljoen

More news

• EGI Trust Anchor release 1.121-1

June 16, 2023 20:59 | Joao Pina
More details

EGI Trust Anchor release 1.121-1

Dear all,

EUGridPMA has announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs has been packaged for EGI.

Please upgrade until 2023.06.22 at your earliest convenience. When this time is over, SAM will throw critical errors on CA tests if old CAs are still detected.

The following release notes accompany this version:

European Grid Infrastructure EGI Trust Anchor release 1.121 2022.06.15

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
the EGI operations manual HOWTO-01 at https://edu.nl/envyq
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.121-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.121-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.120 to 1.121
---------------------------
(15 June 2023)

* Added accredited (classic) InCommon RSA IGTF Server CA 3 under the
Sectigo USERTrust RSA root, for which namespaces have been updated (US)
* fixed Debian packaging issues for policy meta-files on selected platforms

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Policy on Acceptable Authentication Assurance
---------------------------------------------
If a Community or e-Infrastructure registration service is accredited by EGI
to meet the approved authentication assurance level, also an IGTF "DOGWOOD"
accredited Authority, used in combination with such a service, is sufficient.
HOWTO01, https://edu.nl/envyq#combined-assuranceadequacy-model has the details.

TECHNICALLY THIS MEANS ...
that you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update.
OTHERWISE
just ONLY install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

Version information: ca-policy-egi-combined-adequacy-model = 1.121-1

June 16, 2023 20:59
by Joao Pina

• EGI Trust Anchor release 1.120-1 (errata)

May 30, 2023 17:02 | Joao Pina
More details

EGI Trust Anchor release 1.120-1 (errata)

Dear all,

In the last Broadcast of the EGI Trust Anchor release 1.120, there was incorrect information regarding the name and sites of the Swiss NGI.

The correct announcement should state that
"This update contains new meta-data for DigitalTrust, which is essential for the Swiss NGI (NGI_CH) and sites."

Our apologies for this inconvenience.

May 30, 2023 17:02
by Joao Pina

• EGI Trust Anchor release 1.120-1

May 29, 2023 14:50 | Joao Pina
More details

EGI Trust Anchor release 1.120-1

Dear all,

EUGridPMA has announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs has been packaged for EGI.

This update contains new meta-data for DigitalTrust, which is essential for the Swiss NGI SwiNG and CSCS.

Please upgrade until 2023.06.05 at your earliest convenience. When this time is over, SAM will throw critical errors on CA tests if old CAs are still detected.

The following release notes accompany this version:

European Grid Infrastructure EGI Trust Anchor release 1.120 2022.05.30

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
the EGI operations manual HOWTO-01 at https://edu.nl/envyq
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.120-1. The following notices are republished from the IGTF,
inasfar as pertinent to this release.

Changes from 1.119 to 1.120
---------------------------
(30 May 2023)

* Added transitional CDP mirror URLs for retiring DigitalTrust CAs (AE)
* Removed discontinued NIIF-Root-CA-2 (HU)
* Removed expiring GermanGrid (GridKA CrossGrid) CA (DE)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Policy on Acceptable Authentication Assurance
---------------------------------------------
If a Community or e-Infrastructure registration service is accredited by EGI
to meet the approved authentication assurance level, also an IGTF "DOGWOOD"
accredited Authority, used in combination with such a service, is sufficient.
HOWTO01, https://edu.nl/envyq#combined-assuranceadequacy-model has the details.

TECHNICALLY THIS MEANS ...
that you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update.
OTHERWISE
just ONLY install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

Version information: ca-policy-egi-combined-adequacy-model = 1.120-1

May 29, 2023 14:50
by Joao Pina

• change the top-BDII host in the APEL client configuration

May 26, 2023 17:04 | Alessandro Paolini
More details

change the top-BDII host in the APEL client configuration

Dear site-administrators,

a few days ago it was announced (https://operations-portal.egi.eu/broadcast/archive/2978) the decommission of the top-bdii lcg-bdii.cern.ch, which will be turned off on June 19th.

Currently this endpoint is a default setting in the APEL Client configuration file /etc/apel/client.cfg

If you are using this setting, we kindly ask you to change it: you can replace it with the endpoint lcg-bdii.egi.eu (or any other top-bdii which is provided by your NGI).

So the variable to set in /etc/apel/client.cfg is the following

ldap_host = lcg-bdii.egi.eu

In this way, the apel client will query that BDII to gather the information about the benchmark published by your CEs.

Please note that it is also possible to set manually the benchmark information by setting one or more of the following variables:

## To manually set specs for all jobs (not just local ones), configure lines
## like the following named "manual_spec" followed by consecutive integers for
## however many batch systems are relevant. The value should be a unique name
## for the system, then the spec type ('HEPscore23', 'HEPSPEC' or 'Si2k') and the spec value.
# manual_spec1 = grid10.uni.ac.uk:1234/grid10.uni.ac.uk-condor,HEPSPEC,10.0
# manual_spec2 = grid22.uni.ac.uk:1234/grid22.uni.ac.uk-condor,HEPSPEC,15.0
# manual_spec3 = grid35.uni.ac.uk:1234/grid35.uni.ac.uk-condor,HEPSPEC,15.0

Please apply this change by June 19th, thanks!

May 26, 2023 17:04
by Alessandro Paolini

• NOTE - decommissioning lcg-bdii.cern.ch

May 23, 2023 23:51 | Maarten Litmaath
More details

NOTE - decommissioning lcg-bdii.cern.ch

Dear colleagues,
for many years, lcg-bdii.cern.ch has been serving as default top BDII.

Since half a year, there is a new default top BDII available:

lcg-bdii.egi.eu

We now plan to switch off lcg-bdii.cern.ch on 19 June.

Please adjust your configurations where needed, thanks!

May 23, 2023 23:51
by Maarten Litmaath

• APEL Accounting delayed processing

May 16, 2023 14:15 | Adrian Coveney
More details

APEL Accounting delayed processing

There was an issue with the APEL Accounting Repository following a power blip on the 5th that wasn't spotted until today. We are now processing the backlog of accounting records, but it will take a while.

The Pub/Sync tests that will be updated this afternoon will hopefully take account of some of that data and may show a somewhat later last publication date, but I don't expect we'll be fully caught up until tomorrow afternoon at the earliest.

May 16, 2023 14:15
by Adrian Coveney

• moving from X509 personal certificates to AAI tokens - input on VOs status

May 9, 2023 17:01 | Alessandro Paolini
More details

moving from X509 personal certificates to AAI tokens - input on VOs status

Dear VO Managers,

As already discussed, part of our infrastructure is going to change authentication and authorisation system, from X509 personal certificates to AAI tokens.
This month the HTCondorCE version that is deployed on several sites is reaching its end of life and we should start soon a migration campaign to a new HTCondorCE version that dropped the usage of X509 personal certificates in favour of AAI tokens.
This implies that in order to submit jobs to the sites providing a HTCondorCE you will not be able to use VOMS proxies any longer, but you need a token released by AAI Identity Proxies like EGI Check-in (https://docs.egi.eu/users/aai/check-in/obtaining-tokens/).
Besides the migration campaign of the sites, we are also going to clone the several VOs from their VOMS servers to EGI Check-in so the users can get the tokens with the VO entitlements they need.

The other CE technology deployed by other sites, the ARC-CE, will still support the VOMS-based authentication and authorisation for the time being (it can actually be configured to support both the methods).

While we aim to implement this change in a way that should be as smooth as possible, we appreciate that some VOs might not be ready yet to it so that we are also discussing with the HTCondorCE team a possible extension, for a few months, of the support of the old version in order to give more time to the VOs to prepare for the authentication switch; but this is not yet agreed.

We would like to ask you what is your status concerning this switch, either if you use central tools (like the EGI Workload Manager based on Dirac) to consume the CE resources or if you submit jobs through command line.
Please write to "operations <at> egi.eu" and "ucst <at> egi.eu" if you are ready to the change, how you interact with the CEs, if you need further time to be prepared for the new way to access the CEs, and what are the main issues you are facing to get ready for the switch.

Your feedback could be a valuable input for the discussion with the HTCondorCE team about a possible extension of the support of the VOMS-based authentication in the HTCondorCE product.

Best regards,
EGi Operations

May 9, 2023 17:01
by Alessandro Paolini

• #EGI2023 conference: discover the available training sessions!

May 5, 2023 10:25 | Giuseppe La Rocca
More details

#EGI2023 conference: discover the available training sessions!

Dear All,

This is to inform you that the scientific programme of the #EGI2023 conference is now available on Whova [1]!

#EGI2023 takes place in Poznań, Poland, from June 19th until June 23rd 2023. Read more here [2]

Especially on Monday and Friday, you have the possibility to attend several training sessions to improve
or refresh your skills on the EGI solutions, or connect with high-qualified specialists in a variety of fields and sectors.
In particular, I would like to bring to your attention the Security Workshop on Friday (23/06) organized by CSIRT.
During this training session, several aspect of operational security will be explored, including the sharing of appropriate intelligence and the conceptual design of a Services Operations Centre (SOC) environment appropriate for cloud infrastructures.

Special rate are also offered for you to attend multiple training sessions.

How does it work?
- Take a look at the programme and define which trainings are of interest for you.
- Through the EGI2023 main registration page [3], select the suitable 'Single Training Day' ticket.
- In the question form, indicate what trainings you would like to attend. Two weeks before the conference starts you will be asked to confirm/change your selection in case you changed your mind, or anything interesting gets added to the programme.

I have my ticket, what now?
- Sit back and relax! Your trainer will reach out to you before the training about the programme and any useful additional information (prior knowledge, equipment to bring, ...).
- Make sure to indicate yourself as 'attending' in the Whova event app [4] - this is a quick way to receive updates from the organisers (for example if there is a room change).

We're looking forward to seeing you in Poznań!

Regards, Giuseppe

[1] https://whova.com/web/M8zkrnLo5DUwlnug54VINPkHTdssyl49PHa20jCW2Qg%3D/Agenda/
[2] https://www.egi.eu/event/egi2023/
[3] https://whova.com/portal/registration/egi_202305/
[4] https://whova.com/portal/webapp/egi_202305/

May 5, 2023 10:25
by Giuseppe La Rocca

• Site IN2P3-SUBATECH decommissionning

April 26, 2023 10:06 | Jean-Michel BARBET
More details

Site IN2P3-SUBATECH decommissionning

The WLCG grid site IN2P3-SUBATECH is starting decommissioning operations.
The site only supports the Alice VO.
They have agreed to start emptying the storage starting from now and we will also stop jobs submission later on both clusters : Subatech and CCIPL (partner HPC site).
A GGUS Ticket has been created to log all actions : https://ggus.eu/index.php?mode=ticket_info&ticket_id=161770

April 26, 2023 10:06
by Jean-Michel BARBET

Home

Broadcast

Downtimes

VO Management

VO List

Dashboard

Metrics

Sla

v6.8 - 2023-09-06