As described in https://wiki.egi.eu/wiki/PROC12_Production_Service_Decommissioning, I am writing this to notify and track the decommissioning of the following services hosted at JP-KEK-CRC-02:

kek2-ce01.cc.kek.jp (ARC-CE)
kek2-ce02.cc.kek.jp (ARC-CE)

The following timeline will be applied for the decommissioning steps:

Tue, November 2nd - Announcement: Creating a GGUS ticket [1] and EGI Broadcast

Wed, November 17th - Start the downtime with Warning of Severity two weeks before the service decommission. Jobs will be allowed to submit and run until the end of the day of services. Jobs must complete and secure outputs before the end of the service. Several queues, which name ends with _heavy, for a very long time running job are going to close on Monday, November 22nd, 2021.

Mon, December 3rd - Service will be decommissioned and removed from the GOCDB. The service to be replaced for decommissioning ARC-CEs has been running on kek2-ce03.cc.kek.jp and kek2-ce04.cc.kek.jp. The service quality is near the production level. All jobs should be submitted to these new ARC-CEs on and after this date.

Sincerely yours,
Go

*1 https://ggus.eu/index.php?mode=ticket_info&ticket_id=154729

CAMK site will be decommissioned soon.

CAMK site supports vo.hess-experiment.eu and vo.cta.in2p3.fr VOs. AFAIK CAMK SEs do not store any big data belonging to the HESS/CTA VOs (VO managers may want to verify this).

https://ggus.eu/index.php?mode=ticket_info&ticket_id=154368

Timeline:
2021-10-09 - announcement
2021-10-23 - deadline for VO managers replies/actions
2021-10-23 - start of downtime
2021-11-30 - removal from GOCDB

regards,

Jerzy Borkowski

Dear all,

EUGridPMA has announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs has been packaged for EGI.

Please upgrade until 2021.09.12 at your earliest convenience. When this time is over, SAM will throw critical errors on CA tests if old CAs are still detected.

Please check https://wiki.egi.eu/wiki/EGI_IGTF_Release for more details
EGI UMD software provisioning Team

The following notes accompany this version:
European Grid Infrastructure EGI Trust Anchor release 1.113 2021.10.04

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
https://wiki.egi.eu/wiki/EGI_IGTF_Release
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.113-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.113-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.112 to 1.113
---------------------------
(4 October 2021)

* Suspended MD-GRID CA due to network resolution issues (MD)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

IMPORTANT NOTICE:
This release contains a new "cam" (combined assurance/adequacy) package
based on the approved policy on differentiated assurance. See details on
the EGI Wiki at https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
TECHNICALLY THIS MEANS THAT
you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update. See
https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
OTHERWISE
just only install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

Policy on Acceptable Authentication Assurance (Updated 1 Feb 2017)
------------------------------------------------------------------
If a VO registration service or e-Infrastructure registration service is
accredited by EGI to meet the approved authentication assurance, an IGTF
"DOGWOOD" accredited Authority - used solely in combination with said
registration service - is also adequate for user authentication. See
the policy at https://documents.egi.eu/document/2930 for details.
This additional restriction policy must be implemented by each service
in the authorization software. The "combined assurance" model package MUST NOT
be installed unless the additional authorization is in place. You will need
to reconfigure and may need to install upgrades.

Version information: ca-policy-egi-combined-adequacy-model = 1.113-1

==> TLDR: ATLAS and CMS intend to start using their new
VOMS servers already for SAM tests in the course of October
--> please ensure your services have the _additional_ LSC files
installed soon, thanks!
The VO cards on the Operations Portal will be updated in advance.


Dear colleagues,

in the course of 2021-2022, the LHC experiments are foreseen to
start using new VOMS servers, initially alongside the servers
that have been in use since many years.

This implies that VOMS-aware services need to have their VOMS
configurations updated accordingly.

VOMS-aware services include at least the following:

* Argus
* CE types
* FTS
* SE types
* UI
* VObox
* WN

Such services have VO directories under /etc/grid-security/vomsdir.

First the _LSC_ files of the new VOMS servers need to be added
alongside the ones of the traditional servers.

==> The easiest may be to install them through dedicated rpms,
one per supported experiment:

wlcg-iam-lsc-alice
wlcg-iam-lsc-atlas
wlcg-iam-lsc-cms
wlcg-iam-lsc-lhcb

Details are provided here:

https://twiki.cern.ch/twiki/bin/view/LCG/VOMSLSCfileConfiguration

Please ensure your VOMS-aware services (including Worker Nodes)
have the relevant LSC files by early October, thanks!

Storage element ALICE::Cyfronet::XRD (xrd01.grid.cyf-kr.edu.pl) will be decommissioned soon.

Timeline:
2021-09-27 - announcement
2021-10-13 - start of downtime
2021-11-08 - end of downtime, removal from GOCDB

GGUS ticket: https://ggus.eu/index.php?mode=ticket_info&ticket_id=154189

Please contact me in case of any questions or need of assistance.

Regards,
Krzysztof Oziomek

LFC lfc.grid.cyf-kr.edu.pl will be decommissioned soon.

According to my knowledge it hasn't been used by any VO in at least few years. If this information is incorrect please let me know.

GGUS ticket: https://ggus.eu/index.php?mode=ticket_info&ticket_id=154049

Timeline:
2021-09-15 - announcement
2021-10-01 - start of downtime
2021-10-27 - removal from GOCDB

Regards,
Krzysztof Oziomek

Dear all,

EUGridPMA has announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs has been packaged for EGI.

Please upgrade until 2021.08.24 at your earliest convenience. When this time is over, SAM will throw critical errors on CA tests if old CAs are still detected.

Please check https://wiki.egi.eu/wiki/EGI_IGTF_Release for more details
EGI UMD software provisioning Team

The following release notes accompany this version:
European Grid Infrastructure EGI Trust Anchor release 1.112 2021.08.16

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
https://wiki.egi.eu/wiki/EGI_IGTF_Release
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.112-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.112-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.111 to 1.112
---------------------------
(16 August 2021)

* Updated ANSPGrid CA with extended validity date (BR)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

IMPORTANT NOTICE:
This release contains a new "cam" (combined assurance/adequacy) package
based on the approved policy on differentiated assurance. See details on
the EGI Wiki at https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
TECHNICALLY THIS MEANS THAT
you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update. See
https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
OTHERWISE
just only install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

Policy on Acceptable Authentication Assurance (Updated 1 Feb 2017)
------------------------------------------------------------------
If a VO registration service or e-Infrastructure registration service is
accredited by EGI to meet the approved authentication assurance, an IGTF
"DOGWOOD" accredited Authority - used solely in combination with said
registration service - is also adequate for user authentication. See
the policy at https://documents.egi.eu/document/2930 for details.
This additional restriction policy must be implemented by each service
in the authorization software. The "combined assurance" model package MUST NOT
be installed unless the additional authorization is in place. You will need
to reconfigure and may need to install upgrades.

Version information: ca-policy-egi-combined-adequacy-model = 1.112-1

In advance of RAL wide network upgrade work on Saturday 14th August, goc.egi.eu will be served by the failover infrastructure from Friday 13th 1pm UTC onwards until Monday 16th 1pm UTC at the latest. This is to ensure that there are no database transactions in progress on the RAL infrastructure when the upgrade work starts.

A warning downtime has been declared in GOCDB: https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=31032

At 1pm UTC on Friday 13th, we will switch the DNS entry for goc.egi.eu to point at the failover infrastructure. Over the following two hours, all connections will move to being served by the failover infrastructure.

We expect to receive the all clear from our networking and database teams no later than 11am UTC on Monday 16th, at which point we will switch the DNS entry for goc.egi.eu back to the RAL based infrastructure. Over the following two hours, we expect that the vast majority of connections will move back to being served by the RAL based infrastructure.

Another RAL wide networking at risk is scheduled for the following weekend, but at this time it is not known if we will need to engage the failover again.

If you have any questions, please contact gocdb-admins@mailman.egi.eu.

We apologies for any inconvenience this brings,
Kind Regards,
The GOCDB Team

=============== Content: ==================

1) UMD 4.15.0 released

2) Message Brokers network decommissioned, change your settings

3) New version of the APEL Pub and Sync metrics

============================================

1) UMD 4.15.0 released

UMD 4.15.0 has been released (https://repository.egi.eu/static/UMD/4.15.0.html) and includes several updates for CentOS7:

- StoRM 1.11.21 - several bugs fixes and improvements https://italiangrid.github.io/storm/2021/04/12/storm-v1.11.20-released.html
- lcmaps-plugins 1.8.1 - Update of lcmaps plugins
- CERN Frontier 4.15.2.1 - see http://frontier.cern.ch/dist/rpms-debug/frontier-squidRELEASE_NOTES
- dmlite 1.15.0 - https://lcgdm.web.cern.ch/dmlitedpm-1150-pushed-epel
- APEL SSM 3.2.1 - bug fixes and improvements https://github.com/apel/ssm/releases/tag/3.2.1-1
- Dynamic DNS Nagios probe 1.0.1 - https://github.com/tdviet/DDNS-probe/releases/tag/1.0.1
- Infrastructure Manager Nagios probe 1.0.1 - https://github.com/grycap/im/tree/master/monitoring
- dCache 6.2 - https://www.dcache.org/old/downloads/1.9/release-notes-6.2.shtml

2) Message Brokers network decommissioned, change your settings

As previously announced, the old Message Broker network was switched off on 8th July 2021.
All the sites have been asked to use the new ARGO Message Service to publish the accounting data: please implement the new settings as requested in the ticket you received or you won't be able to send the accounting records to the central repository.

3) New version of the APEL Pub and Sync metrics

The new version of the APEL Pub and Sync metrics was deployed in production.
In order to enable the monitoring of the accounting data, ensure you have registered on GOCDB one service endpoint associated to the "APEL" service type (it is enough to associate it to one CE per site).
The results of the tests are also published to the following webpages:
- http://goc-accounting.grid-support.ac.uk/rss/SITENAME_Pub.html
- http://goc-accounting.grid-support.ac.uk/rss/SITENAME_Sync.html