Operations portal

v6.2 - 2021-10-19

This service is provided by CCIN2P3, and funded by the European Union’s Horizon 2020 research and innovation programme

logo ccin2p3 logo egi logo eosc

Latest news

Decommissioning of the CAMK site

October 9, 2021 09:05 | Jerzy Borkowski
More details

Decommissioning of the CAMK site

CAMK site will be decommissioned soon.

CAMK site supports vo.hess-experiment.eu and vo.cta.in2p3.fr VOs. AFAIK CAMK SEs do not store any big data belonging to the HESS/CTA VOs (VO managers may want to verify this).

https://ggus.eu/index.php?mode=ticket_info&ticket_id=154368

Timeline:
2021-10-09 - announcement
2021-10-23 - deadline for VO managers replies/actions
2021-10-23 - start of downtime
2021-11-30 - removal from GOCDB

regards,

Jerzy Borkowski

October 9, 2021 09:05
by Jerzy Borkowski

EGI Trust Anchor release 1.113-1

October 6, 2021 07:57 | Joao Antonio Tomasio Pina
More details

EGI Trust Anchor release 1.113-1

Dear all,

EUGridPMA has announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs has been packaged for EGI.

Please upgrade until 2021.09.12 at your earliest convenience. When this time is over, SAM will throw critical errors on CA tests if old CAs are still detected.

Please check https://wiki.egi.eu/wiki/EGI_IGTF_Release for more details
EGI UMD software provisioning Team

The following notes accompany this version:
European Grid Infrastructure EGI Trust Anchor release 1.113 2021.10.04

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
https://wiki.egi.eu/wiki/EGI_IGTF_Release
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.113-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.113-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.112 to 1.113
---------------------------
(4 October 2021)

* Suspended MD-GRID CA due to network resolution issues (MD)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

IMPORTANT NOTICE:
This release contains a new "cam" (combined assurance/adequacy) package
based on the approved policy on differentiated assurance. See details on
the EGI Wiki at https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
TECHNICALLY THIS MEANS THAT
you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update. See
https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
OTHERWISE
just only install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

Policy on Acceptable Authentication Assurance (Updated 1 Feb 2017)
------------------------------------------------------------------
If a VO registration service or e-Infrastructure registration service is
accredited by EGI to meet the approved authentication assurance, an IGTF
"DOGWOOD" accredited Authority - used solely in combination with said
registration service - is also adequate for user authentication. See
the policy at https://documents.egi.eu/document/2930 for details.
This additional restriction policy must be implemented by each service
in the authorization software. The "combined assurance" model package MUST NOT
be installed unless the additional authorization is in place. You will need
to reconfigure and may need to install upgrades.

Version information: ca-policy-egi-combined-adequacy-model = 1.113-1

October 6, 2021 07:57
by Joao Antonio Tomasio Pina

REMINDER - configure new VOMS servers for LHC experiments

September 29, 2021 22:40 | Maarten Litmaath
More details

REMINDER - configure new VOMS servers for LHC experiments

==> TLDR: ATLAS and CMS intend to start using their new
VOMS servers already for SAM tests in the course of October
--> please ensure your services have the _additional_ LSC files
installed soon, thanks!
The VO cards on the Operations Portal will be updated in advance.

Dear colleagues,

in the course of 2021-2022, the LHC experiments are foreseen to
start using new VOMS servers, initially alongside the servers
that have been in use since many years.

This implies that VOMS-aware services need to have their VOMS
configurations updated accordingly.

VOMS-aware services include at least the following:

* Argus
* CE types
* FTS
* SE types
* UI
* VObox
* WN

Such services have VO directories under /etc/grid-security/vomsdir.

First the _LSC_ files of the new VOMS servers need to be added
alongside the ones of the traditional servers.

==> The easiest may be to install them through dedicated rpms,
one per supported experiment:

wlcg-iam-lsc-alice
wlcg-iam-lsc-atlas
wlcg-iam-lsc-cms
wlcg-iam-lsc-lhcb

Details are provided here:

https://twiki.cern.ch/twiki/bin/view/LCG/VOMSLSCfileConfiguration

Please ensure your VOMS-aware services (including Worker Nodes)
have the relevant LSC files by early October, thanks!

September 29, 2021 22:40
by Maarten Litmaath

Decommissioning of ALICE::Cyfronet::XRD (xrd01.grid.cyf-kr.edu.pl) at CYFRONET-LCG2

September 27, 2021 14:21 | Krzysztof Oziomek
More details

Decommissioning of ALICE::Cyfronet::XRD (xrd01.grid.cyf-kr.edu.pl) at CYFRONET-LCG2

Storage element ALICE::Cyfronet::XRD (xrd01.grid.cyf-kr.edu.pl) will be decommissioned soon.

Timeline:
2021-09-27 - announcement
2021-10-13 - start of downtime
2021-11-08 - end of downtime, removal from GOCDB

GGUS ticket: https://ggus.eu/index.php?mode=ticket_info&ticket_id=154189

Please contact me in case of any questions or need of assistance.

Regards,
Krzysztof Oziomek

September 27, 2021 14:21
by Krzysztof Oziomek

Decommissioning of lfc.grid.cyf-kr.edu.pl at CYFRONET-LCG2

September 15, 2021 11:26 | Krzysztof Oziomek
More details

Decommissioning of lfc.grid.cyf-kr.edu.pl at CYFRONET-LCG2

LFC lfc.grid.cyf-kr.edu.pl will be decommissioned soon.

According to my knowledge it hasn't been used by any VO in at least few years. If this information is incorrect please let me know.

GGUS ticket: https://ggus.eu/index.php?mode=ticket_info&ticket_id=154049

Timeline:
2021-09-15 - announcement
2021-10-01 - start of downtime
2021-10-27 - removal from GOCDB

Regards,
Krzysztof Oziomek

September 15, 2021 11:26
by Krzysztof Oziomek

EGI Trust Anchor release 1.112-1

August 13, 2021 15:34 | Joao Antonio Tomasio Pina
More details

EGI Trust Anchor release 1.112-1

Dear all,

EUGridPMA has announced a new set of CA rpms. Based on this IGTF release a new set of CA RPMs has been packaged for EGI.

Please upgrade until 2021.08.24 at your earliest convenience. When this time is over, SAM will throw critical errors on CA tests if old CAs are still detected.

Please check https://wiki.egi.eu/wiki/EGI_IGTF_Release for more details
EGI UMD software provisioning Team

The following release notes accompany this version:
European Grid Infrastructure EGI Trust Anchor release 1.112 2021.08.16

------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
https://wiki.egi.eu/wiki/EGI_IGTF_Release
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.112-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.112-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.111 to 1.112
---------------------------
(16 August 2021)

* Updated ANSPGrid CA with extended validity date (BR)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian) have been incorporated in the above-
mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

IMPORTANT NOTICE:
This release contains a new "cam" (combined assurance/adequacy) package
based on the approved policy on differentiated assurance. See details on
the EGI Wiki at https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
TECHNICALLY THIS MEANS THAT
you must ONLY install the new ca-policy-egi-cam packages if you ALSO
at the same time implement VO-specific authorization controls in your
software stack. This may require reconfiguration or a software update. See
https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
OTHERWISE
just only install or update the regular ca-policy-egi-core package. There
are no changes in this case. The ca-policy-egi-core package is approved for
all VOs membership and assurance models. No configuration change is needed.

Policy on Acceptable Authentication Assurance (Updated 1 Feb 2017)
------------------------------------------------------------------
If a VO registration service or e-Infrastructure registration service is
accredited by EGI to meet the approved authentication assurance, an IGTF
"DOGWOOD" accredited Authority - used solely in combination with said
registration service - is also adequate for user authentication. See
the policy at https://documents.egi.eu/document/2930 for details.
This additional restriction policy must be implemented by each service
in the authorization software. The "combined assurance" model package MUST NOT
be installed unless the additional authorization is in place. You will need
to reconfigure and may need to install upgrades.

Version information: ca-policy-egi-combined-adequacy-model = 1.112-1

August 13, 2021 15:34
by Joao Antonio Tomasio Pina

More news

GOCDB will be read only from Friday 13th August 1pm UTC to 16th August 1pm UTC

August 6, 2021 15:57 | Greg Corbett
More details

GOCDB will be read only from Friday 13th August 1pm UTC to 16th August 1pm UTC

In advance of RAL wide network upgrade work on Saturday 14th August, goc.egi.eu will be served by the failover infrastructure from Friday 13th 1pm UTC onwards until Monday 16th 1pm UTC at the latest. This is to ensure that there are no database transactions in progress on the RAL infrastructure when the upgrade work starts.

A warning downtime has been declared in GOCDB: https://goc.egi.eu/portal/index.php?Page_Type=Downtime&id=31032

At 1pm UTC on Friday 13th, we will switch the DNS entry for goc.egi.eu to point at the failover infrastructure. Over the following two hours, all connections will move to being served by the failover infrastructure.

We expect to receive the all clear from our networking and database teams no later than 11am UTC on Monday 16th, at which point we will switch the DNS entry for goc.egi.eu back to the RAL based infrastructure. Over the following two hours, we expect that the vast majority of connections will move back to being served by the RAL based infrastructure.

Another RAL wide networking at risk is scheduled for the following weekend, but at this time it is not known if we will need to engage the failover again.

If you have any questions, please contact gocdb-admins@mailman.egi.eu.

We apologies for any inconvenience this brings,
Kind Regards,
The GOCDB Team

August 6, 2021 15:57
by Greg Corbett

EGI monthly broadcast - August 2021

August 2, 2021 13:38 | Alessandro Paolini
More details

EGI monthly broadcast - August 2021

=============== Content: ==================

1) UMD 4.15.0 released

2) Message Brokers network decommissioned, change your settings

3) New version of the APEL Pub and Sync metrics

============================================

1) UMD 4.15.0 released

UMD 4.15.0 has been released (https://repository.egi.eu/static/UMD/4.15.0.html) and includes several updates for CentOS7:

- StoRM 1.11.21 - several bugs fixes and improvements https://italiangrid.github.io/storm/2021/04/12/storm-v1.11.20-released.html
- lcmaps-plugins 1.8.1 - Update of lcmaps plugins
- CERN Frontier 4.15.2.1 - see http://frontier.cern.ch/dist/rpms-debug/frontier-squidRELEASE_NOTES
- dmlite 1.15.0 - https://lcgdm.web.cern.ch/dmlitedpm-1150-pushed-epel
- APEL SSM 3.2.1 - bug fixes and improvements https://github.com/apel/ssm/releases/tag/3.2.1-1
- Dynamic DNS Nagios probe 1.0.1 - https://github.com/tdviet/DDNS-probe/releases/tag/1.0.1
- Infrastructure Manager Nagios probe 1.0.1 - https://github.com/grycap/im/tree/master/monitoring
- dCache 6.2 - https://www.dcache.org/old/downloads/1.9/release-notes-6.2.shtml

2) Message Brokers network decommissioned, change your settings

As previously announced, the old Message Broker network was switched off on 8th July 2021.
All the sites have been asked to use the new ARGO Message Service to publish the accounting data: please implement the new settings as requested in the ticket you received or you won't be able to send the accounting records to the central repository.

3) New version of the APEL Pub and Sync metrics

The new version of the APEL Pub and Sync metrics was deployed in production.
In order to enable the monitoring of the accounting data, ensure you have registered on GOCDB one service endpoint associated to the "APEL" service type (it is enough to associate it to one CE per site).
The results of the tests are also published to the following webpages:
- http://goc-accounting.grid-support.ac.uk/rss/SITENAME_Pub.html
- http://goc-accounting.grid-support.ac.uk/rss/SITENAME_Sync.html

August 2, 2021 13:38
by Alessandro Paolini

GOCDB currently unavailable

July 22, 2021 09:58 | Adrian Coveney
More details

GOCDB currently unavailable

Due to an urgent network intervention GOCDB is currently unavailable until around 10:30 UTC.

July 22, 2021 09:58
by Adrian Coveney

Planck VO is decommissioned

July 21, 2021 07:06 | Diego Michelotto
More details

Planck VO is decommissioned

Dear all,

VO planck is non supported since long time.

Consider to remove the VO configurations from your site.

Best regards.
Diego for NGI_IT

July 21, 2021 07:06
by Diego Michelotto

Decommissioning of the old Message Broker network

July 8, 2021 14:39 | Daniel Vrčić
More details

Decommissioning of the old Message Broker network

As previously announced, the old Message Broker network was switched off.

All the sites have been asked to use the new ARGO Message Service to publish the accounting data: please implement the new settings as requested in the ticket you received or you won't be able to send the accounting records to the central repository.

July 8, 2021 14:39
by Daniel Vrčić

voms2.cnaf.infn.it certificate update

July 5, 2021 13:44 | Diego Michelotto
More details

voms2.cnaf.infn.it certificate update

Dear all,

we have recently updated the voms2.cnaf.infn.it certificate, this the new subject and issuer:

subject: /DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms2.cnaf.infn.it
issuer: /C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4

Pay attention to field OU, it's different from previous one.

Please update your configurations as soon as possible.

Please ignore previous broadcast and apologize me for spam.

Diego
NGI_IT

July 5, 2021 13:44
by Diego Michelotto

argus-it.cnaf.infn.it certificate update

July 5, 2021 13:38 | Diego Michelotto
More details

argus-it.cnaf.infn.it certificate update

Dear all,

we have recently updated the argus-it.cnaf.infn.it certificate, this the new subject and issuer:

subject: /DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=argus-it.cnaf.infn.it
issuer: /C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4

Pay attention to field OU, it's different from previous one.

Please update your configurations as soon as possible.

Diego
NGI_IT

July 5, 2021 13:38
by Diego Michelotto

EGI monthly broadcast - July 2021

July 5, 2021 13:08 | Alessandro Paolini
More details

EGI monthly broadcast - July 2021

=============== Content: ==================

1) Decommissioning the old Message Brokers network; change your settings

2) New location for the Known Error Database (KEDB)

============================================

1) Decommissioning the old Message Brokers network; change your settings

As previously announced, the old Message Broker networks will be switched off on 8th July 2021.
All the sites have been asked to use the new ARGO Message Service to publish the accounting data: please implement the new settings as requested in the ticket you received or you won't be able to send the accounting records to the central repository.

2) New location for the Known Error Database (KEDB)

As already announced during the monthly Operations Meetings, the KEDB has been moved from mediawiki to Jira+Confluence: https://confluence.egi.eu/display/EGIKEDB/EGI+Federation+KEDB+Home
* problems are tracked with Jira tickets to better follow-up their evoulution
* problems can be registered by DMSU staff and EGI Operations team

To properly see the content of the confluence page and to access the jira tickets details, you need an account on Jira (which comes from your EGI SSO account).

July 5, 2021 13:08
by Alessandro Paolini

EGI monthly broadcast - June 2021

June 16, 2021 09:57 | Alessandro Paolini
More details

EGI monthly broadcast - June 2021

=============== Content: ==================

1) UMD 4.14.0 released

2) Change your accounting settings to use ARGO Message Service for the delivery of the accounting records

============================================

1) UMD 4.14.0 released

The UMD team is pleased to announce the release of UMD 4.14.0: https://repository.egi.eu/static/UMD/4.14.0.html

It includes ARC 6.12.0, xrootd 5.2.0, davix 0.7.6, gridftp 13.24.1, gfal2 2.18.2

2) Change your accounting settings to use ARGO Message Service for the delivery of the accounting records

Over the past few months, we are progressively asking the sites to change some settings in the APEL configuration in order to use the new ARGO Message Service to deliver the accounting records to the central repository.
The current Message Broker Network, based on ActiveMQ, will be decommissioned at the end of June so the APEL settings needs to be changed before that.

The sites providing ARC-CE endpoints can now update to ARC 6.12.0, released in UMD, which supports AMS.
A new series of tickets have been opened to follow-up this configuration change.

Please have a look at the following prerequisites that the machine sending the accounting data has to satisfy to properly use AMS:

- A valid host certificate from an IGTF Accredited CA.
- A GOCDB 'Site' entry flagged as 'Production'.
- A GOCDB 'Service' entry of the correct service type flagged as 'Production'. The following service types are used:
- For Grid accounting use 'gLite-APEL'.
- For Cloud accounting use 'eu.egi.cloud.accounting'.
- For Storage accounting use 'eu.egi.storage.accounting'.
- The 'Host DN' listed in the GOCDB 'Service' entry must exactly match the certificate DN of the host used for accounting. Make sure there are no leading or trailing spaces in the 'Host DN' field.

June 16, 2021 09:57
by Alessandro Paolini

Home

Broadcast

Downtimes

VO Management

VO List

Dashboard

Metrics

SLA

v6.2 - 2021-10-19

Latest news

Decommissioning of the CAMK site

EGI Trust Anchor release 1.113-1

REMINDER - configure new VOMS servers for LHC experiments

Decommissioning of ALICE::Cyfronet::XRD (xrd01.grid.cyf-kr.edu.pl) at CYFRONET-LCG2

Decommissioning of lfc.grid.cyf-kr.edu.pl at CYFRONET-LCG2

EGI Trust Anchor release 1.112-1

GOCDB will be read only from Friday 13th August 1pm UTC to 16th August 1pm UTC

EGI monthly broadcast - August 2021

GOCDB currently unavailable

Planck VO is decommissioned

Decommissioning of the old Message Broker network

voms2.cnaf.infn.it certificate update

argus-it.cnaf.infn.it certificate update

EGI monthly broadcast - July 2021

EGI monthly broadcast - June 2021