General information


Middleware


UMD

  • CentOS7 is the
    recommended OS until UMD5+CS9 are released
  • In case you have already some machines with C8, migration to CentOS Stream 8 is recommended
  • CS9 will be supported by CERN and FNAL
  • middleware: recommended path is C7->CS9 (we will skip CS8)


  • UMD Infrastructure:
    • testbed and scripts to test the new workflows
    • working on the jenkins + nexus interactions
      • in more detail using the nexus API we can create, upload sign rpm's and deb packages
      • working on the implementation of this into jenkins


Operations

ARGO/SAM

FedCloud

Feedback from DMSU

New Known Error Database (KEDB)

The KEDB has been moved to Jira+Confluence: https://confluence.egi.eu/display/EGIKEDB/EGI+Federation+KEDB+Home

  • problems are tracked with Jira tickets to better follow-up their evoulution
  • problems can be registered by DMSU staff and EGI Operations team

Monthly Availability/Reliability


Under-performed sites after 3 consecutive months, under-performed NGIs, QoS violations: (Jun 2022):

sites suspended: ICN-UNAM (ROC_LA)


Verify configuration records

On a yearly basis, the information registered into GOC-DB need to be verified. NGIs and RCs have been asked to check them. In particular:

  1. NGI managers should review the people registered and the roles assigned to them, and in particular check the following information:
    • E-Mail
    • ROD E-Mail
    • Security E-Mail

NGI Managers should also review the status of the "not certified" RCs, in according to the RC Status Workflow;

  1. RCs administrators should review the people registered and the roles assigned to them, and in particular check the following information:
    • E-Mail
    • telephone numbers
    • CSIRT E-Mail

RC administrators should also review the information related to the registered service endpoints.

The process should be completed by July 29th.

List of tickets on GGUS search page.

Documentation

IPv6 readiness plans

Transition from X509 to federated identities (AARC profile token)

  • WLCG is testing aai tokens (WLCG profile) as authz system for accessing the middleware, with Indigo IAM as a replacement of VOMS
  • In Feb 2022 OSG will fully move to token-based AAI, abandoning X509 certificates
  • HTCondorCE: replacement of Grid Community Toolkit
    • The long-term support series (9.0.x) from the CHTC repositories will support X509/VOMS authentication through Sep 2022 Jan 2023
    • Starting in 9.3.0 (released in October), the HTCondor feature releases does NOT contain this support
    • EGI sites are recommended to stay with the long-term support series for the time being

What we need to know in preparation of the transition:

Checking the middleware compliance with the AARC Profile token:

Circulated a survey to check the awareness and readiness of users communities:

  • see details in the notes of past meetings

Migration of the VOs from VOMS to Check-in

  • transition period where both X509 and tokens can be used
    • delays in updating the GRID elements to the latest version compliant with tokens
    • not all if the middleware products can be compliant with tokens at the same time
    • the same VO has to interact with element supporting different authentications

Testing HTCondorCE and AARC Profile token

  • INFN-T1 did some tests with the AARC Profile token using its HTCondorCE endpoints
  • dteam VO registered in Check-in/Comanage:
    • Entitlements:
      • urn:mace:egi.eu:group:dteam:role=member#aai.egi.eu
      • urn:mace:egi.eu:group:dteam:role=vm_operator#aai.egi.eu
  • The HTCondorCE expects to find in the token the scope claim to authorise the jobs submission
    • at the moment Check-in doesn't release this claim: it will after the migration to Keykloak technology replacing MitreID

WLCG Campaign

Timeline

  • CEs to fully support tokens by the end of the year (Dirac for the job submission)
  • data management services (dCache, STORM, FTS, Rucio, Dirac) might need a few years before droppin X509/VOMS support

Hackathon events

  • in July between CE developers and Check-in
  • In September, organised by WLCG, with HTCondorCE and ARC-CE to mostly investigating data staging issues (see GDB introduction)

DPM Decommission and migration

  • DPM supported until June 2023
  • Sites are encouraged to start the migration to a different storage element since the process will take time
    • choosing the new storage solution depends on the expertise/experience of the sites and on the needs of the supported VOs 
  • DPM provides a migration script to dCache (migration guide)
    • Transparent migration
      • Migrate just catalog (database) and keep files untouched
      • both SE store files on posix filesystem
  • Migration in three steps
    • verify the DPM data consistency
      • no downtime needed
      • the operation can last several days or some weeks
    • DPM dump and dCache import
      • downtime lasting about 1 day
  • In September we are going to open tickets to the sites

New benchmark replacing HEP-SPEC06

The benchmark HEPSCORE is going to replace the old Hep-Spec06

  • preparing plans with WLCG and the EGI Accounting team for deploying the new benchmark
  • transition period where both the benchmark will be published and used to normalise the data
    • to allow comparison between the two kind of data
  • APEL is working on a version where the accounting records contains 2 benchmarks 

AOB

EGI Conference 2022: https://indico.egi.eu/event/5882/overview

pre-registrations are open

Next meeting

Aug?

  • No labels