New VOMS servers campaign GDB, 8 th Oct 2014 Maarten Litmaath IT/SDC.

Slides:

Advertisements

Similar presentations

The Middleware Readiness Working Group LHCb Computing Workshop LHCb Computing Workshop Maria Dimou IT/SDC 2014/05/22.

Advertisements

LHC Experiment Dashboard Main areas covered by the Experiment Dashboard: Data processing monitoring (job monitoring) Data transfer monitoring Site/service.

WLCG Operations Coordination report Maria Dimou / CERN With input and on behalf of the WLCG Operations Coordination team May 2015 GDB CERN indico event.

LHCC Comprehensive Review – September WLCG Commissioning Schedule Still an ambitious programme ahead Still an ambitious programme ahead Timely testing.

Status of WLCG Tier-0 Maite Barroso, CERN-IT With input from T0 service managers Grid Deployment Board 9 April Apr-2014 Maite Barroso Lopez (at)

CERN IT Department CH-1211 Genève 23 Switzerland t EIS section review of recent activities Harry Renshall Andrea Sciabà IT-GS group meeting.

HPDC 2007 / Grid Infrastructure Monitoring System Based on Nagios Grid Infrastructure Monitoring System Based on Nagios E. Imamagic, D. Dobrenic SRCE HPDC.

The HEPiX IPv6 Working Group David Kelsey EGI TF, Prague 18 Sep 2012.

Marian Babik, Luca Magnoni SAM Test Framework. Outline  SAM Test Framework  Update on Job Submission Timeouts  Impact of Condor and direct CREAM tests.

WLCG Service Report ~~~ WLCG Management Board, 1 st September

Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations.

Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.

MW Readiness Verification Status Andrea Manzi IT/SDC 21/01/ /01/15 2.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE EGEE training community.

March 11, 2008 USCMS Tier-2 Workshop Oh Dear God Alain made a PowerPoint presentation 1.

CERN Using the SAM framework for the CMS specific tests Andrea Sciabà System Analysis WG Meeting 15 November, 2007.

Machine/Job Features Update Stefan Roiser. Machine/Job Features Recap Resource User Resource Provider Batch Deploy pilot Cloud Node Deploy VM Virtual.

MW Readiness WG Update Andrea Manzi Maria Dimou Lionel Cons 10/12/2014.

WLCG Grid Deployment Board, CERN 11 June 2008 Storage Update Flavia Donno CERN/IT.

US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.

1 Andrea Sciabà CERN Critical Services and Monitoring - CMS Andrea Sciabà WLCG Service Reliability Workshop 26 – 30 November, 2007.

Information System Status and Evolution Maria Alandes Pradillo, CERN CERN IT Department, Grid Technology Group GDB 13 th June 2012.

Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Handling ALARMs for Critical Services Maria Girone, IT-ES Maite Barroso IT-PES, Maria Dimou, IT-ES WLCG MB, 19 February 2013.

Site Validation Session Report Co-Chairs: Piotr Nyczyk, CERN IT/GD Leigh Grundhoefer, IU / OSG Notes from Judy Novak WLCG-OSG-EGEE Workshop CERN, June.

Storage Accounting John Gordon, STFC GDB March 2013.

LCG Introduction John Gordon, STFC GDB June 8 th 2011.

EMI INFSO-RI Argus Policies in Action Valery Tschopp (SWITCH) on behalf of the Argus PT.

SAM Sensors & Tests Judit Novak CERN IT/GD SAM Review I. 21. May 2007, CERN.

WLCG Service Report ~~~ WLCG Management Board, 7 th September 2010 Updated 8 th September

Testing and integrating the WLCG/EGEE middleware in the LHC computing Simone Campana, Alessandro Di Girolamo, Elisa Lanciotti, Nicolò Magini, Patricia.

Service Availability Monitor tests for ATLAS Current Status Tests in development To Do Alessandro Di Girolamo CERN IT/PSS-ED.

Experiment Support CERN IT Department CH-1211 Geneva 23 Switzerland t DBES Andrea Sciabà Hammercloud and Nagios Dan Van Der Ster Nicolò Magini.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Middleware Update Maria Alandes Pradillo.

WLCG ‘Weekly’ Service Report ~~~ WLCG Management Board, 5 th August 2008.

Criteria for Deploying gLite WMS and CE Ian Bird CERN IT LCG MB 6 th March 2007.

Enabling Grids for E-sciencE INFSO-RI Enabling Grids for E-sciencE Gavin McCance GDB – 6 June 2007 FTS 2.0 deployment and testing.

New solutions for large scale functional tests in the WLCG infrastructure with SAM/Nagios: The experiments experience ES IT Department CERN J. Andreeva.

WLCG Operations Coordination Andrea Sciabà IT/SDC 10 th July 2013.

The Grid Storage System Deployment Working Group 6 th February 2007 Flavia Donno IT/GD, CERN.

The GridPP DIRAC project DIRAC for non-LHC communities.

Placeholder ES 1 CERN IT EGI Technical Forum, Experiment Support group AAI usage, issues and wishes for WLCG Maarten Litmaath CERN.

WLCG Operations Coordination report Maria Alandes, Andrea Sciabà IT-SDC On behalf of the WLCG Operations Coordination team GDB 9 th April 2014.

MW Readiness WG Update Andrea Manzi Maria Dimou Lionel Cons Maarten Litmaath On behalf of the WG participants GDB 09/09/2015.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE Operations: Evolution of the Role of.

SAM Status Update Piotr Nyczyk LCG Management Board CERN, 5 June 2007.

GLite WN Installation Giuseppe LA ROCCA INFN Catania ACGRID-II School 2-14 November 2009 Kuala Lumpur - Malaysia.

SAM architecture EGEE 07 Service Availability Monitor for the LHC experiments Simone Campana, Alessandro Di Girolamo, Nicolò Magini, Patricia Mendez Lorenzo,

Outcome should be a documented strategy Not everything needs to go back to square one! – Some things work! – Some work has already been (is being) done.

HLRmon Enrico Fattibene INFN-CNAF 1EGI-TF Lyon, France19-23 September 2011.

WLCG Accounting Task Force Update Julia Andreeva CERN GDB, 8 th of June,

WLCG Operations Coordination report Maria Dimou Andrea Sciabà IT/SDC On behalf of the WLCG Operations Coordination team GDB 12 th November 2014.

Site notifications with SAM and Dashboards Marian Babik SDC/MI Team IT/SDC/MI 12 th June 2013 GDB.

Accounting Update John Gordon. Outline Multicore CPU Accounting Developments Cloud Accounting Storage Accounting Miscellaneous.

ALICE WLCG operations report Maarten Litmaath CERN IT-SDC ALICE T1-T2 Workshop Torino Feb 23, 2015 v1.2.

WLCG Operations Coordination Andrea Sciabà IT/SDC GDB 11 th September 2013.

IGTF, WLCG, EGI and SHA-2 (and RFC proxies) David Kelsey (STFC-RAL and WLCG) TAGPMA meeting, Panama City Aug 2012.

Grid Technology CERN IT Department CH-1211 Geneva 23 Switzerland t DBCF GT Middleware Update GDB, 9 th February 2011 Slides by Maria Alandes.

WLCG IPv6 deployment strategy

OpenSSL and Java 7 vs. 512-bit proxy keys

NGI and Site Nagios Monitoring

Patricia Méndez Lorenzo ALICE Offline Week CERN, 13th July 2007

Grid status ALICE Offline week Nov 3, Maarten Litmaath CERN-IT v1.0

Update on Plan for KISTI-GSDC

Update on SHA-2 and RFC proxy support

Update from the HEPiX IPv6 WG

Summary from last MB “The MB agreed that a detailed deployment plan and a realistic time scale are required for deploying glexec with setuid mode at WLCG.

Grid status ALICE Offline week March 30, Maarten Litmaath CERN-IT v1.1

EGEE Operation Tools and Procedures

MB Maarten Litmaath CERN v1.0

Presentation transcript:

New VOMS servers campaign GDB, 8 th Oct 2014 Maarten Litmaath IT/SDC

New VOMS servers  Fairly simple and extensively documented changes, yet a lot of hand-holding was required…  EGI broadcasts  March 17 – deadline May 6 March 17  May 6 – deadline June 2 May 6  bouncycastl 3 rd party bug disrupted time line…  July 1 – deadline July 15 July 1  Aug 25 – deadline Sep 15 Aug 25  Sep 1 – tickets for 88 incompliant EGI sites  Almost all are OK now, but many needed assistance  Sep 8 – WLCG ops broadcast  Most OSG sites were OK well on time  A few still are not  Official SAM tests use the new VOMS servers since today  Experiments should validate their workflows ASAP 2

March 17 EGI broadcast (1/3) Dear colleagues, in the course of 2014 the CERN VOMS service will move to new hosts whose host certificates are signed by the new (SHA-2) CERN CA. These new hosts need to be recognized by all VOMS-aware services across WLCG before the hosts can start being used for VOMS proxies. VOMS-aware services include at least the following: * Argus * CE types * FTS * LFC * SE types * UI types - see note below! * WMS * WN Such services have VO directories under /etc/grid-security/vomsdir. Please _exclude_ UI instances for the time being, otherwise users might get warnings when creating a VOMS proxy. This applies also to EMI Nagios and WLCG VOBOX instances, as they include a UI. 3

March 17 EGI broadcast (2/3) To facilitate the addition of the new hosts in the relevant places, a set of rpms have been created, one per WLCG-related VO: * wlcg-voms-alice * wlcg-voms-atlas * wlcg-voms-cms * wlcg-voms-lhcb * wlcg-voms-ops The rpms are hosted in the WLCG repository: Each rpm provides not only the relevant "LSC" files for proxy verification, but also the corresponding "vomses" configuration files for proxy generation (when the infrastructure is ready for that). To add support for the new VOMS servers, one can just install the rpms for the supported VOs, without the need to reconfigure the services otherwise. Note: the old servers need to remain supported until further notice. If you prefer to use your usual configuration system instead of the rpms, the relevant details are laid out here: 4

March 17 EGI broadcast (3/3) Timelines We aim for the WLCG infrastructure to be _ready_ for the new VOMS servers by Tue May 6. Please update your service configurations before that date. The relevant VO cards in the EGI Operations Portal will shortly be updated with the details describing the new VOMS servers. Further details will be broadcast when the new servers start being used for proxy generation. 5

Aug 25 EGI broadcast (1/2) Dear colleagues, first another reminder of the broadcast sent on March 17: Please refer to that page for _configuration_ details. New information: 1. Please ensure your site has the following rpm on affected node types: bouncycastl (SL6) bouncycastle146-mail (SL5) The affected node types are: Argus CREAM UI (including SAM-Nagios and WLCG-VOBOX) WN Note that the Java daemons of Argus and CREAM need to be _restarted_ after the rpm was updated. 6

Aug 25 EGI broadcast (2/2) 2. The new VOMS servers will start getting used by normal jobs _and_ by SAM tests as of: --> Monday September 15 <-- Please ensure your services support the new VOMS servers ASAP. 3. The old VOMS servers need to _remain_ supported for the time being. 4. The SAM pre-production instances for the LHC experiments will use the new VOMS servers earlier, thereby allowing sites to _verify_ their configurations on the following pages: ALICE: - since Jul 23 LHCb: - since Aug 22 ATLAS: - planned as of Aug 28 CMS: - planned as of Aug Please ensure a correct configuration also for the "ops" VO. We are looking into a way for sites to check also this case. Further developments will be announced in due course. 7

Sep 8 WLCG broadcast (1/2) Dear colleagues, this is a reminder about the new set of VOMS servers to be _added_ for the LHC experiments and the "ops" VO. The new servers will start getting used for real work and SAM tests on: --> Mon Sep 15 <-- Even if you already implemented corresponding configuration changes on your services, please check below! If you had not learned about these changes yet: - OSG sites should contact OSG Operations for assistance. - EGI sites should follow the steps outlined in this EGI broadcast: The SAM pre-production instances for the LHC experiments are already using the new VOMS servers. Please _check_ how your site appears on the following web pages for the experiments you support. 8

Sep 8 WLCG broadcast (2/2) ALICE: - preprod - prod ATLAS: - preprod - prod CMS: - preprod - prod LHCb: - preprod - prod If your site is green on the "prod" page(s), but _red_ on "preprod", it is most likely that your services do _not_ correctly/completely support the new VOMS servers yet. Click on the '+' signs to expand the views until you see the time bars for the individual tests per host, click on the time bars at locations of interest to see detailed test results for the corresponding times. If your site appears green and red intermittently: - your configuration may have a typo for one of the new VOMS servers; - SE tests: check if all disk servers have the correct configuration. Thanks for your timely attention to this matter !