|
|
Line 371: |
Line 371: |
| | | |
| ===== ===== | | ===== ===== |
| + | '''Monday 5th March''' |
| + | * memcached exploits and ... |
| + | |
| + | |
| '''Tuesday 6th February on 2018''' | | '''Tuesday 6th February on 2018''' |
| * Update on Meltdown/Spectre | | * Update on Meltdown/Spectre |
| * Security Team meeting this afternoon | | * Security Team meeting this afternoon |
| | | |
− | '''Tuesday 30th January 2018'''<br />
| |
− |
| |
− | The security team would to address the on-going Meltdown/Spectre saga.
| |
− | * [https://wise-community.org/ WISE will meet at Coseners House at the end of Feb].
| |
− |
| |
− | '''Tuesday 23rd January 2018'''<br />
| |
− |
| |
− | On-going Meltdown/Spectre - dominated work so far this year.
| |
− |
| |
− | EGI CSIRT F2F next week at CERN.
| |
− |
| |
− | Plan to improve/update some of the GridPP security wiki pages in coming weeks.
| |
− |
| |
− |
| |
− | '''Tuesday 12th December'''<br />
| |
− |
| |
− | * Nothing new to report.
| |
− |
| |
− | '''Tuesday 5th December'''<br />
| |
− |
| |
− | Nothing to report concerning the UK.
| |
− |
| |
− | DI4R conference was last week, https://indico.egi.eu/indico/event/3455/
| |
− |
| |
− | Plans for integration/co-operation between various projects security teams during EOSC (European Open Science Cloud) project presented
| |
− |
| |
− | https://indico.egi.eu/indico/event/3455/session/12/contribution/77
| |
− |
| |
− |
| |
− | * GGUS tickets and the trust anchor. Who to ticket result?
| |
− |
| |
− | * List of Root CAs used on the Grid: https://www.gridpp.ac.uk/wiki/GridRootCertificates
| |
− |
| |
− | '''Tuesday 28th November'''<br />
| |
− |
| |
− | * Nothing new to report (tracking update from last week - remember you can check your site!)
| |
− |
| |
− | '''Tuesday 21st November'''<br />
| |
− |
| |
− | A few sites have showed up in [https://pakiti.egi.eu/ pakiti] with high risk vulnerabilities. If you haven't been prodded about this already then expect an email from someone in the security team soon.
| |
− |
| |
− | '''Monday 30th October'''
| |
− | * EGI SVG ALERT [TLP:WHITE] Up to 'CRITICAL' risk, kernel exploit CVE-2017-7184 and others [EGI-SVG-CVE-2017-7184]
| |
− | * <i>Upcoming meetings </i>
| |
− | ** Details and registration for SOC WG Workshop in December: [https://wlcg-soc-wg.web.cern.ch/content/workshop-cern-11th-12th-december-2017 Advert] [https://indico.cern.ch/event/676160/ Indico]
| |
| | | |
| | | |
General updates
|
Monday 5th March
- For the WLCG-HSF workshop: ideas, plans or proposals for technology watch activities requested. Please let Helge et. al. know by Monday 19 March. They would particularly appreciate proposals in the form of a single PowerPoint slide.
- GridPP technical meeting this Friday will focus on CentOS7. (Here is a link to 2nd March agenda for Vidyo details).
Monday 26th February
- WLCG-HSF Workshop in Naples
- Minutes of the weekly WLCG weekly ops meeting are available here.
- Alessandra: Mentioned here grid enabled GPU behind an ARC-CE implementation.
- GalDyn and GridPP. Would like to submit work to DiRAC and make use of GridPP resources.
- GridPP40 registration is open.
- Rajan: SL7 UI Machine
Monday 12th February
|
WLCG Operations Coordination - AgendasWiki Page
|
Tuesday 27th February
Monday 29th January
- The majority of T1 sites and VOs confirmed that they do use SAM tests from the critical profiles and regularly check A/R reports.
Suggestions for improvements:
- Propose policy for accepting A/R recalculation requests. The draft should be reviewed at the next meeting.
- VO should have flexibility in the definition of the critical profile. Though the impact of the changes in the critical profile should be carefully tested by the VO and should be announced in advance to the sites, no approval of the MB is required.
- Make tests as close as possible to the real production flow. ATLAS is planning some work in this direction.
- The proposal to include real production flows in the critical profile was not supported.
- Sites which do have local fabric monitoring like Nagios for example, are recommended to use an API to import test results into the local fabric monitoring. **This would help to avoid test failures staying unnoticed for months.
- Transparent navigation from the SAM UI to the log files is required to facilitate test failure debugging. This feature has to be preserved in the new SAM UI being developed by the monitoring team.
|
Tier-1 - Status Page
|
Tuesday 1st March
Report from the last Tier1 - Experiments Liaison Meeting at on 21st February is here.
- RAL is experiencing an outage of 2 of its 3 OPN 10Gb lines (effective as of 01:03 this morning (27/2/18)). Currently services have not been adversely impacted. While is remains the case there will be no formal status/update broadcast therefore this should be taken as an informal advisory. JANET also inform us that this outage is also effecting Brunel University and Royal Holloway University.
- There has been an outage on Castor announced for Thursday (1st March) while the database systems have Oracle patches applied.
|
Storage & Data Management - Agendas/Minutes
|
Wed 06 Dec
- Another success story - CERN@School running machine learning at QMUL
- Technical events coming up - hepsysman and cloud workshop at Crick. We ought to do something Useful or Interesting.
Wed 15 Nov
- More xcache progress at some sites; less at others who may be blocking on dependencies or be busy with Other Things(tm)
- Some interest in following the non-X.509 authentication/authorisation
Wed 08 Nov
- Not (very) modest at all progress on xcache testing... from Chris at RALPP
Wed 01 Nov
- (very) modest progress on xcache testing...
- Except that RALPP has it fully working for dCache - hope to get full report next week
|
Tier-2 Evolution - GridPP JIRA
|
Tuesday 12 Dec
- Vcycle updated for Glance API 2.0 and to support Vacuum Pipe VM definitions.
Tuesday 14 Nov
- Single processor LHCb stoppable Monte Carlo VMs running in a mixture with fixed length 8 processor ATLAS VMs and single processor GridPP VMs. Please get in touch if you are running Vac and want to try this.
|
Accounting - UK Grid Metrics HEPSPEC06 Atlas Dashboard HS06
|
Tuesday 6th February
Tuesday 30th January
Tuesday 24th Oct
Monday 16th January
- The discussion topic for next week will be accounting comparisons. Please note Alessandra's comments last week.
Monday 14th November
- Alessandra has written an FAQ to extract numbers from ATLAS and APEL avoiding the SSB.
Monday 26th September
- A problem with the APEL Pub and Sync tests developed last Tuesday and was resolved on Wednesday. This had a temporary impact on the accounting portal.
|
Documentation - KeyDocs
|
Tuesday 22nd Jan 2018
CHANGE TO APPROVED VOs
A VO, solidexperiment.org, has been included in the GridPP Approved VOs document. Sites are requested to support this experiment, resources permitting.
https://www.gridpp.ac.uk/wiki/GridPP_approved_VOs#Approved_Local_VOs
- In the Ops Portal, LHCb mentions a new cvmfs mount, /cvmfs/lhcb-condb.cern.ch
- A voms server for magic, voms02.pic.es, has an updated DN.
Tuesday 9th Jan 2018
Changes to Approved VOs.
a) VOMS servers for planck, ipv6.hepix.org and enmr are now restored to as they were before the flooding at CNAF.
b) The DN of a VOMS server for magic has changed.
https://www.gridpp.ac.uk/wiki/GridPP_approved_VOs
Tuesday 5th Sept 2017
New Approved VO. SKA European regional data centre, skatelescope.eu
https://www.gridpp.ac.uk/wiki/GridPP_approved_VOs
This VO is ramping up and has requested support. Andrew McNab is the contact person for GridPP.
General note
See the worst KeyDocs list for documents needing review now and the names of the responsible people.
|
Interoperation - EGI ops agendas Indico schedule
|
Tuesday 27th February
Tuesday 30th January
Tuesday 23rd January
- There was an EGI Operations Meeting last Monday: Agenda
- Middleware
- Long list of updates in UMD 4.6
- UMD3 deprecation - start using UMD4 as soon as possible
- Products missing, let them know - this is a heads up
- Operations
- New weights in A/R
- "Several sites are still missing the necessary information for computing the weights: check on VAPOR the values published by your sites in order to properly publishing in the GLUE2 schema the number of logical CPUs and the Hep-Spec06 benchmark."
- http://operations-portal.egi.eu/vapor/resources/GL2ResSummary
- IPv6
- https://wiki.egi.eu/w/index.php?title=IPV6_Assessment
- webdav probes in production
- "During the January OMB we are going to discuss the inclusion of the probes in the operators and in the critical profile" [may be superceded]
- Storage accounting deployment
- "IMPORTANT: be sure to have installed the star-accounting.py script v1.0.4"
|
Monitoring - Links MyWLCG
|
Tuesday 4th July
- There were a number of useful links provided in the monitoring talks at the WLCG workshop in Manchester - especially those in the Wednesday sessions.
Monday 13th February
- This category is pretty much inactive. Are there any topics under "monitoring" that anyone wants reported at this ops meeting? If not we will remove this section from the regular updates area of the bulletin and just leave the main links.
Tuesday 1st December
Tuesday 16th June
- F Melaccio & D Crooks decided to add a FAQs section devoted to common monitoring issues under the monitoring page.
- Feedback welcome.
|
On-duty - Dashboard ROD rota
|
Monday 5th March
- AM->GS. A quiet week last week.
Monday 29th January
- There were a couple of alarms which showed up on the dashboard, but not on the corresponding nagios.
- DB got fed up with Imperial failing the job-cancel test for CREAM -- the CE is just busy and returns the cancelled state about 30 s after the test 'fails' -- so she filed a ticket questioning the usefulness of the test: https://ggus.eu/?mode=ticket_info&ticket_id=133004.
Monday 20th November
- Generally quiet. There are three outstanding tickets: low availability at Birmingham, one at Liverpool which might just have gone green, and out-of-date IGTF CAs at Sheffield.
|
Security - Incident Procedure Policies Rota
|
Monday 5th March
- memcached exploits and ...
Tuesday 6th February on 2018
- Update on Meltdown/Spectre
- Security Team meeting this afternoon
|
|
Services - PerfSonar production dashboard |PerfSonar development dashboard | GridPP VOMS
|
- This includes notifying of (inter)national services that will have an outage in the coming weeks or will be impacted by work elsewhere. (Cross-check the Tier-1 update).
Monday 19th February
Please could sites upgrade their perfsonar hosts to CentOS7. Instructions are here. Current OS versions here.
Monday 5th February
- 'Campus network engineering for data-intensive science workshop' in October 2016, had this agenda. Note particularly the Imperial and Cambridge overviews.
- There is a JISC document which seeks to help set expectations for what the network can deliver.
Monday 22nd January
Monday 20th November
- perfSONAR: No news.
- GridPP DIRAC: DPM & xrootd version. Upgrade due 16th November.
- RIPE ATLAS probes: Status & tests TBC
- The next LHCOPN/LHCONE meeting will be at RAL 6-7th March 2018. The UK position on LHCONE is being reviewed. RAL T1 will (likely) connect via the LHCOPN in the coming months. T2s watch this space!
Monday 23rd October
- The LHCOPN/ONE meeting took place last week at KEK, co-hosted with the HEPiX Fall meeting.
- You can find a short report of the meeting here.
- All the slides presented are available in the agenda.
Tuesday 4th July
- Pete C is preparing another networking forward look document. Note that figures presented in the Manchester workshop were for a Tier-2 (not always a single site).
here
- Duncan has recreated the UK perfSONAR mesh. Link here!
|
Tickets
|
Monday 26th February 2018, 14.30 GMT
37 Open UK Tickets this week.
It's still seemingly like a stagnant time on the ticket front. A few tickets that need a poke include this RALPP ticket: 133390, which has been in waiting for reply for a few weeks, and this QMUL ticket: 132929, waiting for some input (or acknowledgement) from the APEL devs.
Glasgow have a few tickets related to some issues with xrootd playing up in various ways at their site (causing errors for lhcb in 133667 and a return of the classic xroot overload problems in 133690). The tickets are being handled with the usual Glasgow panache, but I thought I'd give an opportunity to talk about them.
For the first time in a while (that I can remember at least) a ticket has been (re-)assigned to atlas-adc-cloud-UK - the IC ticket 133683. The root causes of the problems are likely the move to using QM as IC's DATADISK. It could be interesting to watch (hopefully it won't be though!).
Related to the previous tickets, for the Sussex xroot ticket 122772 it is worth atlas re-engaging with this. Plus perhaps the errors seen could be related to xroot playing up rather then a misconfig?
|
Tools - MyEGI Nagios
|
Monday 20th November
Tuesday 18th July
- Following our ops discussion last week, Steve will focus his tests on supporting the GridPP DIRAC area and decommission the other tests.
|
VOs - GridPP VOMS VO IDs Approved VO table
|
Monday 20th November
- Tom Whyntie has requested (and been granted) access to the GridPP VO to get some pipelines working for large-scale processing and analysis of MRI scans associated with the UK Biobank project.
- All VOs in the incubation page being prompted for updates by the end of November (required input for OC documents).
- QMUL (Steve L) is following up on the biomed MoU. GridPP want to be cited in research papers for the support our resources/sites provide.
|
|