Difference between revisions of "GDB 13th October 2010"

From GridPP Wiki
Jump to: navigation, search
(No difference)

Latest revision as of 13:33, 13 October 2010

GDB Agenda


Operational Security

  • Focus on CVE-2010-3081
    • Vulnerabilities like this will happen ~1/per year.
    • Some hints that this vulnerability was exploited - under investigation.
    • All SL5 WNs in EGI were patched within 7 days. Well done. (Tracked with pakiti).
    • This 7 day upgrade will be policy
      • Downtime associated with this is accepted by WLCG.
      • It's an availability hit, of course
    • Seems that some sites did not upgrade last time for various reasons, but we seem to be better co-ordinated in GridPP.
  • Ian B - what does it mean to suspend a site?
    • Only removal from the BDII
    • Doesn't work for VOs which 'hardcode' site information
      • VOs do get informed, particularly LHC experiments
  • John: Sites have to enter accurate downtimes.

OPN Troubleshooting

  • Highlighting lack of progress and communication on network problems reported by LHC Expts.
    • Many different site and network entities involved (BNL, CNAF, GARR, ESNET, DANTE, USLHCNet, CERN)
    • Need to keep users informed
      • GGUS has a 'Network Operations' support unit, but it's a relic.
  • John thinks this is being handled properly, but the problem is on updates and informing the submitter.
    • Dissent about if this really happening in the most efficient way.
    • Still not clear how someone takes ownership of this issue - suggestion that one of the sites takes ownership.
      • GGUS workflow doesn't support this very well, but need to be clearer on exactly what we want to achieve, then implement it in the tool.


  • gLite 3.2 updated in 2010-10-05
  • New lcg-CA and lcg-vomscert packages
  • Many retirements of gLite 3.1 nodes (nothing I see that's critical for us, check slide 8)
    • NIKHEF have an issue upgrading some Sun servers to SL5 (hosting DPM)

GGUS Support Units

  • New GGUS release (v8.0) will have significant changes
    • Lots of new support units, with 3rd level support for many EMI middleware components.
    • Some discussion about whether supporters should get 'limited' reassignment rights
      • This introduces an escalation workflow, but Maria was worried this would slow things down and pointed out that no abuse of supports' privileges had been reported.

Installed Capacity

  • gstat 2.0 is the mechanism for reporting your installed capacity
    • Sites set their own CPU values in here, so onus is on sites to check what they are publishing.
    • VO shares are not yet correct
    • This will be reported on at the MB at the end of this month, so it's urgent to check this.
      • Should we review what parameters can be set here?


Post-Amsterdam Demonstrators

This was an extensive session, which I am not even going to try to summarise. See the slides and (maybe) a storage group summary.