GDB 13th October 2010
From GridPP Wiki
Revision as of 13:33, 13 October 2010 by Graeme stewart
- Focus on CVE-2010-3081
- Vulnerabilities like this will happen ~1/per year.
- Some hints that this vulnerability was exploited - under investigation.
- All SL5 WNs in EGI were patched within 7 days. Well done. (Tracked with pakiti).
- This 7 day upgrade will be policy
- Downtime associated with this is accepted by WLCG.
- It's an availability hit, of course
- Seems that some sites did not upgrade last time for various reasons, but we seem to be better co-ordinated in GridPP.
- Ian B - what does it mean to suspend a site?
- Only removal from the BDII
- Doesn't work for VOs which 'hardcode' site information
- VOs do get informed, particularly LHC experiments
- John: Sites have to enter accurate downtimes.
- Highlighting lack of progress and communication on network problems reported by LHC Expts.
- Many different site and network entities involved (BNL, CNAF, GARR, ESNET, DANTE, USLHCNet, CERN)
- Need to keep users informed
- GGUS has a 'Network Operations' support unit, but it's a relic.
- John thinks this is being handled properly, but the problem is on updates and informing the submitter.
- Dissent about if this really happening in the most efficient way.
- Still not clear how someone takes ownership of this issue - suggestion that one of the sites takes ownership.
- GGUS workflow doesn't support this very well, but need to be clearer on exactly what we want to achieve, then implement it in the tool.
- gLite 3.2 updated in 2010-10-05
- New lcg-CA and lcg-vomscert packages
- Many retirements of gLite 3.1 nodes (nothing I see that's critical for us, check slide 8)
- NIKHEF have an issue upgrading some Sun servers to SL5 (hosting DPM)
GGUS Support Units
- New GGUS release (v8.0) will have significant changes
- Lots of new support units, with 3rd level support for many EMI middleware components.
- Some discussion about whether supporters should get 'limited' reassignment rights
- This introduces an escalation workflow, but Maria was worried this would slow things down and pointed out that no abuse of supports' privileges had been reported.
- gstat 2.0 is the mechanism for reporting your installed capacity
- Sites set their own CPU values in here, so onus is on sites to check what they are publishing.
- VO shares are not yet correct
- This will be reported on at the MB at the end of this month, so it's urgent to check this.
- Should we review what parameters can be set here?
This was an extensive session, which I am not even going to try to summarise. See the slides and (maybe) a storage group summary.