Difference between revisions of "Operations Bulletin Latest"

From GridPP Wiki
Jump to: navigation, search
()
()
Line 410: Line 410:
  
 
===== =====
 
===== =====
 +
'''Tuesday 17th January'''
 +
* SL6 updates published for CVE-2016-7117 which was downgraded by EGI SVG to HIGH risk [https://wiki.egi.eu/wiki/SVG:Advisory-SVG-CVE-2016-7117]
 +
* Vulnerability disclosed for Ansible CVE-2016-9587. Upgrades are available. [https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt]
 +
* 2016/01/16 - Incident report involving one non-UK site published by EGI CSIRT.
 +
 
'''Tuesday 10th January'''
 
'''Tuesday 10th January'''
 
* Quiet over the Xmas period
 
* Quiet over the Xmas period

Revision as of 08:14, 17 January 2017

Bulletin archive


Week commencing Monday 16th January 2017
Task Areas
General updates

Monday 16th January

  • December T2 A/R from WLCG:
    • ALICE: All okay.
    • ATLAS: Oxford: 73%:73% | RALPP: 80%:80%
    • CMS: RALPP: 89%:89%
    • LHCb: RALPP: 82%:82%
    • Oxford will request recompute. RALPP affected by CMS SRM overloads and a delayed restart after new cert installed.
  • The next WLCG workshop is in Manchester 19th-21st June.
  • AM seeking non-LHC VO representatives (from the VOs and aware of their technical requirements) for 11th April pre-GDB.
  • TB-Support: Matt D mentions "ZFS experiences and plans".
  • EGI Conference 2017 will take place in Catania, Italy, between 9-12 May 2017.
  • A summary of the networking pre-GDB last week can be found here.


Monday 9th January


Tuesday 20th December


WLCG Operations Coordination - AgendasWiki Page

Monday 16th January

  • The next WLCG ops coordination meeting is on 26th.
    • Downtimes proposal followup --> please send feedback by Jan 20;
    • Tape usage performance analysis.

Monday 5th December

  • There was a WLCG ops coordination meeting on 1st: Agenda | Minutes

Monday 7th November


Tier-1 - Status Page

Tuesday 10th January A reminder that there is a weekly Tier-1 experiment liaison meeting. Notes from the last meeting here

  • The upgrade of Castor Nameserver to version 2.1.15 was successfully carried out on Tuesday (10th Jan). The first of the stager updates (LHCb) will take place next week. This was originally planned for Tuesday (17th) but for reasons of staff availability will now take place on Wednesday (18th).
  • We have had a Castor access problem for LHCB.
  • We are still seeing a lot of CMS SRM test failures - which are atrributed to load on the CMS Catsor instance.
  • We are putting load balancers in front of out site-BDIIs.
Storage & Data Management - Agendas/Minutes

Wednesday 21 Dec

  • Report from Computing Insights UK (nee MEW)
  • Highlights and lowlights of the year (storage and data management only - which seems to have fared better than the world in general)

Wednesday 07 Dec

  • Good GridPP presence at the CLOUD-SIG workshop at Crick last week. Real Work™ included GridFTP-endpoint-in-the-cloud and Jupyter notebooks. How do you get data into a Jupyter notebook (from the grid)?
  • Opportunity to do more with data transfer between infrastructures.

Wednesday 23 Nov

  • A couple of operational issues; ATLAS data mover triggering lack of checksum support in xroot in Edinburgh DPM

Wednesday 16 Nov

  • Some curious operational issues with failed xroot transfers - need more testing
  • Duncan provided feedback from the JISC data transfer/campus networking workshop


Tier-2 Evolution - GridPP JIRA

Thursday 5 January 2017

  • Vac 02.00 released, with SuperSlots mechanism for handling a mixture of different VM sizes on the same hypervisors.

Monday 2 January 2017

Wednesday 14 December

  • LHCb has added Vac resources to the LHCb_CRITICAL profile used in the SAM3 dashboard and WLCG site A&R reports. (GRIDPP-5)

Monday 12 December

  • ALICE VMs in production at Manchester. Other Vac sites invited to install it. (No VOBOX required...)


Accounting - UK Grid Metrics HEPSPEC06 Atlas Dashboard HS06

Monday 16th January

  • The discussion topic for next week will be accounting comparisons. Please note Alessandra's comments last week.

Monday 14th November

  • Alessandra has written an FAQ to extract numbers from ATLAS and APEL avoiding the SSB.

Monday 26th September

  • A problem with the APEL Pub and Sync tests developed last Tuesday and was resolved on Wednesday. This had a temporary impact on the accounting portal.
Documentation - KeyDocs

Monday 9th January

  • Tom put these together:
    • A snapshot of the GridPP UserGuide is now available as an offline document in the Zenodo repository:
    • ...and the v1.0 release of the LaTeX code used to compile it is here.
    • There are some minor differences (mainly hyperlink-related) to the online version [1], which has also had a v1.0 release here.


Tue 22nd Nov

  • More on Accounting audit tools

The process for ARC, Toque and VAC is now documented here.

https://github.com/gridpp/audit/wiki


Tue 15 Nov

  • Accounting audit tools

GridPP project in github used to host documents and scripts to audit work done accounts independently of APEL. So far, methods exist for ARC CE, and Torque batch system. Method for VAC still rough and being worked out by (e.g.) next week. To get the material:

git clone https://sjones-hep-ph-liv-ac-uk@github.com/gridpp/audit.git

Substituting you own github username. Or go to:

https://github.com/gridpp/audit

For write access, ask Andrew McNab.

  • Changes to CMS resource requirements in Approved VOs

See https://www.gridpp.ac.uk/wiki/GridPP_approved_VOs

Scroll to the Resources table at the bottom and check the new CMS requirements.

Tue 1 Nov

Publishing tutorial updated to use new wording for various measurements.

https://www.gridpp.ac.uk/wiki/Publishing_tutorial#Accounting_transmissions



https://www.gridpp.ac.uk/wiki/GridPP_approved_VOs


General note

See the worst KeyDocs list for documents needing review now and the names of the responsible people.

Interoperation - EGI ops agendas

Monday 16th January

  • There was an ops meeting on 9th January. Agenda.


Monday 7th November

  • There was an EGI Ops meeting today: agenda
  • UMD 3.14.5 released today
    • VOMS 3.5.0, which makes RFC proxies the default for voms-proxy-init
  • UMD 4.3.0 'October' release, release candidate ready, to be released by end of this week, including:
    • ARC, GFAL2, XROOT, Davix, dCache, ARGUS, Gridsite, edg-mkgrid, umd-release for CentOS7
  • please start using UMD4/SL6 or UMD4/CentOS7 instead of UMD3/SL6 & please don't use anymore EMI3
    • (think there may be a campaign around this soon)
  • Downtimes due to the vulnerability CVE-2016-5195: request an A/R recomputation
    • All the resource centres that were affected by the vulnerability CVE-2016-5195 and that declared a downtime between 2016-10-20 16:00 UTC and 2016-10-31 18:00 UTC are invited to request a recomputation of A/R figures for the days in which the downtime was ongoing.
Monitoring - Links MyWLCG

Tuesday 1st December


Tuesday 16th June

  • F Melaccio & D Crooks decided to add a FAQs section devoted to common monitoring issues under the monitoring page.
  • Feedback welcome.


Tuesday 31st March

Monday 7th December

On-duty - Dashboard ROD rota

Monday 16th January

  • Rota to be updated this week. Gordon is on shift this week.

Monday 9th January

  • Daniela posted on 25th Dec to say: "there's quite a lot of tickets - I tried to extend them all into January.

Otherwise apparently the grid is still standing."


Monday 5th December

  • Another fairly quiet week. There were a few new tickets, which are mostly now resolved. There was an intermittent SRM alarm at RALPP which sporadically appeared then disappeared; it finally hung around long enough today to raise a ticket.


Rollout Status WLCG Baseline

Tuesday 7th December

  • Raul reports: validation of site BDII on Centos 7 done.

Tuesday 15th September

Tuesday 12th May

  • MW Readiness WG meeting Wed May 6th at 4pm. Attended by Raul, Matt, Sam and Jeremy.


References


Security - Incident Procedure Policies Rota

Tuesday 17th January

  • SL6 updates published for CVE-2016-7117 which was downgraded by EGI SVG to HIGH risk [1]
  • Vulnerability disclosed for Ansible CVE-2016-9587. Upgrades are available. [2]
  • 2016/01/16 - Incident report involving one non-UK site published by EGI CSIRT.

Tuesday 10th January

  • Quiet over the Xmas period
  • Expecting close-out report from non-UK incident reported last month. Still no known UK links.
  • SL5 updates published for CVE-2016-7117 which was downgraded by EGI SVG to HIGH risk [3]
  • EGI SVG Advisory for RH7 Linux kernel IPv6 implementation rated HIGH risk [4]
  • UK Security Team meeting this aft. 4pm

Tuesday 20th December

  • CVE-2016-7117 downgraded from CRITICAL to HIGH by EGI SVG [5]
  • One, non-UK incident advisory from EGI CSIRT affecting one site. Not known to have affected other sites but more details expected after further analysis.

Tuesday 13th December

  • CVE-2016-7117 still waiting for distro. kernel updates
  • EGI Dashboard hint: to display a recent history of state records -
    • Starting from the "Issues" page for a site
    • Select right-hand-upper drop-down “Issues” and select “History”
    • Click the required test in the table shown e.g. ARC-Pakiti-Check
    • Select "Records" from the upper-menu

Tuesday 6th December

  • One user suspension (and subsequent release) in Argus due to an EGI FedCloud incident. Not know to affect UK.
  • CVE-2016-7117 still waiting for distro. kernel updates
  • Next Security Team meeting on the 13th Dec.
  • Certificate has expired on pakiti.egi.eu 5/12/2016 [6]


The EGI security dashboard.


Services - PerfSonar production dashboard |PerfSonar development dashboard | GridPP VOMS

- This includes notifying of (inter)national services that will have an outage in the coming weeks or will be impacted by work elsewhere. (Cross-check the Tier-1 update).

Tuesday 25th October

  • Duncan has recreated the UK perfSONAR mesh. Link here!


Monday 19th September

  • UK eScience CA - certificate issuance problems. Jens reported that on 15th a partial but significant database corruption occurred on the signing system for the CA. Data was restored from (offline) backups but the rebuild was not correctly configured.
  • A large number of site admins and other GridPP supporters appeared to be suspended from the dteam VO last week. “During a planned upgrade operation of VOMS service, a system malfunction occurred. As a result, some users received false notification about membership expiration. We are in contact with the software development team in order to identify the cause.”


Tickets

Monday 16ht January 2016, 15.00 GMT
21 Open Tickets this week

Bounced back to Bristol
125558 (13/12/16)
This ticket from Lukasz to CMS, concerning decommissioning a queue in the glidein factories, has been reassigned back to Bristol. Assigned (12/1)

ANYONE SEEN SOMETHING LIKE THIS BEFORE?

DURHAM
125845 (6/1)
Durham are having intermittent, hard to explain nagios test failures on their arc CE - seeing a few failures a day. Fishing on the site's behalf, has anyone any suggestions about where to look? In progress (13/1)

GLASGOW
125867 (9/1)
Another piece of unasked for meddling by myself, Glasgow are seeing some greedy behaviour from cvmfs on some nodes running lhcb jobs - has anyone seen something similar? In progress (16/1)

AND FINALLY...

SUSSEX
125503 (9/12/16)
As seen on TB-SUPPORT, I stuck my 2-yen's worth in to this Sno+ ticket and got a little out of my depth. Either Sussex will need to alias their new SE to the old one or there will need to be some heavy LFC operations for Sno+ (either by them or the LFC admins). Thanks to Simon, Catalin and Henry for their input. In progress (16/1)

Tools - MyEGI Nagios

29th November 2016

LSST monitoring is available through vo-nagios

https://vo-nagios.physics.ox.ac.uk/nagios/cgi-bin/status.cgi?servicegroup=lsst&style=detail

13th September 2016


19th July

Both instances of gridppnagios at Oxford and Lancaster has been decommissioned.

12th July 2016

Central ARGO monitoring service has started from 1st of July. All grid resources are monitored through two Nagios instances

https://argo-mon.egi.eu/nagios/

https://argo-mon2.egi.eu/nagios/

It has same interface as gridppnagios. Alarms from these instances goes to Operational Dashboard

http://argo.egi.eu/ is a web interface which provides availability/reliability figures and site status. It is equivalent of old myegi interface with some additional services.

I am planning to decommission both instances of gridppnagios in coming weeks. I have stopped nagios and httpd on both instances so it will not send tests to grid resources in UK. I will also decommission storage-monit.physics.ox.ac.uk which was only used for storage replication test.

We will keep vo-nagios.physics.ox.ac.uk running until we get a replacement for vo-monitoring.


Monday 13th June

  • Active Nagios instance moved to Lancaster

Tuesday 5th April 2016

Oxford had a scheduled network warning so active nagios instance was moved from Oxford to Lancaster. I am not planning to move it back to Oxford for the time being.


Tuesday 26th Jan 2016

One of the message broker was in downtime for almost three days. Nagios probes picks up a random message broker and failover is not working so a lot of ops jobs hanged for long time. Its a known issue and unlikely to be fixed as SAM Nagios is in its last leg. Monitoring is moving to ARGO and many things are not clear at the moment.

Monday 30th November

  • The SAM/ARGO team has created a document describing Availability reliability calculation in ARGO tool.
VOs - GridPP VOMS VO IDs Approved VO table

Tuesday 19th May

  • There is a current priority for enabling/supporting our joining communities.

Tuesday 5th May

  • We have a number of VOs to be removed. Dedicated follow-up meeting proposed.

Tuesday 28th April

  • For SNOPLUS.SNOLAB.CA, the port numbers for voms02.gridpp.ac.uk and voms03.gridpp.ac.uk have both been updated from 15003 to 15503.

Tuesday 31st March

  • LIGO are in need of additional support for debugging some tests.
  • LSST now enabled on 3 sites. No 'own' CVMFS yet.
Site Updates

Tuesday 23rd February

  • For January:

ALICE: All okay.

RHUL 89%:89% Lancaster 0%:0%

RALPP: 80%::80%

RALPP: 77%:77%

  • Site responses:
    • RHUL: The largest problem was related to the SRM. The DPM version was upgraded and it took several weeks to get it working again (13 Jan onwards). Several short-lived occurrences of running out of space on the SRM for non-ATLAS VOs. For around 3 days (15-17 Jan) the site suffered from a DNS configuration error by their site network manager which removed their SRM from the DNS, causing external connections such as tests and transfers to fail. For one day (25 Jan) the site network was down for upgrade to the 10Gb link to JANET. Some unexpected problems occurred extending the interruption from an hour to a day. The link has been successfully commissioned.
    • Lancaster: The ASAP metric for Lancaster for January is 97.5 %. There is a particular problem with ATLAS SAM tests which doesn’t affect the site activity in production and analysis and this relates to the path name being too long. A re-calculation has been performed.
    • RALPP: Both CMS and LHCb low figures are due to specific CMS jobs overloading the site SRM head node. The jobs should have stopped now.



Meeting Summaries
Project Management Board - MembersMinutes Quarterly Reports

Empty

GridPP ops meeting - Agendas Actions Core Tasks

Empty


RAL Tier-1 Experiment Liaison Meeting (Wednesday 13:30) Agenda Meeting takes place on Vidyo.

Highlights from this meeting are now included in the Tier1 report farther up this page.

WLCG Grid Deployment Board - Agendas MB agendas

Empty



NGI UK - Homepage CA

Empty

Events
UK ATLAS - Shifter view News & Links

Atlas S&C week 2-6 Feb 2015

Production

• Prodsys-2 in production since Dec 1st

• Deployment has not been transparent , many issued has been solved, the grid is filled again

• MC15 is expected to start soon, waiting for physics validations, evgen testing is underway and close to finalised.. Simulation expected to be broadly similar to MC14, no blockers expected.

Rucio

• Rucio in production since Dec 1st and is ready for LHC RUN-2. Some fields need improvements, including transfer and deletion agents, documentation and monitoring.

Rucio dumps available.

Dark data cleaning

files declaration . Only Only DDM ops can issue lost files declaration for now, cloud support needs to fill a ticket.

• Webdav panda functional tests with Hammercloud are ongoing

Monitoring

Main page

DDM Accounting

space

Deletion

ASAP

• ASAP (ATLAS Site Availability Performance) in place. Every 3 months the T2s sites performing BELOW 80% are reported to the International Computing Board.


UK CMS

Empty

UK LHCb

Empty

UK OTHER
  • N/A
To note

  • N/A