| General updates
|
- site advice on how to deal with umbrella VOs
Tuesday 16th February
Tuesday 9th February
- The WLCG Collaboration meeting took place last week: Agenda.
- Alessandra: Changes of memory settings in panda
- CHEP2016 first bulletin.
- NOTICE: Java upgrade impacts experiment activities - a recent set of java 6-7-8 openjdk upgrades on SL5/SL6/SL7 disable support for the MD5 hash algorithm in certificates and proxies requiring sysadmin intervention.
- RIPE Academic Cooperation Initiative.
- voms2 for lsst
Tuesday 26th January
- RHUL: spacetoken for snoplus?
- Winnie: CREAM-CEs red, "No handlers could be found for logger "stomp.py""
- Elena: how to limit the number of running jobs per user in condor -> Concurrency Limits.
- DIRAC File Catalog Command Line Interface guide added to the GridPP User Guide by Tom.
- What to update when adding a VO (the LSST example!).
- Notes from the January GDB are now available.
- Publishing CPUs...!
- Sam: WLCG WORKSHOP Site Feedback on Storage technologies.
|
| WLCG Operations Coordination - AgendasWiki Page
|
Tuesday 9th February
- The next ops coordination meeting will be on 18th February.
Tuesday 26th January
Tuesday 19th January
- The next WLCG MW readiness group meeting will be on 27th January: Agenda at 15:00 UTC.
- There is an ops coordination meeting this Thursday at 14:30 UTC: Agenda.
|
| Tier-1 - Status Page
|
Tuesday 16th February
A reminder that there is a weekly Tier-1 experiment liaison meeting. Notes from the last meeting here
- Usage of our OPN link (to CERN and other Tier1s) is still high - but not quite so high as previous couple of weeks.
- We are working a refresh of the database system behind the LFC.
- All ARC-CEs have been updated (to version 5.0.5).
- We are preparing to put a HAProxy load-balancer in front of the FTS service. Initially this will be for our "test" FTS3 service (used by Atlas).
- We have announced an 'At Risk' on the site during next Tuesday morning (23rd). This is for a replacement of the NIS master. This is less used now and we believe it is low risk.
|
| Storage & Data Management - Agendas/Minutes
|
Wednesday 17 Feb
- Report from the secret ATLAS meeting on Monday
- Sites to run cache with RUCIO and ARC CEs?
- Dynafed or RUCIO redirect?
- Which goals if any should we set for achieving interesting things to be reported at GridPP36?
Wednesday 10 Feb
- Duncan and Sam reporting from the WLCG workshop, Elena from ATLAS Jamboree
- Grid as object store, fewer SRM endpoints
- Caching and metadata management implementations/strategies
Wednesday 20 Jan
- Operational issues (DPM database errors) and kablooie
- hepsysman report
- Gathering site issues and thoughts in prep'n for the coming WLCG workshop and ATLAS jamboree
Wednesday 13 Jan
- "Diskless" Tier 2 testing to go ahead anyway at Oxford; also Bristol may be interesting/interested
- Need feedback from VOs on catalogue format and location before rolling out to remaining sites
|
| Tier-2 Evolution - GridPP JIRA
|
Monday 8 Feb
- Cloud Init ATLAS VMs successfully running production jobs at Manchester. Looking at logging and VM lifetime.
Monday 25 Jan
- Vac 00.20.00 released. Emulates OpenStack environment for VMs, Cloud Init, contextualization from HTTP.
- Restarted testing of Cloud Init ATLAS VMs, and now getting jobs running to Finished state.
Tuesday 19 Jan
- Vcycle now supports EC2 API, and preparing to test with Open Nebula at RAL Tier1
- Next Vac release (00.20) being tested with LHCb production. This removes the need to have an internal NFS server and supports VMs using Cloud Init.
- Some work last month on revised ATLAS VMs; hoping to converge with VMs run at CERN and on HLT.
- Vac-in-a-Box updated for Vac 00.20 and NFS-less operation, and numerous feature requests (e.g. bulk adding of hypervisors)
|
| Accounting - UK Grid Metrics HEPSPEC06 Atlas Dashboard HS06
|
Tuesday 9th February
- 4th Feb: The data from the APEL summariser that was fixed yesterday has now propagated through the data pipeline and the Accounting Portal views and the Sync and Pub tests are all working again.
- Sheffield is slightly behind other sites (but looks normal) and so is QMUL.
Tuesday 24th November
- Slight delay for Sheffield.
Tuesday 3rd November
- APEL delay (normal state) Lancaster and Sheffield.
Tuesday 20th October
The WLCG MB decided to create a Benchmarking Task force led by Helge Meinhard see talk
|
| Documentation - KeyDocs
|
Tuesday 9th February
- Guidelines for using the DIRAC command line tools and the DIRAC File Catalog metadata functionality to the UserGuide.
Tuesday 12th January
- The VOID cards (and hence the Yaim records) for CDF, PLANCK, SUPERBVO, LSST, MAGIC and ENMR have changed a bit. Sites that support any of these may want to have a look. See the GridPP approved VOs page.
- WLCG Information System Evolution Task Force is drafting refined definitions for LOG_CPU and PHYS_CPU, as well as the benchmark/calibration process. Progress is documented in this agenda:
https://indico.cern.ch/event/471965/
In particular, sites should note the 'BenchmarkingProcess.txt' (attached to agenda) which lays out in general terms how to run benchmark instances to obtain maximum throughput, and the GridPP Publishing Tutorial (https://www.gridpp.ac.uk/wiki/Publishing_tutorial) which WLCG propose to adopt (with some modifications.)
General note
See the worst KeyDocs list for documents needing review now and the names of the responsible people.
|
| Monitoring - Links MyWLCG
|
Tuesday 1st December
Tuesday 16th June
- F Melaccio & D Crooks decided to add a FAQs section devoted to common monitoring issues under the monitoring page.
- Feedback welcome.
Tuesday 31st March
Monday 7th December
|
| On-duty - Dashboard ROD rota
|
Tuesday 16th February
- Team membership discussed at yesterday's PMB. We will need to look to the larger GridPP sites for more support.
-
Tuesday 26th January
- On Friday, one of the message brokers was in downtime and due to a bug, nagios probes were not failing over to the working one.
- There was another issue which prevented applying a workaround in the gridppnagios server.
- A new rota is being compiled.
Monday 11th January
- There was a problem with the dashboard during the week, where alarms wouldn't clear even though they had cleared in the nagios. The portal people are aware of this.
- The current alarms in Manchester (vomsserver) are thought to be fixed - the dashboard just hasn't caught up.
|
| Rollout Status WLCG Baseline
|
Tuesday 7th December
- Raul reports: validation of site BDII on Centos 7 done.
Tuesday 15th September
Tuesday 12th May
- MW Readiness WG meeting Wed May 6th at 4pm. Attended by Raul, Matt, Sam and Jeremy.
References
|
| Security - Incident Procedure Policies Rota
|
- Critical" risk glibc remote code execution [EGI-SVG-CVE-2015-7547]
Tuesday 16th February
- Vulnerabilities CVE-2015-7181/2/3 in nss, nss-util, nspr libraries subject of EGI-SVG Advisory on 11-Nov-2015 rated as HIGH risk are still showing in EGI Pakiti monitoring at a number of UK sites. Please check and update as appropriate or let IanN know if this is a monitoring error.
Monday 8th February
- EGI SVG Advisory 'HIGH' risk CVE-2016-0728 Linux Kernel vulnerability [EGI-SVG-2016-10376]
- WLCG Collaboration Workshop: Approximate summary of security session with a ~3yr timeframe (by IanN)
- Use of federated identity management will continue increase - more reliance/trust on home institutions and vo's to manage and trace users.
- VMs/Containers/cgroups will replace glexec ("hurrah!") but only as appropriate accountability/traceability policy enforcement mechanisms are put in place ("aww!"). (esp. multi-user pilots etc.)
- Changing risk assessment: more targeted phishing; incidents on commercial clouds; move to more standard software ....
- All above drives need for improved monitoring and "intelligence" sharing (SOC model and Sirtfi collaboration etc)
- Improve incident response support for sites lacking expertise. Perhaps looking at developing monitoring "appliance".
Tuesday 26th January
- CVE-2016-0728 Linux kernel: use after free in keyring facility local privilege escalation. EGI SVG Advisory in the works. Affects RH7 and derivatives/similar. RH5,RH6 and derivatives are not affected. RH/SL/CentOS updates published 25/01/2016
- The IGTF has released a regular update to the trust anchor repository (1.71) - for distribution ON OR AFTER January 25th -
The EGI security dashboard.
|
|
| Services - PerfSonar dashboard | GridPP VOMS
|
- This includes notifying of (inter)national services that will have an outage in the coming weeks or will be impacted by work elsewhere. (Cross-check the Tier-1 update).
Tuesday 8th December
- Given the recent network issues and role of GridPP DIRAC, there are plans to have a slave DNS for gridpp.ac.uk at Imperial and hopefully the T1 too. Andrew will seek an update to the whois records and name servers once the other host sites are confirmed.
- Looking at the network problems this week will be of interest. Duncan supplied this link and Ewan the one for the dual stack instance.
Tuesday 6th October
Tuesday 14th July
- GridPP35 in September will have a part focus on networking and IPv6. This will include a review of where sites are with their deployment. Please try to firm up dates for your IPv6 availability between now and September. Please update the GridPP IPv6 status table.
|
| Tickets
|
Monday 15th February 2016, 13.30 GMT
37 Open UK Tickets.
Link to them all: http://tinyurl.com/nwgrnys
A few highlights:
BRUNEL
118740 (10/1)
Atlas MCORE problems at Brunel. Raul has experimented with restricting MC jobs to nodes where the Condor Memory Checking is disabled, with promising results. Waiting for reply (13/2)
QMUL
119013 (21/1)
Enabling CMS T3 - this ticket has been reopened for QM. Dan has asked for some clarification and information with respect to xroot settings for CMS. The status could do with a tweak... Reopened (12/2)
RALPP
118628 (5/1)
The deployment of LZ pilots hitting an arc bug. Chris has managed to get ahold of and deploy the updated packages on his test CE (impressive turnaround!), and wonders if it works now. Waiting for reply (11/2)
And I think that's it - still a lot of atlas consistency checking tickets that I will mention in the Thursday atlas meeting - although I think Alastair and Brian are aware of them.
Other VO Nagios
I haven't looked at this for a while, the Imperial SE seems to have been seeing problems for pheno and t2k.org for nearly a fortnight.
|
| Tools - MyEGI Nagios
|
Tuesday 26th Jan 2016
One of the message broker was in downtime for almost three days. Nagios probes picks up a random message broker and failover is not working so a lot of ops jobs hanged for long time. Its a known issue and unlikely to be fixed as SAM Nagios is in its last leg. Monitoring is moving to ARGO and many things are not clear at the moment.
Monday 30th November
- The SAM/ARGO team has created a document describing Availability reliability calculation in ARGO tool.
Tuesday 6 Oct 2015
Moved Gridppnagios instance back to Oxford from Lancaster. It was kind of double whammy as both sites went down together. Fortunately Oxford site was partially working so we managed to start SAM Nagios at Oxford. Sam tests were unavailable for few hours but no affect on egi availibilty/reliability. Sites can have a look at https://mon.egi.eu/myegi/ss/ for a/r status.
Tuesday 29 Sep 2015
Following an air-conditioning problem at machine room in Oxford Tier-2 site on 26 September, gridppnagios(OX) was shut down and gridppnagios(Lancs) became active instance. Oxford site is in downtime until 1st Oct and it may be extended depending on the situation.
VO-Nagios was also unavailable for two days but we have started it yesterday as it is running on a VM. VO-nagios is using oxford SE for replication test so it is failing those tests. I am looking to change to some other SE.
|
| VOs - GridPP VOMS VO IDs Approved VO table
|
Tuesday 19th May
- There is a current priority for enabling/supporting our joining communities.
Tuesday 5th May
- We have a number of VOs to be removed. Dedicated follow-up meeting proposed.
Tuesday 28th April
- For SNOPLUS.SNOLAB.CA, the port numbers for voms02.gridpp.ac.uk and voms03.gridpp.ac.uk have both been updated from 15003 to 15503.
Tuesday 31st March
- LIGO are in need of additional support for debugging some tests.
- LSST now enabled on 3 sites. No 'own' CVMFS yet.
|
| Site Updates
|
Tuesday 24th February
- Next review of status today.
Tuesday 27th January
- Squids not in GOCDB for: UCL; ECDF; Birmingham; Durham; RHUL; IC; Sussex; Lancaster
- Squids in GOCDB for: EFDA-JET; Manchester; Liverpool; Cambridge; Sheffield; Bristol; Brunel; QMUL; T1; Oxford; Glasgow; RALPPD.
Tuesday 2nd December
- Multicore status. Queues available (63%)
- YES: RAL T1; Brunel; Imperial; QMUL; Lancaster; Liverpool; Manchester; Glasgow; Cambridge; Oxford; RALPP; Sussex (12)
- NO: RHUL (testing); UCL; Sheffield (testing); Durham; ECDF (testing); Birmingham; Bristol (7)
- According to our table for cloud/VMs (26%)
- YES: RAL T1; Brunel; Imperial; Manchester; Oxford (5)
- NO: QMUL; RHUL; UCL; Lancaster; Liverpool; Sheffield; Durham; ECDF; Glasgow; Birmingham; Bristol; Cambridge; RALPP; Sussex (14)
- GridPP DIRAC jobs successful (58%)
- YES: Bristol; Glasgow; Lancaster; Liverpool; Manchester; Oxford; Sheffield; Brunel; IC; QMUL; RHUL (11)
- NO: Cambridge; Durham; RALPP; RAL T1 (4) + ECDF; Sussex; UCL; Birmingham (4)
- IPv6 status
- Allocation - 42%
- YES: RAL T1; Brunel; IC; QMUL; Manchester; Sheffield; Cambridge; Oxford (8)
- NO: RHUL; UCL; Lancaster; Liverpool; Durham; ECDF; Glasgow; Birmingham; Bristol; RALPP; Sussex
- Dual stack nodes - 21%
- YES: Brunel; IC; QMUL; Oxford (4)
- NO: RHUL; UCL; Lancaster; Glasgow; Liverpool; Manchester; Sheffield; Durham; ECDF; Birmingham; Bristol; Cambridge; RALPP; Sussex, RAL T1 (15)
Tuesday 21st October
- High loads seen in xroot by several sites: Liverpool and RALT1... and also Bristol (see Luke's TB-S email on 16/10 for questions about changes to help).
Tuesday 9th September
- Intel announced the new generation of Xeon based on Haswell.
|
|
