GDB 13th October 2010
From GridPP Wiki
								Revision as of 13:33, 13 October 2010 by Graeme stewart  (Talk | contribs)
Contents
Morning
Operational Security
-  Focus on CVE-2010-3081
- Vulnerabilities like this will happen ~1/per year.
- Some hints that this vulnerability was exploited - under investigation.
- All SL5 WNs in EGI were patched within 7 days. Well done. (Tracked with pakiti).
-  This 7 day upgrade will be policy
- Downtime associated with this is accepted by WLCG.
- It's an availability hit, of course
 
- Seems that some sites did not upgrade last time for various reasons, but we seem to be better co-ordinated in GridPP.
 
-  Ian B - what does it mean to suspend a site?
- Only removal from the BDII
-  Doesn't work for VOs which 'hardcode' site information
- VOs do get informed, particularly LHC experiments
 
 
- John: Sites have to enter accurate downtimes.
OPN Troubleshooting
-  Highlighting lack of progress and communication on network problems reported by LHC Expts.
- Many different site and network entities involved (BNL, CNAF, GARR, ESNET, DANTE, USLHCNet, CERN)
-  Need to keep users informed
- GGUS has a 'Network Operations' support unit, but it's a relic.
 
 
-  John thinks this is being handled properly, but the problem is on updates and informing the submitter.
- Dissent about if this really happening in the most efficient way.
-  Still not clear how someone takes ownership of this issue - suggestion that one of the sites takes ownership.
- GGUS workflow doesn't support this very well, but need to be clearer on exactly what we want to achieve, then implement it in the tool.
 
 
Middleware
- gLite 3.2 updated in 2010-10-05
- New lcg-CA and lcg-vomscert packages
-  Many retirements of gLite 3.1 nodes (nothing I see that's critical for us, check slide 8)
- NIKHEF have an issue upgrading some Sun servers to SL5 (hosting DPM)
 
GGUS Support Units
-  New GGUS release (v8.0) will have significant changes
- Lots of new support units, with 3rd level support for many EMI middleware components.
-  Some discussion about whether supporters should get 'limited' reassignment rights
- This introduces an escalation workflow, but Maria was worried this would slow things down and pointed out that no abuse of supports' privileges had been reported.
 
 
Installed Capacity
-  gstat 2.0 is the mechanism for reporting your installed capacity
- Sites set their own CPU values in here, so onus is on sites to check what they are publishing.
- VO shares are not yet correct
-  This will be reported on at the MB at the end of this month, so it's urgent to check this.
- Should we review what parameters can be set here?
 
 
Afternoon
Post-Amsterdam Demonstrators
This was an extensive session, which I am not even going to try to summarise. See the slides and (maybe) a storage group summary.
