Week of 191111

WLCG Operations Call details

  • For remote participation we use the Vidyo system. Instructions can be found here.

General Information

  • The purpose of the meeting is:
    • to report significant operational issues (i.e. issues which can or did degrade experiment or site operations) which are ongoing or were resolved after the previous meeting;
    • to announce or schedule interventions at Tier-1 sites;
    • to inform about recent or upcoming changes in the experiment activities or systems having a visible impact on sites;
    • to provide important news about the middleware;
    • to communicate any other information considered interesting for WLCG operations.
  • The meeting should run from 15:00 Geneva time until 15:20, exceptionally to 15:30.
  • The SCOD rota for the next few weeks is at ScodRota
  • General information about the WLCG Service can be accessed from the Operations Portal
  • Whenever a particular topic needs to be discussed at the operations meeting requiring information from sites or experiments, it is highly recommended to announce it by email to wlcg-scod@cernSPAMNOTNOSPAMPLEASE.ch to allow the SCOD to make sure that the relevant parties have the time to collect the required information, or invite the right people at the meeting.

Best practices for scheduled downtimes

Monday

Attendance:

  • local: Alberto (Monitoring), Borja (Chair, Monitoring), Ivan (ATLAS), Kate (WLCG), Maarten (ALICE), Olga (Computing), Vincent (Security)
  • remote: Andrei (LHCb), Christoph (CMS), Darren (RAL), Dave (FNAL), Jens (NDGF), Mike (TRIUMF), Onno (NL-T1)

Experiments round table:

  • ATLAS reports ( raw view) -
    • Normal Operations
    • From last week:
      • "Let's Encrypt" host certificates were opted to be used by two US sites
        • They are not supported by ATLAS since:
          • They are not included in the IGTF repository
          • They do not support CRL (Certificate Revocation List) i.e.
          • It does not work with the current XRootD configuration
        • What's WLCG stand on the topic? Supported? Not?

Discussion

Maarten:
  • Let's Encrypt does not satisfy the set of requirements for inclusion
    in the standard set of IGTF CAs
    • In particular, collaboration on incident response
Vincent:
  • As its name already suggests, it is just for encrypting traffic, nothing more
Maarten:
  • An agreement was made between WLCG and OSG that grid services used in WLCG
    should for now continue using certificates from CAs that are part of IGTF
  • The natural choice in the US is the InCommon CA, which nowadays should be
    available to US universities and labs more or less "for free"
  • That CA should also be fine for other communities that sites need to serve
  • In the coming years we expect to see a rise in the use of Let's Encrypt and
    possibly similar CAs as the use of tokens will increase and the use of
    grid certificates will decrease
  • We will thus be able to "delegate" encryption to such "low-quality" CAs,
    while handling authentication and authorization separately ourselves
  • This will take a number of years to complete, possibly the whole of Run 3
  • In the meantime it is OK for experiments to support Let's Encrypt ad-hoc
    by adding it explicitly alongside the IGTF CAs on the services that need it

  • ALICE -
    • CERN: some instabilities with CASTOR and EOS were observed and resolved last week.

  • LHCb reports ( raw view) -
    • Activity:
      • Usual MC, user jobs and data restripping.
      • Continuing staging (tape recall) at all T1s
    • Issues:
      • Slow transfers (timeouts) for data upload from WN's to external SEs at RAL and FZK (being looked at)
      • FTS transfer failures from SARA (presumably network problems at some pool nodes, nodes rebooted)
      • RAL: failing direct access to files in ECHO if several applications access the same file simultaneously
      • IN2P3 - singularity is still not available, becoming urgent

Sites / Services round table:

  • ASGC: NTR
  • BNL: NC
  • CNAF: NC
  • EGI: NC
  • FNAL: CMS reported issues
  • IN2P3: NC
  • JINR: NC
  • KISTI: NC
  • KIT: ARC-CE-4 is again in downtime.
  • NDGF: NTR
  • NL-T1: some transfers from/to Sara dCache failed because of a network issue, fixed today.
  • NRC-KI: NC
  • OSG: NC
  • PIC: NC
  • RAL: NTR
  • TRIUMF: NTR

  • CERN computing services: OTG:0053122 - Degraded access to one of the schedulers.
  • CERN storage services: NC
  • CERN databases: NC
  • GGUS: NTR
  • Monitoring:
    • Draft availability reports for October sent around
  • MW Officer: NC
  • Networks: NC
  • Security: NTR

AOB:

Edit | Attach | Watch | Print version | History: r14 < r13 < r12 < r11 < r10 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r14 - 2019-11-12 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback