Alessandro Paolini (EGI Foundation)
Bruce Becker
Christos (GRNET)
Dave Kelsey (Security)
Dragos Ciobanu-Zabet (NGI_RO)
Emir Imamagic
George Ryall (STFC -GOCDB)
Ionut Vasile (NGI_RO)
Jan Astalos (NGI_SK)
Jeremy Coles (NGI_UK)
Joao Pina (NGI_IBERGRID)
Kostas Koumantaros
Linda Cornwall (STFC)
Miroslav Ruda
Nicolas Liampotis (GRNET)
Peter Solagna
Themis Zamani (GRNET)
Viet Tran (IISAS)
Vincent Brillault (EGI CSIRT)
Vincenzo Spinoso
ACTION: EGI operations will open tickets to other NGIs asking for storage accounting volunteers (only DPM/dCache SE)
ACTION (EGI Ops): create a scope tag for the cloud sites
ACTION (EGI Ops): review with Vincent the SEC05 and PROC09 documents to see if readability can be improved
ACTION: to produce some documentation about the monitoring of uncertified sites and modify accordingly the certification procedure
3 policies will be endorsed by EB (next monday), replacing the previous versions.
Creation of a new service type, webdav, for properly monitoring the services exposing this interface.
Storage accounting: 10 sites are publishing storage accounting data.
Apel would have at least one site per NGI deploying the new probes for testing purposes;
ACTION: EGI operations will open ticket to other NGIs asking for volunteers (only DPM/dCache SE)
UMD 4.4.0 is in preparation
CMD-OS 1.0.0 was released on December
Next EGI conference 8th - 12th May 2017 (Catania, Italy)
joint event with INDIGO Datacloud
1 session planned is roadmaps of NGIs Operations (joint double session with NGI Outreach teams)
Vincent Brillault reported on some security topics
No new critical vulnerability, only 4 new incidents: 2 regarding user VMs (R/W folder via NFS and poorly configured system)
1 DPM node compromised
1 system used for bitcoin mining
for reporting security incident please use the mailing list abuse@egi.eu
proposed to modify the security certification procedure for using this list for tracking the sites certification requests (it will be opened a RT ticket)
needed more security contacts:
a mailing-list for FedCloud RCs separated form the HTC ones
VA owners and endorsers
VM operator role
There is no way for filter the cloud sites with a goc-db query for getting their mailing list, we could try to add a tag to the cloud sites.
In case you want to use the service contacts:
- they are not (yet) mandatory
- they also need to be validated
the easy way could be creating and adding a scope tag to the cloud sites
ACTION (EGI Ops): create a scope tag for the cloud sites
ACTION (EGI Ops): review with Vincent the SEC05 and PROC09 documents to see if readability can be improved
Viet Tran presented the status of GPGPU activity
1 openstack GPGPU site at IISAS-GPGPUCloud, predefined images with NVIDIA drivers and CUDa tools
access through either rOCCI client or via Horizon dashboard (login via token), support for DOCKER applications
In the new site IISAS-Nebula, the access is via rOCCI
Several applications using GPGPU: machine learning, artificial neural networks and patten recognitions, bioinfomratics
produced documentation (egi wiki): user tutorial, site admin guide, additional tools
work in progress: GLUE2.1 schema, GPU accounting, GPGPU support with LXC/LXD hypervisor,
new sites will join soon to fedcloud
plans to migrate to Openstasck Mitaka (from Kilo), some modification in the conf to support GPGPU
invite the other NGIs to participate in case of GPGPU reources availability: Open Nebula and OpenStack sites can contact Viet to get support if they want to expose GPGPUs
Comment by Vincenzo Spinoso: about CREAM support for GPGPG a new testbed is going to be deployed at CERN, going to get more news at the end of this week
Peter solagna reported the status of EGI Checkin service
platform to enable A&A (heterogeneous) infrastructures in EGI
access to EGI service by using the own credentials (provided by the home organixzations IdP)
different level of assurance will be accepted and handled
every EGI service should support either x509 certificates or CheckIn or both
Users identified by: certificateDN, EGI UID (in case they may be linked within CheckIn)
timeline: in february a beta version, in march beta access to fedcloud without a certificate
one LoA currently
enable the OIDC support,
RC Auth operated by NIKHEF
now integrated with CheckIn, it can be used only with authorized VOs
the whole process needs to be formalized
checkIn is federated in eduGAIN
work in progress:
translation of VO info from SAML/OIDC into VOMS proxy
provisioning of VOMS info through SAML and OIDC interfaces
Emir Imamagic presented the recent updates in ARGO
1 instance (almost ready) for testing uncertified sites
ACTION: to produce some documentation and modify accordingly the certification procedure
1 instance for testing new probes
created a profile on POEM containing only cloud services
developments: migration to new messaging system, use of notification system; there are a lot of request from NGIs to enable it
it will be available in the following months