Wednesday, September 28, 2011

OSG CA Distribution 1.23 Release Notification

A new release of the CA certificates is available at
http://software.grid.iu.edu/pacman/cadist/.

This is version 1.23 and uses IGTF 1.41 as the basis.


Changes to the OSG certificates package:

====== Version 1.23 =============
Built 27 Sept 2011
IGTF 1.41 release
Changes from IGTF
* Added accredited PSC MyProxy SLCS CA (US)
* Updated CRL URL for LIPCA (PT)
* Extended life time of SlovakGrid CA root (SK)
* Added accredited DZ-eScience CA (DZ)
* Added accredited NICS SLCS MyProxy CA (US)
* Added new UK eScience issuing CAs 2A and 2B to allowed namespaces and
removed superfluous signing policy entries (UK)
* Normalised the certificate files (.0) for selected CAs in the 'old' format
distribution. This does not affect the 'new' OpenSSL v1+ compatible release.
Affected CAs are CESNET, NIKHEF, NIIF, DFN-GridGermany-Root, PSC-Myproxy-CA,
and NERSC-SLCS. Old and new format files are now identical.

* The "worthless" area, containing some files that are distributed merely
for convenience for selected specific purposes, has been re-named to
"unaccredited". Files contained in this directory must be treated with
utmost care, and their inclusion in the distribution does not constitute
any form of endorsement by the IGTF of these files or their content.
* Added unaccredited InCommon Server CA to convenience directory (US)

OSG 1.2.23 Release Notification

A new release of the CA certificates is available at
http://software.grid.iu.edu/pacman/cadist/.

This is version 1.23 and uses IGTF 1.41 as the basis.


Changes to the OSG certificates package:

====== Version 1.23 =============
Built 27 Sept 2011
IGTF 1.41 release
Changes from IGTF
* Added accredited PSC MyProxy SLCS CA (US)
* Updated CRL URL for LIPCA (PT)
* Extended life time of SlovakGrid CA root (SK)
* Added accredited DZ-eScience CA (DZ)
* Added accredited NICS SLCS MyProxy CA (US)
* Added new UK eScience issuing CAs 2A and 2B to allowed namespaces and
removed superfluous signing policy entries (UK)
* Normalised the certificate files (.0) for selected CAs in the 'old' format
distribution. This does not affect the 'new' OpenSSL v1+ compatible release.
Affected CAs are CESNET, NIKHEF, NIIF, DFN-GridGermany-Root, PSC-Myproxy-CA,
and NERSC-SLCS. Old and new format files are now identical.

* The "worthless" area, containing some files that are distributed merely
for convenience for selected specific purposes, has been re-named to
"unaccredited". Files contained in this directory must be treated with
utmost care, and their inclusion in the distribution does not constitute
any form of endorsement by the IGTF of these files or their content.
* Added unaccredited InCommon Server CA to convenience directory (US)

OSG 1.2.23 Release Notification

OSG Operations and Integration are pleased to announce the release of OSG version 1.2.23.

******************************
OSG 1.2.23 Update Notification
******************************

Date: September 28, 2011

The following components are affected:

CE installations
RSV installations
CEMon
GUMS/VOMS
Any other installation that uses apache httpd or tomcat

Summary

This release contains the following security updates:

Apache httpd
Apache tomcat

This update addresses and closes a DOS attacks on apache httpd and tomcat. Sites using components that use apache httpd or tomcat are encouraged to update as soon as possible.

Update instructions can be found on the OSG Twiki under the OSG 1.2 update instructions. (https://twiki.grid.iu.edu/bin/view/ReleaseDocumentation/OSG12UpdateInstructions)

Additional Information
The release notes for the VDT 2.0.0p30 release underlying this release can be found here. (http://vdt.cs.wisc.edu/releases/2.0.0/release-p30.html)

Tuesday, September 27, 2011

Updated Maintenance Window For GOC Services, September 27

The Grid Operations Center is updating its maintenance window today, September 27, in order to accommodate some additional DNS difficulties. The maintenance will now continue until 19:00 UTC. We appreciate your understanding.

Tuesday, September 20, 2011

GOC Service Update - 13:00 UTC September 27th

The GOC will upgrade the following services beginning Tuesday, September 27th, 2011 at 13:00 UTC. The GOC reserves four hours (13:00 - 17:00 UTC) in the unlikely event that unexpected problems are encountered. We encourage users to test affected services before the production release.

MyOSG 1.40

ITB version is now available for testing at https://myosg-itb.grid.iu.edu
Added links to gratiaweb service on home page, and gratia accounting pages [GOCTICKET 11025]
Added XML View for Statua Map [MYOSG-26]
GOC Ticket 1.43

ITB version is now available for testing at https://ticket-itb.grid.iu.edu
Added patch for missing cc list for bulkresource submitter.
Added session clear code after the bulkresources are submitted - in order to prevent double submission.
Added sorting function to quickdesc list
TWIKI

ITB version is now available for testing at https://twiki-itb.grid.iu.edu
Patching security vulnerability (CVE-2011-3010) which affects new topic screen & SlideShowPlugin
VM Move

myosg2.grid.iu.edu and data2.grid.iu.edu will be moved from their current VM host in Indianapolis to a host in Bloomington. This has been done with twiki.grid and oim.grid in the past. These hosts are each part of a DNS round-robin, which will be used to direct traffic to the hosts that are not moving, so we expect no interruption in service due to this move. This is an advisory just in case, however.

OS Updates

We will be installing Red Hat Enterprise Linux updates to all services, including an update to Apache that addresses the RANGE header vulnerability (CVE-2011-3192). There is a kernel patch included, which means that there will need to be restarts. Downtime is to be expected, although in the case of is.grid.iu.edu we will make use of DNS to route traffic to the server that is up.

Monday, September 19, 2011

GOC Production Glidein Factory service is up

Colleagues,

We are pleased to announce that the GOC hosted Glidein Factory is up and ready to go. Any VOs interested in using it can contact us at osg-gfactory-support@physics.ucsd.edu and we will register your frontend to use it.

The new production instance uses glideinWMS 2.5.2 and condor 7.6.3. We will follow standard GOC change management procedures for any major upgrades or software updates for this instance. Major updates will happen under the usual maintenance windows on the 2nd and 4th Tuesdays of each month and any changes will be tested the week prior on our ITB Factory instance.

As usual if you have any questions please contact us at osg-gfactory-support@physics.ucsd.edu.

Jeff Dost
OSG Glidein Factory Operations

Tuesday, September 13, 2011

OSG CA Distribution Release 1.22

A new release of the CA certificates is available at
http://software.grid.iu.edu/pacman/cadist/.

This is version 1.22 and uses IGTF 1.40 as the basis.


Changes to the OSG certificates package:

====== Version 1.22 =============
Built 6 Aug 2011
IGTF 1.40 release

Changes from OSG
Old format and new format now have same md5sum

OSG 1.2.22 Release Notification

OSG Operations and Integration are pleased to announce the release of OSG version 1.2.22.


******************************
OSG 1.2.22 Update Notification
******************************

Date: September 13, 2011

Affected Components

The following components are affected:

* CE installations
* RSV installations
* CEMon
* Any other installation that uses apache httpd

Summary

This release contains the following security updates:

* Apache httpd

This update addresses and closes a DOS attack on apache httpd.
Sites using components that use apache httpd are encouraged to
update as soon as possible. This vulnerability as been listed as
CVE-2011-3192 ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 ).

Update Instructions
Update instructions can be found on the OSG Twiki under the OSG
1.2 update instructions ( https://twiki.grid.iu.edu/bin/view/ReleaseDocumentation/OSG12UpdateInstructions ).

Additional Information
The release notes for the VDT 2.0.0p29 release underlying this
release can be found here ( http://vdt.cs.wisc.edu/releases/2.0.0/release-p28.html ).

Thursday, September 8, 2011

GOC Service Update - September 13th at 13:00 UTC

The GOC will upgrade the following services beginning Tuesday, September 13th, 2011 at 13:00 UTC. The GOC reserves four hours (13:00 - 17:00 UTC) in the unlikely event that unexpected problems are encountered. We encourage users to test affected services before the production release.

OIM 2.38

ITB version is now available for testing at https://oim-itb.grid.iu.edu
Updated Resource Form / WLCG checkbox details [OIM-17]

GOC Ticket 1.42

ITB version is now available for testing at https://ticket-itb.grid.iu.edu
Overhauled the bulkresource submitter. Made it subclasse of BaseController (to have the contact info section), then added capability to "modify" after user previews tickets to be submitted. [TICKET-19]
Fixed the issue where title field was not properly displayed after a failed submission & preselection via MyOSG [TICKET-22]

MyOSG 1.39

ITB version is now available for testing at https://myosg-itb.grid.iu.edu
Removed obsolete resource_type field parameter passed to GOC Ticket [TICKET-22]
Updated robots.txt with obsoleted list of /wizard... URLs
Added debug log to diagnose BDII/cluster error message
Added log to catch search queries that didn't yield any results
Fixed issue where fullbase() sometimes fails to construct correct URL if HOST_NAME is not set.
Updated osg-table jquery plugin so that it will display "loading" icon when user tries to expand bdii record