Thursday, August 7, 2014

GOC Service Update - Tuesday, August 12th at 13:00 UTC

The GOC will upgrade the following services beginning Tuesday, August 12th, 2014 at 13:00 UTC. The GOC reserves 8 hours in the unlikely event that unexpected problems are encountered.

GOC Ticket

Moving to and updating release mechanism
Using yum provided php-ZendFramework (1.12.7)
Reports (
Installing OIM DB replication and pki-reports script
RSV Collector (
Upgrading to 1.14
(Tentative) Allocating more memory for tomcat to prevent mysql-connector running out of memory (pending on goc ticket 22013)

MyOSG 2.24

Switched to RPM installed Zend framework
Fixed the broken page title issue (MYOSG-75)
Added package.json for eventjs
Fixed wrong perfsonar MA URL for published mesh config
Made OIM URL configurable similar to GOC ticket
(released) Added escape around rgsummary/xml GOC Ticket title / url info.

OIM 3.33.3

PKI / Applied renewal notification update made for OSGPKI-393 on broader context. Also added CC notification suppression for user/host renewal notification. Left the host cert renewal description the same (not requested)
PKI / Refactored isIssuedX509Cert out of CertificateManager. Renamed Certificate to CertificateBase to avoid conflict with package
PKI / Made user cert pkcs12 download to not output broken pkcs12 file if it fails to create a pkcs12 object.
PKI / Added capability to revoke individual host certificates (OIM-90)
Added sam_uri field for CE service UI. Added link to the htcondor URI twiki doc (OIM-97)
PKI / Fixed host cert progress bar issue.
PKI / Fixed the SQL issue on "host certificate I approve" (OIM-98)
PKI / Added VO field on host certificate list.
Updated divrep for DivRepButton disabled support.
PKI / Made RA/GridAdmin enrollment form button disabled for admin so that they know where the buttons are (OIM-92)
Added indicator for disabled contact for ContactEditor. Also refactored various public contact list and created PersonView view with disabled contact label (OIM-91)
Various cleanups related to recent migration from svn to git
PKI / Made CNValidator to work with both user/host CN. Replaced regex test on CertRequestHostModel to use CNValidator. Renamed CNEditor to UserCNEditor to make it clear that this is for editing UserCN (not HostCN)
PKI / Applied the CNValidator on CertificateRequestHostForm.


Add FNAL, icecube repositories to oasis.

Internal DNS Security Improvement

At the request of the Indiana University Information Policy Office, the caching-only nameserver on each host at OSG Operations will be reconfigured so as to listen only to requests from localhost. Requests from hosts outside the OSG Operations LANs (other than the UIPO’s security testing servers) were already prevented by firewalls, but this will provide an extra layer of security.

IPv6 DNS Addresses

The hostnames of the OSG Operations servers will be given IPv6 addresses in addition to their existing IPv4 addresses in DNS. This is the next step in OSG Operations’ transition to supporting IPv6 in addition to IPv4. No production servers will be transitioning to full dual-stack status at this time, but this will allow us to gauge whether the presence of an IPv6 address in DNS will have any adverse effects on existing services. It is not anticipated that there will be any adverse effects.