OSG Operational Services

Wednesday, November 5, 2014

GOC Service Update - Tuesday, November 11th, 2014 at 13:00 UTC

The GOC will upgrade the following services beginning Tuesday, November 11th, 2014 at 13:00 UTC. The GOC reserves 8 hours in the unlikely event that unexpected problems are encountered. IMPORTANT NOTE: This update will contain updates to the OSG PKI SSL. Once this update is applied you will need the latest PKI Tools from OSG Software release 3.2.17 or 3.1.41 before requesting certificates via the command line tools. More details immediately below.

PKI tools
A new version will be available during this release. The affected tools are: osg-cert-request, osg-cert-retrieve, osg-gridadmin-cert-request, osg-user-cert-renew, osg-user-cert-revoke, osg-cert-revoke. You must update your tools to continue to use them.

Configuration change to address SSLv3 vulnerability.

OIM 3.38
Fixed a bug where wrong resource ID was used to lookup service detail while repopulating selected sites for mesh config / host group editor for OIM resources - related to (MYOSG-78)
Increased max resource number of OIM/wlcg under meshconfig / host groups (was defaulted at 32)
Added user_cert_renew test script that uses serial_id (OSGPKI-343)
Added "certificate banner" configuration option. Updated action token from admin_pki_quota to admin_pki_config (OSGPKI-395)
Moved the "contact goc for assistance" to the page banner.
Increased max secondary admin contact for mesh config to be 4 (per conversation with Shawn)
Updated pf_endpoint_crawler to test for 3.4 (rest) interface. Removed write_url as it is not used by 3.4. Also adding update_timestamp field.

Ticket 1.83
Fixed missing submitter_name issue (TICKET-105)
Un-implemented security ticket notification suppression feature (TICKET-84)
Another bug fix for ticket URL/email highlighting feature (broken encoding) (TICKET-109)

MyOSG 2.29
meshconfig / removed references for v33 and made v34 default URLs.
meshconfig / improved auto-mesh configuration URL generator (I need to add autocomplete function later)
meshconfig / show default MA endpoint URLs for endpoint where crawler can not reach.
Applied check for active/disable flag for search result for resources for Submit Ticket button. Also added labels for active/disable flags (MYOSG-79)

Updating koji package to 1.6.0-8

RSV Process
Rebuilding rsvprocess1/2 instances to RHEL6

GOC-TX 1.42
Changed the SNOW2FP ticket status conversion rule (GOC Ticket 22547)

Virtualization Infrastructure
We will be transitioning the last of our VMware Server 1.x hosts to RHEL6/KVM; this will bring all our virtualization hosts into line with the same OS and infrastructure. This will affect confluence, data, repo, rsvprocess, and software, but in the case of repo and software we will be using the LVS HA to minimize end user impact. For the other services, however, there will be periods of downtime as the VMs are brought down, converted, and transitioned to a temporary host, then again when they are transitioned back to the newly-rebuilt permanent host.

High-Availability Infrastructure
We will be transitioning our HA infrastructure to LVS/keepalived rather than LVS/heartbeat so as to have fully redundant HA again, and also to be fully IPv6-ready.