SLF4 upgrade plans¶
Dear Experiment representative,
As you know (because you may get frequent reminders) all machines running SLF4 need to be upgraded, removed from the network, or have special security waivers in place by 2/12/12. Below is a list of nodes for the experiments in IF.
Please send me a description, in the next week (by 12/12), of how you plan to deal with each node. If you plan to have FEF upgrade nodes, this work needs to be scheduled now so they have sufficient time for completion. Special cases may require additional paperwork that we need to address as soon as we can.
If your hardware supports it and you can test your software, upgrading to SLF6 should be considered. We have a test node "ifslf6" you can use for testing.
If you have any questions, let me know.
MiniBooNE and SciBooNE (27 nodes)¶
servers: mbdata01, 03, 05, 06, 07, 08
workstations: airdrie, benton, bismarck, damen, division, highland, kimball, lakeshore, rockwell, washington
servers: nucl00, nudata01-02, sbcl00-07
- Mike Kirby is working w/ them. As of Dec. 12 he said that they planned to upgrade one of their nodes and test apps, then proceed with other upgrades.
MINERvA (12 nodes)¶
- minerva-om, minerva05, minerva20, minerva21, mnvnearline0, mnvnearline1, mnvnearline2, mnvonlinebck2, IF01-05, minervagpvm01
- The plan is to migrate from IF01-5 to minervagpvm1-5. IF01,2 will be upgraded and used for heavy I/O tasks. IF03-5 will be re-purposed. The mnvnearline machines will be upgraded after the nearline condor pool is reconfigured to use mnvonlinebck2 as the head node. Then the processing load will be assigned to mnvnearline3, mnvnearline4 (already SLF5) and 1,2 will be upgraded.
- (from Glenn)You should probably check with the security wallahs to be sure, but I believe that if it's exclusively on a private network, so no access to the world at all, then it doesn't need a variance. But experimentally, that's not the case:
- (from Lee) Gabe thinks that their online machine (mnvonlinebck2) is behind a firewall on a private network. Does this still need a waiver prepared for it? How does it show up on the list anyway?
- (from Glenn)
# ping mnvonlinebck2 PING mnvonlinebck2.fnal.gov (22.214.171.124) 56(84) bytes of data. 64 bytes from mnvonlinebck2.fnal.gov (126.96.36.199): icmp_seq=1 ttl=61 time=0.414 ms 64 bytes from mnvonlinebck2.fnal.gov (188.8.131.52): icmp_seq=2 ttl=61 time=0.722 ms
so I don't think it is on a private net. It's possible that the firewall might be strict enough to satisfy security requirements, but that would still require a variance saying that the security folks agree. You or Gabe or someone would need to specify exactly what the firewall rules are, etc., and also when the system will be upgraded. They have guidance somewhere for how to submit a variance request - I can dig that up if it would be useful. I think the answer to "How does it show up on the list anyway?" is that it is reporting to OCS, or was reporting at some point in the past. Since it's not actually segregated off, that (reporting to OCS) seems possible at least.
MINOS (8 nodes)¶
- MINOS-DB, MINOS25,26,27, MINOS-OFFLINE2,3, EVENT2, MINOSGPVM02
NOvA (2 nodes)¶
- NOVADBDEV, NOVADBPROD
- (Mayly wrote) As for our machines, the DBAs have recommended that we upgrade to RHEL 6.
The project has decided to go forward with that upgrade. Jon Paley (cc'ed in
this email) is the contact for our two DB machines. Any plans are to be coordinated
- (Lee wrote to Tom Ackenhusen) Just to clarify, I assume that these machines (NOVADBDEV, NOVADBPROD) are being upgraded from slf4 by ESO/USS. Do you know the schedule for this yet?
- (Tom Responded) We have been working with Svetlana on the DBA team to prepare for the upgrade of the NOvA database boxes. My team will be doing the OS upgrade. I know Maurine has been in contact with Jon Paley regarding our planned approach. I don’t believe the actual dates have been nailed down yet, but I expect Maurine and Svetlana will be establishing them.
Mu2e (3 machines)¶
- (Rob Kutschke) ilcsim and ilcsim2, maintained by Lynn Garren. These are scheduled to be turned off by mid-December.
mu2egpvm01 should be ready for upgrade mid-December.
A complete list of SLF4 machines FEF is responsible for is at http://fefweb.fnal.gov/slf4eol/ if you need more info, or think I may have missed some.