Skip to content

Before considering an upgrade to OSG 3.6…

OSG 3.6 is under active development and is not currently supported for production use.

Due to potentially disruptive changes in protocols, contact your VO(s) to verify that they support token-based authentication and/or HTTP-based data transfer before considering an upgrade to OSG 3.6. If your VO(s) don't support these new protocols or you don't know which protocols your VO(s) support, install or remain on the OSG 3.5 release series

OSG 3.6 News

Supported OS Versions: EL7, EL8

The OSG 3.6 release series is a major overhaul of the OSG software stack compared to previous release series with changes to core protocols used for authentication and data transfer: bearer tokens, such as SciTokens or WLCG tokens, are used for authentication instead of GSI proxies and HTTP is used for data transfer instead of GridFTP.

To support these new protocols, OSG 3.6 includes HTCondor 8.9, HTCondor-CE 5, and will shortly include HTCondor 9.0, GlideinWMS 3.9, and XRootD 5.1. We also dropped support for the GridFTP, GSI authentication, and Hadoop.

Latest News

October 13, 2021: Initial osg-token-renewer release

  • Initial release of the osg-token-renewer: a service to manage automatic renewal of bearer tokens from OIDC providers (e.g., CILogon, IAM), intended for use by VO managers
  • blahp 2.1.3: Bug fix release
    • Include the more efficient LSF status script
    • Fix status caching on EL7 for PBS, Slurm, and LSF

October 5, 2021: IGTF 1.113

This release contains updated CA Certificates based on IGTF 1.113

  • Suspended MD-GRID CA due to network resolution issues (MD)

September 30, 2021: Urgent Let's Encrypt CA certificate update

Please update osg-ca-certs as soon as possible.

Applications and tools using OpenSSL such as wget, HTCondor, and XRootD, will to fail to establish TLS/HTTPS connections to servers using Let's Encrypt certificates with a "certificate has expired" message.

This release of OSG 3.6 contains the following packages:

  • osg-ca-certs 1.99: Remove expired Let's Encrypt CA certificate
  • osg-wn-client: Fix installation issue causes by EPEL's gfal2 update
  • CVMFS 2.8.2: Bug fix release
  • cvmfs-x509-helper 2.2-2: Fix a number of issues with SciTokens support
  • HTCondor 9.0.6
    • CUDA_VISIBLE_DEVICES can now contain GPU- formatted values
    • Fix a bug that caused jobs to fail when using Singularity versions > 3.7
    • Fix bugs relating to the transfer of standard output and error logs
  • vault 1.8.2, htvault-config 1.6, htgettoken 1.6: Minor improvements
  • Upcoming
    • HTCondor 9.2.0
      • Add DAGMan SERVICE node, used to monitor or report on DAG workflow
      • Fix problem where proxy delegation to HTCondor versions < 9.1.3 failed
      • Jobs are now re-run if the execute directory unexpectedly disappears
      • HTCondor counts the number of files transferred at the submit node
      • Fix a bug that caused jobs to fail when using Singularity versions > 3.7

September 23, 2021: HTCondor-CE 5.1.2

This release of OSG 3.6 contains the following packages:

  • HTCondor-CE 5.1.2
    • Fixed the default memory and CPU requests when using job router transforms
    • Apply default MaxJobs and MaxJobsIdle when using job router transforms
    • Improved SciTokens support in submission tools
    • Fixed --debug flag in condor_ce_run
    • Update configuration verification script to handle job router transforms
    • Corrected ownership of the HTCondor PER_JOBS_HISTORY_DIR
    • Fix bug passing maximum wall time requests to the local batch system

September 9, 2021: HTCondor 9.0.5 and blahp 2.1.1

This release of OSG 3.6 contains the following packages:

  • HTCondor 9.0.5: Bug fix release
    • Other authentication methods are tried if mapping fails using SciTokens
    • Fix rare crashes from successful condor_submit, which caused DAGMan issues
    • Fix bug where ExitCode attribute would be suppressed when OnExitHold fired
    • condor_who now suppresses spurious warnings coming from netstat
    • The online manual now has detailed instructions for installing on MacOS
    • Fix bug where misconfigured MIG devices would cause no GPUs to be detected
    • The transfer_checkpoint_file list may now include input files
  • blahp 2.1.1: Bug fix release
    • Add Python 2 support back for Enterprise Linux 7
    • Allow the user to override system configuration files
    • Enable flexible configuration via a configuration directory
    • Fix Slurm resource usage reporting

August 16, 2021: IGTF 1.112

This release contains updated CA Certificates based on IGTF 1.112

  • Updated ANSPGrid CA with extended validity date (BR)

August 12, 2021: Gratia probes 2.1.0

  • Gratia probes 2.1.0
    • Fix a problem that caused a traceback message in the condor_meter
    • Fix a traceback caused by missing LogLevel in ProbeConfig
    • Ensure that Gratia accounts for SciTokens-based pilots

August 5, 2021: VOMS Update, htvault-config 1.4, htgettoken 1.3

  • VOMS 2.0.16-1.2 (EL7) and VOMS 2.1.0-0.14.rc2.2 (EL8)
    • Add IAM and TLS SNI support
  • htvault-config 1.4 and htgettoken 1.3
    • Improved security through more fine-grained vault tokens and detailed logging
    • Miscellaneous improvements

July 30, 2021: High Priority Release

  • HTCondor 9.0.4 and 9.1.2 Security Release. This release contains fixes for important security issues. More details on the security issues are in the vulnerability reports:

July 27, 2021: High Priority Release

  • HTCondor 9.0.3 and 9.1.1 Security Release. This release contains fixes for important security issues. More details on the security issues are in the vulnerability reports:

July 22, 2021: HTCondor 9.0.2 and blahp 2.1.0

This release of OSG 3.6 contains the following packages:

  • HTCondor 9.0.2-1.1: Bug fix release
    • HTCondor can be setup to use only FIPS 140-2 approved security functions
    • If the Singularity test fails, the job returns to the idle state
    • Can divide GPU memory, when making multiple GPU entries for a single GPU
    • Startd and Schedd cron job maximum line length increased to 64k bytes
    • Added first class submit keywords for SciTokens
    • Fixed MUNGE authentication
  • blahp 2.1.0: Bug fix release
    • Fix bug where GPU request was not passed onto the batch script
    • Fix issue where proxy symlinks were not cleaned up by not creating them
    • Fix bug where output files are overwritten if no transfer output remap
    • Added support for passing in extra submit arguments from the job ad

July 15, 2021: VO Package v114

This release contains an updated VO Package with the following changes:

  • Fix typo in CLAS12 and EIC VOMS certificate issuers
  • Add LSC files for CERN VO IAM endpoints

July 1, 2021: Frontier Squid 4.15-2.1, Vault 1.7.3, Upcoming: HTCondor 9.1.0

This release of OSG 3.6 contains the following packages:

June 24, 2021: HTCondor 9.0.1, HTCondor-CE 5.1.1

This release of OSG 3.6 contains the following packages:

  • HTCondor 9.0.1-1.2: Bug fix release
    • Fix problem where X.509 proxy refresh kills job when using AES encryption
    • Fix problem when jobs require a different machine after a failure
    • Fix problem where a job matched a machine it can't use, delaying job start
    • Fix exit code and retry checking when a job exits because of a signal
    • Fix a memory leak in the job router when a job is removed via job policy
    • Fixed the back-end support for the 'bosco_cluster --add' command
  • HTCondor-CE 5.1.1
    • Improve restart time of HTCondor-CE View
    • Fix bug that caused HTCondor-CE to ignore incoming BatchRuntime requests
    • Fixed error that occurred during RPM installation of non-HTCondor batch systems regarding missing file batch_gahp

June 16, 2021: VO Package v113

This release contains an updated VO Package with the following changes:

  • Added new CLAS12 and EIC VO certificates
  • Retired old CLAS12 and EIC VO certificates

June 3, 2021: Vault security update and gratia probes

This release of OSG 3.6 contains the following packages:

  • gratia-probe 1.23.3: Fix problem that could cause pilot hours to be zero for non-HTCondor batch systems
  • vault 1.7.2: Security update; fixes CVE-2021-32923. (OSG configuration not vulnerable)

May 25, 2021: IGTF 1.111

This release contains updated CA Certificates based on IGTF 1.111

  • Removed discontinued NERSC-SLCS CA (US)
  • Removed discontinued MYIFAM CA (MY)

May 17, 2021: HTCondor-CE 5.1.0 and HTCondor 9.0.0

This release of OSG 3.6 contains the following packages:

  • HTCondor 9.0.0-1.5: Major new release with enhanced security
  • Blahp 2.0.2: GPU Support, Converted to Python 3
  • HTCondor-CE 5.1.0
    • Support for Job Router Transform configuration syntax
    • Credential mapping changes
    • Converted to Python 3
  • osg-scitokens-mapfile 3: Updated to support HTCondor-CE 5.1.0
  • osg-ce: now requires osg-scitokens-mapfile
  • vault 1.7.1: Update to latest upstream release
  • htvault-config 1.1: Uses yaml configuration files
  • htgettoken 1.2: improved error message handling and bug fixes

May 13, 2021: High Priority Release

This release of OSG 3.6 contains the following packages:

April 22, 2021: CVMFS 2.8.1

This release of OSG 3.6 contains the following packages:

  • CVMFS 2.8.1: Bug fix release
  • gratia-probe 1.23.2: Converted to use Python 3

March 25, 2021: HTCondor 8.9.11 patches

This release of OSG 3.6 contains the following packages:

  • HTCondor 8.9.11-1.4 (EL7 only)
    • Fixes a potential SchedD crash when using malformed tokens
    • condor_watch_q now works on DAGs
  • vo-client-110-1 with updated WeNMR VOMS information

Additionally, the following packages that were already available in OSG 3.6 for EL7 were released for EL8:

  • osg-scitokens-mapfile-1-1 containing a new HTCondor-CE mapfile for VO token issuers
  • vault-1.6.2-1 and htvault-config-0.5-1 for managing tokens
  • cvmfs-gateway-1.2.0-1: note the upstream documentation for updating from version 0.2.5

February 26, 2021: 3.6 Released

Where are GlideinWMS and XRootD?

XRootD and GlideinWMS are both absent in the initial OSG 3.6 release: we expect major version updates that may require manual intervention for both of these packages so we are holding their initial releases in this series until they are ready.

OSG 3.5 end-of-life

As a result of this initial OSG 3.6 release, the end-of-life dates have been set for OSG 3.5 per our policy: regular support will end in August 2021 and critical bug/security support will end in February 2022.

This initial release of the OSG 3.6 release series is based on the packages available in OSG 3.5.31. One of the major changes in this release series is the shift to token-based authentication from GSI proxy-based authentication. Here is a list of the differences in this initial release:

  • GridFTP, GSI, and Hadoop are no longer available
  • Added packages to support token-based authentication
  • HTCondor 8.9.11: initial token support (8.9.12, which will contain default configuration using tokens, was delayed)
  • HTCondor-CE 5.0.0: support for Python 3
  • Gratia Probe 2.0.0: replace all batch system probes with the non-root HTCondor-CE probe
  • OSG-Configure 4.0.0:
    • Deprecated RSV
    • Dropped unused configuration modules and attributes
    • Reorganized some configuration (see update instructions for more details)

In addition, we have updated our Software Release Policy to follow a rolling release model.

Finally, our Docker image releases will more closely track our OSG 3.6 repositories.

Announcements

Updates to critical packages also announced by email and are sent to the following recipients and lists: