Skip to content

Before considering an upgrade to OSG 3.6…

OSG 3.6 is under active development and is not currently supported for production use.

Due to potentially disruptive changes in protocols, contact your VO(s) to verify that they support token-based authentication and/or HTTP-based data transfer before considering an upgrade to OSG 3.6. If your VO(s) don't support these new protocols or you don't know which protocols your VO(s) support, install or remain on the OSG 3.5 release series

OSG 3.6 News

Supported OS Versions: EL7, EL8

The OSG 3.6 release series is a major overhaul of the OSG software stack compared to previous release series with changes to core protocols used for authentication and data transfer: bearer tokens, such as SciTokens or WLCG tokens, are used for authentication instead of GSI proxies and HTTP is used for data transfer instead of GridFTP.

To support these new protocols, OSG 3.6 includes HTCondor 8.9, HTCondor-CE 5, and will shortly include HTCondor 9.0, GlideinWMS 3.9, and XRootD 5.1. We also dropped support for the GridFTP, GSI authentication, and Hadoop.

Latest News

July 30, 2021: High Priority Release

  • HTCondor 9.0.4 and 9.1.2 Security Release. This release contains fixes for important security issues. More details on the security issues are in the vulnerability reports:

July 27, 2021: High Priority Release

  • HTCondor 9.0.3 and 9.1.1 Security Release. This release contains fixes for important security issues. More details on the security issues are in the vulnerability reports:

July 22, 2021: HTCondor 9.0.2 and blahp 2.1.0

This release of OSG 3.6 contains the following packages:

  • HTCondor 9.0.2-1.1: Bug fix release
    • HTCondor can be setup to use only FIPS 140-2 approved security functions
    • If the Singularity test fails, the job returns to the idle state
    • Can divide GPU memory, when making multiple GPU entries for a single GPU
    • Startd and Schedd cron job maximum line length increased to 64k bytes
    • Added first class submit keywords for SciTokens
    • Fixed MUNGE authentication
  • blahp 2.1.0: Bug fix release
    • Fix bug where GPU request was not passed onto the batch script
    • Fix issue where proxy symlinks were not cleaned up by not creating them
    • Fix bug where output files are overwritten if no transfer output remap
    • Added support for passing in extra submit arguments from the job ad

July 15, 2021: VO Package v114

This release contains an updated VO Package with the following changes:

  • Fix typo in CLAS12 and EIC VOMS certificate issuers
  • Add LSC files for CERN VO IAM endpoints

July 1, 2021: Frontier Squid 4.15-2.1, Vault 1.7.3, Upcoming: HTCondor 9.1.0

This release of OSG 3.6 contains the following packages:

June 24, 2021: HTCondor 9.0.1, HTCondor-CE 5.1.1

This release of OSG 3.6 contains the following packages:

  • HTCondor 9.0.1-1.2: Bug fix release
    • Fix problem where X.509 proxy refresh kills job when using AES encryption
    • Fix problem when jobs require a different machine after a failure
    • Fix problem where a job matched a machine it can't use, delaying job start
    • Fix exit code and retry checking when a job exits because of a signal
    • Fix a memory leak in the job router when a job is removed via job policy
    • Fixed the back-end support for the 'bosco_cluster --add' command
  • HTCondor-CE 5.1.1
    • Improve restart time of HTCondor-CE View
    • Fix bug that caused HTCondor-CE to ignore incoming BatchRuntime requests
    • Fixed error that occurred during RPM installation of non-HTCondor batch systems regarding missing file batch_gahp

June 16, 2021: VO Package v113

This release contains an updated VO Package with the following changes:

  • Added new CLAS12 and EIC VO certificates
  • Retired old CLAS12 and EIC VO certificates

June 3, 2021: Vault security update and gratia probes

This release of OSG 3.6 contains the following packages:

  • gratia-probe 1.23.3: Fix problem that could cause pilot hours to be zero for non-HTCondor batch systems
  • vault 1.7.2: Security update; fixes CVE-2021-32923. (OSG configuration not vulnerable)

May 25, 2021: IGTF 1.111

This release contains updated CA Certificates based on IGTF 1.108:

  • Removed discontinued NERSC-SLCS CA (US)
  • Removed discontinued MYIFAM CA (MY)

May 17, 2021: HTCondor-CE 5.1.0 and HTCondor 9.0.0

This release of OSG 3.6 contains the following packages:

  • HTCondor 9.0.0-1.5: Major new release with enhanced security
  • Blahp 2.0.2: GPU Support, Converted to Python 3
  • HTCondor-CE 5.1.0
    • Support for Job Router Transform configuration syntax
    • Credential mapping changes
    • Converted to Python 3
  • osg-scitokens-mapfile 3: Updated to support HTCondor-CE 5.1.0
  • osg-ce: now requires osg-scitokens-mapfile
  • vault 1.7.1: Update to latest upstream release
  • htvault-config 1.1: Uses yaml configuration files
  • htgettoken 1.2: improved error message handling and bug fixes

May 13, 2021: High Priority Release

This release of OSG 3.6 contains the following packages:

April 22, 2021: CVMFS 2.8.1

This release of OSG 3.6 contains the following packages:

  • CVMFS 2.8.1: Bug fix release
  • gratia-probe 1.23.2: Converted to use Python 3

March 25, 2021: HTCondor 8.9.11 patches

This release of OSG 3.6 contains the following packages:

  • HTCondor 8.9.11-1.4 (EL7 only)
    • Fixes a potential SchedD crash when using malformed tokens
    • condor_watch_q now works on DAGs
  • vo-client-110-1 with updated WeNMR VOMS information

Additionally, the following packages that were already available in OSG 3.6 for EL7 were released for EL8:

  • osg-scitokens-mapfile-1-1 containing a new HTCondor-CE mapfile for VO token issuers
  • vault-1.6.2-1 and htvault-config-0.5-1 for managing tokens
  • cvmfs-gateway-1.2.0-1: note the upstream documentation for updating from version 0.2.5

February 26, 2021: 3.6 Released

Where are GlideinWMS and XRootD?

XRootD and GlideinWMS are both absent in the initial OSG 3.6 release: we expect major version updates that may require manual intervention for both of these packages so we are holding their initial releases in this series until they are ready.

OSG 3.5 end-of-life

As a result of this initial OSG 3.6 release, the end-of-life dates have been set for OSG 3.5 per our policy: regular support will end in August 2021 and critical bug/security support will end in February 2022.

This initial release of the OSG 3.6 release series is based on the packages available in OSG 3.5.31. One of the major changes in this release series is the shift to token-based authentication from GSI proxy-based authentication. Here is a list of the differences in this initial release:

  • GridFTP, GSI, and Hadoop are no longer available
  • Added packages to support token-based authentication
  • HTCondor 8.9.11: initial token support (8.9.12, which will contain default configuration using tokens, was delayed)
  • HTCondor-CE 5.0.0: support for Python 3
  • Gratia Probe 2.0.0: replace all batch system probes with the non-root HTCondor-CE probe
  • OSG-Configure 4.0.0:
    • Deprecated RSV
    • Dropped unused configuration modules and attributes
    • Reorganized some configuration (see update instructions for more details)

In addition, we have updated our Software Release Policy to follow a rolling release model.

Finally, our Docker image releases will more closely track our OSG 3.6 repositories.

Announcements

Updates to critical packages also announced by email and are sent to the following recipients and lists: