News – Swedish Science Cloud

West region shutdown 2024-03-31

Important update; West region shutdown 2024-03-31

Dear {PI_FULLNAME},

Important information about your {SSCNAISSPROJECT} running on SSC resources.

I’m the SSC coordinator and sadly enough have time-critical news that will affect the project above for which you are the PI or PI proxy that uses servers in the West region.

The West region will be decommissioned 2024-03-31, ten days from now, and your servers there must be migrated to another SSC region, either North or East before that date.

The general part of this email is found at https://cloud.naiss.se/ below “Latest news and events”. Visit the site to validate the correctness of this email, or as alternative contact support through SUPR or support@cloud.snic.se using “{SSCNAISSPROJECT} migration” as the subject.

It’s important to acknowledge that you have received this email either by replying or creating a support case as described above.

We realize that 10 days is a short time. The decision was finalized very recently.

For a list of affected servers for your project in West see list at the end.

The first step is to examine the list of your servers and lookup their status/importance for your project, this will determine the amount of work needed to be done by your project.

Test-only and don’t contain any data that must be kept

Proof of concept servers

Old servers no longer used within the project, that can be shut down and removed

Live services with data or otherwise important functions

Other needing special attention

Depending on the status of your servers, different actions are needed by your project, a short summary is given below. A longer checklist will be sent when this email has been acknowledged.
For “Test-only”, “PoC” and “Old server no longer needed”; you only need to notify the support and we’ll help you cleanup and remove the active servers from West without saving any data or configuration. A separate confirmation request will be sent from us after your email. Alternative you handle it yourself through the cloud.naiss.se portal and just notify that you have started and when you are done.

For servers within “Live services” or others needing special care your project team need to do more work to migrate as summarized below:

Ensure that any data/setup of the listed servers that you want to keep is downloaded locally

Ensure that your own backup/copy of any critical data or setup for the servers is in place and is active so that any important unique data is copied to an outside storage.
If the project followed the recommendations at initial setup and contains data that cannot be replicated, you already have this in place since the SSC service in itself doesn’t have any backup of user servers.

Use cloud.naiss.se to connect to North or West region to setup a duplicate environment and provision new servers with the backups downloaded locally.

Short list of changes: Private IPs, Public IPs, Firewalls, OS image version and similar items.

Affected Customer Servers at West region is listed below
{SSCNAISSPROJECT_SERVERLIST}

We are sorry for the trouble and extra work this generates for you as PI/Proxy PIand your project.

Best regards,

SSC Support on behalf for NAISS

EAST-1 will be offline on October 4-5 due to energy system maintenance

The Ångström laboratory houses the UPPMAX compute hall, and the property manager, Akademiska Hus, will be performing work on the cooling system during 2023 as part of an energy-saving project called “Project Bläckfisken.” Project Bläckfisken is a modernization project in which Akademiska Hus is constructing an energy system that allows for the transfer of heat and cooling between different building structures, catering to specific needs. As part of this energy system, the UPPMAX compute hall will contribute heat during the winter months. To facilitate this process, Akademiska Hus kindly requests a 48-hour power-down period for the compute hall between October 4 and 5. During this time, all systems, including the Swedish Science Cloud (SSC) East-1 region, will be temporarily unavailable.

We apologize for any inconvenience this may cause and appreciate your understanding as we aim to inform you well in advance.

Upgrading the WEST-1 region of Swedish Science Cloud in September

In Semptember we will begin upgrading the WEST-1 region hosted by Chalmers e-Commons to the latest version of OpenStack and also add some new hardware.

This will improve the capacity and funktionality of the WEST-1 region.

Unfortunately, it also means that the WEST-1 region will be down and unavialable for some time this fall and eveyting that any data currently stored there will be removed.

If you are currently using WEST-1 you must make sure to:

Backup your data.
Move your workloads and data from WEST-1 to either EAST-1 or NORTH-1.

If you have any questions or if you need assistance, do not hesitate to contact support@cloud.snic.se and we will help you.

Shutdown of all systems on 2 february at 07:00 CET

The UPPMAX compute hall hosting EAST-1 will be partially shutdown during 2 February between 07:00 – 11:00 CET as Akademiska Hus performs work on the cooling circuit. The shutdown has been planned to coincide with our February maintenance day. We will try to provide some level of access but expect all compute capability to be unavailable until the work is completed.

If you have any questions please contact us at support@uppmax.uu.se.

Best regards, UPPMAX

Serious vulnerability in pwnkit (CVE-2021-4034)

Pwnkit is installed by default in most linux distributions, there is no permanent fix yet but there is a workaround, you can remove the suid bit from the binary using chmod 0755 /usr/bin/pkexec and that will make it impossible to exploit this bug.

Pkexec is installed by default on all major Linux distributions.
Pkexec has been vulnerable since its creation in May 2009.
Any unprivileged local user can exploit this vulnerability to get full root privileges.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034

Serious vulnerability in sudo (CVE-2021-3156)

Make sure to install the latest security updates in your instances to fix a Serious vulnerability in sudo (CVE-2021-3156) that will let any user run any command as root without entering a password.

In combination with other less severe security exploits this can in some cases be used to compromise your instances remotely.

From Pilot to Production

As SNIC Science Cloud has gone from a pilot to a production resource, the pilot regions in the cloud will be replaced new regions with production hardware.

The region at C3SE has already been replaced by the new WEST-1 region; running OpenStack Rocky on new hardware.

The other pilot cloud-regions at UPPMAX and HPC2N will soon be replaced with the EAST-1 and NORTH-1 regions.

If you are starting up new projects in the cloud we suggest that you use the WEST-1 region for now until the other regions becomes available, because otherwise you will have to migrate your workload to the new regions soon.

New hardware in the C3SE region

Final acceptance testing is currently ongoing, more information about the new hardware can be found here https://www.c3se.chalmers.se/about/SSC/ . The upgrade also updates Openstack to the Rocky release, more information regarding Rocky can be found here https://www.openstack.org/software/rocky/

The support will be closed during the holy days.

During the holy days we will not respond to support tickets and we will also have reduced support capacity in the days between and following the holy days.

We apologize for any inconvenience that this might cause.

Important Security Announcement

Due to the latest security flaws in Intel CPU:s, users of SNIC Science Cloud must patch all instances to the latest kernel as soon as possible.

If you are running a Debian or Ubuntu instance run:
apt-get update apt-get upgrade
If you are running a CentOS instance run:
yum update