Blog

Start [UTC]: 10/09/2024 08:00
End [UTC]: 10/09/2024 09:00

The European Weather Cloud (EWC) teams at ECMWF and EUMETSAT are pleased to invite you to the fourth thematic EWC webinar of 2024.

It will happen on Tuesday 10 September 2024 from 08:00 to 09:00 UTC.

These recurring thematic webinars are aimed at new or prospective users of the EWC service, provided by EUMETSAT and ECMWF, which is available to all ECMWF and EUMETSAT Member and Co-operating States. Our primary objective is to provide guidance to users on how to effectively use the different capabilites of the EWC.

While the first two webinars in 2023 focused on the basics to get you started (you can find more information, including the video recordings, here and here), in this series we explore various aspects of cloud utilisation through examples, with a specific emphasis on key functionalities and cloud skills. The previous EWC webinars and their recordings can be found here.

In this upcoming webinar, we will focus on the tenancy administration, from describing the role and responsibilities of the tenant administrator and covering different aspects that include the tenancy users management, permissions to access functionalities and blueprints, security, communications and accounting of the cloud resources consumption.

By the end of this 1-hour session, participants will have gained a better understanding of how to manage and administer an EWC tenancy, as well as the duties and responsibilities of the tenant administrator role. 

Attendance

Please note that the main target audience of this webinar is existing and prospective tenancy administrators as well as Member and Co-operating States' Computing Representatives. However, the webinar remains open to anyone interested from an ECMWF or EUMETSAT Member and Co-operating States. 

If you would like to attend the webinar, please complete the registration: https://events.ecmwf.int/event/424/registrations/280/ 

We will alert you of your acceptance to the webinar and send you all the joining information and Microsoft Teams meeting details in due course.

The webinar will be conducted in English.

Dear all,

EUMETSAT side of the EWC announced a maintenance on 15 July 2024 11:00 - 11:30 CEST to improve network performance.

During the maintenance, short disruption in resource management using Morpheus may be expected. Moreover, connections to the Data Store and EUMETView may suffer from short interruptions and may require a restart. For other workloads there should not be any interruptions.
In case of any questions or comments or issues, please contact us via support (https://jira.ecmwf.int/servicedesk/customer/portal/9/) or via Rocket.

Thank you for your patience and understanding.

Dear all,

EUMETSAT is improving the security of the default setup and harmonise the service with ECMWF by enforcing SSH key-based authentication for all new VMs. SSH key authentication provides a more secure alternative to password-based authentication.

From now on, all new VMs configured will only be authenticated with SSH keys for security.

 

Why Use SSH Key Authentication?

 Increased Security: SSH keys are much longer and more complex than passwords, making them harder to crack.

 No Password Management: With SSH keys, there are no passwords to remember or rotate, reducing administrative overhead.

 

How to create and use SSH keys?

For detailed instructions on setting up SSH key authentication for new VMs, please refer to this documentation: https://confluence.ecmwf.int/pages/viewpage.action?pageId=430705715.

 

How to improve the security of the existing VMs?

We want to remind that EWC tenants are responsible on the all VMs in the EWC and *we strongly recommend to change to SSH keys*. To retrospectively enforce the use of SSH-keys to existing VMs, please follow these steps:

• Navigate to the Morpheus dashboard and log in with your credentials.

• Go to Instances from the main menu.

• Choose the instance.

• Click on Actions and then select Run workflow.

• Choose the Enforce SSH Key Authentication workflow.

• Follow the prompts to complete the workflow.

 

If you have any questions or concerns, please don't hesitate to reach out to us.

We appreciate your understanding and cooperation as we work towards a more secure server environment.


Thank you,

EWC Team

ECMWF will upgrade the version of the CCI1 backend powering part of the European Weather Cloud service at ECMWF between Monday 8 to Friday 12 July 2024, following the successful upgrade of the CCI2 Openstack backend.

Does it affect me?

EWC tenancies at ECMWF may live on either CCI1 or CCI2 backends. Those tenancies based on the CCI2 backend will not be affected by this update.  

In Morpheus, you can see what backend is used in the name of the "cloud". Only resources in cloud named "ecmwf-cci1-..." may be affected.

What is the impact?

The upgrade should be transparent for most workloads on CCI1, as it will be done gradually across the infrastructure over three days to minimise disruption. 

All going well, existing standard instances should not suffer any downtime. GPU-powered instances, however, will unfortunately need to be rebooted during the update.

Short interruptions to the APIs are expected, which means you may not be able to provision new instances during brief periods of time throughout the upgrade process.

You may check https://status.ecmwf.int for all updates on the service status.


Make sure your instances are up to date!

An Important Security Vulnerability RegreSSHion has been discovered. Remember to check your instances and make sure they are up-to-date with all the security patches to keep them secure.


A new critical security vulnerability CVE-2024-6387, code-named as regreSSHion has been discovered affecting many Linux systems, including many in the European Weather Cloud.  This vulnerability may allow unauthenticated remote code execution in OpenSSH’s server with full root access.

It is very important you check whether your instances in the European Weather Cloud are affected and if so take any remedial actions required:

Operating SystemAffectedAction Required
Ubuntu 22.04Yes

Although the update should have been applied automatically, make sure your system is completely up to date with:

sudo apt update && sudo apt upgrade

You may check the version of OpenSSH with:

$ dpkg -l openssh-server
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version             Architecture Description
+++-==============-===================-============-=================================================================
ii  openssh-server 1:8.9p1-3ubuntu0.10 amd64        secure shell (SSH) server, for secure access from remote machines

It must be 8.9p1-3ubuntu0.10 or above.

Rocky 9.XYes

UPDATED 2024-07-04: Patch available

A patched OpenSSH has been released in the official repositories. If you have already applied any mitigation, it is recommended you revert it after updating. See 

https://rockylinux.org/news/2024-07-01-rocky-linux-9-cve-2024-6378-regression for more information

Ensure your system is completely up to date with:
sudo dnf upgrade

You may check the version of OpenSSH with:

$ rpm -q openssh-server
openssh-server-8.7p1-38.el9_4.1.x86_64

It must be openssh-server-8.7p1-38.el9_4.1.x86_64 or above.

Rocky 8.XNoNone
Centos 7.xNoNone for this issue, though Centos 7 is end of life and should be cautiously replaced soon.
Ubuntu 18 LTSNoNone for this issue, though Ubuntu 18 LTS is end of life and should be cautiously replaced soon.
Ubuntu 20 LTSNoNone for this issue.


Following our Terms and Conditions for the Use of European Weather Cloud Pilot Service, any vulnerable instances remaining beyond Friday 12 July 2024 may be isolated and become unaccessible for security reasons. Please ensure yours are up-to-date before then.

Further info:

Start [UTC]: 13/11/2024 09:00
End [UTC]: 13/11/2024 14:00

Dear Colleague,

We are pleased to announce the next European Weather Cloud User Workshop. The event will be held on 13 November 2024 10-15 CEST completely virtual.

We will provide the audience with a status update of the service and give special emphasis to the use cases. We will combine presentations from ECMWF, EUMETSAT, and EWC Users, as well as interactive sessions for discussions, feedback, and exchange of ideas. If you would like to share your experiences and work in the EWC, get in touch with us via the http://support.europeanweather.cloud.

This workshop is organised jointly by ECMWF and EUMETSAT and is open to their Member and Co-operating States. 

Save the date in your calendar and register at: https://eumetsat.zoom.us/meeting/register/tZIud-CsqDkiGNK9zHFl_KD3NFjR46eiPRC9#/registration  We will get in touch with the agenda closer to the event date. 

We look forward to seeing you at the European Weather Cloud User Workshop!

Kind regards,
The European Weather Cloud teams at ECMWF and EUMETSAT

ECMWF will upgrade the version of the CCI2 Openstack backend powering part of the European Weather Cloud service at ECMWF between Monday 24 to Wednesday 26 June 2024

Does it affect me?

EWC tenancies at ECMWF may live on either CCI1 or CCI2 backends. Those tenancies based on the CCI1 backend will not be affected by this update.  

In Morpheus, you can see what backend is used in the name of the "cloud". Only resources in cloud named "ecmwf-cci2-..." may be affected.

What is the impact?

The upgrade should be transparent for most workloads on CCI2, as it will be done gradually across the infrastructure over three days to minimise disruption. 

All going well, existing standard instances should not suffer any downtime. GPU-powered instances, however, will unfortunately need to be rebooted during the update.

Short interruptions to the APIs are expected, which means you may not be able to provision new instances during brief periods of time throughout the upgrade process.

You may check https://status.ecmwf.int for all updates on the service status.


Dear all ,


Next week 25 June 2024 we plan to update EWC Rocketchat starting from 10:00 AM CET. The process should take around 1h.

During the maintenance period, rocketchat could be not accessible or not available.

This maintenance is aiming to improve the performance of rocketchat, bring new features and security updates.

We apologize for any inconvenience this may cause.



EWC team

Dear all,

CentOS Linux 7 will reach end of life (EOL) on June 30, 2024. This means machines provisioned with that distribution version, exposed with public IP, have to be replaced with the new OS images (rocky 8, 9 or Ubuntu 22).

In particular for EWC users on EUMETSAT side, the SSH proxy machine is Centos7 based and has public IP , therefore it needs to be replaced for security reasons.

EWC users can deploy a new SSH proxy using the instance type from Morpheus (https://confluence.ecmwf.int/display/EWCLOUDKB/EUMETSAT+-+SSH+Bastion). Once deployed, you can remove the public IP from the old SSH Proxy (it won't have public access anymore) (https://confluence.ecmwf.int/display/EWCLOUDKB/Reconfigure+instances+in+Morpheus Add/remove floating IP section) and add the same public IP to the new ssh proxy machine.

Be aware that if the machine is not replaced no security updates will be available for this linux distribution, therefore it would be a risk for EWC. We would like to remind that the tenant is responsible for updating of all VMs in the tenancy

We are happy to support if you open a ticket, but there could be some delays depending on the number of requests we get.

In case of any questions or comments, please contact us via the support (https://jira.ecmwf.int/servicedesk/customer/portal/9/) or via Rocket.

From 2024 Special Projects, beside the HPC resources, also has the access to the operational European Weather Cloud service
If you are interested in this service, please indicate your resource requirements and add a section outlining your intended usage to your Special Project request.

Special Projects are defined as 'experiments or investigations of a scientific or technical nature, likely to be of interest to the general scientific community'.

Users within one of ECMWF's Member States may apply for resources as a Special Project. This possibility is particularly, but not exclusively, suitable for projects which are undertaken in co-operation between several institutions, nationally or internationally.

For further information on this opportunity and to submit the applications, see: The Special Projects application page.

If you miss the 30 June deadline, you could still submit a "late request" via the dedicated form as soon as you can, but the total amount of accessible resources might be limited in size.

If you have any questions before submitting the application, please email special_projects@ecmwf.int.

Start [UTC]: 18/06/2024 08:00
End [UTC]: 18/06/2024 09:30

The European Weather Cloud (EWC) teams at ECMWF and EUMETSAT are pleased to invite you to the third thematic EWC webinar of 2024.
It will happen on Tuesday 18th June, from 8:00 to 9:30 UTC.

These recurring thematic webinars are aimed at new or prospective users of the EWC service, provided by EUMETSAT and ECMWF, which is available to all ECMWF and EUMETSAT Member and Co-operating States. Our primary objective is to provide guidance to users on how to effectively use the different capabilites of the EWC.

While the first two webinars in 2023 focused on the basics to get you started (you can find more information, including the video recordings, here and here), in this series we explore various aspects of cloud utilisation through examples, with a specific emphasis on key functionalities and cloud skills. The previous EWC webinars and their recordings can be found here.

In this upcoming webinar, we will explore how to manage custom instance types and object storage within the EWC. Participants will be guided through the process of creating a customised instance type to set up a JupyterHub, building on the automation shown in our previous webinar in this series. From that Jupyter session, we will introduce you to the S3 object storage offering on the EWC and demonstrate how to manage it, covering various tools and practical examples.

By the end of this 1.5-hour session, participants will have gained an understanding of how to create instance types and effectively use object storage in the EWC environment. This webinar aims at equipping you with the knowledge and skills needed to leverage the power of the European Weather Cloud for your data storage and management needs.

Attendance

Please note that this webinar is open to anyone from an ECMWF or EUMETSAT Member and Co-operating State. 

If you would like to attend the webinar, please complete the registration: https://events.ecmwf.int/event/417/registrations/271/
We will notify you of your acceptance to the webinar and send you all the joining information and Microsoft Teams meeting details in due course.

The webinar will be conducted in English.

ECMWF will be updating the GPU nodes in the European Weather Cloud (CCI1) on Tuesday 14 May 2024 10:00 UTC. This will make possible to support newer CUDA versions for AI/ML workloads.

During the session, all GPU instances will be rebooted. We have notified people owning GPU instances by e-mail.
Once the session is over, any affected instances will be back online.

However, this is a good opportunity to review your usage. GPUs are a limited resource, so if you no longer make use of those GPU instances, we would kindly ask you to delete them. That will free those GPU resources for other users in the cloud.

As always, if you have any concerns or doubts, please do get in touch with us through the European Weather Cloud Support Portal.

We apologise for the disruption this may cause and thank you for your understanding.

We will have maintenance at the EUMETSAT side of the EWC today 07.05.2024 20:00-22:00 CEST. During the maintenance, deploying, deleting, or modifying resources may occasionally fail. Running workloads are not affected.

We apologize for any inconvenience this might cause you!

We are happy to announce the availability of OPERA weather radar composite data in the EWC. The European-wide composite data is available in Bufr (2010 onwards) and HDF5 (2012 onwards) formats and contain radar reflectivity, precipitation amount, and 1-hour precipitation accumulation.

The data are available in the EWC object storage (S3) buckets and are accessible from the EWC VMs (both EUMETSAT and ECMWF side) without credentials. Please consult https://confluence.ecmwf.int/display/EWCLOUDKB/EUMETSAT+-+Data+Access for more details.

Dear all


The infrastructure provider of the EUMETSAT side of the EWC announced an upcoming scheduled maintenance window that will be starting on 22nd April 2024 at 20:15 CEST and finishing on 23rd April 2024 at 02:00 CEST, where they will be updating keystone, block storage and nova to improve the system. 

During that window, users will not be able to deploy, delete or modify resources using Morpheus. Moreover snapshots (manual or automatic) may fail during the upgrade time window.

On existing running workloads there will be no other impacts and you will still be able to connect to the machines.

In case of any questions or comments, please contact us via the support (https://jira.ecmwf.int/servicedesk/customer/portal/9/) or via Rocket.