gLite VOMS Server and Administration Tools (ORACLE)

1. Release Description

This release contains the ORACLE version of the gLite VOMS Server and Administration Tools module v. 2.2.0. The following sections provide additional information about the release content, the module dependencies, the know bugs and issues and a list of bugs closed since the previous release. For information about installing and using the gLite VOMS Server and Administration Tools, please refer to the gLite Installation and User Guides.

2. Changes in this Release

2.1. Changes in functionality

2.2. New configuration parameters

The following new parameters have been added to the glite-voms-server.cfg.xml file:

 

Parameter name

Default value

Description

voms.db.oracle.instantclient.location

/usr/lib/oracle/10.1.0.3/client/

Location of the Oracle Instantclient installation.

[Example: /usr/lib/oracle/10.1.0.3/client/] [Type: 'string']

 

All parameters used to set VO-specific values have been removed from the service configuration files and moved to a dedicated VO configuration file called vo-list.cfg.xml. A template is available in /opt/glite/etc/config/templates. This file is common to all gLite services running on this node or referenced in the same site-config file (unless locally overridden). For more information please refer to the gLite 1.5 installation guide. The VOMS instances are generated from iterating on all the VOs defined in the vo-list.cfg.xml file.

 

The R-GMA Service Publisher (aka R-GMA servicetool) parameters are now automatically handled by the configuration script and do not need to be explicitly set anymore in the configuration file. The parameters can be set in the configuration file to override the default values.

3. Release contents

3.1. Glite sub-deployment modules

The gLite VOMS Server for Oracle module installs/uses the following set of gLite deployment modules:

Please see the corresponding release notes of these modules for details.

3.2. Glite RPMS

The gLite VOMS Server for Oracle module is composed of the following gLite components (list includes the gLite components of the other used gLite deployment modules listed in section 3.1):

 

Component name

Description

Version

File

glite-config

gLite configuration scripts

1.6.22

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-config-1.6.22-2.noarch.rpm

glite-rgma-servicetool-config

gLite R-GMA servicetool installation

5.2.2

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-rgma-servicetool-config-5.2.2-1.noarch.rpm

glite-security-trustmanager

The java certificate path checkin for proxy certs in SSL with plugins for tomcat and axis.

1.8.2

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-trustmanager-1.8.2-1.noarch.rpm

glite-security-util-java

The java utilities library for security

1.3.0

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-util-java-1.3.0-1.noarch.rpm

glite-security-utils-config

gLite Security Utilities configuration files

1.2.1

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-utils-config-1.2.1-1.noarch.rpm

glite-security-voms-admin-client

gLite VOMS Administration clients

1.2.10

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-voms-admin-client-1.2.10-1.noarch.rpm

glite-security-voms-admin-interface

gLite VOMS Administration service (interface)

1.0.2

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-voms-admin-interface-1.0.2-1.noarch.rpm

glite-security-voms-admin-server

gLite VOMS Administration service

1.2.10

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-voms-admin-server-1.2.10-1.noarch.rpm

glite-security-voms-api

 

1.6.10

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-voms-api-1.6.10-0.noarch.rpm

glite-security-voms-api-c

 

1.6.10

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-voms-api-c-1.6.10-0.noarch.rpm

glite-security-voms-api-cpp

 

1.6.10

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-voms-api-cpp-1.6.10-0.noarch.rpm

glite-security-voms-clients

 

1.6.10

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-voms-clients-1.6.10-0.noarch.rpm

glite-security-voms-config

 

1.6.10

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-voms-config-1.6.10-0.noarch.rpm

glite-security-voms-oracle

 

1.1.4

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-voms-oracle-1.1.4-0.noarch.rpm

glite-security-voms-server

 

1.6.10

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-security-voms-server-1.6.10-0.noarch.rpm

glite-voms-server-oracle-config

VOMS Server for Oracle installation files

2.2.0

../../../../../../../glite-web/egee/packages/R1.5/R20051130/bin/rhel30/noarch/RPMS/glite-voms-server-oracle-config-2.2.0-1.noarch.rpm

4. Dependencies

The gLite VOMS Server for Oracle module has the following dependencies:

 

Component name

Description

Version

File

gpt

The Grid Packaging Toolkit (GPT)

VDT1.2.2rh9

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/gpt-VDT1.2.2rh9-1.noarch.rpm

j2re

Java JRE

1.4.2

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/j2re-1_4_2_08-linux-i586.rpm

perl-Authen-SASL

Interface to SASL

2.08

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Authen-SASL-2.08-1.1.el3.rf.noarch.rpm

perl-Crypt-SSLeay

Crypt

0.51

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Crypt-SSLeay-0.51-4.noarch.rpm

perl-Digest-HMAC

Digest-HMAC Perl module

1.01

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Digest-HMAC-1.01-11.1.noarch.rpm

perl-Digest-SHA1

Digest-SHA1 Perl module

2.01

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Digest-SHA1-2.01-15.1.noarch.rpm

perl-MIME-Lite

Simple standalone module for generating MIME messages

2.117

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-MIME-Lite-2.117-2.1.el3.rf.noarch.rpm

perl-Net-Jabber

Jabber protocol interface

2.0

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Net-Jabber-2.0-1.1.el3.rf.noarch.rpm

perl-Net-XMPP

XMPP Perl Library

1.0

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Net-XMPP-1.0-1.1.el3.rf.noarch.rpm

perl-SOAP-Lite

Interface to SOAP

0.60a

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-SOAP-Lite-0.60a-1.1.el3.rf.noarch.rpm

perl-XML-Stream

XML Stream connection support

1.22

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-XML-Stream-1.22-1.1.el3.rf.noarch.rpm

tomcat5

Tomcat application server

5.0.28

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/tomcat5-5.0.28-11_EGEE.noarch.rpm

vdt_globus_essentials

Virtual Data Toolkit

VDT1.2.2rh9

../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/vdt_globus_essentials-VDT1.2.2rh9-1.noarch.rpm

 

5. Known bugs and issues

This release has the following bugs and issues. Bug numbers refer to the gLite Bug Tracking system database hosted on the CERN Savannah system at https://savannah.cern.ch/bugs/?group=jra1mdw .

5.1. Main issues

5.2. Known open bugs

 

Bug number

Description

 

 #7164

glite-voms-init still uses deprecated -hours option

 

 #7634

VOMS ldap synch and signing policies

 

 #7662

references to EDG license in voms

 

 #7663

edg licence in voms-admin

 

 #8021

VOMS test script doesn't tell you the progress when in the mass voms-proxy-* fase.

 

 #8582

voms webui: Couldn't find the configuration file.

 

 #9089

Problems assigning VOMS roles

 

 #9151

voms-admin doesn't send notification to admins

 

 #9173

[VOMS Admin] VOMS must be in gLite location

 

 #9178

voms/vomrs tomcat5 dies out of memory

 

 #9302

VOMS-admin Welcome page

 

 #9339

VOMS Admin: Host cert information is outdated

 

 #9340

VOMS Admin: Host cert must be easily downloadable from the web interface

 

 #9560

[VOMS Admin] Implement user privilege summary page

 

 #9562

[VOMS Admin] Don't list operations that the user will not be able to execute

 

 #9577

VOMSValidator throws exception if directory /etc/grid-security/vomsdir/ does not exist

 

 #10037

VOMS Admin needs to have a maillinglist functionality

 

 #10050

VOMS installation does not allow to install from an existing VOMS setup

 

 #10072

no tool to migrate VOMS db content from MySQL to Oracle

 

 #10296

[VOMS]certificate registration command does not pick up CA URI

 

 #10386

voms-admin-configure prints out wrong mysql port in help

 

 #10399

glite-mkgridmap truncates gridmap file, when VOMS server is down

 

 #10431

VOMS admin and VOMS need to be harmonized

 

 #10433

voms-admin-configure help is incorrect

 

 #10434

voms server update for a vo not possible

 

 #10702

VOMS connecting to database twice

 

 #10729

VOMS API should return clean FQAN

 

 #10761

[VOMS] Empty error message when doing vom-proxy-init with invalid line in vomses-file

 

 #10785

[VOMS] missing implicit permissions on VOMS admin interface

 

 #10846

[VOMS] Must specify alternate port and socket for MySQL

 

 #10927

[VOMS Admin] problems with the removeMember SOAP method

 

 #10970

VOMS Admin: getGridmapUsers function doesn't work because of endless wait for a DB connection

 

 #11222

[VOMS] gLite autoconf checks use underscore instead of dash

 

 #11223

[VOMS] configure checks for MySQL in incorrect sequence

 

 #11227

[VOMS] VOMS 1.6.7 fails to build on RedHat 7.2

 

 #12168

[VOMS Admin] Doesn't work well with an empty DBA password

 

 #12197

No real user guide for VOMS

 

 #12223

glite-voms-server-configure.py doesn't configure /opt/glite/etc/voms/[VOname]

 

 #12224

/opt/glite/etc/voms/[VOname]/voms.conf files are created with the wrong dbname

 

 #12513

voms client man pages still refer to edg

 

 #12613

VOMS reconnects to the Oracle database for each SQL query

 

 #13356

[VOMS] init script uses bad ps command

 

 #13370

[VOMS] VOMS Oracle server is not started when oracle clients RPMs are missing

 

 #13592

[VOMS admin] Error when displaying the list of all VO requests

 

 #13627

[ VOMS Admin ] Menu fails to display options

 

 #13659

org.glite.security.voms needs PIC in order to build on IA64

 

 #13675

voms-proxy-init doesn't complain about wrong parameters or junk in the command line, just silently fails

 

 #13684

VOMS Admin Incorrect copyright notice

 

 #13726

VOMS does not put all the groups the user has into the AC

 

 #13730

java voms parser swallows the the VO root group from the voms AC

 

 #13851

[VOMS] voms-proxy-init runs only once on RHEL3/AMD64

 

 #13863

VOMS Admin fails to boot and locks down the Tomcat instance

 

 #13866

LCAS voms plugin should check that first voms fqan in proxy is authorized

 

 #13867

voms shall use pure SSL

 

 #13888

VOMS Admin: Internal database inconsistency detected: Got more roles than expected for user "<my DN>"

 

 #13891

VOMS Admin rejects numerical configuration parameters with extra whitespace appended

 

 #14009

[VOMS] not all groups are returned

 

 #14021

BLOB handling is still broken in VOMS Admin.

 

 #14026

VOMS clients to be configured with the trusted certificate subjects, not the whole certificate

 

 #14057

very bad tomcat performance affecting voms/vomrs access and gridmap file generation

 

 #14193

[ VOMS Admin ] grid-mapfile generation doesn't work

 

 #14195

[VOMS Admin] "List all VOs on this server" link doesn't work

 

 #14207

JobRepository: Without VOMS, no Unix UID and Unix GID bindings were logged

 

 #14227

[VOMS Admin] Incorrect use of VOMS_LOCATION and VOMS_LOCATION_VAR

 

 #14393

ClassCastException in VomsServicePDP

 

#14399

VOMS Admin: Tomcat signals Out Of Memory messages, all VOMS Admin instances are non-functional

 

 

5.3. Fixed in this or previous releases, but not yet fully tested

 

Bug number

Description

 

 #4119

[VOMS] The VO user policy/licensing is not shown perhaps not installed

 

 #4540

[VOMS] Can't assign roles to users

 

 #4637

VOMS API should offer a simpler way of processing the VOMS attribute certs

 

 #5166

[VOMS Admin] Couldn\\\'t handle the Russian CA issued personal certificates

 

 #5360

edg-voms creates logfile with exotic mode

 

 #5362

edg-voms run as a non-privileged user

 

 #6678

VOMS_Contact() crashes

 

 #6943

If the user issuing voms-proxy-init is not a member of the specified VO, confusing error is returned.

 

 #7047

VOMS_Retrieve() segfaults if VERIFY_DATE is set and the proxy has expired

 

 #7048

VOMS: there is no easy way for an application to retrieve the info from the proxy cert

 

 #7311

voms build does not use expat.location from the repository

 

 #7511

VOMS_FindByVO() doesn't work without user's local configuration

 

 #7660

hard-wired defaults in voms_install_db

 

 #7665

rvoms-admin-configure as pm post install script

 

 #7890

VOMS attribute validation fails in java VOMS parser

 

 #7905

Support for GLOBUS_FLAVORS needed by broker missing in VOMS.

 

 #8012

glite-security-voms-admin-server installed before tomcat user exists.

 

 #8295

Welcome to VOMS! doesn't tell you the VO name

 

 #8357

org.glite.security.voms/src/configure.in bug when checking for GLOBUS_FLAVORS

 

 #8603

VOMS (core) service can't restart after crash when log file is at 2GB.

 

 #8867

memory leak in lcmaps voms group plugins

 

 #9168

[VOMS Admin] --fileinstall switch to voms-admin-configure fails

 

 #9170

[VOMS Admin] --fileinstall still requires valid MySQL location

 

 #9408

VOMS Admin spits internal database inconsistency faults on getGridmapUsers

 

 #9799

[VOMS] The edg-voms process loops on accept() when the port number is unavailable

 

 #9800

[VOMS] The edg-voms process truncates the log file on startup

 

 #10025

VOMS: voms-server-conf.py error

 

 #10069

VOMS administration webservice removes user from VO instead of group

 

 #10253

VOMS (core) service rejects connection because of not able to write to logfile

 

 #10313

VOMS new user - invalid email

 

 #10422

VOMS client lib./MyProxy: Globus deallocation problem

 

 #10432

voms_install_db has no help function

 

 #10459

glite-security-voms-oracle should not depend on oracle rpms

 

 #10581

VOMS: problems compiling on debian

 

 #10678

[VOMS]glite-voms-server-config.py fails with several switches

 

 #10680

Implement a workaround for wrong DN in VOMS ACs

 

 #10682

Man pages missing from separate voms rpms

 

 #10805

[VOMS] Failed checks for Expat in configure

 

 #10894

VOMS server puts a wrong DN into the AC holder field

 

 

5.4. Bugs closed since last release

This release fixes the following bugs and issues. Bug numbers refer to the gLite Bug Tracking system database hosted on the CERN Savannah system at https://savannah.cern.ch/bugs/?group=jra1mdw  

 

Bug number

Description

 

 #3887

VOMS and user name assignment

 

 #5356

unecessary file org.glite.security.voms/src/include/config.h.in

 

 #5357

ambiguous error message in edg-voms

 

 #6612

voms-admin requires following patch on voms core

 

 #7193

[VOMS Admin] The mechanism for getting notification addresses for admin users does not work

 

 #8036

VOMS server upgrade fails due to conflicts

 

 #9049

Mail from VOMS refers to edg

 

 #9077

voms-proxy-init man page should include role syntax

 

 #9171

[VOMS Admin] Tomcat group check too restrictive

 

 #9172

[VOMS Admin] Allow for alternate invocation methods for MySQL

 

 #9218

[VOMS Admin] voms-admin fails with SSL and non-standard certificate dir

 

 #9576

VOMS fails to verify VOMS server certificate the first time after a VOMS_Init

 

 #9795

VOMS deployment script downloads old CA certs version

 

 #9804

VOMS deply script: no check on empty parameters

 

 #10051

VOMS installation doesn't allow to enter a SMTP host in the XML file anymore

 

 #10163

No way to have voms core restarting after machine reboot

 

 #10363

voms-admin script sets file permissions incorrectly

 

 #10383

voms-admin-install handles command line options incorrectly

 

 #10423

[VOMS] glite-voms-server.cfg.xml should offer to specify authentication params for smtp

 

 #10728

Java VOMS class should return clean FQAN

 

 #10813

[VOMS] Oracle Error on confirm registration request

 

 #10827

voms-proxy-init crashes because of proxy-format error

 

 #10839

VOMS: 4Suite, CA list,, perl-libxml, rgma-servicetool-config and other missing dependencies

 

 #11092

[VOMS] KCA-signed certificates not handled properly

 

 #11464

VOMS (core) fails on getting host cert through X509_USER_[KEY|CERT]

 

 #11513

VOMS Admin: Missing slash when adding a user to a (sub)group with a role

 

 #12150

[ VOMS ] Problems when starting the service

 

 #12166

[VOMS Admin] Fails to support non-standard MySQL ports

 

 #12167

[VOMS Admin] Uses old name of MySQL driver class

 

 #12169

[VOMS Admin] New options incorrectly specified

 

 #12170

[VOMS Admin] voms-admin-configure POD gives incorrect default MySQL port

 

 #12632

malloc/free errors in VOMS C/C++ api

 

 #14275

[VOMS Admin] The Request Handling menu is invisible