gLite 3.0
lcg-CE_torque - Update to version 3.0.11-2
VOMS
This release upgrades VOMS from version 1.6 to version 1.7.
Here is a link to the list of bugs fixed:
http://littleblue.cnaf.infn.it/twiki/bin/view/VOMS/WebDevelopment.
And here are the release notes, for the upgrade from 1.6.x to 1.7.x:
This update contains a new version of glite-yaim-3.0.1. The new version contains the following new features:
This update fixes various bugs. For the full list of bugs, please see list below.
lcg-CE_torque - Update to version 3.0.11-2
Date | 23.04.07 |
---|---|
Priority | Normal |
Description
VOMS
This release upgrades VOMS from version 1.6 to version 1.7.
Here is a link to the list of bugs fixed:
http://littleblue.cnaf.infn.it/twiki/bin/view/VOMS/WebDevelopment.
And here are the release notes, for the upgrade from 1.6.x to 1.7.x:
- The clients and APIs of VOMS 1.7.x are fully backwards compatible with VOMS 1.6.x. A simple upgrade of the RPMs is all that is necessary to upgrade them.
- The server however requires an upgrade of the DB schema, upgrade that is performed the first time voms-admin 1.2.17 or higher is run. This means that VOMS 1.7.x requires voms-admin 1.2.17 or higher, though those versions of voms-admin may also run with VOMS 1.6.x.
- Configuration-wise, two new ways to configure the vomsdir directory are available. Though both optional at the moment, it is highly suggested that at least option number 1 is used. The support of the old format will be removed with VOMS 1.8.x or in one year, whichever comes later.
- New configuration options:
- Inside the vomsdir directory, a subdirectory for each supported VO is made, with the same name of the VO, and all and only the certificates of the servers supporting that VO are placed in it. The main directory should not contain any file, just the VO subdirs
-
Instead of the server certificate, a new file, named <hostname>.lsc is placed in the VO subdir. This allows host admin to avoid updating the list of certificates whenever a VOMS server changes its certificate. For details od the file's format look at section 5.1.1 of the updated user guide, available here:
https://edms.cern.ch/file/571991/1/voms-guide.pdf.
This update contains a new version of glite-yaim-3.0.1. The new version contains the following new features:
-
To configure correctly the glite-CE with torque, the following parameters are obligatory:
# Jobmanager specific settings JOB_MANAGER=pbs CE_BATCH_SYS=pbs
- In case of site BDII separated from CE, it is necessary to install by hand the lcg-info-templates and lcg-info-generic packages to the site BDII node and to remove the ${INSTALL_ROOT}/lcg/var/gip/ldif/static-file-Site.ldif file on all CE nodes.
-
In the site-info.def file is necessary to define the BDII_CE_URL parameter as follows:
BDII_CE_URL="ldap://$CE_HOST:2135/mds-vo-name=local,o=grid" - In the site-info.file given in ./examples, where is
/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch ops' 'ops voms.cern.ch 15004
should be
/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch ops' 'ops voms.cern.ch 15009
- If optional bin/yaim command is used to configure a gLiteCE, then the node will not work properly until service gLite is restarted since the gatekeeper will not be running after the configuration. If default configure_node script is used then all works without problems.
This update fixes various bugs. For the full list of bugs, please see list below.
Fixed bugs
Number | Description |
---|---|
#10035 | voms_install_replica.sgml problem |
#10830 | output of voms-proxy-init --help misleading |
#12514 | Specifying multiple roles |
#13675 | voms-proxy-init doesn't complain about wrong parameters or junk in the command line, just silently fails |
#14026 | VOMS clients to be configured with the trusted certificate subjects, not the whole certificate |
#15238 | [VOMS] init script start function is unclear or incorrect |
#15239 | [VOMS] init script displays incomplete usage |
#15572 | [VOMS] Invalid use of '~' in looking for vomses directory |
#15700 | [VOMS] Apparent bug in open() of fifo |
#16540 | voms-proxy-init -hours and -valid difference |
#16576 | voms-proxy-init failure leaves tmp_x509up_u$(id -u)_$$ file on failure without a debugging wish from the user |
#17307 | config_rfio show error messages when CASTOR-client is empty package |
#17362 | voms-proxy-fake uses the holder's cert to sign the AC |
#17747 | Errors in DB Access |
#17748 | Incorrect proxy format for GT 4 |
#17750 | voms core logs: give explicit reason when proxy refused due to invalid crl or other problem with user's CA. |
#17831 | voms-proxy-init doesn't work with single quote in DN |
#17863 | voms-proxy-info man page and -help inconsistency |
#18258 | voms-proxy-init failure |
#19145 | voms-proxy-* commands should be able to use p12 formatted certificate |
#19230 | voms-proxy-init --valid 168:00 result not clearly explained situation |
#19349 | voms start script for a vo kills other vos |
#20502 | A memory leak in vomsdata::Retrieve() |
#20508 | simplified Java VOMS API |
#20805 | voms-proxy-info showing the delegation chain |
#20984 | Ip address information in logs when a proxy is requested in VOMS Server |
#21033 | Signing policy verifies first tripplet with matching access_id_CA in policy files only. |
#22156 | There is a possible vulnerability concerning the VOMS server |
#22832 | Proxy renewal doesn't work |
#24190 | Use $pbsserver instead of $clienthost in mom_priv/config for torque > 2. |
#24294 | Unharmonized indexing of voms_apic.h/c interface (Voms version 1.7.10) |
#24303 | empty line in users.conf causes config_users to fail |
#24373 | Exit codes for voms-proxy-init not unique. |
#24556 | Seg fault in voms-proxy-info |
#24712 | config_users creates accounts for unsupported VOs |
#24784 | Starting mysqld in DPM config steps (Yaim) |
Updated rpms
Name | Version | Full RPM name | Description |
---|---|---|---|
glite-security-voms-api | 1.7.16-2 | glite-security-voms-api-1.7.16-2.i386.rpm | gLite Security VOMS APIs |
glite-security-voms-api-c | 1.7.16-2 | glite-security-voms-api-c-1.7.16-2.i386.rpm | glite-security-voms |
glite-security-voms-api-cpp | 1.7.16-2 | glite-security-voms-api-cpp-1.7.16-2.i386.rpm | glite-security-voms |
glite-security-voms-clients | 1.7.16-2 | glite-security-voms-clients-1.7.16-2.i386.rpm | glite-security-voms |
glite-yaim | 3.0.1-10 | glite-yaim-3.0.1-10.noarch.rpm | glite-yaim |
lcg-CE_torque | 3.0.11-2 | lcg-CE_torque-3.0.11-2.noarch.rpm | LCG CE_torque node |
The RPMs can be updated using apt via
- via apt: apt-get dist-upgrade
- or via a download from:
http://glitesoft.cern.ch/EGEE/gLite/APT/R3.0/rhel30/RPMS.updates/
Service reconfiguration after update
Not needed.
Service restart after update
Service must be restarted.
How to apply the fix
- Update the RPMs (see above)
- Update configuration (see above)
- Restart the service if necessary (see above)