Top-level BDII FCR broken
Description
The gLite 3.1 top-level BDII (BDII_top) turns out to have a bug in the
FCR component of the GIP.
The component must remove access control attributes from CEs and SEs
according to the FCR filters (if any) that each VO has configured.
Instead, the buggy component replaces _all_ the access
control attributes for the target CE/SE with the single attribute for
some VO that has the filter enabled!
So, the filter is ineffective for the VO _and_ it
affects other VOs!
Known workaround
For the time being we must re-enable the FCR mechanism
in the BDII itself.
This is done automatically by glite-yaim-bdii >=
4.0.2-2 (in the current glite-BDII rpm list).
Please upgrade and reconfigure your BDII_top nodes.
Verify that /opt/bdii/etc/bdii.conf contains the
following lines:
------------------------------------------------------------------
BDII_AUTO_MODIFY=yes
BDII_UPDATE_LDIF=http://lcg-fcr.cern.ch:8083/fcr-data/exclude.ldif
------------------------------------------------------------------
However, the following step MUST BE DONE MANUALLY:
--------------------------------------------------
rm /opt/glite/etc/gip/plugin/glite-info-plugin-fcr
--------------------------------------------------
BDII on XEN virtual machine
There were issues reported installing a site BDII on Xen virtual machines. See bug 42475 for more details.
YAIM known issues
For an up to date documentation on configuration known issues, please check also:
gLite wide known issues
Please also check the gLite wide
known issues. |
