gLite > gLite 3.1 > glite-CREAM > Update to glite-CREAM 3.1.20-0  
 
 

 

 

gLite 3.1

glite-CREAM - Update to version 3.1.20-0


Date 06.10.2009
Priority High

Description



glite-CREAM

Update of cream CE
This patch fixes two security vulnerabilities. Please read the advisories from the GSVG: Furthermore several improvements to CREAM are made with this patch:
  • Migration to voms-api-java. This also means that the VOMS server host certs are not required anymore in the CREAM CE node (the /etc/grid-security/vomsdir/*/*.lsc files are sufficient)
  • First release of new BLAH blparser for LSF and PBS/Torque (use of batch system status/history commands instead of parsing the log files). However due to some problems found after the first certification, it is suggested to keep using the old parser (i.e. BLPARSER_WITH_UPDATER_NOTIFIER=false, which is the default) which is still fully supported.
  • IPv6 support for BLAH
Several bug fixes, in particular:
  • Fix for a problem with purge (not deleting the job sandbox dir in some cases)
  • Fix for a problem for which there could be at most 32000 active jobs per user
  • Fix for a problem for which the produced accounting logs (used by APEL and DGAS) was not properly filled if the CREAM CE is not the Torque server


Please also have a look at the list of known issues.

This update fixes various bugs. For the full list of bugs, please see list below.

Fixed bugs

Number Description
 #16761 Various possible execution error in BLAH when logging for DGAS
 #29679 AFS token grabbing via gssklog from job wrappers
 #41215 IPv6 bug: non compliant wildcard inet address in source code
 #41216 IPv6 bug: non compliant wildcard inet address in source code
 #41219 IPv6 bug: non compliant wildcard inet address in source code
 #41221 IPv6 bug: non compliant data structure (sockaddr_in ) used
 #41223 IPv6 bug: non compliant name resolving function in source code (gethostbyname)
 #41224 IPv6 bug: non compliant address casting function in source code
 #41226 IPv6 bug: non compliant address casting function in source code (inet_aton)
 #43830 Problems if there are > 32000 active jobs per user on a CREAM CE
 #44307 CREAM job wrapper needs to be made compatible with uberftp 2.0
 #44447 JobType="MPICH" still requires deprecated NodeNumber attribute
 #44849 Cream sometimes recycles the jobid of purged jobs.
 #44888 Issue with CREAM template configuration file
 #44889 Issue with CEMon template configuration file
 #44924 Fixes and enhancements needed for proxy renewal in CREAM
 #45253 executing /opt/glite/libexec/jobwrapper in blah
 #45259 Relevant information about a job like delegationId, gridJobId and worker node name should by logged by CREAM
 #45717 BLParserPBS should consider log lines like "unable to run job"
 #46433 The job wrapper should not try to download the associated delegation proxy if the proxy renewal is not enabled
 #46508 ban-plugin should be initialized in cream-config.xml
 #46589 glite-cream-purger.sh should be removed from CREAM RPM
 #46722 Issue with creation of sandbox dir in CREAM
 #46794 JobPurger should cancel jobs from the database even if the workingDirectory field is not set.
 #47400 Connection timeout for asynchronous commands.
 #47447 Cream doesn't handle the jdl parameter MaxOutputSandboxSize.
 #47461 The jobPurge command must be executed with low priority.
 #48083 CREAM - unhelpful error for glexec problem
 #48144 Problems with purge in CREAM when the mapped group name is different than the VO name
 #48263 Sometimes the jobRegister fails with the error message "cannot store the delegation proxy locally".
 #48302 BLParser should reopen log file with SIGHUP
 #48482 BLParser doesn't send notification if there are very long lines in LSF log files
 #48808 Async commands (e.g. glite-ce-job-cancel ) commands returns the message error: "job status mismatch".
 #49246 JobCancel fails with a generic error.
 #49284 Wrong format for BlackListServicePDP config file
 #49514 Issue with requirements forwarding and 'member' function
 #49557 BLParserLSF problem with lsid at startup
 #49932 Maximum number of active db connections exceeded.
 #50104 JOB_START forgotten by CREAM
 #50163 delegationProxyAdded() fails with a java.lang.NullPointerException.
 #50856 In some cases the exit code of CREAM jobs stay in W forever, and the CEMon notification of the last status is not sent
 #52876 The extra_attribute table in the CREAM DB has no keys/indexes defined
 #53194 Race condition for non privileged registry updates in blah
 #53299 yaim-cream-ce's config_cream_db assumes that the file cream-config.xml exists
 #55615 There is a vulnerability concerning the CREAM CE DB
 #55616 There is a vulnerability concerning the CREAM CE

Updated rpms

Name Version Full RPM name Description
glite-CREAM 3.1.20-0 glite-CREAM-3.1.20-0.i386.rpm gLite metapackage (glite-CREAM)
glite-ce-blahp 1.12.4-0.slc4 glite-ce-blahp-1.12.4-0.slc4.i386.rpm org.glite.ce.blahp (1.12.4)
glite-ce-ce-plugin 1.11.1-13 glite-ce-ce-plugin-1.11.1-13.noarch.rpm The CE plugin is a sensor for the CE monitor service that keeps track of the changes of the CE resource
glite-ce-cream 1.11.1-13 glite-ce-cream-1.11.1-13.noarch.rpm The Computing Resource Execution And Management service is a web application taking care of the any job related operation
glite-ce-job-plugin 1.11.1-13 glite-ce-job-plugin-1.11.1-13.noarch.rpm The CREAM job plugin is a sensor for the CE monitor service that keeps track of the job status changes interacting with the CREAM web application
glite-ce-monitor 1.11.1-13 glite-ce-monitor-1.11.1-13.noarch.rpm The CE monitor service is a web application that publishes information about the Computing Element
glite-yaim-cream-ce 4.0.9-2 glite-yaim-cream-ce-4.0.9-2.noarch.rpm cream CE configuration

The RPMs can be updated using yum via

Service reconfiguration after update

Service must be reconfigured.

Service restart after update

Service must be restarted.

How to apply the fix

  1. Update the RPMs (see above)
  2. Update configuration (see above)
  3. Restart the service if necessary (see above)