gLite > gLite 3.1 > glite-SCAS > Update to glite-SCAS 3.1.1-0  
 
 

 

 

gLite 3.1

glite-SCAS - Update to version 3.1.1-0


Date 06.07.2009
Priority Normal

Description



LCAS/LCMAPS update

Both LCAS and LCMAPS exist in library form only. They need an eco system in which they can live. This used to be the gridftp for example and nowaday glexec is used. This also means that LCAS and LCMAPS are mostly shielded from the end user and that the interaction primarely goes through glexec.
From a site point of view there is the configuration of LCAS and LCMAPS and the end user should have no control over it. Other then that, there is not much more interaction required.

New SCAS service

New Site Central Authorization Service (SCAS). SCAS is a Web Service that allows client programs to query for an authorization decision based upon user credentials to access a particular resource. For more information please check the service node page.

SCAS YAIM configuration
===================

For a description of the YAIM variables needed to configure the SCAS server please visit: SCAS configuration variables.

The command to configure SCAS using YAIM is:
./yaim -c -s site-info.def -n SCAS

New version of gLExec

SCAS is affected by some lcas/lcmaps new versions introduced by this patch.



Please also have a look at the list of known issues.

This update fixes various bugs. For the full list of bugs, please see list below.

Fixed bugs

Number Description
 #39898 glexec refuses to execute /bin/sh
 #40822 glexec refuses doubly limited proxies
 #44508 Failed to obtain a lock on the destination proxy
 #45523 Glexec error messages
 #45914 glexec and proxy rotation
 #46148 random error from glexec
 #46861 [ yaim-glexec-wn ] YAIM fails if no pilot users are defined
 #46883 [ yaim-glexec-wn ] if SCAS_ENABLED then CONFIG_GRIDMAPDIR should be set to "no"
 #47148 SCAS Memory leak fix causes periodic errors
 #47152 LCMAPS will fail to succeed in absense of the poolindex value
 #47170 [ yaim-glexec-wn ] YAIM should check formatting of GLEXEC_EXTRA_WHITELIST
 #47808 glxec seg faults when called from root
 #48093 [ scas-client ] LCMAPS scas-client plugin fails to read proxy file from NFS
 #48095 GLEXEC: target location not accessible should return 201 with proper error message.
 #48106 GLEXEC: segfaults when (based on SecGIDs) the system can't provide a groupname
 #48167 GLEXEC: seg fault when glexec.conf is malformed
 #49493 [CREAM-CE] WN cannot download job executable from CE via gridftp after PPS Update 46
 #50570 [LCMAPS saml2-xacml2 plugin] Segmentation fault when X509_USER_PROXY is not defined
 #50646 [GLEXEC] glexec -V returns 202 on success
 #51885 glexec currently uses flock() non-blocking

Updated rpms

Name Version Full RPM name Description
edg-mkgridmap-conf 3.0.0-1 edg-mkgridmap-conf-3.0.0-1.noarch.rpm edg-mkgridmap configuration files
edg-mkgridmap 3.0.0-1 edg-mkgridmap-3.0.0-1.noarch.rpm A tool to build the grid-mapfile
fetch-crl 2.7.0-1 fetch-crl-2.7.0-1.noarch.rpm Tool for periodic retrieval of Certificate Revocation Lists
glite-SCAS 3.1.1-0 glite-SCAS-3.1.1-0.i386.rpm gLite metapackage (glite-SCAS)
glite-security-lcas-interface 1.3.6-3.slc4 glite-security-lcas-interface-1.3.6-3.slc4.i386.rpm org.glite.security.lcas-interface v. 1.3.6-3
glite-security-lcas-plugins-basic 1.3.2-3.slc4 glite-security-lcas-plugins-basic-1.3.2-3.slc4.i386.rpm This package contains three basic authorization plugins for LCAS: 1) allow-user module (currently the gridmapfile is used) 2) ban-user module 3) timeslots availability module
glite-security-lcas-plugins-voms 1.3.4-5.slc4 glite-security-lcas-plugins-voms-1.3.4-5.slc4.i386.rpm org.glite.security.lcas-plugins-voms v. 1.3.4-5
glite-security-lcas 1.3.7-2.slc4 glite-security-lcas-1.3.7-2.slc4.i386.rpm org.glite.security.lcas v. 1.3.7-2
glite-security-lcmaps-plugins-basic 1.3.10-2.slc4 glite-security-lcmaps-plugins-basic-1.3.10-2.slc4.i386.rpm This package provides the timeslot (fabric openings hours), poolaccount selection, localaccount selection, LDAP enforcement and POSIX enforcement (changing the process ownership to the mapped user
glite-security-lcmaps-plugins-voms 1.3.7-5.slc4 glite-security-lcmaps-plugins-voms-1.3.7-5.slc4.i386.rpm This package provides the LCMAPS plugins for specialised VOMS handling: voms_localaccount, voms_localgroup, voms_poolgroup and voms_poolacount. (It is recommended to use the voms_localgroup and voms_poolaccount)
glite-security-lcmaps 1.4.7-1.slc4 glite-security-lcmaps-1.4.7-1.slc4.i386.rpm org.glite.security.lcmaps v. 1.4.7-1
glite-security-saml2-xacml2-c-lib 0.0.14-2.slc4 glite-security-saml2-xacml2-c-lib-0.0.14-2.slc4.i386.rpm org.glite.security.saml2-xacml2-c-lib
glite-security-scas 0.2.6-1b.slc4 glite-security-scas-0.2.6-1b.slc4.i386.rpm Site Central Authorization Service, based on SAML2-XACML2
glite-security-voms-api-cpp 1.8.12-1.slc4 glite-security-voms-api-cpp-1.8.12-1.slc4.i386.rpm org.glite.security.voms-api-cpp v. 1.8.12.1
glite-security-voms-api-c 1.8.12-1.slc4 glite-security-voms-api-c-1.8.12-1.slc4.i386.rpm org.glite.security.voms-api-c v. 1.8.12.1
glite-version 3.1.0-1.slc4 glite-version-3.1.0-1.slc4.i386.rpm glite-version
glite-yaim-core 4.0.7-9 glite-yaim-core-4.0.7-9.noarch.rpm YAIM core package
glite-yaim-scas 1.0.0-12 glite-yaim-scas-1.0.0-12.noarch.rpm scas service yaim module
gridsite-shared 1.1.18.1-1 gridsite-shared-1.1.18.1-1.i386.rpm GridSite shared library and core documentation
vdt_globus_essentials VDT1.6.1x86_rhas_4-9 vdt_globus_essentials-VDT1.6.1x86_rhas_4-9.i386.rpm Virtual Data Toolkit

The RPMs can be updated using yum via

Service reconfiguration after update

Since this is the first SCAS release, the SCAS needs to be configured after the installation.

Service restart after update

Since this is the first SCAS release, the SCAS needs to be configured after the installation.

How to apply the fix

  1. Install the RPMs (see above)
  2. Run the configuration (see above)
  3. Restart the service if necessary (If not using YAIM)