EGEE > gLite > gLite 3.1 > lcg-CE > Update to lcg-CE 3.1.32-0

gLite 3.1

lcg-CE - Update to version 3.1.32-0

Date	06.07.2009
Priority	Normal

Description

LCAS/LCMAPS update

Both LCAS and LCMAPS exist in library form only. They need an eco system in which they can live. This used to be the gridftp for example and nowaday glexec is used. This also means that LCAS and LCMAPS are mostly shielded from the end user and that the interaction primarely goes through glexec.
From a site point of view there is the configuration of LCAS and LCMAPS and the end user should have no control over it. Other then that, there is not much more interaction required.

New SCAS service

New Site Central Authorization Service (SCAS). SCAS is a Web Service that allows client programs to query for an authorization decision based upon user credentials to access a particular resource. The SCAS client has been added to the lcg CE.

Updated yaim lcg-ce

New version of the yaim module for the lcg CE containing configuration changes as requested in:

The WN Working Group. See https://twiki.cern.ch/twiki/bin/view/EGEE/WNWorkingGroup (Key item B)
The Installed Capacity Document. See https://twiki.cern.ch/twiki/pub/LCG/WLCGCommonComputingReadinessChallenges/WLCG_GlueSchemaUsage-1.8.pdf (page 13)

It also fixes a series of bugs mainly dealing with:

Service provider configuration
LDIF file fixes

New YAIM variables
===============

The following variables need to be defined by the sys admins (examples are distributed under site-info.def in yaim core but already required by the lcg CE configuration functions)

CE_OTHERDESCR: This YAIM variable is used to set the GlueHostProcessorOtherDescription attribute. The value of this variable MUST be set to: Cores=<typical number of cores per CPU> [, Benchmark=<value>-HEP-SPEC06] where <typical number of cores per CPU> is equal to the number of cores per CPU of a typical Worker Node in a SubCluster. The second value of this attribute MUST be published only in the case the CPU power of the SubCluster is computed using the Benchmark HEP-SPEC06.
CE_CAPABILITY: This YAIM variable is a blank separated list and is used to set the GlueCECapability attribute. In particular, site administrators MUST define the following values: CPUScalingReferenceSI00=<referenceCPU SI00>; the reference CPU SI00 is the internal batch scaling factor used to normalize the GlueCEMaxCPUTime. The <referenceCPU SI00> is expressed in SI00. If internal scaling is not done this capability MUST be published and its value set to the minimum value of the corresponding SubClusters GlueHostBenchmarkSI00. Share=<VO>:<share>; this value is used to express specific VO shares if set. If there is no special share, this value MUST NOT be published. <VO> is the VO name and <share> can assume values between 1 and 100 (it represents a percentage). Please note that the sum of the shares over all WLCG VOs MUST BE less than or equal to 100. The syntax is CPUScalingReferenceSI00=value [Share=vo-name1:value [Share=vo-name2:value [...]]]
SE_MOUNT_INFO_LIST: This YAIM variable is used to set the GlueCESEBindMountInfo attribute for each defined SE. The variable is a space separated list of SE hosts from SE_LIST with the export directory from the Storage Element and the mount directory common to worker nodes part of the Computing Element like SE1:export_dir1,mount_dir1. If any SE from SE_LIST doesn't support he mount concept, don't define anything for that SE in this variable. If this is the case for all the SEs in SE_LIST, put the value none. The GlueCESEBindMountInfo will be in both cases "n.a".

The following are default variables that do not need to be defined, only for advanced configurations:

CLUSTER_HOST: this variable must be set to CE_HOST for the time being. It's defined under INSTALL_ROOT/glite/yaim/defaults/lcg-ce.post.

New version of glite-info-provider-service

The new version contains the templates to publish the gatekeeper and the RTEpublisher services. Only the lcg CE is actually affected by the new change.

Upgrade of GlueCluster.template

The upgrade adds a new Glue attribute, GlueHostProcessorOtherDescription, needed by the lcg CE.

New version of gLExec

The lcg CE is affected by some lcas/lcmaps new versions introduced by this patch.

Please also have a look at the list of known issues.

This update fixes various bugs. For the full list of bugs, please see list below.

Fixed bugs

Number	Description
#33210	[yaim-lcg-ce] Several variables (if missing in site-info.def) are not reported in config_gip_ce
#38985	[ yaim-lcg-ce ] clean lcg-ce.pre variables
#39800	[ yaim-lcg-ce ] config_gip_service_release should be included
#39898	glexec refuses to execute /bin/sh
#40560	[ yaim-lcg-ce ] Implement config_info_service_lcg-ce
#40822	glexec refuses doubly limited proxies
#43983	[ yaim-lcg-ce ] YAIM packages
#44508	Failed to obtain a lock on the destination proxy
#44533	[ yaim-lcg-ce ] lcg-ce gip defaults should change
#45313	Comments on rtepublisher
#45523	Glexec error messages
#45886	[ yaim-lcg-ce ] RTEpublisher configuration should be added into the lcg CE
#45914	glexec and proxy rotation
#45980	[ yaim-lcg-ce ] New variables for the information system
#46148	random error from glexec
#46570	GlueHostProcessorOtherDescription is not present in the GlueCluster.template
#46859	glite-info-templates - Missing variables not reported.
#46861	[ yaim-glexec-wn ] YAIM fails if no pilot users are defined
#46883	[ yaim-glexec-wn ] if SCAS_ENABLED then CONFIG_GRIDMAPDIR should be set to "no"
#47148	SCAS Memory leak fix causes periodic errors
#47152	LCMAPS will fail to succeed in absense of the poolindex value
#47170	[ yaim-glexec-wn ] YAIM should check formatting of GLEXEC_EXTRA_WHITELIST
#47808	glxec seg faults when called from root
#47865	The gatekeeper service provider template has a typo
#48093	[ scas-client ] LCMAPS scas-client plugin fails to read proxy file from NFS
#48095	GLEXEC: target location not accessible should return 201 with proper error message.
#48106	GLEXEC: segfaults when (based on SecGIDs) the system can't provide a groupname
#48167	GLEXEC: seg fault when glexec.conf is malformed
#49493	[CREAM-CE] WN cannot download job executable from CE via gridftp after PPS Update 46
#50570	[LCMAPS saml2-xacml2 plugin] Segmentation fault when X509_USER_PROXY is not defined
#50646	[GLEXEC] glexec -V returns 202 on success
#50983	configuration failed with error "glite-info-service-gatekeeper.conf.template was not found "
#51885	glexec currently uses flock() non-blocking

Updated rpms

Name	Version	Full RPM name	Description
glite-info-provider-service	1.1.4-0	glite-info-provider-service-1.1.4-0.noarch.rpm	glite-info-provider-service
glite-info-templates	1.0.0-11	glite-info-templates-1.0.0-11.noarch.rpm	glite-info-templates
glite-security-lcmaps-plugins-basic	1.3.10-2.slc4	glite-security-lcmaps-plugins-basic-1.3.10-2.slc4.i386.rpm	This package provides the timeslot (fabric openings hours), poolaccount selection, localaccount selection, LDAP enforcement and POSIX enforcement (changing the process ownership to the mapped user
glite-security-lcmaps-plugins-verify-proxy	1.4.2-1.slc4	glite-security-lcmaps-plugins-verify-proxy-1.4.2-1.slc4.i386.rpm	org.glite.security.lcmaps-plugins-verify-proxy v. R_1_4_2_1
glite-security-lcmaps	1.4.7-1.slc4	glite-security-lcmaps-1.4.7-1.slc4.i386.rpm	org.glite.security.lcmaps v. 1.4.7-1
glite-yaim-lcg-ce	4.0.5-6	glite-yaim-lcg-ce-4.0.5-6.noarch.rpm	org.glite.yaim.lcg-ce v. 4.0.5-6
lcg-CE	3.1.32-0	lcg-CE-3.1.32-0.i386.rpm	gLite metapackage (lcg-CE)

The RPMs can be updated using yum via

via apt: yum update
or via a download from:

http://glitesoft.cern.ch/EGEE/gLite/R3.1/lcg-CE/sl4/i386/RPMS.updates/

Service reconfiguration after update

Service must be reconfigured.

Service restart after update

Not needed.

How to apply the fix

Update the RPMs (see above)
Update configuration (see above)
Restart the service if necessary (see above)