09.06.08 - 3.1 Update 26

glite-AMGA_oracle

Torque and Maui

• c - crash
• b - bug fix
• e - enhancement
• f - new feature

• e - redesign how torque.spec is built
• e - added -a to qrun to allow asynchronous job start
• e - allow qrerun on completed jobs
• e - allow qdel to delete all jobs
• e - make qdel -m functionality match the documentation
• b - prevent runaway hellos being sent to server when mom's node is removed from the server's node list
• e - local client connections use a unix domain socket, bypassing inet and pbs_iff

• b - fix a bug where dependent jobs get put on hold when the previous job has completed but its state is still available for life of keep_completed
• b - fixed a bug where pbs_server never delete files from the "jobs" directory
• b - fixed a bug where compute nodes were being put in an indefinite "down" state
• e - added job_array_size attribute to pbs_submit documentation
• b - correctly parse /proc/pid/stat that contains parens (Meier)

• e - improve RPP logging for corruption issues
• f - dynamic resources
• e - use mlockall() in pbs_mom if _POSIX_MEMLOCK
• f - consumable resource "tokens" support (Harte-Hanks)
• f - Linux 2.6 cpuset support
• e - build process sets default submit filter path to ${libexecdir}/qsub_filter we fall back to /usr/local/sbin/torque_submitfilter to maintain compatibility
• e - allow long job names when not using -N
• f - new MOM $varattr config
• e - daemons are no longer installed 700
• e - tighten directory path checks
• f - new mom configs: $auto_ideal_load and $auto_max_load
• e - pbs_mom on Darwin (OS X) no longer depends on libkvm (now works on all versions without need to re-enable /dev/kmem on newer PPC or all x86 versions)
• e - added PBS_SERVER env variable for job scripts
• e - add --about support to daemons and client commands
• f - added qsub -t (primitive job array)
• e - add PBS_RESOURCE_GRES to prolog/epilog environment
• e - add -h hostname to pbs_mom (NCIFCRF)
• e - filesec enhancements (StockholmU)
• e - added ERS and IDS documentation
• e - allow export of specific variables into prolog/epilog environment
• b - change fclose to pclose to close submit filter pipe (ABCC)
• e - add support for Cray XT size and larger qstat task reporting (ORNL)
• b - pbs_demux is now built with pbs_mom instead of with clients
• e - epilogue will only run if job is still valid on exec node
• e - add qnodes, qnoded, qserverd, and qschedd symlinks
• e - enable DEFAULTCKPT torque.cfg parameter
• e - allow compute host and submit host suffix with nodefile_suffix
• f - add --with-modulefiles=[DIR] support
• b - be more careful about broken tclx installs

• b - fix buffer overflow in rm_request, fix 2 printf that should be sprintf (Umea University)
• b - correct updating trusted client list (Yahoo)
• b - Catch newlines in log messages, split messages text (Eygene Ryabinkin)
• e - pbs_mom remote reconfig pbs_mom now disabled by default use $remote_reconfig to enable it
• b - fix pam configure (Adrian Knoth)
• b - handle /dev/null correctly when job rerun

VOMS

• Enabled log rotation on VOMS/VOMS-admin log files (bug 20607)
• Enabled setting of proxy timeout via configuration (bug 17247)
• Enabled usage of voms server hostname (--uri parameter) via configuration

------------------------------------------------------------
Log rotation (Bug 20607)
------------------------------------------------------------

In order to steer the log rotation of voms and voms-admin, 
the following configuration parameters have been added:

voms.logrotate.period
- voms core log files (/var/log/glite/voms.*)
- to specify the rotation period (daily|weekly|monthly)
- default: daily

voms.logrotate.logNumber
- voms core log files (/var/log/glite/voms.*)
- to specify the number of copies to keep
- default: 90

All these parameters are 'advanced parameters' and are pre-configured
parameters so they will be taken into account even if not specified 
in the configuration. So no configuration file needs to be updated 
(if you do not want to update it). They can be set per VO.

------------------------------------------------------------
VOMS proxy timeout period (Bug 17247)
------------------------------------------------------------

voms.proxy.timeout
- The maximum length of the AC's that VOMS will grant
  (in seconds). The default value is 24 hours (=86400s).
  This parameter can be specified separately per VO.
- default: 86400

Parameter is advanced parameter with pre-defined value and can be set per VO.

------------------------------------------------------------

Known issues:

1. The value set for '--uri' does not contain the ':vomsd_port' suffix,
   which is important for voms-proxy-info. 

Possible workarounds:

a) After each execution of 'glite-voms-server-config.py --configure' the 
   voms.conf file for each VO should be adjusted to that the '--uri' 
   option value is in the form:

   voms_server_hostname:vomsd_port

   This could be done automatically with the following script:

   for vo in /opt/glite/etc/voms/*; do
     if [ -d $vo -a -f $vo/voms.conf ]; then
     PORT=$(grep "\-\-port" $vo/voms.conf | cut -f 2 -d "=");
     sed -i -e "s/--uri=\([^:]*\).*/--uri=\1:$PORT/" $vo/voms.conf;
     fi;
   done;

b) Another solution is to patch the glite-voms-server-config.py. This could 
   be done with the following command (copy everything on a single line):

   sed -i -e 
     's/\(\ *\)input\.write("--uri.*/\1input\.write("--uri=%s\:%s\\n" 
     % (self.voms_hostname, self.voms_port))/' 
     /opt/glite/etc/config/scripts/glite-voms-server-config.py

lcg-info

• $LCG_GFAL_INFOSYS can now contain a comma-separated list of BDII endpoints
• slightly improved error messages and option parsing
• the assumption that a GlueSubCluster has the same name of its parent SubCluster is not present anymore
• the --vo <vo> can be expressed with the VO:<vo> and VOMS:<FQAN> syntax
• added several Glue attributes for GlueCE and GlueSubCluster

glite-WMS

glite-VOBOX and lcg-CE

glite-MPI_utils

yum install glite-TORQUE_client glite-MPI_utils torque-mom-2.1.9-4cri.slc4

yum install glite-MPI_utils glite-TORQUE_utils torque-2.1.9-4cri.slc4
            maui-client-3.2.6p19_20.snap.1182974819-4.slc4

29.05.08 - 3.1 Update 25

glite-WMS

• General performances and robustness improvements
• Several bugs fixed
• Bottlenecks analyzed and fixed
• Improved job submission rate and service stability
• Experimental support for JobDir, a mailbox-based persistent communication mechanism between local processes.

• Partitionable/Checkpointable jobs are deprecated.
• NS server and client deprecated and removed from the distribution. This implies that the commands: glite-job-submit, glite-job-list-match, glite-job-output, glite-job-cancel and glite-job-get-chkpt are no more available. [Please, note that the wmproxy counterparts of those commands (glite-wms-job-*) can be used instead.]
• Also the client APIs for JAva and c++ in the packages org.glite.wms-ui.api-cpp, org.glite.wms-ui.api-java and org.glite.wms-ui.wrap-java, which depended on NS have been deprecated. [Please, note that the wmproxy counterparts provided in the packages org.glite.wms.wmproxy-api-* can be used instead.]
• Support for the multi-protocol sandbox file transfer: gsiftp, https.

• Bulk Matchmaking for job collections: single matchmaking for all similar jobs of a collection.
• Asynchronous WMProxy Job Start operation: upon job submission context is returned to user as soon as the request has been accepted by the system. Time consuming operations are carried out behind the scene.
• Direct management of collections instead of relying on DAGMan.

• Added logging-info /status new query options
• Added glite-wms-job-info command: allows getting job information available at the WMS (JDL, associated delegation Id, time to expiration of the associated delegated proxy, etc).
• new query options added to glite-job-logging-info/glite-job-status commands

• VO hook (selection of the middleware version).
• Customization points (for resource admins).
• OSB limit and truncation mechanism.
• Allowing interoperability with OSG.

• DAG job doesn't work
• As reported in the bug #35244, job submission fails when using voms proxies with multiple roles. The workaround is to change the line 24 of the file /opt/glite/etc/lcmaps/lcmaps.db.gridftp from " -mapmin 1" to " -mapmin 0" and the line 33 from " -override_inconsistency" to " -do_not_use_secondary_gids".
• As reported in the bug #36982, the value of IsmBlackList in the WorkloadManager section of /opt/glite/etc/glite_wms.conf has to be changed to avoid submissions to CREAM CE. Please set 'IsmBlackList = {".*8443\/cream.*"};'. This will be fixed in the next WMS configuration (glite-yaim-wms-4.0.1-9).
• As reported in the bug #36669, if the user proxy is mapped to a static account instead of a pool account, the job-list-match command would work, but the job-submit command would fail. As a workaround, only pool accounts should be used. As a configuration example, please have a look into the /opt/glite/yaim/examples/users.conf file provided by the glite-yaim-core package.
• As reported in the bug #35357, if only one file is specified in the OutputSandbox, the method getOutputFileList of WMProxy API Python returns an empty list instead of the file as expected.
• As reported in the bug #36432, on a WMS or LB 3.1 node, the execution of the "/etc/init.d/gLite start" command modifies the terminal setting for the special character erase in the following way:
  Before the execution: erase = ^?; After the execution: erase = ^H;

glite-LB

• follows WMS develoment
• collection itself is not traced once split up into jobs,
• collection state is computed from aggregate subjob state only

• regardless of creating and destroying LB library context, connections to LB server and local logger are cached
• saves re-initializing SSL connections, improving performance considerably

• old, inactive jobs in LB should be purged to avoid ever-growing job database
• data on purged jobs can be stored in JP service which is optimized for long-term storage and historic queries

• fixes of bugs (mostly race conditions and bottlenecks) found in testing under higher load imposed by gLite 3.1 WMS

• As reported in the bug #36336, there are conflicts between different YAIM functions to configure GLITE_LOCATION_VAR causing that LB services can not be stopped and started by daemon scripts. A workaround is to define GLITE_LOCATION_VAR=/var/glite in the file /opt/glite/yaim/defaults/glite-lb.pre before configuring the LB service.
  
• As reported in the bug #36432, on a WMS or LB 3.1 node, the execution of the "/etc/init.d/gLite start" command modifies the terminal setting for the special character erase in the following way:
  Before the execution: erase = ^?; After the execution: erase = ^H;

glite-SGE_utils

• Includes support for DGAS job records
• Now SGE JobManager submits jobs with CE environment using qsub -V (Fix to question raised in bug #33666)
• Now SGE JM can submit qstat queries to different qmaster ports including the "$SGE_QMASTER= '<PORT>'" in the lcgsge.conf JM configuration file.

Other Updates

22.05.08 - 3.1 Update 24

VOMSCERT

YAIM (Job Priorities implementation)

New features (YAIM - Job Priorities implementation) 
---------------------------------------------------

- Create siteinfo rpm: a new option, -p, has been implemented to allow 
creating an rpm with your configuration file directory. This allows to 
reuse the configuration in other nodes by just installing the rpm. 

- Man pages are updated to contain the explanation of the new option. 
The function implementing this feature is called create_siteinforpm. 

- Modify config_vomsmap to take into account that WMS only uses groups.conf 
and not the classic gridmap file anymore. 

- Added _check function in config_host_certs 

- For SITE_HTTP_PROXY changed misleading "myproxy" to "http-proxy". 

- Update in the config_file utility to change "echo" with "yaimlog". 

- Improvement of config_users: allow '-' to explicitly signal the absence of 
a secondary group; skip secondary group if it is equal to the primary group; 
Correction: use "-G" option of "useradd" only when there are secondary groups. 

- Extended users.conf and groups.conf documentation: Improved groups.conf.README 
and users.conf.README 

- The 'requires' utility has been improved to control __GROUP_ENABLE variables. 

- The site-info.def directory permissions should be 700. 


Removed features 
-----------------

- Old version of gridview service configuration has been removed: config_gridview. 

- Removed obsolete "/VO=...../GROUP=" syntax in groups.conf. 


site-info.pre changes 
----------------------

* New variables: 
- FQANVOVIEWS: FQAN VO view publishing. Turned off by default. 

* Removed variables: 
- DPM_DB and DPNS_DB: they are now defined by the DPM yaim module. 


site-info.def changes 
----------------------

* New variables: 
- BDII_BDII_URL: URL of the information producer of the site BDII. 
- USER_HOME_PREFIX: It's an optional variable used to specify a home directory 
for the pool accounts different from /home. The directory must exist in the system. 
YAIM is not creating it. If it doesn't exist, when trying to add the users, 
the yaim command will fail. So sys admins must ensure the directory specified 
by this variable already exists. 
- GLITE_LOCATION_VAR: this is a variable defined by default in site-info.post. 
If the sys admin wants to change the default value ${GLITE_LOCATION}/var, it's 
necessary to declare GLITE_LOCATION_VAR in site-info.def with the desired value. 
It will overwrite the default one and it will become part of the gLite environment. 

* Removed variables: 
- VO_ATLAS_POOL_PATH: this is an obsolete variable. 


Notes on new features
---------------------

* config_vomsdir

The function config_vomsdir creates the following directory structure per supported VO: 

/etc/grid-security/vomsdir/vo_name/voms1_hostname.lsc
/etc/grid-security/vomsdir/vo_name/voms2_hostname.lsc
...
/etc/grid-security/vomsdir/vo_name/vomsN_hostname.lsc

In each VO directory there will be a .lsc file per supported VOMS server containing: 

one line with the VOMS server certificate DN 
one line with the CA DN of the VOMS server certificate 

The DNs are automatically copied from the site-info.def variables: 

VO__VOMSES 
VO__VOMS_CA_DN (present in site-info.def since glite-yaim-core 4.0.3-6) 

The .lsc files will replace the existing lcg-vomscerts rpm. Once config_vomsdir
is run, the files installed by lcg-vomscerts are ignored. This means you have 
to make sure that the mentioned variables are correctly defined. 

It's now possible to select for which VOs we want to create the .lsc files. In order
to do that, the variable VO__VOMS_CA_DN should be defined for the desired VOs. If 
the variable is not defined, nothing will be done. 

The current yaim modules containing config_vomsdir in their function list are: 

glite-yaim-lcg-ce 4.0.3-7 

If you want to automatically configure the .lsc files in other node types, you can run: 

 ./yaim -r -s site-info.def -n glite- -f config_vomsdir 

* FQAN VOView publishing

If you want to enable the FQAN VOView publishing, please remember to define FQANVOVIEWS=yes 
in site-info.def. YAIM will automatically generate the DENY tags. 

Don't change the default value if you actually don't know what you're doing. If you want 
to read more about the Job Priority Working Group please, check their home page in 
http://egee-intranet.web.cern.ch/egee-intranet/NA1/TCG/wgs/priority.htm. 

You can check also this one, to understand the configuration better:
https://twiki.cern.ch/twiki/bin/view/LCG/TorqueCEConfiguration

Please notice that for _GROUP_ENABLE definition the example in site-info.def is wrong, 
the correct way to define it is like 

MYQUEUE_GROUP_ENABLE="ops atlas cms /cms/Susy /atlas/ROLE=production". 

Known issues
------------

- When the permission of site-info.def parent directory is not 700, yaim complains 
that the permission of current directory is not correct. In reality it should complain
about the permissions of the site-info.def directory. This checking will disappear 
in the next release. If you want to get rid of it, please comment lines 211-217 and 
223 in /opt/glite/yaim/bin/yaim. 

- -a option doesn't work properly

- Bug #35373: sites willing to configure the .lsc files can't use vo.d/ directory 
structure to define their VO variables.

- Bug #31288: affecting the syntax checking of site-info.def. This is actually not 
done by yaim and incorrect site-info.def files are actually not detected. 

• EGEE Job Priorities Implementation Plan [Word document]
• Release notes of the gLite patch for Job Priorities implementation [web page]

16.05.08 - 3.1 Update 23

lcg-CE

13.05.08 - 3.1 Update 22

glite-SGE_utils (Sun Grid Engine support for the lcg-CE)

dCache 1.8

glite-security-voms (VOMS Core)

• bug #31476: voms stops adding entries in log file (really, this time) (tracked)
• bug #33259: VOMS-CORE: misleading error message displayed by voms-proxy-init
• bug #33212: VOMS-CORE: missing user-level attribute value in the proxy
• bug #27431: [VOMS] 64 bit compatibility issue: comparison is always true due to limited range of data type
• bug #26832: VOMS incorrectly checks ownership of vomses file
• bug #22437: Problems with voms validation at tomcat startup
• bug #31476: voms stops adding entries in log file (tracked)
• bug #32689: Problem validating Short lived certificates with the new org.glite.voms package
• bug #32262: [voms-1.7.22] Regular crashes! (this turned out to be a duplicate of bug #31476)
• bug #33886: VOMS 1.8.returns roles in the AC even if roles are not requested

• Integrated patch from Apple for MacOSX compilation. From this version, VOMS supports MacOSX as a compilation platform. Patch from Patrick Carlisle.
• Integrated patch from compilation with OpenSSL 0.9.8. Patch from Eamon Kenny & others.
• Implemented the first step of the globus independence plan, as detailed at EGEE 07. Now the server is capable of accepting pure SSL requests as well as GSI requests.
• Implemented logging following requirements of the security logging document. --syslog option is required to activate it.
• The server component now requires versions 3.0.0 of either voms-mysql or voms-oracle, and will refuse to start otherwise.
• There has never been a version 2 of voms-mysql, the version number jumped directly to 3 to harmonize with voms-oracle.
• Now, if it recognizes that the client will be capable to handle it, the OpenSSL version of the base64 encoding is used rather then the homegrown one. voms-proxy-init 1.8.0 and above will be able to recognize it.
• Some backwards compatible changes to the client-server protocol have been made.
• removed segfault in oracle interface following problems in communication with the DB.
• fixed the performance problem found by dimitar in voms-oracle.

• New API added for the C and C++ APIs. VOMS_RetrieveFromFile() and VOMS_Retrieve(FILE*, recurse_type), respectively.
• In the Java APIs, the package name has been changed to org.glite.voms as agreed, to remove conflict with old versions. This will imply though that developers interested in using the Java API will have to change the package name in their import statements.

MPI Support

Dynamic Scheduler

• it discards any ACBR that does not begin with either "VO:" or "VOMS:"
• if there is more than one ACBR left in the list, it only uses the last one in the list, and prints a warning message to standard error and to syslog

Service Information Provider

edg-gridftp-client

• Added a timeout option to the command line tools, with default of 120 seconds. This is the time by which the tool must finish. The man pages were changed correspondingly.
• Check output returned from the gridftp library (in turn supplied by the gridftp server) for carriage return - newline and translate them to newline.
• Catch abort signal and write a small notification to standard error. In any case for exit due to signals make sure a non zero return code is given to the user.
• Stop double printing of error notices during edg-gridftp-ls.
• Restored more descriptive error messages on sl4 (i.e. globus 4) installations, rather than the extra terse form.
• Removed references to the old EDG bugzilla address from the documentation.

lcg-infosites

Other Updates

24.04.08 - 3.1 Update 21

glite-WN

• bug #35948: globus-cass-cache doesn't work on WN after update 20 (glite 3.1)

22.04.08 - 3.1 Update 20

Data Management

• fix problem of replication of a zero-length file improve logging of updatefilestatus method
• DICOM back-end service for DPM
• producing re-buildable source RPMs
• group writable directories when SRM started with umask 0
• DPM-DSI: DPM's gridftp does not allow for ':' in SURL (GGUS ticket #32335)
• support for CKSM (md5 only yet)

• lcg-ls does not work for the classic SE
• lcg-cr glibc memory corruption
• gfal_stat seg. fault with dummy LFN
• lcg-sd doesn't doesn't work with SRMv2 request token
• lcg-gt segmentation fault

• When LFN doesn't exist, lcg-del prints out some strange character as bug #34990.
• lcg-getturls may crash as described by bug #35358. You can use "-p" option to avoid this problem.

lcg-CE

15.04.08 - 3.1 Update 19

glite-UI, glite-VOBOX and glite-WN

• Missing Python path added.
• SignificantAttributes has been added to glite_wms.conf.
• Unneeded entries have been removed from PYTHONPATH.
• Multiples LBs and WMSs can be now declared per VO.
• /tmp/glite/glite-ui is now created.

• VO_<vo_name>_WMS_HOSTS: Space separated list of WMS host names. It's an optional variable. If it's defined it will ignore the WMS_HOST variable in the UI configuration.
• VO_<vo_name>_LB_HOSTS: Space separated list of LB host names. It's an optional variable. If it's defined it will ignore the LB_HOST variable in the UI configuration.

glite-MON

lcg-vomscerts

07.04.08 - 3.1 Update 18

glite-MON

• APEL_PUBLISH_USER_DN If it is set to yes, it will enable UserDN encryption. The default is no. The config_apel_rgma function has been modified to be able to set up the new variable in the configuration file of the APEL publisher.
• GIN_BDII If this is set to yes it will configure GIN to use the site BDII to populate the Glue tables in R-GMA. If set to no it will use the fmon to populate the tables. Default is yes.

[mysqld]
...
...
# set skip-bdb=1 for /etc/init.d/mysql service
skip-bdb=1
...

glite-voms-admin

• Refactored voms-admin-ping script included in the voms-admin-server rpm.
• Added ACL support to command-line client.
• Added ACL management web service (compatible with client >= 2.0.6-1).
• Added Registration web service.

globus upgrade

gLite clients (UI, WN, VOBOX)

DPM 1.6.7-4 update

• group writable directories when SRM started with umask 0 fixed bug #33769: incorrect pool free space after dpm-drain
• SRM v2 and SRMv2.2 new (fixed) behaviour when creating subdirectories with srmMkdir.

1. The parent directory in which the sub-directories are created do not have default ACLs. In this case the umask of the SRM server matters.
   • before this patch all sub-directories are created with permissions 0755 whatever value has the umask.
   • with this patch, all sub-directories are created with permission 0755 if the default system umas is used (022) or 0775 if the umask in the SRM 2.2 startup script is set to 0.
2. The parent directory in which the sub-directories are created have default ACLs specifying group writable. The umask is ignored in this case (Posix behaviour).
   • before this patch, all sub-directories are created with permissions 0755
   • with the patch, all sub-directories are created with the permissions set in the default ACL (0775) in our case.

19.03.08 - 3.1 Update 17

glite-LSF_utils

06.03.08 - 3.1 Update 16

DPM and GFAL update

• lcg-utils creation of subdirectories
• The GLUE AccessControlBaseRule can be based on VOMS FQANs
• GFAL Tests: Return wrong code on success
• Add man pages for gfal_get_ids function

glite-dCache

lcg-CE

glite-BDII

glite-UI and glite-VOBOX

27.02.08 - 3.1 Update 15

lcg-vomscerts

21.02.08 - 3.1 Update 14

glite-MPI_utils

glite-BDII

• Try put tmp dir under $GLITE_LOCATION_VAR or $GLITE_LOCATION/var.
• Read LDIF files directly from disk, not through a pipe.
• Read each LDIF record in one go, not line by line.
• More efficient matching and substitutions.
• Do not sort the entries, as it is not needed for "slapadd".
• Fix for GGUS ticket https://gus.fzk.de/ws/ticket_info.php?ticket=31476.

glite-UI, glite-VOBOX and glite-WN

lcg-CE

glite-TORQUE_server and glite-TORQUE_utils

• There is a new function to configure maui in the TORQUE server. The new function is called config_maui_cfg and it's distributed in glite-yaim-torque-utils.
• This fix implied removing maui configuration from config_torque_server in glite-yaim-torque-server.
• config_torque_submitter_ssh has also been removed from TORQUE_server since it's now called in TORQUE_utils.

-n lcg-CE -n TORQUE_server -n TORQUE_utils
or
-n TORQUE_server -n TORQUE_utils

glite-yaim-core update

• lcg-CE
• glite-SE_dcache_*

• Check whether the info provider file exists.
• Two new variables have been created for GlueSubClusterPhysicalCPUs and GlueSubClusterLogicalCPUs: CE_PHYSCPU and CE_LOGCPU.
• PX_HOST is now defined in config_lcgenv.
• config_gip_only does now take into account GLITE_LOCATION_VAR to create default directories.
• Support for 64bits WN.

• New function config_gridview_se to configure gridview in the SEs.
• config_file has been improved to deal with some problems affecting the information publishing in dCache.
• New yaim core containing necessary configuration changes for the 64bits WN.

• SE_GRIDFTP_LOGFILE: path to gridftp log file.
• CE_PHYSCPU: Total number of physical CPUs in the system.
• CE_LOGCPU: Total number of logical CPUs in the system.

08.02.08 - 3.1 Update 13

glite-UI and glite-VOBOX

gLite 3.1 dCache services

• glite-SE_dcache_admin_gdbm
• glite-SE_dcache_admin_postgres
• glite-SE_dcache_info
• glite-SE_dcache_pool

• fixed ftp doors cleanup
• fixed dcap door miscounting, in case of GSS authentication fails
• extra debug statement in poolManager
• correct reaction on fileNotExist
• fixed file descriptor leak in HSM connectivity
• Some finalization methods have been removed to improve JVM memory management.
• The disk space calculation of the various movers (dcap,ftp...) is now monitored.
• In case a restore from tape fails, the first retry will not be done on the same host.

Globus update

• glite-SE_dpm_disk
• glite-SE_dpm_mysql
• glite-VOBOX
• lcg-CE

• glite-AMGA_postgres
• glite-LFC_mysql
• glite-LFC_oracle
• glite-PX
• glite-UI
• glite-VOMS_mysql
• glite-VOMS_oracle
• glite-WN

25.01.08 - 3.1 Update 12

glite-UI, glite-VOBOX and glite-WN

glite-BDII

24.01.08 - 3.1 Update 11

Services for 64bit Scientific Linux 4 (x86_64)

• glite-LFC_mysql for SL4/32bit (i386): glite-LFC_mysql-3.1.3-0.i386.rpm
• glite-LFC_mysql for SL4/64bit (x86_64): glite-LFC_mysql-3.1.3-0.x86_64.rpm

glite-LFC

glite-SE_dpm

Data Management Clients

• Add gfal_get_ids function to the python SWIG interface
• Bug fix: lcg_utils : wrong errno if BDII host doesn't exist
• Bug fix: [lcg-utils] lcg-lr segmentation fault
• Bug fix: GFAL - incorrect assumptions are made about the content of some attibutes
• Bug fix: Access control string should be VO:<name> or VOMS:<FQAN>.
• Bug fix: GFAL uses obsolete GlueService attributes
• Bug fix: gfal library does not expose request id in user structures
• Bug fix: lcg-cr segmentation fault

• Bug fix: [lcg-utils] lcg-cp and classic SEs problem
• Bug fix: lcg-utils should have an option to avoid using the LFC
• Bug fix: lcg-del gives confusing information
• Bug fix: gfal library does not expose request id in user structures

glite-BDII

18.01.08 - 3.1 Update 10

New gLite 3.1 Services

• glite-AMGA_postgres (Metadata Catalogue)
• glite-PX (Proxy Server)
• glite-VOBOX (VO-specific Services)

• The configuration target name is glite-VOBOX for both 3.0 and 3.1.
• In /opt/glite/yaim/node-info.d there are now the following options,
  • glite-vobox -> 3.1 configuration
  • glite-vobox_30 -> 3.0 configuration
  the choice of which will be handled automatically by yaim.
• The gridftp server is no longer configured in the 3.1 VOBOX as requested by the experiments.
• The users.conf file is distributed by yaim as it is part of yaim core. In its current state, it distributes a list of pool accounts for special users. In the case of the VOBOX, the pool accounts for sgm users present in users.conf should not be used.
• The gip is now configured using the function config_gip_vobox

Data Management

• Fix bug #32016: [lcg-utils] Segmentation fault on lcg-cr with Classic SEs
• Disable --nobdii for Classic SEs
• Fix behaviour of turlfromsfn (error detection)
• Fix bug #15960: lcg-utils should take the VO name from the VOMS proxy (new dependency to VOMS API)
• Add support to several BDII hosts with fail-over mechanism
• Fix bug #14802: GFAL should use new LFC methods getlinks/getreplicas

• Fix bug #32016: [lcg-utils] Segmentation fault on lcg-cr with Classic SEs
• Fix lcg-del for Classic SE

• This update fixes a bug, which prevented handling larger than 2GB files.
• The DPM-interfaces package has been added into the glite-SE_dpm_disk and glite-SE_dpm_mysql metapackages: add new dpm_ functions to the python swig interface!
• The LFC-interfaces package has been added into the glite-LFC_mysql and glite-LFC_oracle metapackages.
• New DPM Configuration: there are small bug fixes, respect to the previous version, no new features.

glite-FTM

glite-info

glite-yaim

• Fix for bug #30200 : correct definition of X509_USER_PROXY variable.
• Fix for bug #28021 : sw dir permissions and ownership.
• Fix for bug #31266 : X509_USER_PROXY is only defined for the UI and not for the VOBOX.
• Fix for bug #31358 : No more leftover files in the TAR_UI

• In the 3.1 VOBOX, the gridftp server is no longer configured.
• There is a new function called config_gip_vobox that configures the gip in the 3.1 VOBOX.

• The function config_java has been removed from the function list of all the 3.1 client nodes.

Other Updates

18.12.07 - 3.1 Update 09

New DPM/LFC version

• a number of bug fixes
• a new DPM Python interface
• new Xroot front-end
• gSOAP 2.6.2 -> 2.7.6b upgrade
• updated YAIM scripts for YAIM v4

New DPM/LFC services

New YAIM version

• In bin/yaim, yaimlog is improved to deal with long messages and multiple line log entries.
• Path to yaim man pages (man yaim is now available).
• Utility function "start_mysql" (instead of two different ones start_mysql and start_mysql_30).
• APEL_HOME is now part of the RGMA client environment. edg-rgma-env.(c)sh has been removed.
• config_vomses function has been improved. It does no longer create the vomses file in the edg location.
• 'requires' also works to refer to VO parameters affecting more than one VOs. It also works for DNS-like VO names. The syntax is VO__<parameter_name>, i.e. VO__VOMSES.
• glite_location_log given a correct value in site-info.post.
• config_gip has been modified for LFC depending on glite 3.0 or 3.1.
• config_vomsmap and config_glite_locallogger have been modified to work with cream CE.
• Correct the path for lsf info provider since newer lsf is under /opt/glite (lcg CE)
• config_glite_initd has been added to the function list of the lcg CE.
• Added test to check whether the node type is a CE in config_gip_sched_plugin_pbs. Otherwise the function is not executed. (glite-yaim-torque-utils)
• Add configuration for cream CE which use different prefix and location for log files in config_apel_pbs. (glite-yaim-torque-utils)
• Move jobmanager configuration from torque utils to lcg CE.

• config_gip_service_release
• config_vomsdir

• config_globus_gridftp is moved to yaim core from yaim-lcg-ce since it is used by lcg CE and VOBOX.
• config_gip_scheduler_plugin is moved to yaim core since it is used by lcg CE and cream CE.
• config_lcas_lcmaps_gt4 is moved to yaim core from yaim-lcg-ce since it is used by lcg CE and SE classic.
• config_jobmanager is now moved from TORQUE utils to lcg CE since other CEs, like the cream CE doesn't use it.

• In configure_node: node type combination checking deleted
• In bin/yaim, installation option removed for gLite 3.1
• Java is no longer configured by YAIM in the lcg CE.

07.12.07 - 3.1 Update 08

--------------------------------------------------------------

gLite 3.1 Update 07 included patch #1389, an update to GFAL/lcg_util.
A serious problem has been found with this patch, whereby lcg-cr 
segfaults with a classic SE endpoint;

https://savannah.cern.ch/bugs/?func=detailitem&item_id=32016

Consequently, this patch has been removed from the production repository.
Sites which have not yet upgraded will not be affected, but sites which 
have already upgraded to the affected rpms should do the following;

# rpm -e --nodeps GFAL-client lcg_util CGSI_gSOAP_2.7 
# yum update glite-WN 

This will roll back to the earlier versions. For the record, 
the rpms removed are;

GFAL-client-1.10.5-1.slc4.i386.rpm
lcg_util-1.6.4-1.slc4.i386.rpm
CGSI_gSOAP_2.7-1.2.1-2.i386.rpm

The release team apologies for this situation.

-------------------------------------------------------------

06.12.07 - 3.1 Update 07

glite-VOMS_mysql and glite-VOMS_oracle

• https://twiki.cern.ch/twiki/bin/view/EGEE/Glite31VOMS
  

• http://www.gridpp.ac.uk/gsvg/advisories/advisory-29334.txt

GFAL-client and lcg_util

• Many bug fixes
• Possibility to specify SE type (se, srmv1, srmv2)
• Possibility to specify space tokens
• Possibility to avoid BDII calls
• Optimized LDAP queries to BDII
• New bulk GFAL functions
• API to query the version of GFAL
• Consistency in user-available GFAL function (prefix is gfal_)
• Updated Python API
• gSOAP 2.6.2 -> 2.7.6b update

• Many bug fixes
• New --version option for the commands
• Possibility to specify SE type (se, srmv1, srmv2)
• Possibility to specify space tokens
• Possibility to avoid BDII calls
• Upgrades Python interface
• Fix bug #28609: LCG-cp (version 1.5.2) can not create directory
• Add lcg-ls command
• Add lcg-getturls command (same as lcg-gt but on several SURLs)
• gSOAP 2.6.2 -> 2.7.6b

Other Updates

• A dependency issue has been fixed in edg-mkgridmap and edg-mkgridmap-conf packages.
• New versions of glite-rgma packages with fixed dependencies affecting glite-UI, glite-WN and lcg-CE node types.
• Missing python libraries have been added on the glite-UI.
• In addition, this release provides an updated version of the a1_grid_env.sh script.

12.11.07 - 3.1 Update 06

lcg-vomscerts

FTS Update for gLite 3.1

BDII for gLite 3.1

• BDII_top
• BDII_site

• https://savannah.cern.ch/bugs/?31176
• https://savannah.cern.ch/bugs/?31177
• https://savannah.cern.ch/bugs/?31178

lcg-CE for gLite 3.1

• The yaim configuration for the batch system's servers is now present also in separated modules.
• To install and configure the lcg CE combined with a TORQUE server on the same node
  # yum install lcg-CE glite-TORQUE_server glite-TORQUE_utils
  # yaim -c -s your-site-info.def -n lcg-CE -n TORQUE_utils -n TORQUE_server
• To install and configure the lcg-CE with a TORQUE server running on a remote host:
  # yum install lcg-CE glite-TORQUE_utils
  # yaim -c -s your-site-info.def -n lcg-CE -n TORQUE_utils
• To install and configure a standalone TORQUE server
  # yum install glite-TORQUE_server glite-TORQUE_utils
  # yaim -c -s your-site-info.def -n TORQUE_server -n TORQUE_utils
• IMPORTANT NOTE, please, respect the configuration target order. The order in the examples has to be followed. It's not a random order.
• There is now a new /opt/glite/yaim/defaults/lcg-ce.pre file where the following variables are defined
  
  X509_VOMS_DIR="/etc/grid-security/vomsdir/"
  X509_CERT_DIR="/etc/grid-security/certificates/"
  X509_HOST_CERT="/etc/grid-security/hostcert.pem"
  X509_HOST_KEY="/etc/grid-security/hostkey.pem"
  GRIDMAPFILE="/etc/grid-security/grid-mapfile"
  GRIDMAPDIR="/etc/grid-security/gridmapdir"
  GROUPMAPFILE="/etc/grid-security/groupmapfile"
  LCMAPS_DEBUG_LEVEL=0
  LCMAPS_LOG_LEVEL=1
  LCAS_DEBUG_LEVEL=0
  LCAS_LOG_LEVEL=1
  
  These variables contain their usual default values. These variables are used by YAIM and do not need to be modified unless the user knows what he is doing.

There are two known issues to note;
• The startup level for globus-gatekeeper and globus-griftp on lcg-CE is enabled, please run "chkconfig globus-gatekeeper on" and "chkconfig globus-gridftp on". In case that you rebooted your lcg-CE, please restart glite-lb-locallogger by "/opt/glite/etc/init.d/glite-lb-locallogger start"
• If you are installing and configuring a standalone TORQUE_server, please remove config_jobmanager_pbs and config_gip_sched_plugin_pbs from /opt/glite/yaim/node-info.d/glite-torque_utils before running YAIM to configure it.

glite-TORQUE_server and glite-TORQUE_utils for gLite 3.1

• glite-TORQUE_utils: "... -n TORQUE_utils" should now be used to indicate the configuration of this node type with yaim.
• glite-TORQUE_utils meta-package should be installed together with a Computing Element to serve torque batch system.

glite-yaim-core

• YAIM 4.0.1 offers now the following new options:
  -- explain : Doesn't perform configuration but explains what the functions are doing by printing out the comments found inside them.
  -- available : Prints out the available configuration targets.
  -- debug : defines a loglevel, which overwrites the value of YAIM_LOGGING_LEVEL defined in site-info.def. Values: 1-7
• A warning message is printed out when the glite CE configuration is called. This version of yaim does no longer configure the glite CE since it's not deployed in production.
• Special comments have been added to most functions to allow for the 'explain' option of the yaim command.
• Only SE_castor is now configurable from node-info.def. All the other node types distribute their configurations in the corresponding yaim module.
• GLITE_LOCATION_VAR, GLITE_LOCATION_LOG and GLITE_LOCATION_TMP are now defined by default in site-info.post
• convert_fqan is now safe against FQANs having no leading "/"
• config_gip has been modified to support the new 3.1 VOBOX
• config_initd has been improved
• Added support in config_mkgridmapdir to read grid/groupmapfile from env variables defined in <node-type>.pre

• config_glite_env just now deletes the old /etc/profile.d/gliteenv.sh since now all the environment should be defined in grid-env.sh
• config_gip_scheduler_plugin is now distributed in yaim lcg CE.

• The following variables have been removed from site-info.def: RB_RLS
• The following variables are new in site-info.def: DPM_INFO_USER and DPM_INFO_PASS
• Variable SITE_HTTP_PROXY is commented out by default in site-info.def.
• Fix for bug #29403 where variable BATCH_LOG_DIR is defined again in site-info.def instead of BATCH_SPOOL_DIR.
• The default value of BDII_HTTP_URL has changed to http://lcg-bdii-conf.cern.ch/bdii-conf/bdii.conf and a comment has been included to check that the URL is actually correct.

• Fix for bug #27146 -> The implemented fix is not very clean and it will be improved in a future release. Read the bug comments for more details.
• Fix for bug #29403 -> Although BATCH_LOG_DIR has been reintroduced in site-info.def, it is not mentioned in any 'requires'. This has to be fixed.

glite-yaim-clients

• the new configuration for the 3.1 VOBOX.
• Fix for patch #1257 in the 3.1 UI.
• Fix for GGUS ticket #10533 in 3.1 WN.
• Fix for bug #28809 in the TAR UI.

Other Updates

• Updated version of lcg-info-provider-software. Moved from mds-vo-name=local to mds-vo-name=resource.
• lcg-tags now features a more user-friendly error reporting by trapping the most common Globus errors. It also tries to change the permissions of the directory containing the tag file and the permissions of the tag file to decrease the chance to have permission problems when using pool accounts.
• A new version of lcg-info introduces support for VOViews, service and site information. Use the --list-attrs option for a full list of the supported attributes.

26.10.07 - 3.1 Update 05

It is advised to verify the consistency between the accounts listed
in YAIM's users.conf, /etc/passwd and /etc/grid-security/gridmapdir.

Accounts that should no longer be used should only be removed when
the service is in scheduled downtime and activity has drained.

To clean up /etc/grid-security/gridmapdir the following procedure
should be applied:

1. cd /etc/grid-security/gridmapdir

2. For any unwanted account name file "abc123" run this command:

        ls -li abc123

3. If the link count is 1, the file can be removed.

4. If the link count is 2, note the inode number of the file and
   run this command:

        ls -li | awk '$1 == inode_number'

   For example:

        ls -li | awk '$1 == 2467912'

   That will report 2 files: the unwanted account name file and
   the file whose name contains '%' characters and represents
   the user mapped to the account.  Both must be removed.