Difference: WMS350UpdatePrecertificationReport (8 vs. 9)

Revision 92013-07-22 - AlviseDorigo

Line: 1 to 1
Changed:
<
<

WMS 3.5.2 EMI3 Update7 pre-certification report

>
>

WMS 3.6.0 EMI3 Update7 pre-certification report

  I installed WMS EMI3 and upgraded with the new RPMs, which are all the affected packages:

glite-wms-configuration-3.6.0-1
glite-wms-common-3.6.0-1
glite-wms-interface-3.6.0-1

The above RPMs in addition to the bugfixes, also contain a new feature (handling of WMS_PEPC_RESOURCEID configuration variable, https://ggus.eu/ws/ticket_info.php?ticket=93831) which affected all 3 above RPMs. This is the reason for minor version increase (3.5.x -> 3.6.0).

check the policies that keep ISBfiles in the WMS after sandbox creation (https://issues.infn.it/jira/browse/WMS-92, https://ggus.eu/tech/ticket_show.php?ticket=87533) Yes / Done
glite-wms-check-daemon wrongly checks ICE status (https://issues.infn.it/jira/browse/WMS-93, https://ggus.eu/tech/ticket_show.php?ticket=93140) Yes / Done
glite_wms_wmproxy_load_monitor needlessly installed with setuid privileges (https://issues.infn.it/jira/browse/WMS-87, https://ggus.eu/ws/ticket_info.php?ticket=94023) Yes / Done
UMD Verification: EMI-3 WMS 3.5.0 Problem with Argus and WMS integration (https://issues.infn.it/jira/browse/WMS-97, https://ggus.eu/ws/ticket_info.php?ticket=92773) Yes / Done
Three major bugs in EMI2 glite-wms-wmproxy 3.4.1-0.sl6 (https://issues.infn.it/jira/browse/WMS-94, https://ggus.eu/ws/ticket_info.php?ticket=94254) Yes / Done
WMProxy and Argus: setting the Argus resource ID (https://issues.infn.it/jira/browse/WMS-85, https://ggus.eu/ws/ticket_info.php?ticket=93831) Yes / Done
Directory /var/condor/spool needs to be created when configuring WMS node (https://issues.infn.it/jira/browse/WMS-104) Yes / Done

BUG VERIFICATION

BUG: check the policies that keep ISBfiles in the WMS after sandbox creation (08/07/2013)
I've installed the update of glite-wms-interface (3.5.0-9), submitted a job and verified that the zipped ISB is not in the job's ISB dir anymore after job start:

dorigoa@cream-08 14:45:06 ~>cat wms_ISB.jdl 
[
Executable = "/bin/sleep" ;
Arguments = "1";
InputSandbox = {"/home/dorigoa/sandboxes/mysandbox_01", "/home/dorigoa/sandboxes/mysandbox_02", "/home/dorigoa/sandboxes/mysandbox_03", "/home/dorigoa/sandboxes/mysandbox_04"};
AllowZippedISB = true;
requirements = RegExp("cream.*", other.GlueCEUniqueID);
RetryCount = 0;
ShallowRetryCount = 1;
MyProxyServer="";
rank  = - other.GlueCEStateEstimatedResponseTime;
]

dorigoa@cream-08 14:58:43 ~>glite-wms-job-submit -a -e https://cream-01.pd.infn.it:7443/glite_wms_wmproxy_server -r cream-27.pd.infn.it:8443/cream-lsf-creamtest1 wms_ISB.jdl

Connecting to the service https://cream-01.pd.infn.it:7443/glite_wms_wmproxy_server


====================== glite-wms-job-submit Success ======================

The job has been successfully submitted to the WMProxy
Your job identifier is:

https://prod-wms-01.pd.infn.it:9000/dEO1-e1yP9zJgtiA32VGWg

==========================================================================

dorigoa@cream-08 14:58:52 ~>ssh cream-01.pd.infn.it -l root
root@cream-01.pd.infn.it's password: 
Last login: Fri Jul  5 16:09:48 2013 from cream-08.pd.infn.it
[root@cream-01 ~]# cd /var/SandboxDir/dE/https_3a_2f_2fprod-wms-01.pd.infn.it_3a9000_2fdEO1-e1yP9zJgtiA32VGWg/
[root@cream-01 https_3a_2f_2fprod-wms-01.pd.infn.it_3a9000_2fdEO1-e1yP9zJgtiA32VGWg]# ls -l input/
total 8844
-rw-r--r-- 1 infngrid002 infngrid   15929 Jul  8 14:58 mysandbox_01
-rwxr-xr-x 1 infngrid002 infngrid   19080 Jul  8 14:58 mysandbox_02
-rwxr-xr-x 1 infngrid002 infngrid 4494144 Jul  8 14:58 mysandbox_03
-rwxr-xr-x 1 infngrid002 infngrid 4494144 Jul  8 14:58 mysandbox_04

BUG: glite-wms-check-daemon wrongly checks ICE status (08/07/2013)

After the upgrade of the component glite-wms-configuration (3.5.0-5) I just executed the following commands on the WMS node (as root):

[root@cream-01 ~]# ps -ef|grep ice
glite    22260     1  0 15:13 ?        00:00:00 /usr/bin/glite-wms-ice-safe --conf glite_wms.conf --daemon /var/run/glite-wms-ice-safe.pid
glite    22264 22260  0 15:13 ?        00:00:00 sh -c /usr/bin/glite-wms-ice --conf glite_wms.conf /var/log/wms/ice_console.log 2>&1
glite    22266 22264  5 15:13 ?        00:00:00 /usr/bin/glite-wms-ice --conf glite_wms.conf /var/log/wms/ice_console.log
root     22304 31124  0 15:13 pts/0    00:00:00 grep ice
[root@cream-01 ~]# /etc/init.d/glite-wms-ice stop
stopping ICE... ok
[root@cream-01 ~]# ps -ef|grep ice
root     22338 31124  0 15:13 pts/0    00:00:00 grep ice
[root@cream-01 ~]# /usr/libexec/glite-wms-check-daemons.sh 
[root@cream-01 ~]# ps -ef|grep ice
root     22432 31124  0 15:14 pts/0    00:00:00 grep ice

ICE has to remain OFF after the execution of glite-wms-check-daemons.sh (because the previous commad /etc/init.d/glite-wms-ice stop is a clean shutdown of it).

BUG: glite_wms_wmproxy_load_monitor needlessly installed with setuid privileges (08/07/2013)

I checked this:

[root@cream-01 ~]# ll /usr/sbin/glite_wms_wmproxy_load_monitor
-rwxr-xr-x 1 root root 22916 Jul  8 14:31 /usr/sbin/glite_wms_wmproxy_load_monitor

No bit "s" (or setuid) anymore.

BUG: UMD Verification: EMI-3 WMS 3.5.0 Problem with Argus and WMS integration (15/07/2013)
I installed on SL5 (cream-01.pd.infn.it) and SL6 (cream-25.pd.infn.it) the official EMI3 WMS. I upgraded the glite-wms-interface rpm to version 3.5.0-9; then I reconfigured both WMSes after had activated argus in the siteinfo:

USE_ARGUS=yes
ARGUS_PEPD_ENDPOINTS="https://cream-46.pd.infn.it:8154/authz"

I restarted both WMSes and submitted succesfully jobs to both WMS services (checking the relevant argus related messages in the WMS server's wmproxy.log logfiles):

dorigoa@cream-08 9:09:13 ~>glite-wms-job-submit -a -e https://cream-25.pd.infn.it:7443/glite_wms_wmproxy_server -r cream-47.pd.infn.it:8443/cream-lsf-creamtest1 wms_basic.jdl

Connecting to the service https://cream-25.pd.infn.it:7443/glite_wms_wmproxy_server


====================== glite-wms-job-submit Success ======================

The job has been successfully submitted to the WMProxy
Your job identifier is:

https://prod-wms-01.pd.infn.it:9000/wGz09dIKLkES6NTqR41HyQ

==========================================================================


dorigoa@cream-08 9:09:15 ~>glite-wms-job-submit -a -e https://cream-01.pd.infn.it:7443/glite_wms_wmproxy_server -r cream-47.pd.infn.it:8443/cream-lsf-creamtest1 wms_basic.jdl

Connecting to the service https://cream-01.pd.infn.it:7443/glite_wms_wmproxy_server


====================== glite-wms-job-submit Success ======================

The job has been successfully submitted to the WMProxy
Your job identifier is:

https://prod-wms-01.pd.infn.it:9000/I-Hsf5f-fPIp7O12WUri6w

==========================================================================

dorigoa@cream-08 9:10:08 ~>ssh root@cream-01.pd.infn.it "grep -B3 -A5 -i argus /var/log/wms/wmproxy.log"
root@cream-01.pd.infn.it's password: 
18 Jul, 09:09:20 -I- PID: 31933 - "wmpcommon::initWMProxyOperation": Remote GRST CRED: VOMS 1374131257 1374174457 0 /dteam/Role=NULL/Capability=NULL
18 Jul, 09:09:20 -I- PID: 31933 - "wmpcommon::initWMProxyOperation": Service GRST PROXY LIMIT: 6
18 Jul, 09:09:20 -I- PID: 31933 - "wmpcommon::initWMProxyOperation": WMProxy instance serving core request N.: 5
18 Jul, 09:09:20 -I- PID: 31933 - "argus_authZ": creating XACML request for argus
18 Jul, 09:09:20 -I- PID: 31933 - "WMPAuthorizer::authorize": Argus returned PERMIT with mapping uid: 18178, gid: 2688
18 Jul, 09:09:20 -I- PID: 31933 - "argus_authZ": creating XACML request for argus
18 Jul, 09:09:21 -I- PID: 31933 - "WMPAuthorizer::authorize": Argus returned PERMIT with mapping uid: 18178, gid: 2688
18 Jul, 09:09:21 -I- PID: 31933 - "wmpcommon::getType": JDL Type: job
18 Jul, 09:09:21 -I- PID: 31933 - "wmpcoreoperations::regist JOB": Registered job id: https://prod-wms-01.pd.infn.it:9000/I-Hsf5f-fPIp7O12WUri6w
18 Jul, 09:09:21 -I- PID: 31933 - "wmpcommon::getType": JDL Type: job

dorigoa@cream-08 9:10:51 ~>ssh root@cream-25.pd.infn.it "grep -B3 -A5 -i argus /var/log/wms/wmproxy.log"
root@cream-25.pd.infn.it's password: 
18 Jul, 09:09:14 -I- PID: 6790 - "wmpcommon::initWMProxyOperation": Remote GRST CRED: VOMS 140734902907978 1374174457 0 /dteam/Role=NULL/Capability=NULL
18 Jul, 09:09:14 -I- PID: 6790 - "wmpcommon::initWMProxyOperation": Service GRST PROXY LIMIT: 6
18 Jul, 09:09:14 -I- PID: 6790 - "wmpcommon::initWMProxyOperation": WMProxy instance serving core request N.: 5
18 Jul, 09:09:14 -I- PID: 6790 - "argus_authZ": creating XACML request for argus
18 Jul, 09:09:14 -I- PID: 6790 - "WMPAuthorizer::authorize": Argus returned PERMIT with mapping uid: 18178, gid: 2688
18 Jul, 09:09:14 -I- PID: 6790 - "argus_authZ": creating XACML request for argus
18 Jul, 09:09:15 -I- PID: 6790 - "WMPAuthorizer::authorize": Argus returned PERMIT with mapping uid: 18178, gid: 2688
18 Jul, 09:09:15 -I- PID: 6790 - "wmpcommon::getType": JDL Type: job
18 Jul, 09:09:15 -I- PID: 6790 - "wmpcoreoperations::regist JOB": Registered job id: https://prod-wms-01.pd.infn.it:9000/wGz09dIKLkES6NTqR41HyQ
18 Jul, 09:09:15 -I- PID: 6790 - "wmpcommon::getType": JDL Type: job

BUG: Three major bugs in EMI2 glite-wms-wmproxy 3.4.1-0.sl6 (15/07/2013)
The fix was made some time ago by M. Cecchi, but I do not know why the issue was still open. The EMI3 "out of the box" WMS already has the fix. Just in case I checked the owner of the files:

[root@cream-25 ~]# ll  /usr/libexec/glite_wms_wmproxy_dirmanager /usr/sbin/glite_wms_wmproxy_load_monitor
-rwsr-xr-x 1 root root 15128 May  3 14:20 /usr/libexec/glite_wms_wmproxy_dirmanager
-rwxr-xr-x 1 root root 22916 May  3 14:20 /usr/sbin/glite_wms_wmproxy_load_monitor
root is the right owner.

BUG: WMProxy and Argus: setting the Argus resource ID
For this fix 3 components have been updated (glite-wms-configuration, glite-wms-common, glite-wms-interface) and after the WMS update a yaim reconfiguration is needed after put of WMS_PEPC_RESOURCEID="..." in the siteinfo.def file. This is my siteinfo:

[root@cream-01 ~]# head siteinfo/site-info.def 
USE_ARGUS=yes
WMS_PEPC_RESOURCEID="pippopluto"
ARGUS_PEPD_ENDPOINTS="https://cream-46.pd.infn.it:8154/authz"

After yaim reconfiguration I got this:

[root@cream-01 ~]# grep -r pippopluto /etc/
/etc/glite-wms/glite_wms.conf:    Wms_Pepc_ResourceId  =  "pippopluto";
/etc/grid-security/gsi-pep-callout.conf:xacml_resourceid pippopluto
I added the "pippopluto" resource ID into the cream-46's Argus server. Then I tried a submission to cream-01 and I checked that it went well; also I checked that the right "pippopluto" string is used by the wmproxy:
18 Jul, 09:26:30 -D- PID: 2701 - "WMPAuthorizer::authorize": Argus authZ using resourceID pippopluto

Everytime the resourceID is changed in the files glite_wms.conf and gsi-pep-callout.conf, all gLite services must be restarted otherwise a random behavior can take place.

BUG: Directory /var/condor/spool needs to be created when configuring WMS node
To test this bug just check the after a removal of the directory /var/condor, a yaim reconfiguration will re-create correctly /var/condor/spool directory:
[root@cream-25 ~]# service gLite stop >& /dev/null
[root@cream-25 ~]# \rm -rf /var/condor
[root@cream-25 ~]#  /opt/glite/yaim/bin/yaim -c -s siteinfo/site-info.def -n WMS >& /dev/null
[root@cream-25 ~]# ls -l /var/condor/
total 28
-rw-r--r-- 1 root  root  3765 Jul 18 09:32 condor_config.local
drwxr-xr-x 2 glite glite 4096 Jul 18 09:31 config
drwxr-xr-x 3 glite glite 4096 Jul 18 09:32 lib
drwxr-xr-x 3 glite glite 4096 Jul 18 09:32 lock
drwxr-xr-x 3 glite glite 4096 Jul 18 09:32 log
drwxr-xr-x 3 glite glite 4096 Jul 18 09:32 run
drwxr-xr-x 3 glite glite 4096 Jul 18 09:32 spool
-- AlviseDorigo - 2013-07-08
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback