The glite-version rpm has changed the architecture to noarch and that creates a problem with the current version of Yum used in SL5 (3.2.19). When installing a service from scratch, that depends on glite-version, the older version is installed. The workaround is to perform a yum update (or yum groupupdate depending on the service) after the installation, then yum will recognize the new version and install it.

The same problem applies to lcg-infosites, and the same workaround should be used.

Note that if you have more than one service installed in the same machine (i.e. glite-WN and glite-TORQUE_client) you will have to remove glite-version before updating (rpm -e glite-version --nodeps) and then run yum (group)update two times to get the proper version installed.

Services affected by glite-version: glite-ARGUS glite-BDII glite-CREAM glite-LFC_mysql glite-LFC_oracle glite-SCAS glite-SE_dpm_disk glite-SE_dpm_mysql glite-TORQUE_client glite-TORQUE_server glite-TORQUE_utils glite-UI glite-VOBOX glite-WN

Services affected by lcg-infosites: glite-UI glite-VOBOX glite-WN

Important note on how to update any service that depends on vdt_globus_essentials

Due to a problem of the versioning scheme used by VDT, upgrading an already existing service that depends on vdt_globus_essentials fails. Using the update command "yum update" or "yum groupupdate" fails with an error message "package vdt_globus_essentials-VDT1.10.1x86_64_rhap_5-3.x86_64 (which is newer than vdt_globus_essentials-VDT1.10.1x86_rhap_5-4.i386) is already installed". The workaround is to uninstall the vdt_globus_essentials rpms manually:

rpm -e --nodeps vdt_globus_essentials-VDT1.10.1x86_rhap_5-3 vdt_globus_essentials-VDT1.10.1x86_64_rhap_5-3

Then execute the "yum update" or "yum groupupdate".

10.11.10 - 3.2 Update 20

glite-ARGUS

New version of glite-ARGUS

The Argus 1.2 release fixes some bugs and implement some new features.

PAP features:

• The pap-admin CLI now implements the obligation management commands 'add-obligation' and 'remove-obligation'. These commands can be used to add/remove obligations to/from existing policies.
• The pap-admin CLI add-policy command now supports the creation of policy containing obligations at resource or action scope.

PEP daemon features:

• The group mapfile now allows DN and FQAN based group names mapping.
• The gridmap POSIX account mapping obligation handler now handles DN and FQAN based account mapping. DN based mapping is preferred upon FQAN based mapping (configurable).
• The gridmap files now support FQAN pattern matching as described in EGEE document https://edms.cern.ch/file/975443/1/EGEE-III-JRA1_FQAN_wildcard_v1.1.pdf
• A new generic grid authorization profile PIP handles both the Grid CE v1.0 and Grid WN v1.0 authorization profiles.

glite-CREAM

New version of glite-CREAM

What's new

• Fixed some problems in the new BLAH blparser for which in some cases jobs were wrongly reported as "lost" (done with reason 999)
• Addressed a performance problem affecting the proxy renewal operation
• PBS submission script created by BLAH is now compliant with newer versions of Torque wrt stagein/stageout directives (-W option)
• CREAM sandbox dir is now relocatable also at yaim level
• Other bug fixes

glite-LB

New version of glite-LB

L&B 2.1 is an evolution of L&B 2.0

What's new

• IPv6 compliance
• Adoption of the common logging format
• Collection aware purging
• WebService interface supporting basic AGU / Glue 2.0
• Advanced authorization with unified configuration
• Elementary native support for CREAM jobs
• Ability to log sandbox transfer progress as a specific job type
• Configuration tuned to allow collocation with WMS
• Job rate and state transition time statistics

05.10.2010 - 3.2 Update 19

glite-BDII_top

First release of glite-BDII_top

This release contains a new meta-package for the top-level BDII service, which obsoletes the glite-BDII metapackage, along with a number of new components and updated components.

The packages glite-info-provider-ldap and glite-info-provider-service have been updated to support Glue 2.0.

glite-BDII_site

New version of glite-BDII_site

This is a minor update of the site-level BDII which fixes a number of minor issues.

glite-VOBOX

New version of glite-VOBOX

This new version of the glite-VOBOX contains the following changes:

• new Glue 2.0 service publisher
• new version of LB clients

glite-APEL

New version of glite-APEL

What's new

• The Limit variable in the publisher configuration file is not compulsory. The default value (300000) will be used if Limit is not set or is not a valid number.
• The APEL publisher won't optimise the database tables when it runs.

26.08.2010 - 3.2 Update 18

glite-BDII

New version of the BDII fixing a bug with the update process. The bug affects top level BDIIs. The BDII now catches two exceptions that were causing the update process to die.

18.08.2010 - 3.2 Update 17

glite-VOMS_oracle

This release also contains a new version of VOMS Admin 2.5 and many new features. For the complete set of release notes, please visit the glite-VOMS_oracle details page.

glite-CREAM

This is a bug fix release that contains among other fixes a solution to the slowly processing of asynchronous commands. For a complete and detailed list of bug fixes, please check the glite-CREAM details page

04.08.2010 - 3.2 Update 16

glite-UI

New version of glite-UI

Highlights of this release include:

• New DPM/LFC 1.7.4-7 clients
• New LB clients
• New CREAM clients
• New FTS clients
• New lcg-infosites
• New version of dCache clients
• New trustmanager/util-java
• Added lcg-ManageVOTags
• New versions of voms and gridsite fixing build errors, no changes in the code.
• Added SAGA adapters

This release includes C++ and Java gLite adapters for the SAGA Service Discovery API. User guides can be found at http://hepunx.rl.ac.uk/egee/sa3-uk/sd/

glite-WN

New version of glite-WN

Highlights of this release include:

• New DPM/LFC 1.7.4-7 clients
• New LB clients
• New dCache clients
• New lcg-infosites
• New yaim-core
• Added glite-wn-info
• Added Hydra clients
• Removed SAM clients
• Various bug fixes affecting the WN
• New versions of voms and gridsite fixing build errors, no changes in the code.
• Added SAGA adapters

This release includes C++ and Java gLite adapters for the SAGA Service Discovery API. User guides can be found at http://hepunx.rl.ac.uk/egee/sa3-uk/sd/

glite-VOBOX

New version of glite-VOBOX

Highlights of this release include:

• VOBOX bug fixes
• New DPM/LFC 1.7.4-7 clients
• New LB clients
• New CREAM clients
• New FTS clients
• New lcg-infosites
• New version of dCache clients
• New trustmanager/util-java
• Added lcg-ManageVOTags
• New versions of voms and gridsite fixing build errors, no changes in the code.

glite-BDII_site

New version of glite-BDII_site

This release contains a new meta-package for the site-level BDII service, which obsoletes the glite-BDII metapackage, along with a number of new components and updated components.

If you are going to update a nodetype with a glite-BDII already installed, please follow this steps:

• Download the repo file of the BDII_site
• Run 'yum install glite-BDII_site'
• Run '/opt/glite/yaim/bin/yaim -c -s site-info.def -n BDII_site'

Note that since this is a new nodetype you cannot use 'yum update'.

If you are going to do a clean installation, the steps are exactly the same as before.

BDII version 5.1 is a major revision that meets the Fedora and Debian packaging guidelines. One of the main impacts to is that some paths used by the BDII have changed.

The packages glite-info-provider-ldap and glite-info-provider-service have been updated to support Glue 2.0.

Two new packages glite-info-site and glite-info-static have been added to simplify the publication of the Site entry and also to provide the publication of the GLUE 2.0 Domain entry. The package glite-info-provider-release has been added to publish the gLite version for this Service.

All the gLite customizations are included in a new packages called bdii-config-site. This significantly reduced the specific configuration required and hence simplifies the YAIM component.

Finally, a new version of glite-yaim-bdii is provided that has been updated to work with all the above changes. As such, yaim needs to be run before this service will function correctly after an upgrade.

Co-hosting

Please beware that co-hosting the new glite-BDII_site node with another node type (e.g. glite-CREAM) has NOT been tested and is NOT supported. For example, the new version of the BDII runs as user "ldap" instead of "edguser" that is still used for the resource BDII on other node types.

21.07.2010 - 3.2 Update 15

glite-FTS_oracle

This is the first release of FTS for gLite 3.2

glite-FTA_oracle

This is the first release of FTA for gLite 3.2

glite-FTM

This is the first release of FTM for gLite 3.2

glite-SE_dpm_mysql

New version of DPM mysql

This release provides a fix for the following bugs:

• Avoid srmv2.2 daemon crash when permission denied on a GetSpaceMetadata?
• Avoid rfio_lseek64 error after hitting eof in pre-read mode
• Avoid crashes in some methods when using Python 2.5

glite-SE_dpm_disk

New version of DPM disk

This release provides a fix for the following bugs:

• Avoid rfio_lseek64 error after hitting eof in pre-read mode
• Avoid crashes in some methods when using Python 2.5

glite-LFC_oracle

New version of LFC oracle

This release provides a fix for the following bugs:

• Avoid crashes in some methods when using Python 2.5

glite-LFC_mysql

New version of LFC mysql

This release provides a fix for the following bugs:

• Avoid crashes in some methods when using Python 2.5

glite-SE_dcache_nameserver_chimera, glite-SE_dcache_srm, glite-SE_dcache_pool, glite-SE_dcache_info

This is the first release of dCache for gLite 3.2

The 1.9.5 series of dCache releases will be supported for the duration of the 2009-2010 LHC run. This release is noticeably faster than previous releases particularly for SRM operations. For this and future releases it is recommended that sites migrate previous PNFS name server installations to the more maintainable Chimera name server.

An incompatibility with the apr rpm from SL5 was detected. If you have dependency problems, please remove it before installing dCache.

30.06.2010 - 3.2 Update 14

glite-SE_dpm_mysql

New version of DPM mysql v1.7.4

Bug fix release with two new features:

• Allow setting of RFIO buffersize on client side.
• Periodic cleanup of historic put, get, copy requests from the dpm database.
• It also allows an easier installation of 32 and 64 bits libraries on 64 bits platforms.

glite-SE_dpm_disk

New version of DPM disk v1.7.4

Bug fix release with one new feature:

• Allow setting of RFIO buffersize on client side.

glite-LFC_mysql

New version of LFC mysql v1.7.4

Bug fix release with two new features:

• SURLs bulk lookup.
• It also allows an easier installation of 32 and 64 bits libraries on 64 bits platforms.

glite-LFC_oracle

New version of LFC oracle v1.7.4

Bug fix release with one new feature:

• SURLs bulk lookup.

There is also an important bug fix:

• Number of DB connections can exceed the number of configured threads because of a missing ROLLBACK WORK RELEASE in closedb.

07.06.2010 - 3.2 Update 13

glite-APEL

Introducing glite-APEL in SL5

This is the new version of the APEL publisher, which keeps all functionalities from previous patches. Changes included in this patch are architectural changes, namely:

• ActiveMQ is used as the new transport mechanism
• Dependency on R-GMA has been removed
• New configuration file for ActiveMQ settings

glite-LB

New version of glite-LB

This is a patch fixing several bugs discovered in L&B 2.0 release:

• L&B Proxy startup scripts have now been fixed
• Computation of job collection status has been fixed to reach terminal state with canceled subjobs
• L&B daemons store PIDs in files
• Compatibility with newer IPv6-compliant L&B clients has been improved
• Replacing client and common m4 macro files with a single file
• The m4 macro has been fixed to accommodate for varying LIBDIR names

glite-CREAM

New version of glite-CREAM

This is an update of the CREAM CE just to fix a bug in util-java affecting the users of the following CAs:

/C=AU/O=APACGrid
/C=IL/O=IUCC
/C=CN/O=HEP

The only difference wrt CREAM CE 1.6 (released with glite 3.2 Update 12) is the fix for this bug.

03.05.2010 - 3.2 Update 12

glite-VOMS_mysql

First VOMS Admin release in SL5

This release also provides many new features, like:

• support for multiple certificate per user
• support for versioned Acceptable Usage Policies management
• membership suspension/expiration/renewal
• support for user requests for group membership, role assignment, membership removal
• support for one click operations (delete, suspend, restore) on multiple users

It is also the first release of VOMS Core in SL5. The main new feature is that it allows clients for it to be written without depending on the globus libraries anymore.

This release includes a new version of yaim-core and the BDII. It also includes a new version of the Trustmanager. Trustmanager and util-java are used for X509 authentication purposes by VOMS-Admin web application and services, therefore a new version of util-java fixing a bug related with the Trustmanager has been included also in this release.

Please check the details page for more information.

glite-SGE_utils

First SGE_utils release in SL5

This new glite-SGE_utils release integrates SGE LRMS with CREAMCE (Version 1.6) in SL5, x86_64. The CREAMCE integration consists in setting up the BLAH configuration to interoperate with SGE.

This release also includes a new version of yaim-core and a new version of APEL with a bug fix for the CPUScalingFactor problem.

Please check the details page for more information.

glite-CREAM

New version of glite-CREAM

The most relevant updates are:

• glexec calls replaced with sudo calls (glexec is used just to get the userid to be used in the sudo invocations)
• For Torque/PBS and LSF by default the new BLAH BLparser (which uses the status/history batch system commands) is now considered. The old parser (which parses the batch system log files) is still supported. If the new blparser is used (default option) it is just necessary to run yaim once (i.e. it is not necessary anymore to first configure the creamCE and then the BLparser).
• Introduced a new operation (queryEvent) to make more efficient the job status changes detection by ICE

This release includes a new version of yaim-core, glite-info-provider-release, APEL, LB, Trustmanager, util-java and BDII.

Workaround: Some dependencies not always updated

Performing a yum update glite-CREAM, it was detected that sometimes glite-jobid-api-c, glite-jobid-api-cpp, glite-lbjp-common-trio, glite-security-gsoap-plugin and glite-security-gss are not correctly updated. Please, verify that yum is installing the new rpms, and if not, execute the following command:

yum update glite-jobid-api-c glite-jobid-api-cpp glite-lbjp-common-trio glite-security-gsoap-plugin glite-security-gss

If you simply do a "yum update" (i.e. without specifying the metapackage) you shouldn't be affected by this issue.

Please check the details page for more information.

27.04.2010 - 3.2 Update 11

glite-BDII

New version of the BDII

This new version includes a new glite-info-provider-ldap. glite-info-provider-ldap 1.2.4 allows up to 10 MB per source and the script itself is now owned by root instead of nobody.

All top-level BDIIs need to be upgraded with high priority, otherwise jobs or users at some sites may no longer see CERN or other big sites included in the information system at some point.

A top-level BDII with the current glite-info-provider-ldap will reject any site that produces more than 5 MB of information system records.

This problem already occurred on April 16, when the BNL site BDII exceeded the 5 MB limit and the site dropped out of all EGEE/WLCG top-level BDIIs.

A known issue has been identied in this release of the BDII. The dependency on glite-info-provider-release is missing, and therefore, any new clean installation wont install this package. This issue will be solve in the next release of the BDII.

15.04.2010 - 3.2 Update 10

glite-GLEXEC_wn

New version of glite-GLEXEC_wn

The changes made in this version are in order to make the code more secure and consist of bug fixes. Every effort is made to preserve backwards compatibility with the previous release 0.6.8-3.

This release also includes a new version of yaim-core

glite-ARGUS

New version of glite-ARGUS

Notes for Release 1.1.0:

• Support for SSL client authentication on all services.
• The mapping obligation handler now correctly leverages posix syscalls to do mapping.
• The mapping is now resolved only when an appropriate obligation is defined in the policy that determines the authorization decision.
• The PDP administrative client now provides a command to force the policy refresh from the PAP
• The PEPD administrative client now provides a command to clear the PDP response cache.
• The PAP, PDP, PEPD shutdown hooks are now protected by a password.
• pap-admin commands now accept certificate subjects in openssl and rfc2253 format and correctly does the translation (to rfc2253 format).
• Implements the XACML Grid WN Authorization Profile v1.0 https://edms.cern.ch/document/1058175

This release also includes a new version of yaim-core

glite-LB

Introducing glite-LB in 3.2

This is the first version of glite-LB introduced in glite 3.2, it corresponds to the next major release of the L&B server.

It's the final outcome of gLite restructuring activity; internal dependencies were cleaned up, and significant portion of the code streamlined and rewritten (in particular full use of transactional database backend) in order to improve performance and stability.

At the protocol level L&B server 2.0 is fully compatible with 1.9 clients, it works (and has been thoroughly tested) with gLite 3.1 services and UI.

User-visible added features are:

• Extended L&B notifications: elementary notifications support (subscription for specific jobids only) was extended with "all user's jobs", "all VO jobs", and "all WMS jobs" options. Filters for optional decreasing the number of notification messages per-job were added, as well as the mechanism tuned to sustain persistent load imposed by high-level monitoring tools.
• Simple interfaces: besides using L&B client library, users can get information on their jobs via web-browser, text ssl clients (curl etc.), and RSS readers.
• Extended authorization: trusted components to log critical events to L&B can be specified, FQANs can be used to define LB superusers.
• Non-intrusive purger: background purge of old jobs is throttled in order not to interfere with normal L&B operation.

L&B 2.0 removes standalone L&B proxy component, it allows running the server in proxy-only or hybrid mode. However, this feature is not applicable for LB-only node, targeted by this patch.

24.03.2010 - 3.2 Update 09

glite-LSF_utils

Introducing glite-LSF-utils in 3.2

This is the first version of glite-LSF-utils for glite 3.2. Please, note that it includes a new apel-core version that now reads the CPUScalingReferenceSI00 value from the site GIIS. If this value is not available, APEL will read GlueHostbenchmarkSI00

glite-GLEXEC_wn, glite-CREAM

New version of LCMAPS pep-c client

This LCMAPS plugin can be configured within the general LCAS/LCMAPS framework to communicate with the Argus framework, see https://twiki.cern.ch/twiki/bin/view/EGEE/AuthorizationFramework

It thus also works as interface between gLExec and Argus.

glite-SE_dpm_mysql, glite-WN, glite-UI, glite-VOBOX, glite-LFC_mysql

New version of LFC and DPM

• Bug 53568, which could cause the DPM's SRM 2.2 server to crash.
• Bug 50686, which meant a malformed request could crash the LFC or the DPNS.
• The xrootd plugin for ALICE for the DPM has been upgraded to version 2.1.0.in order to increase the stability of the service.
• WARNING: There are known issues upgrading from DPM 1.6.x (please check service release notes).

glite-BDII, glite-CREAM, glite-LFC_mysql, glite-LFC_oracle, glite-SE_dpm_mysql, glite-VOBOX

New version of the BDII

This BDII update consolidates a number of fixes to small outstanding issues. Also included is an updated service information provider that enables the BDII to publish itself using the GLUE 2.0 information model.

glite-LFC_mysql, glite-SE_dpm_mysql, glite-UI, glite-WN, glite-VOBOX

Vulnerability fix for bug #54623

Please see the affected services pages for a description.

08.02.2010 - 3.2 Update 08

glite-LFC_oracle

This patch introduces the glite-LFC_oracle metapackage for gLite 3.2

This is version 1.7.3 for both the LFC and DPM. It contains bug fixes for both services with respect to version 1.7.2, in particular:

• Bug 53568, which could cause the DPM's SRM 2.2 server to crash
• Bug 50686, which meant a malformed request could crash the LFC or the DPNS

Other issues which may be noticed by users or administrators:

• DPM will now only publish information regarding static spaces to the information system, rather than information about all spaces.
• dpm-listspaces reports space in units of powers of 1024 for normal user use, to be consistent with other DPM tools. When providing data for the information system quantities are reported in SI units, as required by the glue schema.

The xrootd plugin for ALICE for the DPM has been upgraded to version 2.1.0. As previously, in order to enable xrootd access the xroot daemons must be obtained separately - they are not included in the glite release. Plugin 2.1.0 is intended for use with xrootd-20090729.0855, see: https://twiki.cern.ch/twiki/bin/view/LCG/DpmXrootAccess21

The updated xrootd base is expected to bring increased stability to the service. The DPM plugin is also has updated defaults for some settings, extra authentication settings and uses the most recent ALICE security plugin. See the CHANGES and RELEASE files in the CVS repository for a complete list of changes.

DPM Known issues:

For those upgrading from DPM 1.6.x please check the following for known issues and considerations relating to the database schema change: https://twiki.cern.ch/twiki/bin/view/LCG/DpmVersion170SchemaChange

In case the DPM gridftp fails to startup with the error message:

Starting dpm-gsiftp: /etc/sysconfig/dpm-gsiftp says NO: [FAILED]

please check that your /etc/sysconfig/dpm-gsiftp contains the line:

RUN_DPMFTP="yes"

(for configuration files built from the 1.6 template this setting is missing)

glite-ARGUS

This patch introduces the glite-ARGUS metapackage for gLite 3.2

Documentation can be found on the Argus Wiki site: https://twiki.cern.ch/twiki/bin/view/EGEE/AuthorizationFramework

This site contains instructions on how to install, configure, and administer the system.

Following installation most deployers should:

• Add some basic policies to the policy administration point by means of the pap-admin policy management commands (described in the wiki).
• Once policies have been added the PDP should be restarted. This forces the PDP to reload policies from the PAP. Note, you would not do this in a production environment.
• Finally, use one of the PEP command line tools (either the C or Java one, which is appropriate for your system) to issue some test requests. The C command line tool is very useful if you're testing with existing user certificates while the Java command line tool provides the ability to fake nearly any request by means of the static PIP.

Initial release of the service supporting:

• command line tools for banning of users based on subject DN, primary and secondary FQANs, and VO
• a simplified policy language for creating more expansive policies
• import of remote policies (like a global banning list)
• grid-map based UID/GID mapping using the existing gridmapdir format (this directory may be shared with other processes)

glite-MPI_utils

This patch introduces the glite-MPI_utils metapackage for gLite 3.2

This release of the glite-MPI_utils fixes a long known dependency issue with an incompatible torque library provided by the torque RPM.

There have been several updates to glite-yaim-mpi:

• The YAIM configuration will now look in the YAIM "services" configuration directory for configuration details.
• There have been minor changes to the YAIM MPI configuration scripts which fix some observed problems relating to variable assignment.

The default MPI installation is now OPENMPI, which is provided by the Scientific Linux distribution. Support for MPICH1 and MPICH2 has been discontinued on SL4. MPICH2 is available for SL5.

The supplied OPENMPI packages are compiled with support for Infiniband. If your site does not support infiniband, openmpi will output warnings. To fix this problem at your site, please see: http://xmipp.cnb.csic.es/twiki/bin/view/Xmipp/RemoveOpenMPIWarnings

The affected files are:

SL4: /usr/lib/openmpi/1.2.8-gcc/etc/openmpi-mca-params.conf

SL5: /usr/lib64/openmpi/1.2.7-gcc/etc/openmpi-mca-params.conf

glite-SE_dpm_disk

This patch introduces the glite-SE_dpm_disk metapackage for gLite 3.2

glite-ARGUS, glite-BDII, glite-CREAM, glite-LFC_mysql, glite-LFC_oracle, glite-MPI_utils, glite-SCAS, glite-SE_dpm_disk, glite-SE_dpm_mysql, glite-TORQUE_client, glite-TORQUE_server, glite-TORQUE_utils, glite-UI, glite-VOBOX, glite-WN

New release of yaim core

New release of yaim core containing a set of bug fixes and new features:

• New SAGA adapters. There's a new function called config_glite_saga that configures the SAGA gLite adapters.
• grid environment cleaning mechanism to be able to install different WN tarball versions in the same machine.
• Variables that were wrongly implemented in previous yaim releases are now fixed: CONFIG_GRIDMAPDIR and USER_HOME_PREFIX.
• YAIM doesn't fail when gLite version package is not installed. This is useful for non gLite software using YAIM.
• siteinfo packaging is now fixed (-p option).

New release of glite-version and glue-schema

The new glite-SE_dpm_disk metapackage introduces a new version of:

• glite-version: new version of glite-version introducing a set of new options to print information about the versions of the installed gLite nodetypes, their architecture and their update number. It still prints information about the gLite release (i.e. 3.2.0).
• glue-schema: minor update to change GLUE2PolicyUserDomainForeignKey from being mandatory to optional.

These two packages are also part of other services which are also updated to the new versions with this update,as it can be seen in the service detail pages.

glite-WN, glite-UI, glite-VOBOX

New lcg-infosites version

The new patch is solving the bug 37572. it allows therefore the query to multiple BDIIs

DCAP clients

We have now repackaged the dcap clients.

Major changes include:

• DCAP Dynamic linking to VDT version of globus. This is due to bug. https://savannah.cern.ch/bugs/?49513
• DCAP Packaging for multi architecture support.
• DCAP renaming of packages.
• Obsoletes https://savannah.cern.ch/patch/?3059
• With override to allow forcing active or passive behavior at the environment variable level.

dcache-srmclient

• Clear description of number of streams option in conjunction with server_mode option add consistency when passing passive/active server_mode flag to srmcp.
• Better format "srmcp -help" output
• Fixed bug in srm-get-permissions
• Support ':' as globus port range separator
• Need java >= 1.5
• Removes the WARNING messages

New version of DPM client and LFC clients

The new glite-SE_dpm_disk and glite-LFC_oracle metapackages introduce a new version of DPM client and LFC client respectively.

glite-WN

glite-swat (Site Wide Area Testing) is a replacement for grid-cm (Grid Configuration Monitoring).

Please check https://twiki.cern.ch/twiki/bin/view/EGEE/WorkerNodeConfiguration

Couple of RPMs for client are merged and directory names are changed to reflect the name change.

This update include new test for glexec and a bugfix of grid_voname test for VOs that have dots or dashes in their name.

07.01.2010 - 3.2 Update 07

glite-TORQUE_server, glite-TORQUE_client, glite-TORQUE_utils

Introduction of the glite-TORQUE_utils and glite-TORQUE_server metapackages for gLite 3.2

This update introduces the complete Torque (version 2.3.6) and Maui (version 3.2.6p21) for gLite 3.2 and updates the also the Torque clients. Note that Torque server and client versions have to be the same for a proper setup. Keep this in mind for the case of mixed SL4/SL5 Torque installations.

The most relevant new features are:

• kill_delay has been increased to 10 in the Torque server.
• ssh configuration has been updated in Torque client.
• maui configuration can be now disabled in YAIM. Torque infoproviders now also populate GlueCEPolicyAssignedJobSlots for the GlueCE.

• CONFIG_MAUI: By default is 'yes'. Set it to 'no' if you want to disable the maui configuration in YAIM.
• APEL_MYSQL_HOST: By default is MON_HOST. Change this value if the host where the APEL MySQL DB is installed in a different place than the MON_HOST. Bear in mind that in case you use the default value, which is MON_HOST, but MON_HOST is not defined in site-info.def, YAIM will complain APEL_MYSQL_HOST is not defined.
• CONFIG_TORQUE_NODES: Set it to 'no' if you want to disable the /var/spool/pbs/server_priv/nodes configuration in YAIM.

glite-SCAS

This patch introduces the glite-SCAS (Site Central Authorization Service) metapackage for gLite 3.2.

SCAS is a Web Service that allows client programs to query for an authorization decision based upon user credentials to access a particular resource. For more information please check the service node page https://twiki.cern.ch/twiki/bin/view/EGEE/GliteSCAS. It's also interesting to check the following link about gLexec https://twiki.cern.ch/twiki/bin/view/EGEE/GLExec.

SCAS YAIM configuration

For a description of the YAIM variables needed to configure the SCAS server please visit:
https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables#SCAS

The command to configure SCAS using YAIM is:

./yaim -c -s site-info.def -n SCAS

glite-CREAM

This patch introduces the glite-CREAM metapackage for gLite 3.2.

• first install xml-commons-apis: yum install xml-commons-apis
• then install CREAM yum install glite-CREAM

Due to a problem of the versioning scheme used by VDT, upgrading an already existing gLite 3.2 WN or UI fails. Using the update command "yum groupupdate glite-WN" or "yum groupupdate glite-UI" fails with an error message "package vdt_globus_essentials-VDT1.10.1x86_64_rhap_5-3.x86_64 (which is newer than vdt_globus_essentials-VDT1.10.1x86_rhap_5-4.i386) is already installed". The workaround is to uninstall the vdt_globus_essentials rpms manually:

rpm -e --nodeps vdt_globus_essentials-VDT1.10.1x86_rhap_5-3 vdt_globus_essentials-VDT1.10.1x86_64_rhap_5-3

Then do "yum groupupdate glite-WN" or "yum groupupdate glite-UI".

glite-GLEXEC_wn

This patch introduces the glite-GLEXEC_wn metapackage for gLite 3.2.

YAIM update:

The YAIM module is capable of configuring multiple SCAS endpoints for fail-over and fault tolerance reasons.

Configure SCAS_ENDPOINTS as a whitespace delimited variable with multiple unwhitespaced values to setup multiple endpoints, example:

SCAS_ENDPOINTS="https://scas1.site.com:8443/ https://scas2.site.com:8443/"

which results in lcmaps.db like:

scasclient = "lcmaps_scas_client.mod"
"-capath /etc/grid-security/certificates"
"--endpoint https://scas1.site.com:8443"
"--endpoint https://scas2.site.com:8443"
"-resourcetype wn"
"-actiontype execute-now" 


Verify Proxy:
 
Upgrading certificate chain depth limit to the depth of the certificate chain. The OpenSSL library seems to have a build in limit of
9 certificates. This means that the verify-proxy will fail when having to check more then 9 certificate (including the CA, 
personal/service and proxies). This limit has been raised to be equal then the certificate chain itself.

The new maximum amount of delegations used by verify-proxy (using gLExec as a frontend) is roughly 200 delegations when using 1024 keys.
The next upperlimit is the 1MB limit of a maximum proxy file size being read by gLExec. Which is quite a safe limit. Other tools might 
not provide this limitation and the verify-proxy should be able to check a certificate chain as big as the memory of a machine can hold it.

A problem surfaced with the code change and it could only handle single level CAs. CAs that have a subordinate or intermediate CA that perform
the EEC signing are now supported again.

When your proxy certificate's DNs grows too large due to the use of the expanding DNs with every delegation step, then the log messages could
overflow a buffer. This is solved by truncating the log message properly. This effect has shown to happen when testing the proxy verification
with more then ~35 proxy delegations. 


Platform support:

LCMAPS is available on all 32 and 64 bit platforms for SL4, SL5, debian4 and debian5.

saml2-xacml2-c-lib is able to be build on all 32 and 64 bit platforms for SL4, SL5 and debian4. The incompatibility for debian5 64bit will
be fixed in a next release). As a result, the SCAS client and SCAS service can't build on more platforms then these platforms.

The SCAS service and SCAS Client packages can be build on an equal amount of platforms as the saml2-xacml2-c-lib. Currently on all 32 and
64 bit platforms for SL4, SL5 and debian4*.

* Upstream build issues on the debian4 platform can't be resolved, but the nightly builds were successful on debian4 32 and 64 bit.


LCAS:

- Solved segmentation faults when a malformed proxy was provided by the calling library or application.

- When using the lcas_pem interface (used by gLExec, SCAS and third parties) a wrong individual certificate was selected. It was first
  delegation that was selected and not the final delegation of the certificate chain. This also disturbed the call to the voms-api from a
  plugin which use the certificate and certificate chain.

- The extraction of the user's subject DN has been replaced. The Globus code calculates the RDN count of the individual certificate and 
  strips of the amount of RDNs equal to the amount of delegations. This process is error prone, causes seg.faults when used in a wrong way,
  overly complex. It's replaced by a safer approach which has been used in LCMAPS for years.


LCAS & LCMAPS Syslog problem:
Not all information was written properly to Syslog. This is improved. It's still not fully the same. Big differences might still be noticed
between the two log destinations. A lot of interesting messages are now published in syslog. The information that is left in the gap will be
investigated, but the fix is should let the syslog contain sufficient information to be able to debug LCAS and LCMAPS failure conditions.
All the information that was masked to not be send to the syslog level '0' (zero, meaning a system broadcast) is prevented by restamping the
log severity to LOG_ERR.

13.10.2009 - 3.2 Update 06

glite-UI, glite-VOBOX

glite-VOBOX

22.09.2009 - 3.2 Update 05

glite-BDII, glite-LFC_mysql, glite-SE_dpm_mysql, glite-TORQUE_client, glite-UI, glite-WN

• UNPRIVELEGED_GRIDMAPFILE per VO: This variable was before defined per site and now it can be configured per VO.
• USER_HOME_PREFIX per VO: This variable was before defined per site and now it can be configured per VO.
• EDG_HOME_DIR, EDGINFO_HOME_DIR and BDII_HOME_DIR: The home directories of system accounts can be now be configured. The suggestion is to define them as /var/lib/user_name but YAIM has left the default under /home.
• GRIDFTP_CONNECTIONS_MAX: It has been increased from 50 to 150.

glite-UI, glite-WN

glite-WN

glite-BDII, glite-LFC_mysql, glite-SE_dpm_mysql

27.07.2009 - 3.2 Update 04

glite-BDII

This version fixes an issue observed with glite-BDII 3.2.1-0 at some production sites and reported with (GGUS:50372): it was noticed that in particular conditions a site could disappear from the top-level BDII if the 'GlueTop' attribute is removed from the services they publish.

If you have this version deployed at your top-level BDII, please upgrade asap.

glite-DPM_mysql, glite-UI, glite-WN, glite-BDII

glite-WN

• myproxy client
• python-ldap

glite-BDII, glite-DPM_mysql, glite-LFC_mysql glite-TORQUE_client, glite-UI, glite-WN

• The creation of users specifying a home directory wasn't working. This is fixed now.
• GLOBUS_TCP_PORT_RANGE is not defined for the WN and it's properly defined for the TAR UI.
• MYPROXY_TCP_PORT_RANGE is not defined any more.
• YAIM checks whether fetch-crl is installed and fails otherwise.
• groups.d structure is now available for all the node types.

glite-LFC_mysql, glite-UI, glite-WN

glite-UI, glite-WN

29.06.2009 - 3.2 Update 03

glite-BDII

14.06.2009 - 3.2 Update 02

glite-UI

Important note for glite-WN

23.03.2009 - 3.2 Update 01

glite-WN, glite-TORQUE_client