EGEE Web>SA3>EGEECertification>SA3Testing>CertificationReportForPatch4496 (2010-11-03, FrantisekDvorak)

Certification Report for Patch 4496 (GridSite 1.1.21, SLC4, 64-bit)

Certification Report for Patch 4496 (GridSite 1.1.21, SLC4, 64-bit)

Origins

Build Report	http://etics-repository.cern.ch/repository/download/registered/OverallReports/org.glite/org.gridsite/1.1.21-1/slc4_x86_64_gcc346/reports.tar.gz/-/reports/index.html
YUM repo file	http://etics-repository.cern.ch/repository/pm/registered/repomd/id/346fd485-0620-443b-91cd-8a372e1a9853/slc4_x86_64_gcc346/etics-registered-build-by-id-protect.repo
Patch	https://savannah.cern.ch/patch/?4496
Components	`org.gridsite` subsystem
Status	Certified

Clean installation

Environment

Clean SLC4 installation according to gLite guidelines (CA certificates, ...). Apache WebServer and mod_ssl installed by calling yum -y install httpd mod_ssl

Process

yum -c http://etics-repository.cern.ch/repository/pm/registered/repomd/id/346fd485-0620-443b-91cd-8a372e1a9853/slc4_x86_64_gcc346/etics-registered-build-by-id-protect.repo install -y gridsite-apache gridsite-commands gridsite-debuginfo gridsite-devel gridsite-gsexec gridsite-shared
# required workaround due to the bug #48458
yum install dummy-ca-certs
yum install -y httpd mod_ssl
sed -e '1,$s!/usr/lib/httpd/modules/!modules/!' /usr/share/doc/gridsite-*/httpd-webserver.conf | sed 's!/var/www/html!/var/www/htdocs!' | sed "s/FULL.SERVER.NAME/$(hostname -f)/" | sed "s/\(GridSiteGSIProxyLimit\)/# \1/"> /tmp/httpd-webserver.conf
echo "AddHandler cgi-script .cgi" >> /tmp/httpd-webserver.conf
echo "ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi" >> /tmp/httpd-webserver.conf
mkdir /var/www/htdocs
httpd -f /tmp/httpd-webserver.conf

Full output of the installation

[root@vtb-generic-80 ~]# yum -c http://etics-repository.cern.ch/repository/pm/registered/repomd/id/346fd485-0620-443b-91cd-8a372e1a9853/slc4_x86_64_gcc346/etics-registered-build-by-id-protect.repo install -y gridsite-apache gridsite-commands gridsite-debuginfo gridsite-devel gridsite-gsexec gridsite-shared
Setting up Install Process
Setting up repositories
CA                        100% |=========================|  951 B    00:00     
sl-base                   100% |=========================| 1.1 kB    00:00     
sl-errata                 100% |=========================| 1.9 kB    00:00     
INTERNAL                  100% |=========================|  951 B    00:00     
ETICS-registered-build-34 100% |=========================|  764 B    00:00     
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package gridsite-devel.x86_64 0:1.1.21-1.slc4 set to be updated
---> Package gridsite-debuginfo.x86_64 0:1.1.21-1.slc4 set to be updated
---> Package gridsite-shared.x86_64 0:1.1.21-1.slc4 set to be updated
---> Package gridsite-gsexec.x86_64 0:1.1.21-1.slc4 set to be updated
---> Package gridsite-apache.x86_64 0:1.1.21-1.slc4 set to be updated
---> Package gridsite-commands.x86_64 0:1.1.21-1.slc4 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 gridsite-apache         x86_64     1.1.21-1.slc4    ETICS-registered-build-346fd485-0620-443b-91cd-8a372e1a9853-slc4_x86_64_gcc346   96 k
 gridsite-commands       x86_64     1.1.21-1.slc4    ETICS-registered-build-346fd485-0620-443b-91cd-8a372e1a9853-slc4_x86_64_gcc346   51 k
 gridsite-debuginfo      x86_64     1.1.21-1.slc4    ETICS-registered-build-346fd485-0620-443b-91cd-8a372e1a9853-slc4_x86_64_gcc346  204 k
 gridsite-devel          x86_64     1.1.21-1.slc4    ETICS-registered-build-346fd485-0620-443b-91cd-8a372e1a9853-slc4_x86_64_gcc346   50 k
 gridsite-gsexec         x86_64     1.1.21-1.slc4    ETICS-registered-build-346fd485-0620-443b-91cd-8a372e1a9853-slc4_x86_64_gcc346   12 k
 gridsite-shared         x86_64     1.1.21-1.slc4    ETICS-registered-build-346fd485-0620-443b-91cd-8a372e1a9853-slc4_x86_64_gcc346   82 k

Transaction Summary
=============================================================================
Install      6 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         
Total download size: 495 k
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: gridsite-shared              ######################### [1/6] 
  Installing: gridsite-devel               ######################### [2/6] 
  Installing: gridsite-debuginfo           ######################### [3/6] 
  Installing: gridsite-gsexec              ######################### [4/6] 
  Installing: gridsite-apache              ######################### [5/6] 
  Installing: gridsite-commands            ######################### [6/6] 

Installed: gridsite-apache.x86_64 0:1.1.21-1.slc4 gridsite-commands.x86_64 0:1.1.21-1.slc4 gridsite-debuginfo.x86_64 0:1.1.21-1.slc4 gridsite-devel.x86_64 0:1.1.21-1.slc4 gridsite-gsexec.x86_64 0:1.1.21-1.slc4 gridsite-shared.x86_64 0:1.1.21-1.slc4
Complete!
[root@vtb-generic-80 ~]# # required workaround due to the bug #48458
[root@vtb-generic-80 ~]# yum install dummy-ca-certs
Loading "kernel-module" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Nothing to do
[root@vtb-generic-80 ~]# yum install -y httpd mod_ssl
Loading "kernel-module" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Nothing to do
[root@vtb-generic-80 ~]# sed -e '1,$s!/usr/lib/httpd/modules/!modules/!' /usr/share/doc/gridsite-*/httpd-webserver.conf | sed 's!/var/www/html!/var/www/htdocs!' | sed "s/FULL.SERVER.NAME/$(hostname -f)/" | sed "s/\(GridSiteGSIProxyLimit\)/# \1/"> /tmp/httpd-webserver.conf
[root@vtb-generic-80 ~]# echo "AddHandler cgi-script .cgi" >> /tmp/httpd-webserver.conf
[root@vtb-generic-80 ~]# echo "ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi" >> /tmp/httpd-webserver.conf
[root@vtb-generic-80 ~]# mkdir /var/www/htdocs
mkdir: cannot create directory `/var/www/htdocs': File exists
[root@vtb-generic-80 ~]# httpd -f /tmp/httpd-webserver.conf

Tests

Ping Tests

Process:

cvs -d:pserver:anonymous@glite.cvs.cern.ch:/cvs/glite co org.glite.testsuites.ctb/gridsite
cd org.glite.testsuites.ctb/gridsite/tests
./ping-remote.sh `hostname -f` --html

Output:

[root@forkys-sl34 tests]# ./ping-remote.sh `hostname -f` --html

Nov 03 14:18:26 vtb-generic-80.cern.ch ping-remote.sh:    start
Testing if all binaries are available   done
Testing ping to Apache server vtb-generic-80.cern.ch   done
Testing Apache server at vtb-generic-80.cern.ch:443   done
Nov 03 14:18:28 vtb-generic-80.cern.ch ping-remote.sh:    end

TestPlan Tests

https://twiki.cern.ch/twiki/bin/view/EGEE/GridSiteTestPlan

READ (Read Permissions)

[root@vtb-generic-80 tests]# cat >/var/www/htdocs/test.html <<EOF
> <html><body><h1>Hello Grid</h1></body></html>
> EOF
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[root@vtb-generic-80 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <any-user/>
>       <allow><read/></allow>
>   </entry>
> </gacl>
> EOF
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[root@vtb-generic-80 tests]# [ "$code" = "200" ] && echo "OK"
OK
[root@vtb-generic-80 tests]#

Get index (list & read permissions)

[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> https://$(hostname -f)/`
[root@vtb-generic-80 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/><list/></allow>
>   </entry>
> </gacl>
> EOF
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> https://$(hostname -f)/`
[root@vtb-generic-80 tests]# [ "$code" = "200" ] && echo "OK"
OK

WRITE & DELETE (write permissions)

[root@vtb-generic-80 tests]# rm -f /var/www/htdocs/.gacl /var/www/htdocs/test.txt
[root@vtb-generic-80 tests]# date > /tmp/test.txt
[root@vtb-generic-80 tests]# chown apache /var/www/htdocs/
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
[root@vtb-generic-80 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><write/></allow>
>   </entry>
> </gacl>
> EOF
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
[root@vtb-generic-80 tests]# cmp -s /tmp/test.txt /var/www/htdocs/test.txt
[root@vtb-generic-80 tests]# [ $? -eq 0 -a "$code" = "201" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# mv  /var/www/htdocs/.gacl /var/www/htdocs/.gacl.bak
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> -X DELETE https://$(hostname -f)/test.txt`
[root@vtb-generic-80 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# mv /var/www/htdocs/.gacl.bak /var/www/htdocs/.gacl
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> -X DELETE https://$(hostname -f)/test.txt`
[root@vtb-generic-80 tests]# [ "$code" = "200" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# chown root /var/www/htdocs

Check the attributes and passed on to the environment

[root@vtb-generic-80 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/></allow>
>   </entry>
> </gacl>
> EOF
[root@vtb-generic-80 tests]# cat >/var/www/htdocs/test.cgi <<EOF
> #!/bin/sh                                                                                                                                    
> echo 'Content-type: text/plain'                                                                                                              
> echo                                                                                                                                         
> printenv
> EOF
[root@vtb-generic-80 tests]# chmod +x /var/www/htdocs/test.cgi
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /tmp/gridsite.log --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.cgi`
[root@vtb-generic-80 tests]# [ "$code" = "200" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# grep "^GRST_" /tmp/gridsite.log 2>/dev/null
GRST_ACL_FORMAT=GACL
GRST_DN_LISTS=/etc/grid-security/dn-lists/:/var/www/htdocs/dn-lists/
GRST_DISK_MODE=0x0600
GRST_HEAD_FILE=gridsitehead.txt
GRST_PERM=1
GRST_CRED_0=X509USER 1285776375 1317312375 0 /DC=ch/DC=cern/OU=computers/CN=vtb-generic-80.cern.ch
GRST_EDITABLE= txt shtml html htm css js php jsp 
GRST_GSIPROXY_LIMIT=1
GRST_DN_LISTS_URI=/dn-lists/
GRST_FOOT_FILE=gridsitefoot.txt
GRST_DIR_PATH=/var/www/htdocs
GRST_ADMIN_FILE=gridsite-admin.cgi
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK

Test the basic commands (htcp, htls, htmkdir, htmv, htrm)

[root@vtb-generic-80 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/><write/><list/></allow>
>   </entry>
> </gacl>
> EOF
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# chown apache /var/www/htdocs/
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# date > /tmp/test.txt
[root@vtb-generic-80 tests]# htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ /tmp/test.txt https://$(hostname -f)/
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt > /dev/null
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htmv --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt https://$(hostname -f)/test2.txt
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt /tmp
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htrm --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt 2> /dev/null
[root@vtb-generic-80 tests]# [ $? -eq 22 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/ > /dev/null
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# cmp /tmp/test.txt /tmp/test2.txt
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# chown root /var/www/htdocs/

Test proxy delegation (see also DelegationTestPlan) (XXX Disable the gridsite module?)

N/A

Utilities not available gridsite for gLite 3.1.

Upgrade from production

Environment

Clean SLC4 installation according to gLite guidelines (CA certificates, ...). Fully updated. Apache WebServer and mod_ssl installed by calling yum -y install httpd mod_ssl

Process

On a clean, up-to-date system:

cat > list.txt <<EOF
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-apache-1.1.20-8.x86_64.rpm
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-commands-1.1.20-8.x86_64.rpm
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-debuginfo-1.1.20-8.x86_64.rpm
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-devel-1.1.20-8.x86_64.rpm
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-gsexec-1.1.20-8.x86_64.rpm
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-shared-1.1.20-8.x86_64.rpm
EOF
mkdir /var/cache/glite-local
cd /var/cache/glite-local
wget -i ~/list.txt
createrepo .
cd
cat > /etc/yum.repos.d/glite-local.repo <<EOF
[main]
[glite-local]
name=Local glite RPMS repository
baseurl=file:///var/cache/glite-local
enabled=1
EOF
yum clean all
yum install -y gridsite-apache gridsite-commands gridsite-debuginfo gridsite-devel gridsite-gsexec gridsite-shared

yum -c http://etics-repository.cern.ch/repository/pm/registered/repomd/id/346fd485-0620-443b-91cd-8a372e1a9853/slc4_x86_64_gcc346/etics-registered-build-by-id-protect.repo upgrade -y
yum install -y httpd mod_ssl
# known workaround
yum install dummy-ca-certs
sed -e '1,$s!/usr/lib/httpd/modules/!modules/!' /usr/share/doc/gridsite-*/httpd-webserver.conf | sed 's!/var/www/html!/var/www/htdocs!' | sed "s/FULL.SERVER.NAME/$(hostname -f)/" | sed "s/\(GridSiteGSIProxyLimit\)/# \1/"> /tmp/httpd-webserver.conf
echo "AddHandler cgi-script .cgi" >> /tmp/httpd-webserver.conf
echo "ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi" >> /tmp/httpd-webserver.conf
mkdir /var/www/htdocs
httpd -f /tmp/httpd-webserver.conf

Full output of the installation

[root@vtb-generic-80 ~]# cat > list.txt <<EOF
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-apache-1.1.20-8.x86_64.rpm
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-commands-1.1.20-8.x86_64.rpm
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-debuginfo-1.1.20-8.x86_64.rpm
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-devel-1.1.20-8.x86_64.rpm
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-gsexec-1.1.20-8.x86_64.rpm
> http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-shared-1.1.20-8.x86_64.rpm
> EOF
[root@vtb-generic-80 ~]# mkdir /var/cache/glite-local
[root@vtb-generic-80 ~]# cd /var/cache/glite-local
[root@vtb-generic-80 glite-local]# wget -i ~/list.txt
--14:58:19--  http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-apache-1.1.20-8.x86_64.rpm
           => `gridsite-apache-1.1.20-8.x86_64.rpm'
Resolving eticssoft.web.cern.ch... 137.138.139.19, 137.138.142.33
Connecting to eticssoft.web.cern.ch|137.138.139.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 98,319 (96K) [application/x-rpm]

100%[====================================>] 98,319        --.--K/s             

14:58:19 (30.66 MB/s) - `gridsite-apache-1.1.20-8.x86_64.rpm' saved [98319/98319]

--14:58:19--  http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-commands-1.1.20-8.x86_64.rpm
           => `gridsite-commands-1.1.20-8.x86_64.rpm'
Connecting to eticssoft.web.cern.ch|137.138.139.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 52,331 (51K) [application/x-rpm]

100%[====================================>] 52,331        --.--K/s             

14:58:19 (21.59 MB/s) - `gridsite-commands-1.1.20-8.x86_64.rpm' saved [52331/52331]

--14:58:19--  http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-debuginfo-1.1.20-8.x86_64.rpm
           => `gridsite-debuginfo-1.1.20-8.x86_64.rpm'
Connecting to eticssoft.web.cern.ch|137.138.139.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 208,024 (203K) [application/x-rpm]

100%[====================================>] 208,024       --.--K/s             

14:58:19 (38.34 MB/s) - `gridsite-debuginfo-1.1.20-8.x86_64.rpm' saved [208024/208024]

--14:58:19--  http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-devel-1.1.20-8.x86_64.rpm
           => `gridsite-devel-1.1.20-8.x86_64.rpm'
Connecting to eticssoft.web.cern.ch|137.138.139.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 50,994 (50K) [application/x-rpm]

100%[====================================>] 50,994        --.--K/s             

14:58:19 (19.43 MB/s) - `gridsite-devel-1.1.20-8.x86_64.rpm' saved [50994/50994]

--14:58:19--  http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-gsexec-1.1.20-8.x86_64.rpm
           => `gridsite-gsexec-1.1.20-8.x86_64.rpm'
Connecting to eticssoft.web.cern.ch|137.138.139.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12,116 (12K) [application/x-rpm]

100%[====================================>] 12,116        --.--K/s             

14:58:19 (17.80 MB/s) - `gridsite-gsexec-1.1.20-8.x86_64.rpm' saved [12116/12116]

--14:58:19--  http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.gridsite.core/1.1.20/slc4_x86_64_gcc346/gridsite-shared-1.1.20-8.x86_64.rpm
           => `gridsite-shared-1.1.20-8.x86_64.rpm'
Connecting to eticssoft.web.cern.ch|137.138.139.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 83,563 (82K) [application/x-rpm]

100%[====================================>] 83,563        --.--K/s             

14:58:19 (24.58 MB/s) - `gridsite-shared-1.1.20-8.x86_64.rpm' saved [83563/83563]


FINISHED --14:58:19--
Downloaded: 505,347 bytes in 6 files
[root@vtb-generic-80 glite-local]# createrepo .
6/6 - gridsite-debuginfo-1.1.20-8.x86_64.rpm                                    
Saving Primary metadata
Saving file lists metadata
Saving other metadata
[root@vtb-generic-80 glite-local]# cd
[root@vtb-generic-80 ~]# cat > /etc/yum.repos.d/glite-local.repo <<EOF
> [main]
> [glite-local]
> name=Local glite RPMS repository
> baseurl=file:///var/cache/glite-local
> enabled=1
> EOF
[root@vtb-generic-80 ~]# yum clean all
Loading "kernel-module" plugin
Cleaning up Everything
6 headers removed
0 packages removed
15 metadata files removed
0 cache files removed
5 cache files removed
[root@vtb-generic-80 ~]# yum install -y gridsite-apache gridsite-commands gridsite-debuginfo gridsite-devel gridsite-gsexec gridsite-shared
Loading "kernel-module" plugin
Setting up Install Process
Setting up repositories
sl-errata                 100% |=========================| 1.9 kB    00:00     
CA                        100% |=========================|  951 B    00:00     
sl-base                   100% |=========================| 1.1 kB    00:00     
INTERNAL                  100% |=========================|  951 B    00:00     
glite-local               100% |=========================|  951 B    00:00     
Reading repository metadata in from local files
primary.xml.gz            100% |=========================| 427 kB    00:01     
sl-errata : ################################################## 1696/1696
Added 1696 new packages, deleted 0 old in 5.27 seconds
primary.xml.gz            100% |=========================|  15 kB    00:00     
CA        : ################################################## 95/95
Added 95 new packages, deleted 0 old in 0.19 seconds
primary.xml.gz            100% |=========================| 656 kB    00:00     
sl-base   : ################################################## 2113/2113
Added 2113 new packages, deleted 0 old in 6.05 seconds
primary.xml.gz            100% |=========================| 7.7 kB    00:00     
INTERNAL  : ################################################## 62/62
Added 62 new packages, deleted 0 old in 0.13 seconds
primary.xml.gz            100% |=========================| 2.0 kB    00:00     
glite-loca: ################################################## 6/6
Added 6 new packages, deleted 0 old in 0.06 seconds
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for gridsite-apache to pack into transaction set.
gridsite-apache-1.1.20-8. 100% |=========================| 2.7 kB    00:00     
---> Package gridsite-apache.x86_64 0:1.1.20-8 set to be updated
--> Running transaction check
Beginning Kernel Module Plugin
Finished Kernel Module Plugin

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 gridsite-apache         x86_64     1.1.20-8         glite-local        96 k

Transaction Summary
=============================================================================
Install      1 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         
Total download size: 96 k
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: gridsite-apache              ######################### [1/1] 

Installed: gridsite-apache.x86_64 0:1.1.20-8
Complete!
[root@vtb-generic-80 ~]# 
[root@vtb-generic-80 ~]# yum -c http://etics-repository.cern.ch/repository/pm/registered/repomd/id/346fd485-0620-443b-91cd-8a372e1a9853/slc4_x86_64_gcc346/etics-registered-build-by-id-protect.repo upgrade -y
Setting up Upgrade Process
Setting up repositories
Reading repository metadata in from local files
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package gridsite-apache.x86_64 0:1.1.21-1.slc4 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Updating:
 gridsite-apache         x86_64     1.1.21-1.slc4    ETICS-registered-build-346fd485-0620-443b-91cd-8a372e1a9853-slc4_x86_64_gcc346   96 k

Transaction Summary
=============================================================================
Install      0 Package(s)         
Update       1 Package(s)         
Remove       0 Package(s)         
Total download size: 96 k
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : gridsite-apache              ######################### [1/2] 
  Cleanup   : gridsite-apache              ######################### [2/2]

Updated: gridsite-apache.x86_64 0:1.1.21-1.slc4
Complete!
[root@vtb-generic-80 ~]# yum install -y httpd mod_ssl
Loading "kernel-module" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Nothing to do
[root@vtb-generic-80 ~]# # known workaround
[root@vtb-generic-80 ~]# yum install dummy-ca-certs
Loading "kernel-module" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Nothing to do
[root@vtb-generic-80 ~]# sed -e '1,$s!/usr/lib/httpd/modules/!modules/!' /usr/share/doc/gridsite-*/httpd-webserver.conf | sed 's!/var/www/html!/var/www/htdocs!' | sed "s/FULL.SERVER.NAME/$(hostname -f)/" | sed "s/\(GridSiteGSIProxyLimit\)/# \1/"> /tmp/httpd-webserver.conf
[root@vtb-generic-80 ~]# echo "AddHandler cgi-script .cgi" >> /tmp/httpd-webserver.conf
[root@vtb-generic-80 ~]# echo "ScriptAlias /gridsite-delegation.cgi /usr/sbin/gridsite-delegation.cgi" >> /tmp/httpd-webserver.conf
[root@vtb-generic-80 ~]# mkdir /var/www/htdocs
mkdir: cannot create directory `/var/www/htdocs': File exists
[root@vtb-generic-80 ~]# httpd -f /tmp/httpd-webserver.conf

Tests

Ping Tests

[root@forkys-sl34 tests]# ./ping-remote.sh `hostname -f` --html

Nov 03 15:01:03 vtb-generic-80.cern.ch ping-remote.sh:    start
Testing if all binaries are available   done
Testing ping to Apache server vtb-generic-80.cern.ch   done
Testing Apache server at vtb-generic-80.cern.ch:443   done
Nov 03 15:01:05 vtb-generic-80.cern.ch ping-remote.sh:    end

TestPlan Tests

https://twiki.cern.ch/twiki/bin/view/EGEE/GridSiteTestPlan

READ (Read Permissions)

[root@vtb-generic-80 tests]# cat >/var/www/htdocs/test.html <<EOF
> <html><body><h1>Hello Grid</h1></body></html>
> EOF
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[root@vtb-generic-80 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <any-user/>
>       <allow><read/></allow>
>   </entry>
> </gacl>
> EOF
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.html`
[root@vtb-generic-80 tests]# [ "$code" = "200" ] && echo "OK"
OK

Get index (list & read permissions)

[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> https://$(hostname -f)/`
[root@vtb-generic-80 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/><list/></allow>
>   </entry>
> </gacl>
> EOF
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> https://$(hostname -f)/`
[root@vtb-generic-80 tests]# [ "$code" = "200" ] && echo "OK"
OK

WRITE & DELETE (write permissions)

[root@vtb-generic-80 tests]# rm -f /var/www/htdocs/.gacl /var/www/htdocs/test.txt
[root@vtb-generic-80 tests]# date > /tmp/test.txt
[root@vtb-generic-80 tests]# chown apache /var/www/htdocs/
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
[root@vtb-generic-80 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><write/></allow>
>   </entry>
> </gacl>
> EOF
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> --upload-file /tmp/test.txt https://$(hostname -f)/test.txt`
[root@vtb-generic-80 tests]# cmp -s /tmp/test.txt /var/www/htdocs/test.txt
[root@vtb-generic-80 tests]# [ $? -eq 0 -a "$code" = "201" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# mv  /var/www/htdocs/.gacl /var/www/htdocs/.gacl.bak
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> -X DELETE https://$(hostname -f)/test.txt`
[root@vtb-generic-80 tests]# [ "$code" = "403" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# mv /var/www/htdocs/.gacl.bak /var/www/htdocs/.gacl
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /dev/null --silent --write-out '%{http_code}\n' \
> -X DELETE https://$(hostname -f)/test.txt`
[root@vtb-generic-80 tests]# [ "$code" = "200" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# chown root /var/www/htdocs

Check the attributes and passed on to the environment

[root@vtb-generic-80 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/></allow>
>   </entry>
> </gacl>
> EOF
[root@vtb-generic-80 tests]# cat >/var/www/htdocs/test.cgi <<EOF
> #!/bin/sh                                                                                                                                    
> echo 'Content-type: text/plain'                                                                                                              
> echo                                                                                                                                         
> printenv
> EOF
[root@vtb-generic-80 tests]# chmod +x /var/www/htdocs/test.cgi
[root@vtb-generic-80 tests]# code=`curl --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates --output /tmp/gridsite.log --silent --write-out '%{http_code}\n'  https://$(hostname -f)/test.cgi`
[root@vtb-generic-80 tests]# [ "$code" = "200" ] && echo "OK"
OK
[root@vtb-generic-80 tests]# grep "^GRST_" /tmp/gridsite.log 2>/dev/null
GRST_ACL_FORMAT=GACL
GRST_DN_LISTS=/etc/grid-security/dn-lists/:/var/www/htdocs/dn-lists/
GRST_DISK_MODE=0x0600
GRST_HEAD_FILE=gridsitehead.txt
GRST_PERM=1
GRST_CRED_0=X509USER 1285776375 1317312375 0 /DC=ch/DC=cern/OU=computers/CN=vtb-generic-80.cern.ch
GRST_EDITABLE= txt shtml html htm css js php jsp 
GRST_GSIPROXY_LIMIT=1
GRST_DN_LISTS_URI=/dn-lists/
GRST_FOOT_FILE=gridsitefoot.txt
GRST_DIR_PATH=/var/www/htdocs
GRST_ADMIN_FILE=gridsite-admin.cgi
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK

Test the basic commands (htcp, htls, htmkdir, htmv, htrm)

[root@vtb-generic-80 tests]# cat >/var/www/htdocs/.gacl <<EOF
> <gacl>
>   <entry>
>     <person>
>       <dn>`openssl x509 -noout -subject -in /etc/grid-security/hostcert.pem | sed -e 's/^subject= //'`</dn>
>     </person>
>     <allow><read/><write/><list/></allow>
>   </entry>
> </gacl>
> EOF
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# chown apache /var/www/htdocs/
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# date > /tmp/test.txt
[root@vtb-generic-80 tests]# htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ /tmp/test.txt https://$(hostname -f)/
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt > /dev/null
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htmv --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test.txt https://$(hostname -f)/test2.txt
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htcp --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt /tmp
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htrm --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/test2.txt 2> /dev/null
[root@vtb-generic-80 tests]# [ $? -eq 22 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# htls --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem --capath /etc/grid-security/certificates/ https://$(hostname -f)/ > /dev/null
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# cmp /tmp/test.txt /tmp/test2.txt
[root@vtb-generic-80 tests]# [ $? -eq 0 ] && echo "OK"
OK
[root@vtb-generic-80 tests]# 
[root@vtb-generic-80 tests]# chown root /var/www/htdocs/

Test proxy delegation

N/A

Utilities not available in gridsite for gLite 3.1.

-- ZdenekSustr - 29-Oct-2010

Topic revision: r2 - 2010-11-03 - FrantisekDvorak

EGEE

Main.WebList

Welcome Guest

- Cern Search
- TWiki Search
- Google Search
EGEE All webs

Copyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback