Certification report for patches 3340, 3341, 3226, 2828

Nodes deployed

• glite-VOMS_mysql (32-bit, glite 3.1, patched)
• glite-VOMS_oracle (32-bit, glite 3.1, patched)
• glite-UI ( 32-bit, glite 3.1, old/new VOMS client)
• glite-UI ( 64-bit, glite 3.2, production VOMS client)
• glite-SE_dpm_mysql (32-bit, glite 3.1)
• glite-SE_dpm_mysql (64-bit, glite 3.1)
• glite-SE_dpm_disk (32-bit, glite 3.1)
• glite-SE_dpm_disk (64-bit, glite 3.1)
• glite-FTS_oracle (32-bit, glite 3.1)
• glite-FTA_oracle (32-bit, glite 3.1)
• glite-FTS_oracle (64-bit, glite 3.1)
• glite-FTA_oracle (64-bit, glite 3.1)
• glite-LFC_mysql (32-bit, glite 3.1)
• glite-LFC_mysql (64-bit, glite 3.1)
• glite-LFC_oracle (32-bit, glite 3.1)
• glite-LFC_oracle (64-bit, glite 3.1)
• glite-HYDRA (32-bit, glite 3.1)
• glite-VOBOX (32-bit, glite 3.1)
• glite-WMS (32-bit, glite 3.1)
• glite-CREAM (32-bit, glite 3.1)
• lcg-CE (32-bit, glite 3.1)
• glite-WN (32-bit, glite 3.1, old/new VOMS client)
• glite-WN (64-bit, glite 3.1, old/new VOMS client)

VOMS Server MySQL and VOMS Server Oracle

VOMS Testsuites results:

Test VOMS-addMember     	- OK
Test VOMS-assignRole    	- OK
Test VOMS-crAttribute  		- OK
Test VOMS-crGroup      		- OK
Test VOMS-crRole        	- OK
Test VOMS-crUser        	- OK
Test VOMS-crUserNocert  	- OK
Test VOMS-delAttribute  	- OK
Test VOMS-delGroup      	- OK
Test VOMS-delGroupAttribute     - OK
Test VOMS-delRole       	- OK
Test VOMS-delRoleAttribute      - OK
Test VOMS-delUser       	- OK
Test VOMS-delUserAttribute      - OK
Test VOMS-dismissRole   	- OK
Test VOMS-listAttributes        - OK
Test VOMS-listGroupAttributes   - OK
Test VOMS-listGroups    	- OK
Test VOMS-listMembers   	- OK
Test VOMS-listRoleAttributes    - OK
Test VOMS-listRoles     	- OK
Test VOMS-listSubGroups 	- OK
Test VOMS-listUserAttributes    - OK
Test VOMS-listUserGroups        - OK
Test VOMS-listUserRoles 	- OK
Test VOMS-listUsers     	- OK
Test VOMS-listUsrWithRol        - OK
Test VOMS-removeMember  	- OK
Test VOMS-setGroupAttribute     - OK
Test VOMS-setRoleAttribute      - OK
Test VOMS-setUserAttribute      - OK
Test VOMS-pr-attr       	- OK
Test VOMS-pr-bits       	- OK
Test VOMS-pr-cert       	- OK
Test VOMS-pr-conf       	- OK
Test VOMS-pr-dbg        	- OK
Test VOMS-pr-genattr    	- OK
Test VOMS-pr-hours      	- OK
Test VOMS-pr-ign        	- OK
Test VOMS-pr-key        	- OK
Test VOMS-pr-limit      	- OK
Test VOMS-pr-list       	- OK
Test VOMS-pr-noreg      	- OK
Test VOMS-pr-order      	- OK
Test VOMS-pr-out        	- OK
Test VOMS-pr-pwst      		- OK
Test VOMS-pr-pver        	- OK
Test VOMS-pr-quiet      	- OK
Test VOMS-pr-RoleOrder  	- OK
Test VOMS-pr-valid      	- OK
Test VOMS-pr-verify     	- OK
Test VOMS-pr-vers       	- OK
Test VOMS-pr-vlf        	- OK
Test VOMS-pr-vomses     	- OK
Test VOMS-pr-warn       	- OK

VOMS-CORE client changes detected:

voms-proxy-{init,info,destroy} -{help,usage} now exit with code 1.

glite-VOMS information system

Both VOMS-ADMIN and VOMS-CORE endpoints published OK and have reached the top-level BDII.

Yaim VOMS configuration.

Tested for both MySQL and Oracle backends.

Customizing of global VO parameters on a per VO basis verified.

Long FQAN is the default mode.

glite-WMS

Checked with old and new client installed.

DNS name based VOs checked.

CA certificates/VOMS server certificates which has email filed in the subject checked.

Proxy renewal verified (simple group FQAN and role containing FQANS checked)

Long FQAN, non-role, VOMS server side

Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[28260]: msg="LOG_INFO:REQUEST:Listen (Server.cpp:396):Received connection from: 10.0.7.129:12182."
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[28260]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:626):Starting Executor with pid = 901"
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:638):Self    : /DC=ch/DC=cern/OU=emailca/CN=vomsm.cern.ch/Email=vomsm@emailca.cern.ch"
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:639):Self CA : /DC=ch/DC=cern/OU=emailca/CN=emailca.cern.ch/Email=emailca@cern.ch"
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:646):At: Fri Oct 30 19:12:43 2009. Received Contact :"
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:647): user: /DC=ch/DC=cern/OU=emailca/CN=Test user 77"
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:648): ca  : /DC=ch/DC=cern/OU=emailca/CN=Test user 77/CN=proxy/CN=proxy"
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:649): serial: 07"
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1."
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1."
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:REQUEST:Execute (vomsd.cc:784):Userid = "3""
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:REQUEST:Execute (vomsd.cc:800):Next command : G/org.glite.voms-email"
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:RESULT:Execute (vomsd.cc:1078):Request Result: /org.glite.voms-email"
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:RESULT:Execute (vomsd.cc:1078):Request Result: /org.glite.voms-email/asia"
Fri Oct 30 19:12:43 2009:vomsm.cern.ch:vomsd[901]: msg="LOG_INFO:RESULT:Execute (vomsd.cc:1078):Request Result: /org.glite.voms-email/europe"

Short FQAN, non-role, VOMS server side

(still has problems; problem fixed in the proxy renewal daemon patch 3183)

Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[28260]: msg="LOG_INFO:REQUEST:Listen (Server.cpp:396):Received connection from: 10.0.7.129:42133."
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[28260]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:626):Starting Executor with pid = 30718"
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:638):Self    : /DC=ch/DC=cern/OU=emailca/CN=vomsm.cern.ch/Email=vomsm@emailca.cern.ch"
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:639):Self CA : /DC=ch/DC=cern/OU=emailca/CN=emailca.cern.ch/Email=emailca@cern.ch"
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:646):At: Fri Oct 30 18:44:53 2009. Received Contact :"
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:647): user: /DC=ch/DC=cern/OU=emailca/CN=Test user 77"
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:648): ca  : /DC=ch/DC=cern/OU=emailca/CN=Test user 77/CN=proxy/CN=proxy"
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:649): serial: 07"
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1."
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1."
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_INFO:REQUEST:Execute (vomsd.cc:784):Userid = "3""
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_INFO:REQUEST:Execute (vomsd.cc:800):Next command : B/org.glite.voms-email:"
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_ERROR:REQUEST:Execute (vomsd.cc:896):Error in executing request!"
Fri Oct 30 18:44:53 2009:vomsm.cern.ch:vomsd[30718]: msg="LOG_ERROR:REQUEST:Execute (vomsd.cc:903):org.glite.voms-email: Unable to satisfy B/org.glite.voms-email: Request!"

Long FQAN, role based, VOMS Server side

Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[2211]: msg="LOG_INFO:REQUEST:Listen (Server.cpp:396):Received connection from: 10.0.7.129:16792."
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[2211]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:626):Starting Executor with pid = 10095"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:638):Self    : /DC=ch/DC=cern/OU=computers/CN=vomso.cern.ch"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:639):Self CA : /DC=ch/DC=cern/CN=CERN Trusted Certification Authority"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:646):At: Wed Oct 28 14:01:08 2009. Received Contact :"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:647): user: /DC=ch/DC=cern/OU=emailca/CN=Test user 77"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:648): ca  : /DC=ch/DC=cern/OU=emailca/CN=Test user 77/CN=proxy/CN=proxy"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:REQUEST:Run (vomsd.cc:649): serial: 07"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1."
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:REQUEST:Execute (vomsd.cc:784):Userid = "23""
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:REQUEST:Execute (vomsd.cc:800):Next command : B/org.glite.voms-test:lcgadmin"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:RESULT:Execute (vomsd.cc:1078):Request Result: /org.glite.voms-test/Role=lcgadmin/Capability=NULL"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:RESULT:Execute (vomsd.cc:1078):Request Result: /org.glite.voms-test/Role=NULL/Capability=NULL"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:RESULT:Execute (vomsd.cc:1078):Request Result: /org.glite.voms-test/asia/Role=NULL/Capability=NULL"
Wed Oct 28 14:01:08 2009:vomso.cern.ch:vomsd[10095]: msg="LOG_INFO:RESULT:Execute (vomsd.cc:1078):Request Result: /org.glite.voms-test/europe/Role=NULL/Capability=NULL"

glite-CREAM

Both direct submission with glite-ce-* commands and WMS ok.

Problem exists for CREAM when the VOMS server certificated is issued by an email based CA:

04 Nov 2009 09:09:10,284 org.glite.voms.PKIVerifier - Certificate verification: Verifying certificate 
'DC=ch,DC=cern,OU=emailca,CN=vomsm.cern.ch,Email=vomsm@emailca.cern.ch' 
04 Nov 2009 09:09:10,291 org.glite.voms.PKIVerifier - Certificate verification: subject 'DC=ch,DC=cern,OU=emailca,CN=vomsm.cern.ch,Email=vomsm@emailca.cern.ch' not allowed by CA 'DC=ch,DC=cern,OU=emailca,CN=emailca.cern.ch,Email=emailca@cern.ch'
04 Nov 2009 09:09:10,291 org.glite.voms.PKIVerifier - Cannot verify issuer certificate chain for AC
04 Nov 2009 09:09:10,294 org.glite.voms.PKIVerifier - Certificate verification: Verifying certificate 'DC=ch,DC=cern,OU=emailca,CN=vomsm.cern.ch,Email=vomsm@emailca.cern.ch'
04 Nov 2009 09:09:10,301 org.glite.voms.PKIVerifier - Certificate verification: subject 'DC=ch,DC=cern,OU=emailca,CN=vomsm.cern.ch,Email=vomsm@emailca.cern.ch' not allowed by CA 'DC=ch,DC=cern,OU=emailca,CN=emailca.cern.ch,Email=emailca@cern.ch'
04 Nov 2009 09:09:10,301 org.glite.voms.PKIVerifier - Cannot verify issuer certificate chain for AC

glite-WMS with the new VOMS API is working well with 1.8.x VOMS servers.

glite-CREAM now uses VOMS Java API which is bundled inside the CREAM JAR. CREAM patch will be needed to resolve the above.

glite-SE_dpm_{mysql,disk}

SRM endpoint and GSIFTP OK.

FQAN processing by the DPNS server OK.

Executing CLI-dpns-chgrp
CLI-dpns-chgrp PASSED

Executing CLI-dpns-chown
CLI-dpns-chown PASSED

Executing CLI-dpns-getacl
CLI-dpns-getacl PASSED

Executing CLI-dpns-setacl
CLI-dpns-setacl PASSED

Executing CLI-dpns-usrmap
CLI-dpns-usrmap PASSED

Executing CLI-dpns-grpmap
CLI-dpns-grpmap PASSED

lcg-CE

Job flow from WMS to lcg-CE OK. LCMAPS OK. GridFTP transfers OK.

JMA 2009/11/03 23:12:49 GATEKEEPER_JM_ID 2009-11-03.23:12:49.0000014436.0000000000 JM exiting
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 5: Authenticated globus user: /DC=ch/DC=cern/OU=emailca/CN=Test user 77
lcas client name: /DC=ch/DC=cern/OU=emailca/CN=Test user 77
LCAS   0:
LCAS   1: Initialization LCAS version 1.3.11.2
allowing empty credentials
LCAS   2: LCAS authorization request
LCAS   0:       lcas_userban.mod-plugin_confirm_authorization(): checking banned users in /opt/glite/etc/lcas/ban_users.db
LCAS   0: 2009-11-03.22:12:49 :         lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin succeeded
LCAS   0: lcas.mod-lcas_run_va(): succeeded
LCAS   1: Termination LCAS
lcmaps client name: /DC=ch/DC=cern/OU=emailca/CN=Test user 77
LCMAPS 0: 2009-11-03.23:12:49.0000014444.0000000000 :
LCMAPS 7: 2009-11-03.23:12:49.0000014444.0000000000 : Initialization LCMAPS version 1.4.7
LCMAPS 1: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-startPluginManager(): Reading LCMAPS database /opt/glite/etc/lcmaps/lcmaps.db
LCMAPS 5: 2009-11-03.23:12:49.0000014444.0000000000 : LCMAPS credential mapping request
LCMAPS 1: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_voms_localgroup.mod
LCMAPS 1: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_voms_localgroup.mod
LCMAPS 0: 2009-11-03.23:12:49.0000014444.0000000000 :   lcmaps_plugin_voms_localgroup-plugin_run(): voms_localgroup plugin succeeded
LCMAPS 1: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_voms_localaccount.mod
LCMAPS 1: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_voms_localaccount.mod
LCMAPS 0: 2009-11-03.23:12:49.0000014444.0000000000 :   lcmaps_plugin_voms_localaccount-plugin_run(): Could not find a VOMS localaccount in /etc/grid-security/grid-mapfile (failure)
LCMAPS 0: 2009-11-03.23:12:49.0000014444.0000000000 :   lcmaps_plugin_voms_localaccount-plugin_run(): voms_localaccount plugin failed
LCMAPS 1: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_voms_poolaccount.mod
LCMAPS 1: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_voms_poolaccount.mod
LCMAPS 0: 2009-11-03.23:12:49.0000014444.0000000000 :   lcmaps_plugin_voms_poolaccount-plugin_run(): voms_poolaccount plugin succeeded
LCMAPS 1: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-runPlugin(): found plugin /opt/glite/lib/modules/lcmaps_posix_enf.mod
LCMAPS 1: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-runPlugin(): running plugin /opt/glite/lib/modules/lcmaps_posix_enf.mod
LCMAPS 6: 2009-11-03.23:12:49.0000014444.0000000000 :     lcmaps_plugin_posix_enf-log_cred(): uid=55518(ogve004):pgid=3399(ogve)
LCMAPS 0: 2009-11-03.23:12:49.0000014444.0000000000 :   lcmaps_plugin_posix_enf-plugin_run(): posix_enf plugin succeeded
LCMAPS 0: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-lcmaps_run(): succeeded
LCMAPS 7: 2009-11-03.23:12:49.0000014444.0000000000 : Termination LCMAPS
LCMAPS 1: 2009-11-03.23:12:49.0000014444.0000000000 : lcmaps.mod-lcmaps_term(): terminating
Successfull mapping done
Mapping service "LCMAPS" returned local user "ogve004"
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 0: GRID_SECURITY_HTTP_BODY_FD=9
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 5: Requested service: jobmanager-lcgpbs
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 5: Authorized as local user: ogve004
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 5: Authorized as local uid: 55518
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 5:           and local gid: 3399
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 5: "/DC=ch/DC=cern/OU=emailca/CN=Test user 77" mapped to ogve004 (55518/3399)
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 0: executing /opt/globus/libexec/globus-job-manager
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 0: GATEKEEPER_JM_ID 2009-11-03.23:12:49.0000014444.0000000000 for /DC=ch/DC=cern/OU=emailca/CN=Test user 77 on 10.0.7.129
JMA 2009/11/03 23:12:49 GATEKEEPER_JM_ID 2009-11-03.23:12:49.0000014444.0000000000 has EDG_WL_JOBID ''
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 0: GRID_SECURITY_CONTEXT_FD=11
TIME: Tue Oct 27 23:12:49 2009
 PID: 14444 -- Notice: 0: Child 14446 started
JMA 2009/11/03 23:12:49 GATEKEEPER_JM_ID 2009-11-03.23:12:49.0000014444.0000000000 JM exiting
TIME: Tue Oct 27 23:34:32 2009
 PID: 17708 -- Notice: 6: Got connection 10.0.7.129 at Tue Oct 27 23:34:32 2009

glite-HYDRA

Problems with installation/configuration found.

Missing dependencies:

• bdii
• glue
• openldap-servers
• openldap-clients
• mysql-server
• fetch-crl
• expect

Problems with tomcat/trustmanager configuration. The new config_secure_tomcat found to be working well for HYDRA.

/etc/grid-security/vomses not configured as well. The leads to:

2009-11-07 01:00:57,971 ERROR [http-8443-Processor25]  No files found matching /etc/grid-security/vomsdir/* - DirectoryList.:85
2009-11-07 01:00:57,971 FATAL [http-8443-Processor25]  VOMS trust anchors /etc/grid-security/vomsdir/* does not appear to exist - BasicVOMSTrustStore.:93
2009-11-07 01:00:57,972 ERROR [http-8443-Processor25]  Error loading service. Class org.glite.data.hydra.helpers.authz.MySQLAuthorizationHelper could not be loaded. - MetadataCatalogImpl.:108

HYDRA does not depend on VOMS. It's only the HYDRA CLI which uses the VOMS API. Since the CLI is not installed on the HYDRA node, the metapackage change for HYDRA is not needed.

CLI verified to work well with the new VOMS API on the 32-bit glite-UI.

glite-LFC_mysql, glite-LFC_oracle (32 and 64 bit).

No problems found. usermaps and groupmaps are being populated successfully when proxies from 1.9.x server are being used.

glite_FTA_oracle and glite-FTA_oracle

Transfer job flow OK.

Proxy renewal works fluently.

Oct 30 19:51:57 ctb-generic-9 myproxy-server: <24456> Connection from fts64.cern.ch
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> using trusted certificates directory /etc/grid-security/certificates
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> Authenticated client /DC=ch/DC=cern/OU=emailca/CN=fts64.cern.ch/emailAddress=fts64@emailca.cern.ch
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> applying trusted_retrievers policy
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> applying authorized_retrievers policy
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> applying authorized_renewers policy
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> credential passphrase matched
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> Received GET request from /DC=ch/DC=cern/OU=emailca/CN=fts64.cern.ch/emailAddress=fts64@emailca.cern.ch
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534>   Owner: /DC=ch/DC=cern/OU=emailca/CN=Test user 77
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534>   Username: /DC=ch/DC=cern/OU=emailca/CN=Test user 77
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534>   Location: /var/myproxy/db66c1bde6fe4ff66a7a487d56ccacad.creds
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534>   Requested lifetime: 43200 seconds
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534>   Max. delegation lifetime: 43200 seconds
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> Sending OK response to client /DC=ch/DC=cern/OU=emailca/CN=fts64.cern.ch/emailAddress=fts64@emailca.cern.ch
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> retrieving proxy
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> Delegating credentials for /DC=ch/DC=cern/OU=emailca/CN=Test user 77 lifetime=43200
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> Sending OK response to client /DC=ch/DC=cern/OU=emailca/CN=fts64.cern.ch/emailAddress=fts64@emailca.cern.ch
Oct 30 19:51:57 ctb-generic-9 myproxy-server: <13534> Client /DC=ch/DC=cern/OU=emailca/CN=fts64.cern.ch/emailAddress=fts64@emailca.cern.ch disconnected

glite-UI ( 64-bit, glite 3.2, production VOMS client)

Interoperability with the new VOMS server OK.

WMS and FTS job submission OK.

glite-WN (32-bit and 64-bit)

Jobs scheduled on both 32-bit and 64-bit WNs completed successfully.

VOMS API OK.

Bugs attached to this patch

edg-voms continues to run with no logs despite /var/log/glite not existing. (bug #39646)

Fix Certified. Server refuses to start when the log directory does not exist:

Starting edg-voms(org.glite.voms-email): logging could not start! Logfile /var/log/glite/voms.org.glite.voms-email could not be opened, and syslogging is disabled. [FAILED] 

IPv6 bug: various non compliant calls/data struct. the Client.cpp file of the org.glite.security.voms comp. (bug #41352)

Fix not certified.

IPv6 bug: non compliant address data structure in source code (sockaddr_in) (bug #41354)

Fix not certified.

voms-proxy-init should accept "-old" option (bug #42601)

Fix Certified. "-old" is available

voms-proxy-info error for non standard location of CA files (bug #43942)

Fix Certified.

[shoo@ui32 jobs]$ voms-proxy-init -voms test -old
unable to access trusted certificates in:x509_cert_dir=/opt/globus/share/certificates
Function: proxy_init_cred

Strange segfault in voms-proxy-init with erroneous command line (bug #44160)

Fix Certified. Error message is printed:

[shoo@ui32 jobs]$ voms-proxy-init -cert ../.globus/2/usercert.pem -key ../.globus/2/userkey.pem -out newproxy -+debug
Found non option element -+debug in command line. 

VOMS Logging, File logging can't be switched off. (bug #45132)

Fix Certified.

When "--logfile" is not present, voms-core uses only the syslog facility.

VOMS File Logging Fails when file history rotation not preserved. (bug #45133)

Fix Certified.

Rotation works in 1.9.10 when a gap exists. (The gap is preserved after the rotation - number increased by one).

voms-proxy-init -key XXX -cert YYY uses the DN from the hostcert/key (bug #45331)

Fix Certified.

Reproduces with 1.8.8. No-globus version of 1.9.10 OK.

VOMS' expat.m4 is not 64 bit safe (bug #45941)

Fix not certified.

[VOMS] Proxies created by the 1.9.0 Java APIs fail verification (bug #46605)

Fix Certified.

[VOMS] Missing calls to ERR_clear_error (bug #46689)

Fix not certified. (Newer gcc build oriented)

[VOMS] Missing #include statements (bug #46690)

Fix not certified. (Newer gcc build oriented)

[VOMS] Missing return statments (bug #46691)

Fix not certified. (Newer gcc build oriented)

[VOMS] validation of proxies created by java fails (bug #46866)

Fix Certified.

expose proxy_verify_callback() in the public api (bug #47718)

Fix Certified.

glite-security-voms-api-noglobus should not be a dependency (bug #49210)

Fix Certified.

voms-proxy-init asks for passphrase twice (bug #56434)

Fix Certified. voms-proxy-init asks for the passphrase once and regen OK.