YAIM release notes

The Changelogs of the yaim modules are always accesible in CVS. For yaim core, you can track the changes for each release also here.

The list of known issues can be found in the YAIM 4 guide - Known issues section.

Check the corresponding patch for an up to date list of bug fixes.

Patch #2636: glite-yaim-core 4.0.6-x

• 39 Bug fixes
  • Fix for bug #31359: auxiliary variables to create grid environment are now cleaned.
  • Fix for bug #33908 and bug #33314: Fix to write on GLITE_LOCATION_VAR when lcg CE and BDII are installed together.
  • Fix for bug #35495: LCG_GFAL_INFOSYS is now defined in configure_lcgenv.
  • Fix for bug #38919: config_mkgridmap doesn't include the old lcas/lcmaps grid-map files.
  • Fix for bug #38974: config_vomses_check is now implemented.
  • Fix for bug #39003: init.d script for fetch-crl.
  • Fix for bug #39022: BDII_USER is now used in bdii.conf
  • Fix for bug #39150: lcg-expiregridmapdir cron job should not be generated for VOBOX
  • Fix for bug #39389: Maximum number of simultaneous connections to the gridftp server is now defined
  • Fix for bug #39884: right gids.
  • Fix for bug #39930: GLITE_EXTERNAL_ROOT has been removed
  • Fix for bug #39932: man pages use now the correct path.
  • Fix for bug #39936: Correct FUNCTIONS_DIR path
  • Fix for bug #40092: doesn't exit any more with an error if debug level 7 is used
  • Fix for bug #40093: TORQUE server can use groups.conf
  • Fix for bug #40208: LCG_GFAL_INFOSYS is defined in one place.
  • Fix for bug #40552: GLITE_HOME_DIR instead of GLITE_USER_HOME in config_glite_localloger
  • Fix for bug #40653: Variable cleaning
  • Fix for bug #40675: remove lines modifying /opt/bdii/etc/schemas
  • Fix for bug #42719: unused libraries are now removed.
  • Fix for bug #42819: rgma_clients are not included in sl5
  • Fix for bug #43278: cleanup-grid-accounts is always created.
  • Fix for bug #43308: ordinary pool accounts can define multiple groups.
  • Fix for bug #43329: Unprivileged grid-mapfile
  • Fix for bug #43436: services/node-type should be sourced before defults/node-type.post
  • Fix for bug #43699: site-info.post variables should allow to use a user defined variable in site-info.def.
  • Fix for bug #43938: correct warning message when siteinfo dir is world readable.
  • Fix for bug #44007: SE_GRIDFTP_LOGFILE is created if it doesn't exist.
  • Fix for bug #44040: correct criteria for central certs.
  • Fix for bug #44299: config_secure_tomcat function is now created
  • Fix for bug #44360: cleanup-grid-accounts.sh isn't called for cream CE
  • Fix for bug #44684: run function creates now a clean environment file.
  • Fix for bug #44693: bug for dpm and lfc when multiple config targets are used is now fixed.
  • Fix for bug #44884: DPM should have lcg-expiregridmapdir cron job.
  • Fix for bug #44961: Removed duplicated env variable declarations.
  • Fix for bug #44987: Improved error messages for group and user creation.
  • Fix for bug #45103: GLITE_EXTERNAL_ROOT is not unset by yaim core.
  • Fix for bug #45106: egee- and no prefix allowed for config targets.

• New features
  • You can now create a non privileged grid-map file. See bug #43329 for more details.
  • You can now limit the number of maximum connections to the gridftp server. See bug #39389 for more details.

• site-info.pre changes
  • Added variables:
    • GRIDFTP_CONNECTIONS_MAX: Maximum number of simultaneous connections to the gridftp server. default is 50.
    • UNPRIVILEGED_MKGRIDMAP: In case you want to create a grid-map file which only contains mappings to ordinary users. no will create a grid-map file with special users as well, if defined in groups.conf. yes, will create a grid-mapfile containing only mappings to ordinary pool accounts. Default is no.
  • Modified variables:
    • ORACLE_LOCATION: The value has been updated to 1.2.0.3.

Patch #2055: glite-yaim-core 4.0.5-7

• 35 Bug fixes
  • Fix for bug #38469: SPECIAL_POOL_ACCOUNTS variable
  • Fix for bug #38466: remove obsolete code in config_mkgridmap
  • Fix for bug #38464: fix race condition in edg-mkgridmap
  • Fix for bug #37711: VO__VOMS_CA_DN is now compulsory
  • Fix for bug #36976: config_lcgenv has all the requires in _check
  • Fix for bug #37621: zsh is now supported in grid-env.sh
  • Fix for bug #37509: Comments added for VO__VOMS_WMS_HOSTS and VO__VOMS_LB_HOSTS.
  • Fix for bug #36287: LB_HOST and WMS_HOST are no longer mandatory.
  • Fix for bug #35839: new versions directory per yaim module.
  • Fix for bug #35495: multiple top level BDIIs for GFAL clients.
  • Fix for bug #35373: proper checking of VO_<vo-name>_VOMSES variable.
  • Fix for bug #35307: 700 checking of configuration directory is done but just gives a warning.
  • Fix for bug #35244: gridftp and wmproxy lcmaps configuration problem is now fixed
  • Fix for bug #34824: removed old libraries and added 64bit libraries
  • Fix for bug #34734: correct example for GROUP_ENABLE
  • Fix for bug #34685: bug fixed with new feature for enabling/disabling user creation.
  • Fix for bug #34398: mysql is now chkconfig'ed
  • Fix for bug #34387: -a option is now working properly.
  • Fix for bug #34251: port for OPS VO is now correct in site-info.def
  • Fix for bug #34033: site-info.def variables containing a default value have been moved to site-info.pre.
  • Fix for bug #34010: config_gip updates
  • Fix for bug #33928: groups.conf can be now specified per VO.
  • Fix for bug #32764: perl and python paths added.
  • Fix for bug #31288: Return code is now 0.
  • Fix for bug #31773: It's now possible to enable/disable user configuration. All the users/groups needed by the middleware are now centralised in one file.
  • Fix for bug #29311: redirection is no longer needed.
  • Fix for bug #29032: dangerous selection of functions now fixed.
  • Fix for bug #17554: service user names are now defined in site-info.pre.
  • Fix for bug #17549: BDII user is no longer hardcoded to 'edguser'.

• New features
  • User configuration can be now enabled or disabled. If it's disabled, the sys admin must ensure the service users listed in ${INSTALL_ROOT}/glite/yaim/examples/edgusers.conf and the pool accounts are created in the system. Moreover, the pool account users.conf file must be provided for the sys admin so that the gridmap file can be generated by YAIM.
  • Service users like dpmmgr or edguser are no longer hardcoded and can be configured in site-info.def for non standard values.
  • groups.conf can be now specified per VO by creating a new directory group.d under the siteinfo directory and creating one groups-<vo-name>.conf file per supported VO. However, the old way of specifing one single groups.conf for all the VOs is also supported. In order to choose one or another option:
    • If GROUPS_CONF is defined in site-info.def, then all the groups should be defined for all the supported VOs in the specified file.
    • If GROUPS_CONF is NOT defined, then the group.d directory must exist with one groups-<vo-name>.conf file per supported VO.
  • A local groups.conf file, that is used only within a specific site and that is independent from the general groups that a VO needs to deploy in a site, can be defined by using the variable LOCAL_GROUPS_CONF where all the special groups for a certain site can be defined.

• site-info.def changes
  • Removed variables:
    • many variables have been moved to site-info.pre since they contain default values: INSTALL_ROOT, LCG_REPOSITORY, CA_REPOSITORY, REPOSITORY_TYPE, YAIM_LOGGING_LEVEL, FUNCTIONS_DIR, MY_DOMAIN, JAVA_LOCATION, OUTPUT_STORAGE, EDG_WL_SCRATCH, CRON_DIR, CE_DATADIR, SE_ARCH, REG_HOST, BATCH_BIN_DIR, BDII_FCR, BDII_SITE_TIMEOUT, BDII_RESOURCE_TIMEOUT, GIP_CACHE_TTL, GIP_FRESHNESS, GIP_RESPONSE, GIP_TIMEOUT
  • New variables:
    • BDII_LIST: Optional variable that it is used to specify a list of top level BDIIs to support the automatic failover in the GFAL clients. The syntax is a comma separated list of hostnames and ports: hostname1:port1[,hostname2:port2[...]]

• site-info.pre changes
  • New variables:
    • It now contains all the variables listed in the previous item.
    • CONFIG_USERS: It's used to enable/disable user configuration. It's set to yes by default. If set to no, the sys admin must ensure the pool account users and the users defined in $INSTALL_ROOT/glite/yaim/examples/edgusers.conf are created in the machine. In any case, the sys admin must provide a users.conf file with the pool accounts so that YAIM is able to create the gridmap file.
    • The service users needed by the middleware can now be configured. The default values are:
      • DPMMGR_USER=dpmmgr
      • DPMMGR_GROUP=dpmmgr
      • LFCMGR_USER=lfcmgr
      • LFCMGR_GROUP=lfcmgr
      • EDG_USER=edguser
      • EDG_GROUP=edguser
      • EDGINFO_USER=edginfo
      • EDGINFO_USER=edginfo
      • RGMA_USER=rgma
      • RGMA_GROUP=rgma
      • GLITE_USER=glite
      • GLITE_GROUP=glite
      • GLITE_HOME_DIR=/home/glite
      • INFOSYS_GROUP=infosys
    • LOCAL_GROUPS_CONF: Optional variable that specifies the file defining local groups.conf (should follow the same syntax described in /opt/glite/yaim/examples/groups.conf.README)
• site-info.post changes
  • New variables:
    • EDGUSERS: List of service users. The default value is ${INSTALL_ROOT}/glite/yaim/examples/edgusers.conf. For more details, please check ${INSTALL_ROOT}/glite/yaim/examples/edgusers.conf.README

Patch #1813: glite-yaim-core 4.0.4-2

• Remove fix for bug #14813

Patch #1709: glite-yaim-core 4.0.4-1

• 36 Bug fixes
  • Fix for bug #33885: GLOBUS_TCP_PORT_RANGE contains now a default variable.
  • Fix for bug #33755: config_vomsdir is only executed for the VOS that define the VO__VOMS_CA_DN variable.
  • Fix for bug #33593: defaults/node-type.post files are also sourced.
  • Fix for bug #33530: Improved grid-env-funcs.sh to deal with :.
  • Fix for bug #33377: YAIM should prepend and not append
  • Fix for bug #33170: Improved YAIM argument parsing.
  • Fix for bug #32897: Improved comment when -v option is used.
  • Fix for bug #32731: __GROUP_ENABLE variables are now controlled in config_gip.
  • Fix for bug #32727: rm -rf is now used.
  • Fix for bug #32706: lcg-CE is used instead of CE.
  • Fix for bug #32275: yaim command must not "set -a"
  • Fix for bug #32674: GLITE_LOCATION_VAR is now part of the environment.
  • Fix for bug #31897: Now one can define LCAS_DB_FILE, BANNED_DB_FILE and LCMAPS_DB_FILE in node type pre files, like glite-wms.pre, to use in config_lcas_lcmaps_gt4.
  • Fix for bug #31896: site-info.def comments improved
  • Fix for bug #31895: New variable BDII_BDII_URL
  • Fix for bug #31831: /opt/glite/var/tmp/gip/ and /opt/glite/etc/gip/ldif/ are created if they don't exist.
  • Fix for bug #31762: yaim enhancement, rpm creation from the configuration files.
  • Fix for bug #31505: GLOBUS_TCP_PORT_RANGE syntax checking is only done when the variable is defined
  • Fix for bug #31401: glite-{LFC,DPM}_oracle don't need oracle-instantclient-devel either
  • Fix for bug #31288: YAIM now checks whether site-info.def is syntactically correct.
  • Fix for bug #29595: BDII endpoint location change should be mentioned in the documentation.
  • Fix for bug #29539: home area can be now specified for the pool accounts.
  • Fix for bug #28446: GlueSAAccessControlBaseRule contains now a VO: prefix
  • Fix for bug #27571: YAIM's -check functionality should check the host certs as well.
  • Fix for bug #22605: gram:// is added in the GlueServiceUniqueID of WMS and RB.
  • Fix for bug #20804: The GlueCEInfoContactString is now a correct URL.
  • Fix for bug #17287: spaces in CA name are now taken into account when creating the vomses file.
  • Fix for bug #14813: yaim exits if the file permissions of siteinfo dir are different from 700.
  • Fix for bug #7709: correct endpoints.
• New features
  • Create siteinfo rpm: a new option, -p, has been implemented to allow creating an rpm with your configuration file directory. This allows to reuse the configuration in other nodes by just installing the rpm. Man pages are updated to contain the explanation of the new option. The function implementing this feature is called create_siteinforpm.
  • Modify config_vomsmap to take into account that WMS only uses groups.conf and not the classic gridmap file anymore.
  • Added _check function in config_host_certs
  • For SITE_HTTP_PROXY changed misleading "myproxy" to "http-proxy".
  • Update in the config_file utility to change "echo" with "yaimlog".
  • Improvement of config_users: allow '-' to explicitly signal the absence of a secondary group; skip secondary group if it is equal to the primary group; Correction: use "-G" option of "useradd" only when there are secondary groups.
  • Extended users.conf and groups.conf documentation: Improved groups.conf.README and users.conf.README
  • The 'requires' utility has been improved to control __GROUP_ENABLE variables.
• Removed features
  • Old version of gridview service configuration has been removed: config_gridview.
  • Removed obsolete "/VO=...../GROUP=" syntax in groups.conf.
• site-info.pre changes
  • New variables:
    • FQANVOVIEWS: FQAN VO view publishing. Turned off by default.
  • Removed variables:
    • DPM_DB and DPNS_DB: they are now defined by the DPM yaim module.
• site-info.def changes
  • New variables:
    • BDII_BDII_URL: URL of the information producer of the site BDII.
    • USER_HOME_PREFIX: It's an optional variable used to specify a home directory for the pool accounts different from /home. The directory must exist in the system. YAIM is not creating it. If it doesn't exist, when trying to add the users, the yaim command will fail. So sys admins must ensure the directory specified by this variable already exists.
    • GLITE_LOCATION_VAR: this is a variable defined by default in site-info.post. If the sys admin wants to change the default value ${GLITE_LOCATION}/var, it's necessary to declare GLITE_LOCATION_VAR in site-info.def with the desired value. It will overwrite the default one and it will become part of the gLite environment.
  • Removed variables:
    • VO_ATLAS_POOL_PATH: this is an obsolete variable.

• Notes on new features:
  • config_vomsdir: The function config_vomsdir creates the following directory structure per supported VO:

/etc/grid-security/vomsdir/vo_name/voms1_hostname.lsc
/etc/grid-security/vomsdir/vo_name/voms2_hostname.lsc
...
/etc/grid-security/vomsdir/vo_name/vomsN_hostname.lsc

In each VO directory there will be a .lsc file per supported VOMS server containing:

• one line with the VOMS server certificate DN
• one line with the CA DN of the VOMS server certificate

The DNs are automatically copied from the site-info.def variables:

• VO__VOMSES
• VO__VOMS_CA_DN (present in site-info.def since glite-yaim-core 4.0.3-6)

The .lsc files will replace the existing lcg-vomscerts rpm. Once config_vomsdir is run, the files installed by lcg-vomscerts are ignored. This means you have to make sure that the mentioned variables are correctly defined.

It's now possible to select for which VOs we want to create the .lsc files. In order to do that, the variable VO__VOMS_CA_DN should be defined for the desired VOs. If the variable is not defined, nothing will be done.

The current yaim modules containing config_vomsdir in their function list are:

• glite-yaim-lcg-ce 4.0.3-7

If you want to automatically configure the .lsc files in other node types, you can run:

 ./yaim -r -s site-info.def -n glite-<node_type> -f config_vomsdir 

• • FQAN VOView publishing: If you want to enable the FQAN VOView publishing, please remember to define FQANVOVIEWS=yes in site-info.def. YAIM will automatically generate the DENY tags. Don't change the default value if you actually don't know what you're doing. If you want to read more about the Job Priority Working Group please, check their home page.

-- MariaALANDESPRADILLO - 10 Jan 2008