gLite VOMS Server and Administration Tools

1. Release Description

This release contains the gLite VOMS Server and Administration Tools module v. 2.0.0. The following sections provide additional information about the release content, the module dependencies, the know bugs and issues and a list of bugs closed since the previous release. For information about installing and using the gLite VOMS Server and Administration Tools, please refer to the gLite Installation and User Guides.

2. Changes in this Release

This release contains the following changes:

 

• The new VOMS server has now support for Oracle backends. Support for Oracle in the web based admin tools will be added in a future release
• The single VOMS RPM has been replaced by smaller RPMS of specific functions (server, apis, config, etc).
• The mysql libraries have been extracted from the VOMS packages and separate glite-security-voms-mysql and glite-security-voms-oracle has been added.
• Added the --configure option to the configuration script. Once the script is executed with the   --configure option, it is necessary to run it again with the --start option in order to start the services.
• The variable voms.db.type variable has been added to the system section. The default value is mysql, though in a future it could also be oracle.
• The variable voms.db.mysql.library with default value ${GLITE_LOCATION}/lib/libvomsmysql.so has been added to specify which mysql library should be loaded.
• R-GMA Service Publisher parameters updated to use new common conventions (please make sure you use the new configuration templates)
• Bug fixes

3. Release contents

The gLite VOMS Server and Administration Tools v. 2.0.0 is composed of the following gLite components:

 

Component name	Description	Version	File
glite-config	gLite configuration scripts	1.2.1	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-config-1.2.1-1.noarch.rpm
org.glite.rgma-api-java	Java API for R.GMA	4.1.5	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-rgma-api-java-4.1.5-1.noarch.rpm
org.glite.rgma-base	R.GMA basic configuration and documentation	4.1.19	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-rgma-base-4.1.19-1.noarch.rpm
org.glite.rgma-common.config	gLite rgma common configuration items installation	5.0.0	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-rgma-common-config-5.0.0-1.noarch.rpm
org.glite.rgma-servicetool	R.GMA service tool	4.1.19	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-rgma-servicetool-4.1.19-3.noarch.rpm
org.glite.rgma-servicetool-config	gLite R.GMA servicetool installation	5.0.0	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-rgma-servicetool-config-5.0.0-1.noarch.rpm
org.glite.rgma-stubs-servlet-java	Java client implementation stubs for R.GMA	4.1.12	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-rgma-stubs-servlet-java-4.1.12-1.noarch.rpm
org.glite.security.trustmanager	The java certificate path checkin for proxy certs in SSL with plugins for tomcat and axis.	1.7.3	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-security-trustmanager-1.7.3-1.noarch.rpm
org.glite.security-util.java	The java utilities library for security	1.1.2	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-security-util-java-1.1.2-2.noarch.rpm
org.glite.security-utils.config	gLite Security Utilities configuration files	1.0.2	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-security-utils-config-1.0.2-2.noarch.rpm
org.glite.security-voms-admin.client	gLite VOMS Administration clients	1.0.7	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-security-voms-admin-client-1.0.7-1.noarch.rpm
org.glite.security-voms-admin.interface	gLite VOMS Administration service (interface)	1.0.2	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-security-voms-admin-interface-1.0.2-1.noarch.rpm
org.glite.security-voms-admin.server	gLite VOMS Administration service	1.1.2	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-security-voms-admin-server-1.1.2-1.noarch.rpm
org.glite.security-voms.api		1.5.9	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/i386/RPMS/glite-security-voms-api-1.5.9-0.i386.rpm
org.glite.security-voms-api.c		1.5.9	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/i386/RPMS/glite-security-voms-api-c-1.5.9-2.i386.rpm
org.glite.security-voms-api.cpp		1.5.9	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/i386/RPMS/glite-security-voms-api-cpp-1.5.9-0.i386.rpm
org.glite.security-voms.clients		1.5.9	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/i386/RPMS/glite-security-voms-clients-1.5.9-0.i386.rpm
org.glite.security-voms.config		1.5.9	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/i386/RPMS/glite-security-voms-config-1.5.9-0.i386.rpm
org.glite.security-voms.mysql		1.0.3	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/i386/RPMS/glite-security-voms-mysql-1.0.3-0.i386.rpm
org.glite.security-voms.server		1.5.9	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/i386/RPMS/glite-security-voms-server-1.5.9-0.i386.rpm
org.glite.voms-server.config	gLite VOMS Server and Admin Tools node configuration files	2.0.0	../../../../../../../glite-web/egee/packages/R1.2/R20050715/bin/rhel30/noarch/RPMS/glite-voms-server-config-2.0.0-3.noarch.rpm

 

4. Dependencies

The gLite Computing Element module has the following dependencies:

 

Component name	Version	RPM file name
GPT	VDT 1.2.2	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/gpt-VDT1.2.2rh9-1.i386.rpm
VDT Globus Essentials	VDT 1.2.2	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/vdt_globus_essentials-VDT1.2.2rh9-1.i386.rpm
MySQL-server	4.1.11	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/MySQL-server-4.1.11-0.i386.rpm
MySQL-client	4.1.11	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/MySQL-client-4.1.11-0.i386.rpm
perl-Crypt-SSLeay	0.51	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Crypt-SSLeay-0.51-4.i386.rpm
perl-Authen-SASL	2.08	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Authen-SASL-2.08-1.1.el3.rf.noarch.rpm
perl-Digest-HMAC	1.01	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Digest-HMAC-1.01-11.1.noarch.rpm
perl-Digest-SHA1	2.01	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Digest-SHA1-2.01-15.1.i386.rpm
perl-MIME-Lite	2.117	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-MIME-Lite-2.117-2.1.el3.rf.noarch.rpm
perl-Net-Jabber	2.0	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Net-Jabber-2.0-1.1.el3.rf.noarch.rpm
perl-Net-XMPP	1.0	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-Net-XMPP-1.0-1.1.el3.rf.noarch.rpm
perl-SOAP-Lite	0.60a	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-SOAP-Lite-0.60a-1.1.el3.rf.noarch.rpm
perl-XML-Stream	1.22	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/perl-XML-Stream-1.22-1.1.el3.rf.noarch.rpm
Tomcat5	5.0.28	../../../../../../../glite-web/egee/packages/externals/bin/rhel30/RPMS/tomcat5-5.0.28-9_EGEE.noarch.rpm
Java SDK/JRE	1.4.2	http://java.sun.com/j2se/1.4.2/download.html

 

5. Known bugs and issues

This release has the following bugs and issues. Bug numbers refer to the gLite Bug Tracking system database hosted on the CERN Savannah system at https://savannah.cern.ch/bugs/?group=jra1mdw .

 

• VOMS Admin outputs internal database inconsistency faults on getGridmapUsers under certain conditions whereby a user is registered with the same certificate subject, but on a CA with a new key. The problem is due to a faulty SQL query. A fix has been produced, but it will be released in VOMS Admin 1.2.0
• The VOMS Admin Server RPM tries to execute some configuration scripts that may output warnings in certain conditions. The messages can be ignored, since configuration is handled by the configuration scripts as explained in the gLite Installation Guide.
• It is not possible to update the values of a VO once it has been created.
• No removal procedure is provided with this release apart from the removal of the RPMS. Any account, group or other resource created during the module configuration must be manually cleaned.

 

Known open bugs:

 

Bug number	Description
#3739	VOMS registration error
#3887	VOMS and user name assignment
#4119	[VOMS] The VO user policy/licensing is not shown perhaps not installed
#4637	VOMS API should offer a simpler way of processing the VOMS attribute certs
#7193	[VOMS Admin] The mechanism for getting notification addresses for admin users does not work
#7634	VOMS ldap synch and signing policies
#7660	hard-wired defaults in voms_install_db
#7662	references to EDG license in voms
#7663	edg licence in voms-admin
#8295	Welcome to VOMS! doesn't tell you the VO name
#8508	overview: voms deployment scripts drop all VO members on a rerun
#8531	Problem to start the VOMS server - conflict with detected DB version
#8535	error during glite voms configuration
#8543	VOMS install script tries to alter the database password and fails the srcipt on it
#8544	VOMS install
#8573	voms-proxy-init problem..( or voms installation problme?)
#8582	voms webui: Couldn't find the configuration file.
#8603	VOMS (core) service can't restart after crash when log file is at 2GB.
#9028	Error in the configuration script of voms
#9049	Mail from VOMS refers to edg
#9077	voms-proxy-init man page should include role syntax
#9080	Command line tool to list groups and roles
#9089	VOMS display shows everyone in each group even if empty.
#9105	VOMS not working with edg-mkgridmap.
#9151	voms-admin doesn't send notification to admins
#9168	[VOMS Admin] --fileinstall switch to voms-admin-configure fails
#9169	[VOMS Admin] Incorrect/inconsistent use of GLITE_LOCATION_LOG
#9170	[VOMS Admin] --fileinstall still requires valid MySQL location
#9171	[VOMS Admin] Tomcat group check too restrictive
#9172	[VOMS Admin] Allow for alternate invocation methods for MySQL
#9173	[VOMS Admin] VOMS must be in gLite location
#9178	voms/vomrs tomcat5 dies out of memory
#9218	[VOMS Admin] voms-admin fails with SSL and non-standard certificate dir
#9302	VOMS-admin Welcome page
#9339	VOMS Admin: Host cert information is outdated
#9340	VOMS Admin: Host cert must be easily downloadable from the web interface
#9408	VOMS Admin spits internal database inconsistency faults on getGridmapUsers
#9560	[VOMS Admin] Implement user privilage summary page
#9561	[VOMS Admin] Implement implicit permissions
#9562	[VOMS Admin] Don't list operations that the user will not be able to execute
#9576	VOMS fails to verify VOMS server certificate the first time after a VOMS_Init
#9577	VOMSValidator throws exception if directory /etc/grid-security/vomsdir/ does not exist
#9596	voms-proxy-info doesn't validate the signature
#9602	Maximum life of the VOMS AC should be configurable
#9603	voms-proxy-init fails with a long VO name
#9643	voms-proxy-init change of behaviour

 

Fixed in this or previous releases, but not yet tested:

Bug number	Description
#4540	overview: [VOMS] Can't assign roles to users
#5009	VOMS: making it possible to assign roles more freely
#5166	[VOMS Admin] Couldn\\\'t handle the Russian CA issued personal certificates
#5356	unecessary file org.glite.security.voms/src/include/config.h.in
#5403	org.glite.security.voms-admin-server fails to build
#5495	Can\'t execute voms-admin-configure because of missing module
#6060	voms_install_db cannot be run properly with MySQL relocated
#6139	Configuration ifnormation for the vomses file on the VOMS Admin website is not showing
#6612	voms-admin requires following patch on voms core
#6678	VOMS_Contact() crashes
#7011	glite-voms-server-config DBA password should be optional
#7311	voms build does not use expat.location from the repository
#7511	VOMS_FindByVO() doesn't work without user's local configuration
#7665	rvoms-admin-configure as pm post install script
#7890	VOMS attribute validation fails in java VOMS parser
#7905	Support for GLOBUS_FLAVORS needed by broker missing in VOMS.
#7990	The vomses example file is missing from the VOMS Admin installation
#8012	glite-security-voms-admin-server installed before tomcat user exists.
#8036	VOMS server upgrade fails due to conflicts
#8092	Multiple "/opt/glite/var/etc/voms-admin/<VO name>/vomses" file problems
#8343	voms_install_db.sgml problem
#8357	org.glite.security.voms/src/configure.in bug when checking for GLOBUS_FLAVORS
#8605	Errors in the glite-voms-server.cfg.xml file
#8641	problem with user creation through glite voms-admin
#8706	VOMSLDAP.pm is in both voms-admin-client and voms-admin-server packages
#8750	VOMS Server uses a blocking socket
#8756	VOMS install script fails on XML parsing of the .cfg.xml file
#8869	[VOMS Admin] Multiple vomsd configuration problems in voms-admin-configure
#8870	[VOMS Admin] The admin service fails to work with VOMS 1.5.x.

 

6. Bugs closed since last release

This release fixes the following bugs and issues. Bug numbers refer to the gLite Bug Tracking system database hosted on the CERN Savannah system at https://savannah.cern.ch/bugs/?group=jra1mdw  

 

Bug number	Description
#4122	overview: [VOMS] In the request detail the E-Mail address =<null>
#4484	Can't setup a VOMS server with a VO name longer then six characters
#5561	[VOMS Admin] Couldn't send e-mail for the registration request
#6428	VOMS lock files are going into the wrong place
#6930	VOMS & VOMS Admin services should publish to the Service table
#7243	Access denied error on GLOBAL ACL section of VOMS Admin
#7450	glite-voms-server-config.py ignore the JAVA_HOME definition of the configuration .xml file
#7453	glite-voms-server-config.py dies with unknown error
#7445	glite-voms-server-config.py -h -v -c gives error (v1.0.10)
#7628	voms installer has references to CE
#7636	voms configuration script fails
#7637	voms script fails with an IndexError
#7638	many parameters in the voms server configuration are cryptic
#7658	voms-server configuration script does not add vo administrators
#7696	voms-admin request details not complete
#7762	glite-voms-server-config.py fails
#7986	Unreplaced tokens in VOMS Admin web interface
#7989	VOMS Admin confirmation messages display (null) instead of VO name
#8006	voms-admin-server and role attribute
#8026	VOMS cannot accept proxy for authentication
#8679	Can’t create a proxy certificate with voms-proxy-init
#8799	list voms users with glite-security-mkgridmap-2.1.1-1
#8868	[VOMS Admin] Subgroup creation is not possible on the web interface
#8981	glite-voms-server.cfg.xml is not valid XML file
#8988	glite-security-voms-api-c unnecessary dependency on MySQL
#8991	voms-api-c does not install under /opt/glite
#9041	Error in the configuration script of voms
#9085	VOMS display shows everyone in each group even if empty.
#9129	VOMS test script isn't in the release
#9145	VOMS - Internal database inconsistency detected: Request no. 6 has an invalid type
#9150	voms-admin contains all VO user in the VO-Admin Role
#9305	Registration of new VO members fail with database errors
#9515	voms-proxy-init error