VDT Office Hours 16 March 2006

Attendees

• Alain Roy (VDT)
• Tim Cartwright (VDT)
• Andy Pavlo (VDT)
• Anand Padmanabhan (Iowa)
• Eric (Iowa)
• John Weigand (Fermi)
• Vikram Andem (Fermilab)
• Doug Olson
• Rob Quick (Indiana)
• Burt Holzman (Fermilab)

Missing CRLs

Doug Olson has looked at the most recent CA release (v12). Some CAs CRL is empty, and others have no crl_url file. These are:

• The NASA CA should be removed from the certificate because it is defunct.
• A couple SwissSign CAs have empty CRLs, but it is not a problem because they have not yet issued any certificates.
• The SDSC crl_url file is missing, and was just missed. The VDT team will add it.
• The NCSA crl_url file is missing, and was just missed. The VDT team will add it.
• The Telescience URL seems to be for a computer name that doesn't match the certificate name for the computer: changing the URL should be a sufficient fix.
• The KEK CA has a problem that we don't know how to diagnose. Given that we aren't aware of any VDT users of this CA, we won't sweat it for now. The error is:

  wget --ca-directory=${X509_CERT_DIR}  -t 3 -T 30 https://gridca.kek.jp/repository/617ff41b.r0
  --17:30:24--  https://gridca.kek.jp/repository/617ff41b.r0
             => `617ff41b.r0'
  Resolving gridca.kek.jp... 130.87.105.194
  Connecting to gridca.kek.jp|130.87.105.194|:443... connected.
  ERROR: Certificate verification error for gridca.kek.jp: unable to get local issuer certificate
  To connect to gridca.kek.jp insecurely, use `--no-check-certificate'.
  Unable to establish SSL connection.

State of VDT 1.3.10a

Four bugs were fixed in VDT 1.3.10a, which will be released today.

• Removed a hard-coded, incorrect pathname from the managed fork jobmanager that prevented it from working outside of the VDT facility
• Fixed a bug that prevented the managed fork job manager from recognizing a pre-existing Condor installation.
• Added a new environment variables (VOMS_USERCONF) so voms-proxy-init can find the vomses file that is in the VDT_LOCATION.
• Added an extra configuration variable to Condor to work around a bug in Condor 6.7.17.

site_verify and managed_fork

John Weigand reports that site_verify fail when using the managed fork job manager. Rob Quick reports that gridcat fails when using the managed fork jobmanager. We believe the managed fork job nanager is working correctly and these are likely problems in those tools, but we don't konw. Alain wants to understand what the problems are, in case it's a sign of a deeper problem that needs to be fixed in the managed fork jobmanager or the VDT.

64-bit installations

Burt told us about his testing of 32-on-64 bit and 64-bit installs. Functionally everything seemed to work, except for MIS-CI which is linking against 32-bit libraries instead of 64-bit libraries, but it's not part of the VDT. VOMS on 64-bit.

GUMS memory problems

We haven't heard any updates.