Note: This web site is only kept up to date for OSG Software 1.2 (VDT 2.0.0). If you are looking for information for the most recent release, the RPM-based OSG Software 3.0, please see the OSG documentation web site

VDT Office Hours 30 March 2006


VOMS & VOMS Admin Status

The primary goal of the VDT 1.3.11 (forthcoming) is to upgrade VOMS and VOMS Admin. In particular, VOMS Admin 1.2.10 that is in VDT 1.3.10 has a bug that prevents users from having more than one role when using MySQL as the database.

To date, we have upgraded to VOMS 1.6.16-7 and VOMS Admin 1.2.15, both of which are slated for inclusion in the final gLite 3.0 release. In our nightly tests, they seem to be performing well. We have not yet tried to verify that the multiple-roles bug has been fixed.

However, Tanya Levshina pointed out to the VDT team that there's an LCG Savannah bug on VOMS Admin 1.2.15 that is quite serious. It says that VOMS Admin has a resource leak that causes Tomcat to lock up and die after a very short time (few hours). We will keep an eye on the situation.


In VDT 1.3.11, we have upgraded CEMon to the latest 1.6 release (from 2006-02-20). It uses a new configuration scheme which is easier to work with at installation time. This is good. However, there's a problem: CEMon will not work with CA certificates installed outside of /etc/grid-security/certificates when acting as a client (i.e., for notifications). We have helped debug the problem, first reported by Tanya Levshina, and provided the developers with suggestions. We should hear from the developers next week.

In the meantime, we figured out how to make CEMon get data from the Generic Information Provider (GIP). We are working on adding code to configure_gip to script the process; it will require one extra command-line option with no argument to configure_gip. Once the VDT team is finished making and testing the changes, we'll resubmit the changes back to the Iowa folks for inclusing in subsequent versions of configure_gip.

John Weigand wondered if configure_gip could be made to configure the GIP for SRM without requiring console interaction. In general, the answer is yes, but probably not by getting configuration information from the command-line, because there are too many values to set. For now, the Iowa folks will work on pulling the information from osg-attributes.conf, if it exists.

GUMS Update

It was reported that John Hover, the new GUMS developer, thinks that the GUMS resource leak problem may stem from Tomcat 5.0 itself. If so, the solution may be to run GUMS under Tomcat 5.5. The VDT team has talked about the need to run both Tomcat 5.0 and 5.5 – as we did with Tomcat 4 and 5 – but we have not yet started looking into the technical details. It sounds like GUMS may force us in this direction. We will contact John Hover directly and find out what's going on.

Other Questions and Comments

Burt reported that he had been combing through and cleaning up log files. He noticed that the pre-WS gatekeeper logs are really bad about printing important information like timestamps, job IDs, and PIDs. He requested that the VDT team push this information to Globus. Also, the gatekeeper does its facility logging as daemon; it would be nice to have that changed to a local account.

Burt asked whether the bug in the GridFTP server, initially reported by Wayne Betts and reported as fixed by Bill Allcock, will be fixed in VDT 1.3.11. Without Alain available, the VDT team was unsure; we can discuss this issue again at the next office hours. For completeness, Burt forwarded the email thread to the VDT team.

Marco had some questions about an ongoing problems with UNSUBMITTED jobs remaining in a Condor-G queue even after troubles with the gatekeeper were resolved. Ultimately, the discussion was taken offline; Tim will follow up with Jaime Frey on the Condor team for more help.

It was reported that vdt-change-user does not drop the privilege group appropriately. The bug will be filed in the VDT ticket tracking system.