The primary goal of the VDT 1.3.11 (forthcoming) is to upgrade VOMS and VOMS Admin. In particular, VOMS Admin 1.2.10 that is in VDT 1.3.10 has a bug that prevents users from having more than one role when using MySQL as the database.
To date, we have upgraded to VOMS 1.6.16-7 and VOMS Admin 1.2.15, both of which are slated for inclusion in the final gLite 3.0 release. In our nightly tests, they seem to be performing well. We have not yet tried to verify that the multiple-roles bug has been fixed.
However, Tanya Levshina pointed out to the VDT team that there's an LCG Savannah bug on VOMS Admin 1.2.15 that is quite serious. It says that VOMS Admin has a resource leak that causes Tomcat to lock up and die after a very short time (few hours). We will keep an eye on the situation.
In VDT 1.3.11, we have upgraded CEMon to the latest 1.6 release (from 2006-02-20). It uses a new configuration scheme which is easier to work with at installation time. This is good. However, there's a problem: CEMon will not work with CA certificates installed outside of /etc/grid-security/certificates when acting as a client (i.e., for notifications). We have helped debug the problem, first reported by Tanya Levshina, and provided the developers with suggestions. We should hear from the developers next week.
In the meantime, we figured out how to make CEMon get data from the Generic
Information Provider (GIP). We are working on adding code to
configure_gip to script the process; it will require one extra
command-line option with no argument to
configure_gip. Once the
VDT team is finished making and testing the changes, we'll resubmit the
changes back to the Iowa folks for inclusing in subsequent versions of
John Weigand wondered if
configure_gip could be made to configure
the GIP for SRM without requiring console interaction. In general, the answer
is yes, but probably not by getting configuration information from the
command-line, because there are too many values to set. For now, the Iowa
folks will work on pulling the information from
osg-attributes.conf, if it exists.
It was reported that John Hover, the new GUMS developer, thinks that the GUMS resource leak problem may stem from Tomcat 5.0 itself. If so, the solution may be to run GUMS under Tomcat 5.5. The VDT team has talked about the need to run both Tomcat 5.0 and 5.5 – as we did with Tomcat 4 and 5 – but we have not yet started looking into the technical details. It sounds like GUMS may force us in this direction. We will contact John Hover directly and find out what's going on.
Burt reported that he had been combing through and cleaning up log files. He
noticed that the pre-WS gatekeeper logs are really bad about printing
important information like timestamps, job IDs, and PIDs. He requested that
the VDT team push this information to Globus. Also, the gatekeeper does its
facility logging as
daemon; it would be nice to have that changed
to a local account.
Burt asked whether the bug in the GridFTP server, initially reported by Wayne Betts and reported as fixed by Bill Allcock, will be fixed in VDT 1.3.11. Without Alain available, the VDT team was unsure; we can discuss this issue again at the next office hours. For completeness, Burt forwarded the email thread to the VDT team.
Marco had some questions about an ongoing problems with UNSUBMITTED jobs remaining in a Condor-G queue even after troubles with the gatekeeper were resolved. Ultimately, the discussion was taken offline; Tim will follow up with Jaime Frey on the Condor team for more help.
It was reported that
vdt-change-user does not drop the privilege
group appropriately. The bug will be filed in the VDT ticket tracking system.