VDT logo
Search:

(Powered by Google)

Note: This version of the VDT (1.10.1) is supported, but is not our latest stable release. The current stable release is 2.0.0.

VDT 1.10.1i Update

On 2008-09-11, the VDT team announced the release of VDT 1.10.1i.

Changes to VDT 1.10.1i

  1. Note: this is a mandatory update for anyone using vdt-update-certs to check for CA Certificate updates.

    The VDT changed how we deliver CA Certificates. The VDT will no longer automatically install Certificates Authorities during installation. More information (VDT ticket 3727) (VDT ticket 3803)
    Exception: if you use the VDT's RPM (or yum repository) for installing the CA certificates, please continue using it for now.b It is not being changed now.

  2. The OSG RSV probes have been updated to work with the new certificate distribution system. (VDT ticket 3921)
  3. In previous releases, the VDT installation replaced the Globus grid-cert-request script with the DOEGrids CA’s version of the grid-cert-request script. We no longer do that. If you wish to use the DOEGrids version of this script, you can download it directly from them. If you are a member of OSG, you might find the certificate scripts package a useful replacement. Details on using the certificate scripts package to get host and service certificates.   (VDT ticket 3413)
  4. The configure_voms and configure_vomrs scripts (from the Configure-VOMS and Configure-VOMRS packages) have been updated so that on a new installation, they no longer create the VDT VO. This was necessary to prevent errors at installation time since there are no longer CA certificates present at installation time, but creating the VDT VO requires CA Certificates. We don't have update instructions for these packages because you do not need to do an update: it only affects new installations.

Updating to VDT 1.10.1i

If you installed VDT 1.10.1 after VDT 1.10.1i was released on 2008-09-11, you do not need to do any of these update operations because you will have 1.10.1i.

The best way to do the update is to update the individual packages that have changed. To be clear, we do not recommend using pacman -update without specifying specific package names. Also note that you only need to update packages if you installed them. You can see what packages have been installed with: 

pacman -lc

Common update directions

Before you do the update directions that follow, please run the following commands. They apply for all of the updates. 

cd $VDT_LOCATION
. setup.sh
vdt-control --off
cp -pr $VDT_LOCATION BACKUP-LOCATION

The copy command makes a complete backup of your VDT installation, in case something goes wrong. Do not skip this step!

1. Updating CA-Certificates

This update (and all new VDT installations after this update is released) will require additional configuration to setup the CA Certificates after install. After issuing the "pacman -update" command below, you will not have CA certificates until running vdt-setup-ca-certificates.

  1. Fetch the update 
    pacman -update CA-Certificates

# If you have installed the Configure-Cert-Request package (included with most Globus packages), update it:
pacman -update Configure-Cert-Request
  2. Configure your CA Certificates. Instructions for this step are in the post-install/README file, and are also listed here for convenience.
    • Edit the value of cacerts_url in the configuration file at $VDT_LOCATION/vdt/etc/vdt-update-certs.conf

      This file contains URLs to CA Certificate distributions including the OSG GOC distribution with certificates recommended by the OSG Security Team, as well as the VDT convenience distribution. You must uncomment one of these (or create your own), and then run the commands below to activate the certificate updates. More information.

    • Run the following command: 
      . $VDT_LOCATION/vdt-questions.sh; $VDT_LOCATION/vdt/sbin/vdt-setup-ca-certificates
    • Make sure vdt-update-certs is enabled, so that future certificate updates are fetched automatically. If you are running as root, you can use vdt-control to do this. 
      vdt-control --enable vdt-update-certs
vdt-control --on vdt-update-certs
  3. If you install the certificates into /etc/grid-security, you might have a leftover symlink named doegrids. This is safe to delete 
    rm /etc/grid-security/doegrids

2. Updating OSG-RSV

Unlike previous RSV updates, you will not need to re-configure OSG-RSV afterwards because only the probes are being updated. 

pacman -update OSG-RSV-Probes