Tags:
, view all tags

Certification report patch 3407

Author: Elisabetta Molinari

Outcome: In certification...

Automatic tests

  • tests on voms core were run automatically as a result of a build in etics, see here
  • voms-cli automatic testing---> run the voms-cli tests from the testsuite here, after adjustying the error messages to the new ones:
    • here's a result of the command './myCheck-VOMS -n voms-rd02-21.cnaf.infn.it -l test-sequence.lst.voms-admin'
      Test VOMS-addMember   - OK
      Test VOMS-assignRole   - OK
      Test VOMS-crAttribute   - OK
      Test VOMS-crGroup   - OK
      Test VOMS-crRole   - OK
      Test VOMS-crUser   - OK
      Test VOMS-crUserNocert   - OK
      Test VOMS-delAttribute   - OK
      Test VOMS-delGroup   - OK
      Test VOMS-delGroupAttribute   - OK
      Test VOMS-delRole   - OK
      Test VOMS-delRoleAttribute   - OK
      Test VOMS-delUser   - OK
      Test VOMS-delUserAttribute   - OK
      Test VOMS-dismissRole   - OK
      Test VOMS-listAttributes   - OK
      Test VOMS-listGroupAttributes   - OK
      Test VOMS-listGroups   - OK
      Test VOMS-listMembers   - OK
      Test VOMS-listRoleAttributes   - OK
      Test VOMS-listRoles   - OK
      Test VOMS-listSubGroups   - OK
      Test VOMS-listUserAttributes   - OK
      Test VOMS-listUserGroups   - OK
      Test VOMS-listUserRoles   - OK
      Test VOMS-listUsers   - OK
      Test VOMS-listUsrWithRol   - OK
      Test VOMS-removeMember   - OK
      Test VOMS-setGroupAttribute   - OK
      Test VOMS-setRoleAttribute   - OK
      
      here's the full result report

Clean installation

  • installation steps:
     wget http://etics-repository.cern.ch:8080/repository/pm/volatile/repomd/id/fa01c264-37cc-4539-a3b3-da59486a13dd/sl5_x86_64_gcc412/etics-volatile-build-by-id.repo
    yum install glite-VOMS_mysql
    yum install lcg-CA
  • configuration steps:
    copy siteinfo.def and services/glite-voms_mysql from '/opt/glite/yaim/examples/siteinfo' into your favourite dir. Rename glite-voms_mysql as glite-voms
    Set yaim variables as specified here https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables
    Launch  '/opt/glite/yaim/bin/yaim -c -s site-info.def -n VOMS'
    

  • yaim problems found:
    • does NOT launch the webapp with the following:
      init-voms-admin.py --start-siblings
    • does not set the path of the certificate file (in pem format) of an initial VO administrator. Here's a sample command to be used:
      voms-db-deploy.py add-admin --vo sa3test --cert /etc/grid-security/hostcert.pem

Upgrade from production

Check Bugs:

Voms Admin 2.5-cli

  • BUG #38150: "Extend member status in voms-admin" FIXED
    • checked that active and suspend status are present in the voms-admin webapp.
  • BUG #38151: "Implement member institutional expiration in voms-admin" FIXED
  • BUG #43127: "implement in voms-admin VO membership expiration bound to AUP version" FIXED
  • BUG #43129: "implement in voms-admin an authorisation-aware web UI" FIXED
  • BUG #43130: "multiple certificate support" FIXED
  • BUG #43189: "allow user to request his/her inclusion in a Group/Role in voms-admin" FIXED
  • BUG #43264: "voms-admin to keep user Registration Data in the VOMS database" FIXED
  • BUG #60328: "remove-certificate does not work" FIXED
    • tried with a non-existent pair DN/CA as in the following:
       voms-admin --vo sa3test --nousercert remove-certificate '/C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Elisabet' '/C=IT/O=INFN/CN=INFN'
      org.glite.security.voms.admin.database.NoSuchCertificateException: No certificate found matching subject '/C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Elisabet, /C=IT/O=INFN/CN=INFN'.
  • BUG #60329: "Not possible to restore a certificate from the command line" FIXED
    • launch
      voms-admin --vo sa3test suspend-certificate .globus/usercert.pem 'security incident'
    • launch
      voms-admin --vo sa3test restore-certificate .globus/usercert.pem
  • BUG #60337: "Locks held on access denied when processing membership requests" FIXED
    • Actually this, and all the other bugs regarding locks not being well manages, were due to an improper management of the hibernate session when exceptions were raised. This is fixed in the code now.
  • BUG #60483: "Unhandled exception when deleting groups containing subgroups & locks held" FIXED
    • create a group as for ex:
      voms-admin --vo sa3test create-group testgroup
    • create a subgroup as for ex:
      voms-admin --vo sa3test create-group testgroup/testsubgroup
    • try to delete the parent group 'testgroup' from the webadmin
    • no exception is returned but an error message as the following: "The group testgroup cannot be deleted since it contains subgroups"
  • BUG #51657: "delete-user does not treat Email= and emailAddress= as equivalent" FIXED
    • given the following usercert:
      openssl x509 -in cas/ca2/certs/08.pem -text -noout | more
      Certificate:
          Data:
              Version: 3 (0x2)
              Serial Number: 8 (0x8)
              Signature Algorithm: sha1WithRSAEncryption
              Issuer: DC=CH, DC=CERN, OU=EMAILCA, CN=emailca.cern.ch/emailAddress=emailca@cern.ch
              Validity
                  Not Before: Mar  8 20:32:58 2010 GMT
                  Not After : Mar  8 20:32:58 2011 GMT
              Subject: DC=CH, DC=CERN, OU=EMAILCA, CN=Test user 3/emailAddress=test_user_3@emailca.cern.ch
              Subject Public Key Info:
                  Public Key Algorithm: rsaEncryption
    • created a new user from the voms cli as in the following:
      voms-admin --vo sa3test create-user cas/ca2/certs/08.pem
       voms-admin --vo sa3test list-users
      ..........
      /DC=CH/DC=CERN/OU=EMAILCA/CN=Test user 3/Email=test_user_3@emailca.cern.ch, /DC=CH/DC=CERN/OU=EMAILCA/CN=emailca.cern.ch/Email=emailca@cern.ch - test_user_3@emailca.cern.ch
    • tried to delete the user:
       voms-admin --vo sa3test delete-user cas/ca2/certs/08.pem
      org.glite.security.voms.admin.persistence.error.NoSuchUserException: User '/DC=CH/DC=CERN/OU=EMAILCA/CN=Test user 3/Email=test_user_3@emailca.cern.ch,/DC=CH/DC=CERN/OU=EMAILCA/CN=emailca.cern.ch/emailAddress=emailca@cern.ch' not found in org.glite.security.voms.admin.persistence.error!
      voms-rd02-21
  • BUG #54613: "voms-admin-configure ignores --dbhost option when configuring mysql VO" FIXED
    • launched the following:
      voms-admin-configure install --vo adminDeploy --createdb --deploy-database --dbtype mysql --dbhost cert-10.cnaf.infn.it --port 15002 --dbusername 'admin_Deploy' --dbpassword 'pwd' --mail-from elisabetta.molinari@mi.infn.it --verbose --smtp-host smtp.cnaf.infn.it --dbapwd 'admin'
  • BUG #54614: "voms-admin-configure should not try to create an administrator if the --skip-database option is set" FIXED
  • BUG #56065: "voms-admin email notification behaviour should be configurable" FIXED
  • BUG #58656: "Unique GAs handling exception" FIXED
  • BUG #60517: "Unhandled exception when adding ACL entry" FIXED
    • add a new ACL entry for a non VO member
    • add another ACL entry for a non VO member setting the same subject as for the member above and a different CA
    • the following error message is returned:
      An administrator with the given subject already exists. Choose a different subject!
      Certificate subject: 
  • BUG #60600: "Problems with groups and roles having special characters in the name" FIXED
    • It does not allow to create group and roles with special characters in the name
  • BUG #60604: "Error adding a default ACL for a group" FIXED
  • BUG #61292: "VOMS Admin 2.0.7 Client fails with some (non-ASCII?) characters" FIXED
  • BUG #59918: "NullPointerException during group creation with slash in the name" FIXED
  • BUG #59919: "No warning when creating a group in a read-only context" FIXED
    • set the user to read only under '/sa3test/test'
    • tried to create a group under '/sa3test/test' and the following is returned:
      Insufficient privileges to execute 'CreateGroupOperation'.
  • BUG #59933: "Problem removing config backup" FIXED
  • BUG #59985: "'ALL' permission resolution" FIXED
    • set an ACL permission for a member to ALL
    • check in the voms admin webadmin the field for 'suspend' is set to yes
  • BUG #60256: "Unhandled 'UserAlreadyExists' Exception" FIXED
  • BUG #60264: "Uncought 'IllegalArgumentException' on request confirm" FIXED
    • tried to click on the confirmation link twice
  • BUG #60265: "Other VOs list not complete" FIXED
  • BUG #60296: "Database session problems when wrong request confirmation parameters are submitted" FIXED
    • Actually this, and all the other bugs regarding locks not being well manages, were due to an improper management of the hibernate session when exceptions were raised. This is fixed in the code now.
  • BUG #60308: "It is not possible to remove an AUP which has acceptance records" FIXED
  • BUG #60313: "Trigger reacceptance work only for the predefined AUP" FIXED
    • defined a new AUP with a new version
    • triggered re-acceptance to the existing members
  • BUG #60314: "Links in user AUP acceptance history displaying same AUP" FIXED

Voms core

  • see tests performed for patch #3142

-- ElisabettaMolinari - 2010-02-17

Topic attachments
I Attachment Action Size Date Who Comment
Unknown file formatEXT full_result manage 13.8 K 2010-03-17 - 10:01 UnknownUser voms-cli full result report
Edit | Attach | PDF | History: r34 | r26 < r25 < r24 < r23 | Backlinks | Raw View | More topic actions...
Topic revision: r24 - 2010-03-17 - ElisabettaMolinari
 
  • Edit
  • Attach
This site is powered by the TWiki collaboration platformCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback