Pre-certification of WMS 3.3.5
Repo:
name=ETICS Repository of task_26837_1
baseurl=http://etics-repository.cern.ch/repository/pm/registered/repomd/name/task_26837_1
Machine: devel11.cnaf.infn.it
Globus libraries:
globus-gsi-openssl-error-0.14-8.el5
globus-gsi-callback-2.8-2.el5
globus-xio-2.8-4.el5
globus-xio-gsi-driver-0.6-7.el5
globus-authz-0.7-4.el5
globus-xio-popen-driver-0.9-3.el5
globus-gridftp-server-control-0.46-1.el5
globus-gsi-proxy-ssl-2.3-3.el5
globus-common-11.6-5.el5
globus-gsi-sysconfig-3.2-1.el5
globus-gsi-cert-utils-6.7-2.el5
globus-gsi-credential-3.5-3.el5
globus-gssapi-gsi-7.8-1.el5
globus-gss-assist-5.10-1.el5
globus-gssapi-error-2.5-8.el5
globus-usage-1.4-2.el5
globus-ftp-control-2.12-2.el5
globus-authz-callout-error-0.5-3.el5
globus-ftp-client-6.0-2.el5
globus-xio-pipe-driver-0.1-3.el5
globus-gridftp-server-3.33-2.1.el5
globus-gridmap-callout-error-0.3-2.el5
glite-initscript-globus-gridftp-1.0.4-1.sl5
globus-openssl-5.1-2.el5
globus-libtool-1.2-4.el5
globus-openssl-module-1.3-3.el5
globus-gsi-proxy-core-4.7-2.el5
globus-callout-0.7-8.el5
globus-io-6.3-6.el5
globus-gfork-0.2-6.el5
globus-proxy-utils-3.10-1.el5
globus-gridftp-server-progs-3.33-2.1.el5
Tests:
Submit a job to a GRAM CE and check that the scrpt /opt/lcg/sbin/grid_monitor.sh (linked by /usr/sbin/grid_monitor.sh) is accessed in read.
[root@devel11 ~]# rpm -qa | grep yaim-wms
glite-yaim-wms-4.1.5-1.sl5
[root@devel11 ~]# locate grid_mon
/opt/condor-7.4.2/libexec/glite/grid_monitor.sh
/opt/condor-7.4.2/sbin/grid_monitor.sh
/opt/lcg/sbin/grid_monitor.sh
/usr/sbin/grid_monitor.sh
[root@devel11 ~]# date
Fri Mar 9 15:37:15 CET 2012
[root@devel11 ~]# ll -u `locate grid_mon`
-rwxr-xr-x 1 root root 42728 Mar 30 2010 /opt/condor-7.4.2/libexec/glite/grid_monitor.sh
-rwxr-xr-x 1 root root 38151 Mar 30 2010 /opt/condor-7.4.2/sbin/grid_monitor.sh
-rwxr-xr-x 1 root root 41918
Mar 9 15:31 /opt/lcg/sbin/grid_monitor.sh
lrwxrwxrwx 1 root root 29 Mar 9 15:37 /usr/sbin/grid_monitor.sh -> /opt/lcg/sbin/grid_monitor.sh
so /opt/lcg/sbin/grid_monitor.sh has been accessed
The WMproxy GACL file should accept wildcards, in the FQAN tag
only.
VO: dteam, FQAN: /dteam/Role=NULL/Capability=NULL
WMP log says (debug):
12 Mar, 13:35:01 -D- PID: 11517 - "GaclManager::loadCredential": GACL FQAN fqan:/dteam/%2A was matched to /dteam/Role=NULL/Capability=NULL
Test #1:
GACL:
[...]
/dteam
/dteam/R*
[...]
access granted
[...]
/dteam
/dteam/r*
[...]
access denied
[...]
/dtea*
[...]
access granted
[...]
/dteam
/dteam/*
[...]
access granted
--
MarcoCecchi - 2012-03-02