ARC 0.8.1 TODO
- 1 Availability
- 1.1 Information system
- 1.1.1 BDIIv4 major problem on Fedora 11
- 1.1.2 BDIIv4 minor problem
- 1.1.3 ARC Information Index Server (EGIIS)
- 1.1.4 Bug in OpenLDAP on RHEL4 and possibly related distributions
- 1.1.5 RHEL4 ships with OpenSSL 0.9.7, this version does not support issuer_hash command
- 1.1.6 Stricter requirements in information system does not support underscores (_)
- 1.1 Information system
The 0.8.1 packages are available from download.nordugrid.org through direct downloads or via the yum/apt repositories.
BDIIv4 major problem on Fedora 11
The symtoms are that the infosystem works briefly and then queries will either be: veryslow, hang or fail. The bug related to this is: Bug #1617)
BDIIv4 minor problem
Errors like this show up in logs, this does not seem to be related to any performance issues. It is no longer visible in perl 5.10.1.
Oct 16 11:10:45 hostname kernel: bdii4-fwd: segfault at 65c ip 005c4919 sp bf928a40 error 4 in libperl.so[518000+256000]
ARC Information Index Server (EGIIS)
Due to the way that the new ARC Information Index Server is implemented it is not supported by all platforms. It is known not to work with out-of-the box openldap on the following systems:
- Gentoo (slapd not a shared object)
Distributions which have been checked and should work:
- Red Hat Enterprise 5 i386,x86_64
- Red Hat Enterprise 4 i386
- CentOS 5 i386,x86_64
- Fedora 11 i386, x86_64
- Debian 5.0.x AMD64
- Ubuntu 8.04 i386
- Ubuntu 8.10 i386
- Ubuntu 9.04 x86_64
The reason is that EGIIS uses the standard openldap server, but modifies the functionality slightly so it is backwards compatible with old ARC. Globus implemented a non-standard LDAP server (MDS GIIS) which responds with a whole LDAP entry even though the single attribute (giisregistrationstatus) is requested.
The directory /etc/openldap/cacerts may be missing but referenced in /etc/openldap/ldap.conf . This will prevent the slapd from starting. Easiest solution is to create that directory.
RHEL4 ships with OpenSSL 0.9.7, this version does not support issuer_hash command
A new feature was added in 0.8.1 to report an expired host certificate in the information system. This feature require OpenSSL 0.9.8 and lacks fail-checks. The end result being that all queues are set to inactive with the message: "inactive, host credentials expired".
A patch was sent to nordugrid-discuss 11/16/2009 03:08 PM, message name: 0.8.1 Issues and hotfixes Another approach will be tested though.
Stricter requirements in information system does not support underscores (_)
You can not have underscores in queue/cluster-names (0.6.5 had schemacheck turned off, this is no longer supported in newer OpenLDAP). This can be fixed by changing PrintableString (OID=220.127.116.11.4.1.1418.104.22.168.44) to DirectoryString (OID=22.214.171.124.4.1.14126.96.36.199.15) in /opt/nordugrid/share/schema/nordugrid.schema
A crude version would look something like:
mv /opt/nordugrid/share/schema/nordugrid.schema \ /opt/nordugrid/share/schema/nordugrid.schema.old
cat /opt/nordugrid/share/schema/nordugrid.schema.old \ | sed 's/121\.1\.44/121\.1\.15/g' > \ /opt/nordugrid/share/schema/nordugrid.schema
A better solution is to just update the affected field and leave the others until they have been tested to work.