Release Notes for NorduGrid ARC 15.03 update 12
February 7, 2017
This is a bugfix release, addressing a vulnerability discovered in 15.03u11.
The vulnerability is related to the performance logging feature, specifically to the folder /var/log/arc/perfdata and its given permissions. The issue is not considered severe, but additional protective measures have anyway been introduced. From version 15.03u12 the folder in mention will only be created if the system administrator explicitly asks for it.
The performance logging feature is off by default, both in this and earlier versions of ARC. In this version, in addition the folder will only be created if the feature is turned on.
If you want to enable the performance logging for debugging purposes or other specific reasons, this is as before done in your configuration settings. The flag to turn on the performance logging has changed from "yes" to "expert-debug-on", see documentation.
NorduGrid ARC 15.03 has received an update to:
- core, clients, CE, Infosys and gridftp - from version 5.2.1 to 5.2.2
- documents - from 2.0.12 to 2.0.13
Nagios plugins, CAnL C++ and metapackages are unchanged.
Detailed notes
ARC Server and core components
The following issues were fixed in the ARC core:
- Permission settings on directory created by the performance logging resulted in logrotate warnings, in addition to introducing possible vulnerability.
Accounting
Information system
ARC Clients
Nagios plugins
Common authentication library CaNL++
Fixed bugs:
Since ARC 15.03 update 11, the following bug is partially fixed:
- 3633 Security problem in 5.2.1 (restricted)
Known issues
- There is a memory leak when using Java API for multiple job submission with
files to BES interface.
- The CPU time is not measured correctly for jobs that kill the parent
process, such as some agent-based/pilot (e.g., ALICE)
- JURA will not publish records to the APEL on a standard Debian/Ubuntu
system, because the python-dirq package is not available for them. The
workaround is to build this package from source.
- When using ARC client tools to submit jobs to CREAM, only JSDL can be used
to describe jobs, and the broker type must be set to Null in the client.conf
file
- ARC GUI (arcjobtool) is not available yet, pending implementation of client
library changes.
- Standalone client tar-balls for Linux are not yet available.
- Bug 2905 is solved using workaround. Source of problem is not yet
identified.
- A-REX can under some circumstances lose connection with CEinfo.pl and go into an infinite loop. The only current workaround is to restart the a-rex service.
- twistd, the underlying engine for ACIX, sometimes logs into rotated ACIX log files.
While all log messages are correctly logged in the main log file, some rotated log
files may receive new log messages.
- submit-*-job do not have permission to write performance metrics to log.
- authorizedvo=<voname> will no longer create a list of VOs under each Share. As a consequence,
EMIES WS clients can no longer find a queue by VO name the same way as in previous versions
of ARC due to changes in the GLUE2 schema rendering.
Availability
Source
ARC release 15.03u12 consists of the following source packages:
- NorduGrid ARC, version 5.2.2 (main components)
- NorduGrid ARC Documents version 2.0.13
- metapackages for client tools, computing element and information index,
version 1.0.7
- Nagios probes for ARC CE, version 1.8.4
- gangliarc - ARC Computing Element monitoring in ganglia, version 1.0.0
- Common authentication library caNl++, version 1.0.1
Source code for main components is available from:
http://svn.nordugrid.org/repos/nordugrid/arc1/tags/5.2.2
Documentation source (mostly LaTeX) is available from:
http://svn.nordugrid.org/repos/nordugrid/doc/tags/2.0.13
Source for metapackages is available from:
http://svn.nordugrid.org/repos/packaging/{fedora,debian}/nordugrid-arc-meta/tags/1.0.7
Source for Nagios probes is available from:
http://svn.nordugrid.org/repos/nordugrid/nagios/tags/release-1.8.4
Source for the common authentication library caNl++ is available from:
http://svn.nordugrid.org/repos/workarea/caNl++/tags/1.0.1
Source for gangliarc is available from:
http://svn.nordugrid.org/repos/nordugrid/contrib/gangliarc/tags/1.0.1
Repositories
See detailed description at
NorduGrid downloads
These repositories provide binary packages for:
- Debian: 5.0, 6.0, 7.0 and 8.0 (i386 and amd64)
- Fedora: from 3 to 25 (i386 and x86_64)
- RedHat: EL4, EL5, EL6 (i386 and x86_64) and EL7 (x86_64)
- Ubuntu: 8.04, 8.10, 9.04, 9.10, 10.04, 10.10, 11.04, 11.10, 12.04, 12.10, 13.04,
13.10, 14.04, 14.10, 15.04, 15.10, 16.04 and 16.10 (i386 and amd64)
Scientific Linux and RedHat are implicitly supported through corresponding CentOS repositories.
Previous releases
Details of previous releases can be found at the ARC Releases page