Quality Criteria Verification Report ==================================== Product: fts3 Release: FTS3.fts3.sl6.x86_64 Software Provider: fts3 RT Ticket: 9666 Provider contact: fts3-steering@cern.ch Verifier: Pablo Orviz Hours worked: 1h Date: 23/10/2015 Status: Accepted Summary ======= MySQL FTS3 installation and configuration with CERN's FTS Puppet module [1]. No tests were applied. [1] https://forge.puppetlabs.com/CERNOps/fts Related tickets =============== None Documentation Criteria ====================== * Release notes: http://fts3-service.web.cern.ch/documentation/releases#qt-release-ui-tabs3 * User Documentation: http://fts3-service.web.cern.ch/ * API Documentation: http://fts3-service.web.cern.ch/ * Admin Documentation: http://fts3-service.web.cern.ch/ * Software License: - Generic Criteria ================ (Possible Statuses: OK, WARN, FAIL, NA (Not Applicable) or NT (Not Tested)) * Binary Distribution: OK * Upgrade: NT * X.509 Certificate support: OK * SHA-2 Certificates Support: OK * RFC Proxy support: OK * ARGUS Integration: NT * World Writable Files: OK * Passwords in world readable files: OK * GlueSchema 1.3 Support: OK * GlueSchema 2.0 Support: OK * Middleware Version Information: [] * Service Probes: [] * Accounting Records: [] * Bug Tracking System: [] Verification Logs ================= ┌ UMD verification app ─────────────────────────────────────────────────┐ │ │ │ Quality criteria: http://egi-qc.github.io │ │ Codebase: https://github.com/egi-qc/umd-verification │ │ │ │ ─────────────────────────────────────────────────────────────────┘ │ │ Verification repositories used: │ http://admin-repo.egi.eu/sw/unverified/umd-3.fts3.fts3.sl6.x86_64/3/3/1/ │ https://admin-repo.egi.eu/sw/umdstore/umd-3.epel.srm-ifce.sl6.x86_64/1/23/1/ │ http://admin-repo.egi.eu/sw/unverified/umd-3.fts3.fts3-ext.sl6.x86_64/3/3/1 │ https://admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3 │ │ Repository basic configuration: │ umd_release http://repository.egi.eu/sw/production/umd/3/sl6/x86_64/updates/umd-release-3.0.1-1.el6.noarch.rpm │ igtf_repo http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo │ epel_release http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm │ │ Path locations: │ log_path /var/tmp/umd-verification │ yaim_path etc/yaim │ puppet_path etc/puppet │ └──────────────────────────────────────────────────────────────────────── [WARN] No installation type provided: performing installation. [INFO] Metapackage/s selected: + fts-server + fts-client + fts-rest + fts-monitoring + fts-mysql + fts-server-selinux + fts-msg ───────────────────────────────────────────────────────────────────────── [localhost] local: wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo -O /etc/yum.repos.d/EGI-trustanchors.repo [localhost] local: yum -y makecache [localhost] local: yum -y install ca-policy-egi-core [localhost] local: mkdir -p /root/UMDVerificationOwnCA [localhost] local: openssl req -x509 -nodes -days 1 -newkey rsa:2048 -out ca.pem -outform PEM -keyout ca.key -subj '/DC=es/DC=UMDverification/CN=UMDVerificationOwnCA' [localhost] local: openssl x509 -noout -hash -in ca.pem [localhost] local: cp ca.pem /etc/grid-security/certificates/0d2a3bdd.0 [[QC_DIST_1: Binary Distribution]] [localhost] local: yum -y remove epel-release* umd-release* [localhost] local: /bin/rm -f /etc/yum.repos.d//epel-* /etc/yum.repos.d//UMD-* [localhost] local: rpm --import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY [INFO] Repository key added: http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY [localhost] local: wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm -O /tmp/epel-release-6-8.noarch.rpm [INFO] Log directory '/var/tmp/umd-verification' has been created. [INFO] EPEL release package fetched from http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [localhost] local: yum -y install /tmp/epel-release-6-8.noarch.rpm [INFO] EPEL release package installed. [localhost] local: wget http://repository.egi.eu/sw/production/umd/3/sl6/x86_64/updates/umd-release-3.0.1-1.el6.noarch.rpm -O /tmp/umd-release-3.0.1-1.el6.noarch.rpm [INFO] UMD release package fetched from http://repository.egi.eu/sw/production/umd/3/sl6/x86_64/updates/umd-release-3.0.1-1.el6.noarch.rpm [localhost] local: yum -y install /tmp/umd-release-3.0.1-1.el6.noarch.rpm [INFO] UMD release package installed. [localhost] local: yum -y install yum-priorities [INFO] 'yum-priorities' requirement installed. [localhost] local: rm -rf /tmp/repofiles/* [localhost] local: wget -P /tmp/repofiles -r --no-parent -R*.html* http://admin-repo.egi.eu/sw/unverified/umd-3.fts3.fts3.sl6.x86_64/3/3/1/ [FAIL] Could not fetch repository 'http://admin-repo.egi.eu/sw/unverified/umd-3.fts3.fts3.sl6.x86_64/3/3/1/' See more information in logs (qc_inst_1.stderr). [INFO] Verification repository 'FTS3.fts3.sl6.x86_64.repo' enabled. [localhost] local: rm -rf /tmp/repofiles/* [localhost] local: grep -iq "^sslverify=" /etc/yum.conf && sed "s/^sslverify=.*/sslverify=False/" -i /etc/yum.conf || sed "$ a\sslverify=False" -i /etc/yum.conf [localhost] local: sed -i 's/^sslverify.*/sslverify=False/g' /etc/yum.conf [localhost] local: wget -P /tmp/repofiles -r --no-parent -R*.html* https://admin-repo.egi.eu/sw/umdstore/umd-3.epel.srm-ifce.sl6.x86_64/1/23/1/ --no-check-certificate [FAIL] Could not fetch repository 'https://admin-repo.egi.eu/sw/umdstore/umd-3.epel.srm-ifce.sl6.x86_64/1/23/1/' See more information in logs (qc_inst_1.stderr). [INFO] Verification repository 'EPEL.srm-ifce.sl6.x86_64.repo' enabled. [localhost] local: rm -rf /tmp/repofiles/* [localhost] local: wget -P /tmp/repofiles -r --no-parent -R*.html* http://admin-repo.egi.eu/sw/unverified/umd-3.fts3.fts3-ext.sl6.x86_64/3/3/1 [FAIL] Could not fetch repository 'http://admin-repo.egi.eu/sw/unverified/umd-3.fts3.fts3-ext.sl6.x86_64/3/3/1' See more information in logs (qc_inst_1.stderr). [INFO] Verification repository 'FTS3.fts3-ext.sl6.x86_64.repo' enabled. [localhost] local: rm -rf /tmp/repofiles/* [localhost] local: grep -iq "^sslverify=" /etc/yum.conf && sed "s/^sslverify=.*/sslverify=False/" -i /etc/yum.conf || sed "$ a\sslverify=False" -i /etc/yum.conf [localhost] local: sed -i 's/^sslverify.*/sslverify=False/g' /etc/yum.conf [localhost] local: wget -P /tmp/repofiles -r --no-parent -R*.html* https://admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3 --no-check-certificate [FAIL] Could not fetch repository 'https://admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3' See more information in logs (qc_inst_1.stderr). [INFO] Verification repository 'GFAL2.gfal2.sl6.x86_64.repo' enabled. [localhost] local: yum -y makecache [localhost] local: yum repolist [INFO] Using repositories: ['EGI-trustanchors', 'EPEL.srm-ifce.sl6.x86_64 EPEL.srm-ifce.sl6.x86_64', 'FTS3.fts3-ext.sl6.x86_64 FTS3.fts3-ext.sl6.x86_64', 'FTS3.fts3.sl6.x86_64', 'GFAL2.gfal2.sl6.x86_64', 'UMD-3-base', 'UMD-3-updates', 'epel', 'sl', 'sl-security'] [localhost] local: yum -y install fts-server fts-client fts-rest fts-monitoring fts-mysql fts-server-selinux fts-msg [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-doc-2.9.3-1.el6.noarch.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-plugin-xrootd-0.4.0-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-plugin-mock-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-devel-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-2.9.3-1.el6.i686.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-plugin-lfc-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-plugin-http-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-plugin-dcap-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-plugin-srm-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-plugin-rfio-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-plugin-gridftp-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-all-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-plugin-file-2.9.3-1.el6.x86_64.rpm [localhost] local: rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/umdstore/umd-3.gfal2.gfal2.sl6.x86_64/2/9/3/gfal2-devel-2.9.3-1.el6.i686.rpm [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-plugin-file [INFO] 'gfal2-plugin-file' not installed [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-all [INFO] 'gfal2-all' not installed [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-plugin-gridftp [INFO] 'gfal2-plugin-gridftp' installed version: '2.9.3-1.el6.x86_64' [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-plugin-xrootd [INFO] 'gfal2-plugin-xrootd' not installed [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-doc [INFO] 'gfal2-doc' not installed [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-plugin-dcap [INFO] 'gfal2-plugin-dcap' not installed [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-plugin-lfc [INFO] 'gfal2-plugin-lfc' not installed [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-plugin-rfio [INFO] 'gfal2-plugin-rfio' not installed [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-plugin-http [INFO] 'gfal2-plugin-http' installed version: '2.9.3-1.el6.x86_64' [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-plugin-mock [INFO] 'gfal2-plugin-mock' not installed [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2 [INFO] 'gfal2' installed version: '2.9.3-1.el6.x86_64' [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-devel [INFO] 'gfal2-devel' not installed [localhost] local: rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' gfal2-plugin-srm [INFO] 'gfal2-plugin-srm' installed version: '2.9.3-1.el6.x86_64' [INFO] Metapackage 'fts-server' installed version: fts-server-3.3.1-3.el6.x86_64. [INFO] Metapackage 'fts-client' installed version: fts-client-3.3.1-3.el6.x86_64. [INFO] Metapackage 'fts-rest' installed version: fts-rest-3.3.3-1.el6.noarch. [INFO] Metapackage 'fts-monitoring' installed version: fts-monitoring-3.3.2-1.el6.noarch. [INFO] Metapackage 'fts-mysql' installed version: fts-mysql-3.3.1-3.el6.x86_64. [INFO] Metapackage 'fts-server-selinux' installed version: fts-server-selinux-3.3.1-3.el6.x86_64. [INFO] Metapackage 'fts-msg' installed version: fts-msg-3.3.1-3.el6.x86_64. [OK] Installation ended successfully. [[QC_SEC_2: SHA-2 Certificates Support]] [localhost] local: openssl req -newkey rsa:2048 -nodes -sha1 -keyout cert.key -keyform PEM -out cert.req -outform PEM -subj '/DC=es/DC=UMDverification/CN=sl6-ftssss' [localhost] local: openssl x509 -req -in cert.req -CA ca.pem -CAkey ca.key -CAcreateserial -out cert.crt -days 1 [localhost] local: chmod 600 cert.key [localhost] local: cp cert.key /etc/grid-security/hostkey.pem [INFO] Private key stored in '/etc/grid-security/hostkey.pem' (with 600 perms). [localhost] local: cp cert.crt /etc/grid-security/hostcert.pem [INFO] Public key stored in '/etc/grid-security/hostcert.pem'. [localhost] local: yum -y install mysql-server [localhost] local: service mysqld start [localhost] local: mysql -e "drop database IF EXISTS ftsdb" [localhost] local: mysql -e "create database ftsdb" [localhost] local: mysql ftsdb < /usr/share/fts-mysql/mysql-schema.sql [localhost] local: mysql -e "GRANT ALL ON ftsdb.* TO ora_user@'localhost' IDENTIFIED BY 'ora_pass';" [localhost] local: mysql -e "FLUSH PRIVILEGES;" [localhost] local: yum -y install mod_ssl [localhost] local: yum -y install puppet [localhost] local: facter -p puppetversion [localhost] local: wget https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm -O /tmp/puppet-release.rpm [INFO] Fetched Puppet release package from 'https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm'. [localhost] local: yum -y install /tmp/puppet-release.rpm [localhost] local: sed '/enabled=1/a\priority=1' /etc/yum.repos.d/puppet* [localhost] local: yum -y install puppet [localhost] local: puppet module install CERNOps-fts --force [localhost] local: puppet module install CERNOps-fetchcrl --force [localhost] local: puppet module install puppetlabs-firewall --force [localhost] local: puppet module install puppetlabs-stdlib --force [localhost] local: puppet module install cprice404-inifile --force [localhost] local: puppet module install domcleal-augeasproviders --force [localhost] local: puppet module install erwbgy-limits --force [localhost] local: yum -y install patch [localhost] local: patch -p0 < etc/patches/CERNOps-fts.patch [localhost] local: mkdir /etc/puppet/hieradata [localhost] local: cp etc/puppet/fts.yaml /etc/puppet/hieradata/global.yaml [localhost] local: puppet apply -l /var/tmp/umd-verification/puppet.log --modulepath /etc/puppet/modules etc/puppet/fts.pp --detail-exitcodes [INFO] Puppet execution ended successfully (some warnings though, check logs) [OK] Product services can manage SHA-2 certs. [[QC_SEC_5: World Writable Files]] [localhost] local: find / -not $ -path "/proc" -prune $ -not $ -path "/sys" -prune $ -type f -perm -002 -exec ls -l {} \; [OK] Found no world-writable file. [localhost] local: yum -y install glue-validator [[QC_INFO_1: GlueSchema 1.3 Support]] [NA] Product does not publish information through BDII. [[QC_INFO_2: GlueSchema 2.0 Support]] [NA] Product does not publish information through BDII. [[QC_INFO_3: Middleware Version Information]] [NA] Product does not publish information through BDII. [[QC_MON_1: Service Probes]] [NA] Product cannot be tested by Nagios. [INFO] No QC-specific ID provided: no specific QC probes will be ran.