Quality Criteria Verification Report ==================================== Product: squid Release: CERNFRONTIER.squid.sl6.x86_64 Software Provider: CernFrontier RT Ticket: 10410 Provider contact: Pablo Orviz Verifier: dwd@fnal.gov Hours worked: 30min Date: 04/02/2016 Status: Accepted Summary ======= * Configuration via Puppet module: https://forge.puppetlabs.com/desalvo/frontier * Specific testing: https://twiki.cern.ch/twiki/bin/view/Frontier/InstallSquid#Testing_the_installation Related tickets =============== None. Documentation Criteria ====================== * Release notes: http://frontier.cern.ch/dist/rpms-debug/frontier-squidRELEASE_NOTES * User Documentation: https://twiki.cern.ch/twiki/bin/view/Frontier/WebHome * API Documentation: https://twiki.cern.ch/twiki/bin/view/Frontier/WebHome * Admin Documentation: https://twiki.cern.ch/twiki/bin/view/Frontier/WebHome * Software License: BSD license Generic Criteria ================ (Possible Statuses: OK, WARN, FAIL, NA (Not Applicable) or NT (Not Tested)) * Binary Distribution: OK * Upgrade: OK * X.509 Certificate support: OK * SHA-2 Certificates Support: OK * RFC Proxy support: OK * ARGUS Integration: NA * World Writable Files: * Passwords in world readable files: OK * GlueSchema 1.3 Support: NA * GlueSchema 2.0 Support: NA * Middleware Version Information: NA * Service Probes: OK * Accounting Records: NA * Bug Tracking System: OK Verification Logs ================= UMD verification tool ===================== Quality criteria: http://egi-qc.github.io Codebase: https://github.com/egi-qc/umd-verification Path locations | | log_path logs | yaim_path etc/yaim | puppet_path etc/puppet Production repositories | | umd_release http://repository.egi.eu/sw/production/umd/3/sl6/x86_64/updates/umd-release-3.0.1-1.el6.noarch.rpm | igtf_repo http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo | epel_release http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [INFO] Using the following verification repositories + http://admin-repo.egi.eu/sw/unverified/umd-4.cernfrontier.squid.sl6.x86_64/2/7/25 [WARN] No installation type provided: performing installation. [INFO] Metapackage/s selected: + frontier-squid [localhost] local: sudo wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo -O /etc/yum.repos.d/EGI-trustanchors.repo [INFO] Repository 'http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo' added [localhost] local: sudo yum -y makecache [localhost] local: sudo yum -y install ca-policy-egi-core [INFO] Generating own certificates [localhost] local: sudo mkdir -p /root/UMDVerificationOwnCA [localhost] local: sudo openssl req -x509 -nodes -days 1 -newkey rsa:2048 -out ca.pem -outform PEM -keyout ca.key -subj '/DC=es/DC=UMDverification/CN=UMDVerificationOwnCA' [localhost] local: sudo openssl x509 -noout -hash -in ca.pem [localhost] local: sudo cp ca.pem /etc/grid-security/certificates/0d2a3bdd.0 [localhost] local: sudo echo "01" > crlnumber [localhost] local: sudo touch index.txt [localhost] local: sudo openssl ca -config openssl.cnf -gencrl -keyfile ca.key -cert ca.pem -out crl.pem [localhost] local: sudo cp crl.pem /etc/grid-security/certificates/0d2a3bdd.r0 [localhost] local: sudo openssl req -newkey rsa:2048 -nodes -sha1 -keyout cert.key -keyform PEM -out cert.req -outform PEM -subj '/DC=es/DC=UMDverification/CN=318de3c890d8' [localhost] local: sudo openssl x509 -req -in cert.req -CA ca.pem -CAkey ca.key -CAcreateserial -out cert.crt -days 1 [localhost] local: sudo chmod 600 cert.key [localhost] local: sudo cp cert.key /etc/grid-security/hostkey.pem [INFO] Private key stored in '/etc/grid-security/hostkey.pem' (with 600 perms). [localhost] local: sudo cp cert.crt /etc/grid-security/hostcert.pem [INFO] Public key stored in '/etc/grid-security/hostcert.pem'. [[QC_DIST_1: Binary Distribution]] [localhost] local: sudo yum -y remove epel-release* umd-release* [localhost] local: sudo /bin/rm -f /etc/yum.repos.d//epel-* /etc/yum.repos.d//UMD-* [localhost] local: sudo rpm --import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY [INFO] Repository key added: http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY [localhost] local: sudo wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm -O /tmp/epel-release-6-8.noarch.rpm [INFO] Log directory 'logs' has been created. [INFO] EPEL release package fetched from http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [localhost] local: sudo yum -y install /tmp/epel-release-6-8.noarch.rpm [INFO] EPEL release package installed. [localhost] local: sudo wget http://repository.egi.eu/sw/production/umd/3/sl6/x86_64/updates/umd-release-3.0.1-1.el6.noarch.rpm -O /tmp/umd-release-3.0.1-1.el6.noarch.rpm [INFO] UMD release package fetched from http://repository.egi.eu/sw/production/umd/3/sl6/x86_64/updates/umd-release-3.0.1-1.el6.noarch.rpm [localhost] local: sudo yum -y install /tmp/umd-release-3.0.1-1.el6.noarch.rpm [INFO] UMD release package installed. [localhost] local: sudo yum -y install yum-priorities [INFO] 'yum-priorities' requirement installed. [localhost] local: sudo yum -y install yum-conf-slx6 [INFO] 'yum-conf-slx6' requirement installed. [localhost] local: sudo rm -rf /tmp/repofiles/* [localhost] local: sudo wget -P /tmp/repofiles -r --no-parent -R*.html* http://admin-repo.egi.eu/sw/unverified/umd-4.cernfrontier.squid.sl6.x86_64/2/7/25 [FAIL] Could not fetch repository 'http://admin-repo.egi.eu/sw/unverified/umd-4.cernfrontier.squid.sl6.x86_64/2/7/25' See more information in logs (qc_inst_1.stderr). [INFO] Verification repository 'CERNFRONTIER.squid.sl6.x86_64.repo' enabled. [localhost] local: sudo yum -y makecache [localhost] local: sudo yum repolist [INFO] Using repositories: ['CERNFRONTIER.squid.sl6.x86_64 CERNFRONTIER.squid.sl6.x86_64', 'EGI-trustanchors', 'UMD-3-base', 'UMD-3-updates', 'epel', 'sl', 'sl-security'] [localhost] local: sudo yum -y install frontier-squid [localhost] local: sudo rpm -qp --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' /tmp/repofiles/admin-repo.egi.eu/sw/unverified/umd-4.cernfrontier.squid.sl6.x86_64/2/7/25/frontier-squid-2.7.STABLE9-24.2.x86_64.rpm [localhost] local: sudo rpm -q --queryformat '%{NAME} %{VERSION}-%{RELEASE}.%{ARCH}\n' frontier-squid [INFO] 'frontier-squid' installed version: '2.7.STABLE9-24.2.x86_64' [localhost] local: sudo yum -q list frontier-squid logrotate [INFO] Metapackage 'frontier-squid' installed version: frontier-squid-2.7.STABLE9-24.2.x86_64 - @CERNFRONTIER.squid.sl6.x86_64 [OK] Installation ended successfully. [[QC_SEC_2: SHA-2 Certificates Support]] [localhost] local: sudo yum -y install puppet [localhost] local: sudo facter -p puppetversion [localhost] local: sudo wget https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm -O /tmp/puppet-release.rpm [INFO] Fetched Puppet release package from 'https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm'. [localhost] local: sudo yum -y install /tmp/puppet-release.rpm [localhost] local: sudo sed '/enabled=1/a\priority=1' /etc/yum.repos.d/puppet* [localhost] local: sudo yum -y install puppet [localhost] local: sudo puppet module install desalvo-frontier [localhost] local: sudo puppet config print modulepath [localhost] local: sudo puppet apply --modulepath /etc/puppet/modules:/usr/share/puppet/modules etc/puppet/frontier_squid.pp --detail-exitcodes [INFO] Puppet execution ended successfully (some warnings though, check logs) [OK] Product services can manage SHA-2 certs. [[QC_SEC_5: World Writable Files]] [localhost] local: sudo find / -not \( -path "/proc" -prune \) -not \( -path "/sys" -prune \) -type f -perm -002 -exec ls -l {} \; [OK] Found no world-writable file. [localhost] local: sudo yum -y install glue-validator [[QC_INFO_1: GlueSchema 1.3 Support]] [NA] Product does not publish information through BDII. [[QC_INFO_2: GlueSchema 2.0 Support]] [NA] Product does not publish information through BDII. [[QC_INFO_3: Middleware Version Information]] [NA] Product does not publish information through BDII. [[QC_MON_1: Service Probes]] [NA] Product cannot be tested by Nagios. [[QC_FUNC_1: Basic Funcionality Test.]] [INFO] Probe 'Frontier squid cache test.' [localhost] local: sudo useradd -m umd [localhost] local: sudo su umd -c "./bin/frontier-squid/fnget.sh " 2>&1 [INFO] Command 'su umd -c "./bin/frontier-squid/fnget.sh "' ran successfully [OK] Basic functionality probes ran successfully. [[QC_FUNC_2: New features/bug fixes testing.]] [NA] No definition found for QC_FUNC_2.