Quality Criteria Verification Report ==================================== Product: myproxy Release: globus.myproxy.sl6.x86_64-6.1.19 Software Provider: Globus RT Ticket: 12299 Provider contact: mattias.ellert@fysast.uu.se Verifier: Pablo Orviz Hours worked: 1h Date: 31/01/2017 Status: Accepted Summary ======= Deployment using https://github.com/egi-qc/ansible-myproxy Related tickets =============== None. Documentation Criteria ====================== * Release notes: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-630cd43f9a * User Documentation: http://toolkit.globus.org/toolkit/docs/6.0/myproxy/index.html * API Documentation: http://toolkit.globus.org/toolkit/docs/6.0/myproxy/index.html * Admin Documentation: http://toolkit.globus.org/toolkit/docs/6.0/myproxy/index.html * Software License: Fermilab Fermitools license (BSD license) Generic Criteria ================ (Possible Statuses: OK, WARN, FAIL, NA (Not Applicable) or NT (Not Tested)) * Binary Distribution: OK * Upgrade: NT * X.509 Certificate support: OK * SHA-2 Certificates Support: OK * RFC Proxy support: OK * ARGUS Integration: NT * World Writable Files: OK * Passwords in world readable files: OK * GlueSchema 1.3 Support: OK * GlueSchema 2.0 Support: OK * Middleware Version Information: OK * Service Probes: OK * Accounting Records: NA * Bug Tracking System: OK Verification Logs ================= + rvmsudo fab myproxy:umd_release=4,log_path=logs,repository_url_1=http://admin-repo.egi.eu/sw/unverified/umd-4.globus.myproxy.sl6.x86_64/6/1/19 Warning: can not check `/etc/sudoers` for `secure_path`, falling back to call via `/usr/bin/env`, this breaks rules from `/etc/sudoers`. Run: export rvmsudo_secure_path=1 to avoid the warning, put it in shell initialization file to make it persistent. In case there is no `secure_path` in `/etc/sudoers`. Run: export rvmsudo_secure_path=0 to avoid the warning, put it in shell initialization file to make it persistent. [INFO] Using UMD 4 release repository [INFO] Using UMD verification repository: ['http://admin-repo.egi.eu/sw/unverified/umd-4.globus.myproxy.sl6.x86_64/6/1/19'] UMD verification tool ===================== Quality criteria: http://egi-qc.github.io Codebase: https://github.com/egi-qc/umd-verification Path locations | | log_path logs | yaim_path etc/yaim | puppet_path etc/puppet Production repositories | | umd_release_pkg http://repository.egi.eu/sw/production/umd/4/sl6/x86_64/updates/umd-release-4.0.0-1.el6.noarch.rpm | igtf_repo None [INFO] Using the following UMD verification repositories + http://admin-repo.egi.eu/sw/unverified/umd-4.globus.myproxy.sl6.x86_64/6/1/19 [localhost] local: sudo -E mkdir -p /etc/grid-security/certificates [localhost] local: sudo -E chown root:root /etc/grid-security [localhost] local: sudo -E chmod 0755 /etc/grid-security [INFO] Generating own certificates [localhost] local: sudo -E mkdir -p /root/UMDVerificationOwnCA [localhost] local: sudo -E openssl req -x509 -nodes -days 1 -newkey rsa:2048 -out ca.pem -outform PEM -keyout ca.key -subj '/DC=es/DC=UMDverification/CN=UMDVerificationOwnCA' [localhost] local: sudo -E openssl x509 -noout -hash -in ca.pem [localhost] local: sudo -E cp ca.pem /etc/grid-security/certificates/0d2a3bdd.0 [localhost] local: sudo -E echo "01" > crlnumber [localhost] local: sudo -E touch index.txt [localhost] local: sudo -E openssl ca -config openssl.cnf -gencrl -keyfile ca.key -cert ca.pem -out crl.pem [localhost] local: sudo -E cp crl.pem /etc/grid-security/certificates/0d2a3bdd.r0 [localhost] local: sudo -E openssl req -newkey rsa:2048 -nodes -sha1 -keyout cert.key -keyform PEM -out cert.req -outform PEM -subj '/DC=es/DC=UMDverification/CN=sl6-nova-954.privatevlan.cloud.ifca.es' -config openssl.cnf [localhost] local: sudo -E openssl x509 -req -in cert.req -CA ca.pem -CAkey ca.key -CAcreateserial -extensions v3_req -extfile openssl.cnf -out cert.crt -days 1 [localhost] local: sudo -E chmod 600 cert.key [localhost] local: sudo -E cp cert.key /etc/grid-security/hostkey.pem [INFO] Private key stored in '/etc/grid-security/hostkey.pem' (with 600 perms). [localhost] local: sudo -E cp cert.crt /etc/grid-security/hostcert.pem [INFO] Public key stored in '/etc/grid-security/hostcert.pem'. [INFO] Running configuration [localhost] local: sudo -E yum -y install ansible [localhost] local: sudo -E ansible-pull -C master -d /etc/ansible/roles/ansible-myproxy -i /etc/ansible/roles/ansible-myproxy/hosts -U https://github.com/egi-qc/ansible-myproxy --tags 'all' [INFO] Log directory 'logs' has been created. [[QC_SEC_2: SHA-2 Certificates Support]] [[QC_SEC_5: World Writable Files]] [localhost] local: sudo -E find / -not \( -path "/proc" -prune \) -not \( -path "/sys" -prune \) -type f -perm -002 -exec ls -l {} \; [OK] Found no world-writable file. [[QC_INFO_1: GlueSchema 1.3 Support]] [localhost] local: sudo -E yum -y install glue-validator [localhost] local: sudo -E glue-validator -h localhost -p 2170 -b mds-vo-name=resource,o=grid -t glue1 [[QC_INFO_2: GlueSchema 2.0 Support]] [localhost] local: sudo -E yum -y install glue-validator [localhost] local: sudo -E glue-validator -h localhost -p 2170 -b GLUE2GroupID=resource,o=glue -t glue2 [[QC_INFO_3: Middleware Version Information]] [OK] Middleware versions found: [] [[QC_MON_1: Service Probes]] [NA] Product cannot be tested by Nagios. [INFO] No QC-specific ID provided: no specific QC probes will be ran.