Quality Criteria Verification Report ==================================== Product: cream Release: infn.cream.centos7.x86_64-1.16.5 Software Provider: INFN RT Ticket: <# ticket> Provider contact: paolo.andreetto@pd.infn.it Verifier: Pablo Orviz Hours worked: 5h Date: 23/11/2017 Status: Accepted Summary ======= - Puppet module: https://forge.puppet.com/infnpd/creamce - Build info: https://jenkins.egi.ifca.es/job/cream/16/ Related tickets =============== https://ggus.eu/?mode=ticket_info&ticket_id=131745 Documentation Criteria ====================== * Release notes: https://wiki.italiangrid.it/twiki/bin/view/CREAM/CREAMReleaseUMD4_5_0 * User Documentation: https://wiki.italiangrid.it/twiki/bin/view/CREAM/FunctionalDescription * API Documentation: https://wiki.italiangrid.it/twiki/bin/view/CREAM/FunctionalDescription * Admin Documentation: https://wiki.italiangrid.it/twiki/bin/view/CREAM/FunctionalDescription * Software License: - Generic Criteria ================ (Possible Statuses: OK, WARN, FAIL, NA (Not Applicable) or NT (Not Tested)) * Binary Distribution: OK * Upgrade: NT * X.509 Certificate support: OK * SHA-2 Certificates Support: OK * RFC Proxy support: OK * ARGUS Integration: NT * World Writable Files: OK * Passwords in world readable files: OK * GlueSchema 1.3 Support: OK * GlueSchema 2.0 Support: OK * Middleware Version Information: OK * Service Probes: OK * Accounting Records: NT * Bug Tracking System: OK Verification logs ================= + sudo fab cream:umd_release=4,log_path=logs,enable_untested_repo=false,enable_testing_repo=false,repository_file_1=http://admin-repo.egi.eu/sw/unverified/umd-4.infn.cream.centos7.x86_64/1/16/5/repofiles/INFN.cream.centos7.x86_64.repo,x509_user_proxy=x509_dteam_proxy [INFO] Using UMD 4 release repository [INFO] Using UMD verification repository file: ['http://admin-repo.egi.eu/sw/unverified/umd-4.infn.cream.centos7.x86_64/1/16/5/repofiles/INFN.cream.centos7.x86_64.repo'] UMD verification tool ===================== Quality criteria: http://egi-qc.github.io Codebase: https://github.com/egi-qc/umd-verification Path locations | | log_path /tmp/workspace/cream/logs | yaim_path etc/yaim | puppet_path etc/puppet Production repositories | | umd_release_pkg http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/base/umd-release-4.0.0-1.el7.noarch.rpm | igtf_repo None [INFO] Using the following repository files + http://admin-repo.egi.eu/sw/unverified/umd-4.infn.cream.centos7.x86_64/1/16/5/repofiles/INFN.cream.centos7.x86_64.repo [INFO] Log directory '/tmp/workspace/cream/logs' has been created. [localhost] local: sudo -E mkdir -p /etc/grid-security/certificates [localhost] local: sudo -E chown root:root /etc/grid-security [localhost] local: sudo -E chmod 0755 /etc/grid-security [INFO] Generating own certificates [localhost] local: sudo -E mkdir -p /root/UMDVerificationOwnCA [localhost] local: sudo -E openssl req -x509 -nodes -days 1 -newkey rsa:2048 -out ca.pem -outform PEM -keyout ca.key -subj '/DC=es/DC=UMDverification/CN=UMDVerificationOwnCA' [localhost] local: sudo -E openssl x509 -noout -hash -in ca.pem [localhost] local: sudo -E cp ca.pem /etc/grid-security/certificates/0d2a3bdd.0 [localhost] local: sudo -E echo "01" > crlnumber [localhost] local: sudo -E touch index.txt [localhost] local: sudo -E openssl ca -config openssl.cnf -gencrl -keyfile ca.key -cert ca.pem -out crl.pem [localhost] local: sudo -E cp crl.pem /etc/grid-security/certificates/0d2a3bdd.r0 [localhost] local: sudo -E openssl req -newkey rsa:2048 -nodes -sha1 -keyout cert.key -keyform PEM -out cert.req -outform PEM -subj '/DC=es/DC=UMDverification/CN=centos7-5647' -config openssl.cnf [localhost] local: sudo -E openssl x509 -req -in cert.req -CA ca.pem -CAkey ca.key -CAcreateserial -extensions v3_req -extfile openssl.cnf -out cert.crt -days 1 [localhost] local: sudo -E chmod 600 cert.key [localhost] local: sudo -E cp cert.key /etc/grid-security/hostkey.pem [INFO] Private key stored in '/etc/grid-security/hostkey.pem' (with 600 perms). [localhost] local: sudo -E cp cert.crt /etc/grid-security/hostcert.pem [INFO] Public key stored in '/etc/grid-security/hostcert.pem'. [INFO] Running configuration [localhost] local: sudo -E rpm --quiet -q puppetlabs-release [FAIL] Command execution has failed (reason: "") (action: no exit) [localhost] local: sudo -E rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm [localhost] local: sudo -E yum -y install puppet [localhost] local: sudo -E mkdir /etc/puppet/hieradata [localhost] local: sudo -E librarian-puppet [FAIL] Command execution has failed (reason: "sudo: librarian-puppet: command not found") (action: no exit) [localhost] local: sudo -E gem install librarian-puppet [localhost] local: librarian-puppet install --clean --path=/etc/puppet/modules --verbose [localhost] local: sudo -E cp etc/puppet/cream.yaml /etc/puppet/hieradata/cream.yaml [INFO] Adding hiera parameter files: ['umd', 'cream'] [localhost] local: sudo -E puppet config print modulepath [localhost] local: sudo -E puppet apply --verbose --debug --modulepath /etc/puppet/modules:/usr/share/puppet/modules etc/puppet/cream.pp --detail-exitcodes [FAIL] Command execution has failed (reason: "Warning: Variable access via 'control_machine' is deprecated. Use '@control_machine' instead. template[/etc/puppet/modules/slurm/templates/slurm.conf.erb]:11 (at /usr/share/ruby/vendor_ruby/puppet/parser/templatewrapper.rb:77:in `method_missing') Warning: Non-string values for the file mode property are deprecated. It must be a string, either a symbolic mode like 'o+w,a+r' or an octal representation like '0644' or '755'. (at /usr/share/ruby/vendor_ruby/puppet/type/file/mode.rb:69:in `block (2 levels) in ')") (action: no exit) (log: ['qc_conf.stdout', 'qc_conf.stderr']) [INFO] Puppet execution ended successfully (some warnings though, check logs) [[QC_SEC_2: SHA-2 Certificates Support]] [[QC_SEC_5: World Writable Files]] [localhost] local: sudo -E find / -not \( -path "/proc" -prune \) -not \( -path "/sys" -prune \) -type f -perm -002 -exec ls -l {} \; [OK] Found no world-writable file. [[QC_INFO_1: GlueSchema 1.3 Support]] [localhost] local: sudo -E yum -y install glue-validator [localhost] local: sudo -E glue-validator -h localhost -p 2170 -b mds-vo-name=resource,o=grid -t glue1 [[QC_INFO_2: GlueSchema 2.0 Support]] [localhost] local: sudo -E yum -y install glue-validator [localhost] local: sudo -E glue-validator -h localhost -p 2170 -b GLUE2GroupID=resource,o=glue -t glue2 [[QC_INFO_3: Middleware Version Information]] [WARN] No middleware version found for DN: GLUE2EndpointID=$::fqdn_ComputingElement_org.glite.ce.ApplicationPublisher_1859984615,GLUE2ServiceID=$::fqdn_ComputingElement,GLUE2GroupID=resource,o=glue [[QC_MON_1: Service Probes]] [NA] Product cannot be tested by Nagios. [localhost] local: sudo -E yum -y install glite-ce-cream-cli [[QC_FUNC_1: Basic Funcionality Test.]] [INFO] Probe 'Check whether the certificate is up-to-date.' [localhost] local: sudo su centos -c 'bash -x ./bin/certs/check-cert /etc/grid-security/hostcert.pem 2>&1' [INFO] Command './bin/certs/check-cert /etc/grid-security/hostcert.pem' ran successfully [INFO] Probe 'Job submission' [localhost] local: sudo su centos -c 'bash -x ./bin/cream/client_test_local.sh /home/centos/dteam_proxy 2>&1' [INFO] Command './bin/cream/client_test_local.sh /home/centos/dteam_proxy' ran successfully [OK] Basic functionality probes ran successfully.