Quality Criteria Verification Report ==================================== Product: dpm Release: dpm.dpm.sl6.x86_64-1.9.2 Software Provider: DPM RT Ticket: 13943 Provider contact: hep-service-dpm@cern.ch Verifier: Pablo Orviz Hours worked: 1h Date: 20/02/2018 Status: Accepted Summary ======= - Not functional testing - Build info: https://jenkins.egi.ifca.es/job/package-install/61/ - Puppet module: https://github.com/cern-it-sdc-id/puppet-dpm Related tickets =============== None. Documentation Criteria ====================== * Release notes: "This update includes de releases 1.9.1, 1.9.2 and lcgdm 0.19.0. Please consult the changelog for the full notes." * User Documentation: http://lcgdm.web.cern.ch/dpm * API Documentation: http://lcgdm.web.cern.ch/dpm * Admin Documentation: http://lcgdm.web.cern.ch/dpm * Software License: - Generic Criteria ================ (Possible Statuses: OK, WARN, FAIL, NA (Not Applicable) or NT (Not Tested)) * Binary Distribution: OK * Upgrade: NT * X.509 Certificate support: OK * SHA-2 Certificates Support: OK * RFC Proxy support: OK * ARGUS Integration: NT * World Writable Files: OK * Passwords in world readable files: OK * GlueSchema 1.3 Support: OK * GlueSchema 2.0 Support: OK * Middleware Version Information: OK * Service Probes: NT * Accounting Records: NA * Bug Tracking System: OK Verification logs ================= + rvmsudo sed -i '/^127\.0\.0\.1/ s/ localhost/ sl6-6131.egi.ifca.es/' /etc/hosts 09:13:18 Warning: can not check `/etc/sudoers` for `secure_path`, falling back to call via `/usr/bin/env`, this breaks rules from `/etc/sudoers`. Run: 09:13:18 09:13:18 export rvmsudo_secure_path=1 09:13:18 09:13:18 to avoid the warning, put it in shell initialization file to make it persistent. 09:13:18 09:13:18 In case there is no `secure_path` in `/etc/sudoers`. Run: 09:13:18 09:13:18 export rvmsudo_secure_path=0 09:13:18 09:13:18 to avoid the warning, put it in shell initialization file to make it persistent. 09:13:18 + args=umd_release=4,log_path=logs,enable_untested_repo=false,enable_testing_repo=false 09:13:18 + '[' repository_file_1=http://admin-repo.egi.eu/sw/unverified/umd-4.dpm.dpm.sl6.x86_64/1/9/2/repofiles/DPM.dpm.sl6.x86_64.repo,repository_file_2=http://admin-repo.egi.eu/sw/unverified/umd-4.cern.lcgdm.sl6.x86_64/0/19/0/repofiles/CERN.lcgdm.sl6.x86_64.repo '!=' '' ']' 09:13:18 + args=umd_release=4,log_path=logs,enable_untested_repo=false,enable_testing_repo=false,repository_file_1=http://admin-repo.egi.eu/sw/unverified/umd-4.dpm.dpm.sl6.x86_64/1/9/2/repofiles/DPM.dpm.sl6.x86_64.repo,repository_file_2=http://admin-repo.egi.eu/sw/unverified/umd-4.cern.lcgdm.sl6.x86_64/0/19/0/repofiles/CERN.lcgdm.sl6.x86_64.repo 09:13:18 + '[' -f x509_dteam_proxy ']' 09:13:18 + [[ sl6 == *sl6* ]] 09:13:18 + source /home/centos/.rvm/environments/default 09:13:18 ++ export PATH=/home/centos/.rvm/gems/ruby-2.4.1/bin:/home/centos/.rvm/gems/ruby-2.4.1@global/bin:/home/centos/.rvm/rubies/ruby-2.4.1/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/home/centos/.rvm/bin 09:13:18 ++ PATH=/home/centos/.rvm/gems/ruby-2.4.1/bin:/home/centos/.rvm/gems/ruby-2.4.1@global/bin:/home/centos/.rvm/rubies/ruby-2.4.1/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/home/centos/.rvm/bin 09:13:18 ++ export GEM_HOME=/home/centos/.rvm/gems/ruby-2.4.1 09:13:18 ++ GEM_HOME=/home/centos/.rvm/gems/ruby-2.4.1 09:13:18 ++ export GEM_PATH=/home/centos/.rvm/gems/ruby-2.4.1:/home/centos/.rvm/gems/ruby-2.4.1@global 09:13:18 ++ GEM_PATH=/home/centos/.rvm/gems/ruby-2.4.1:/home/centos/.rvm/gems/ruby-2.4.1@global 09:13:18 ++ export MY_RUBY_HOME=/home/centos/.rvm/rubies/ruby-2.4.1 09:13:18 ++ MY_RUBY_HOME=/home/centos/.rvm/rubies/ruby-2.4.1 09:13:18 ++ export IRBRC=/home/centos/.rvm/rubies/ruby-2.4.1/.irbrc 09:13:18 ++ IRBRC=/home/centos/.rvm/rubies/ruby-2.4.1/.irbrc 09:13:18 ++ unset MAGLEV_HOME 09:13:18 ++ unset RBXOPT 09:13:18 ++ export RUBY_VERSION=ruby-2.4.1 09:13:18 ++ RUBY_VERSION=ruby-2.4.1 09:13:18 + rvmsudo fab dpm:umd_release=4,log_path=logs,enable_untested_repo=false,enable_testing_repo=false,repository_file_1=http://admin-repo.egi.eu/sw/unverified/umd-4.dpm.dpm.sl6.x86_64/1/9/2/repofiles/DPM.dpm.sl6.x86_64.repo,repository_file_2=http://admin-repo.egi.eu/sw/unverified/umd-4.cern.lcgdm.sl6.x86_64/0/19/0/repofiles/CERN.lcgdm.sl6.x86_64.repo 09:13:19 Warning: can not check `/etc/sudoers` for `secure_path`, falling back to call via `/usr/bin/env`, this breaks rules from `/etc/sudoers`. Run: 09:13:19 09:13:19 export rvmsudo_secure_path=1 09:13:19 09:13:19 to avoid the warning, put it in shell initialization file to make it persistent. 09:13:19 09:13:19 In case there is no `secure_path` in `/etc/sudoers`. Run: 09:13:19 09:13:19 export rvmsudo_secure_path=0 09:13:19 09:13:19 to avoid the warning, put it in shell initialization file to make it persistent. 09:25:08 [INFO] Using UMD 4 release repository 09:25:08 [INFO] Using UMD verification repository file: ['http://admin-repo.egi.eu/sw/unverified/umd-4.dpm.dpm.sl6.x86_64/1/9/2/repofiles/DPM.dpm.sl6.x86_64.repo', 'http://admin-repo.egi.eu/sw/unverified/umd-4.cern.lcgdm.sl6.x86_64/0/19/0/repofiles/CERN.lcgdm.sl6.x86_64.repo'] 09:25:08 09:25:08 09:25:08 UMD verification tool 09:25:08 ===================== 09:25:08 09:25:08 Quality criteria: http://egi-qc.github.io 09:25:08 Codebase: https://github.com/egi-qc/umd-verification 09:25:08 09:25:08 Path locations 09:25:08 | 09:25:08 | log_path /tmp/workspace/dpm/logs 09:25:08 | yaim_path etc/yaim 09:25:08 | puppet_path etc/puppet 09:25:08 09:25:08 Production repositories 09:25:08 | 09:25:08 | umd_release_pkg http://repository.egi.eu/sw/production/umd/4/sl6/x86_64/updates/umd-release-4.0.0-1.el6.noarch.rpm 09:25:08 | igtf_repo None 09:25:08 09:25:08 09:25:08 09:25:08 [INFO] Using the following repository files 09:25:08 + http://admin-repo.egi.eu/sw/unverified/umd-4.dpm.dpm.sl6.x86_64/1/9/2/repofiles/DPM.dpm.sl6.x86_64.repo 09:25:08 + http://admin-repo.egi.eu/sw/unverified/umd-4.cern.lcgdm.sl6.x86_64/0/19/0/repofiles/CERN.lcgdm.sl6.x86_64.repo 09:25:08 [INFO] Log directory '/tmp/workspace/dpm/logs' has been created. 09:25:08 [localhost] local: sudo -E mkdir -p /etc/grid-security/certificates 09:25:08 [localhost] local: sudo -E chown root:root /etc/grid-security 09:25:08 [localhost] local: sudo -E chmod 0755 /etc/grid-security 09:25:08 [INFO] Generating own certificates 09:25:08 [localhost] local: sudo -E mkdir -p /root/UMDVerificationOwnCA 09:25:08 [localhost] local: sudo -E openssl req -x509 -nodes -days 1 -newkey rsa:2048 -out ca.pem -outform PEM -keyout ca.key -subj '/DC=es/DC=UMDverification/CN=UMDVerificationOwnCA' 09:25:08 [localhost] local: sudo -E openssl x509 -noout -hash -in ca.pem 09:25:08 [localhost] local: sudo -E cp ca.pem /etc/grid-security/certificates/0d2a3bdd.0 09:25:08 [localhost] local: sudo -E echo "01" > crlnumber 09:25:08 [localhost] local: sudo -E touch index.txt 09:25:08 [localhost] local: sudo -E openssl ca -config openssl.cnf -gencrl -keyfile ca.key -cert ca.pem -out crl.pem 09:25:08 [localhost] local: sudo -E cp crl.pem /etc/grid-security/certificates/0d2a3bdd.r0 09:25:08 [localhost] local: sudo -E openssl req -newkey rsa:2048 -nodes -sha1 -keyout cert.key -keyform PEM -out cert.req -outform PEM -subj '/DC=es/DC=UMDverification/CN=sl6-6131.egi.ifca.es' -config openssl.cnf 09:25:08 [localhost] local: sudo -E openssl x509 -req -in cert.req -CA ca.pem -CAkey ca.key -CAcreateserial -extensions v3_req -extfile openssl.cnf -out cert.crt -days 1 09:25:08 [localhost] local: sudo -E chmod 600 cert.key 09:25:08 [localhost] local: sudo -E cp cert.key /etc/grid-security/hostkey.pem 09:25:08 [INFO] Private key stored in '/etc/grid-security/hostkey.pem' (with 600 perms). 09:25:08 [localhost] local: sudo -E cp cert.crt /etc/grid-security/hostcert.pem 09:25:08 [INFO] Public key stored in '/etc/grid-security/hostcert.pem'. 09:25:08 [INFO] Running configuration 09:25:08 [localhost] local: sudo -E rpm --quiet -q puppetlabs-release 09:25:08 [localhost] local: sudo -E yum -y install puppet 09:25:08 [localhost] local: librarian-puppet 09:25:08 [localhost] local: librarian-puppet install --clean --path=/etc/puppet/modules --verbose 09:25:08 [INFO] Extra vars file added: /etc/puppet/hieradata/extra_vars.yaml 09:25:08 [INFO] Adding hiera parameter files: ['umd', 'extra_vars'] 09:25:08 [localhost] local: puppet config print modulepath 09:25:08 [localhost] local: puppet apply --verbose --debug --modulepath /etc/puppet/modules etc/puppet/dpm.pp --detail-exitcodes 09:25:28 [FAIL] Command execution has failed (reason: "Warning: The function 'hiera' is deprecated in favor of using 'lookup'. See https://docs.puppet.com/puppet/5.3/reference/deprecated_language.html\n (file & line not available) Warning: /etc/puppetlabs/code/hiera.yaml: Use of 'hiera.yaml' version 3 is deprecated. It should be converted to version 5 (file: /etc/puppetlabs/code/hiera.yaml) Warning: This method is deprecated, please use the stdlib validate_legacy function, with Stdlib::Compat::Array. There is further documentation for validate_legacy function in the README. at ["/etc/puppet/modules/dpm/manifests/head_disknode.pp", 70]: (location: /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation') Warning: This method is deprecated, please use the stdlib validate_legacy function, with Stdlib::Compat::Bool. There is further documentation for validate_legacy function in the README. at ["/etc/puppet/modules/dpm/manifests/head_disknode.pp", 71]: (location: /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation') Warning: This method is deprecated, please use the stdlib validate_legacy function, with Stdlib::Compat::Hash. There is further documentation for validate_legacy function in the README. at ["/etc/puppet/modules/dpm/manifests/head_disknode.pp", 73]: (location: /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation') Warning: The string '6' was automatically coerced to the numerical value 6 (file: /etc/puppet/modules/lcgdm/manifests/ns/service.pp, line: 19, column: 39) Warning: The string '6' was automatically coerced to the numerical value 6 (file: /etc/puppet/modules/lcgdm/manifests/dpm/service.pp, line: 18, column: 39) Warning: The string '6' was automatically coerced to the numerical value 6 (file: /etc/puppet/modules/dmlite/manifests/dav/config.pp, line: 169, column: 39) Warning: The string '6' was automatically coerced to the numerical value 6 (file: /etc/puppet/modules/dmlite/manifests/srm/service.pp, line: 19, column: 39) Warning: Unknown variable: '::package_dpm_xrootd'. (file: /etc/puppet/modules/dmlite/manifests/xrootd.pp, line: 170, column: 23) Warning: The string '6' was automatically coerced to the numerical value 6 (file: /etc/puppet/modules/dmlite/manifests/xrootd.pp, line: 268, column: 40) Warning: The string '6' was automatically coerced to the numerical value 6 (file: /etc/puppet/modules/dmlite/manifests/xrootd.pp, line: 335, column: 40) Warning: The string '6' was automatically coerced to the numerical value 6 (file: /etc/puppet/modules/xrootd/manifests/service.pp, line: 21, column: 39) Warning: This method is deprecated, please use match expressions with Stdlib::Compat::String instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions. at ["/etc/puppet/modules/memcached/manifests/init.pp", 38]: (location: /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation') Warning: This method is deprecated, please use match expressions with Stdlib::Compat::Numeric instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions. at ["/etc/puppet/modules/dmlite/manifests/plugins/memcache/config.pp", 20]: (location: /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation') Warning: This method is deprecated, please use the stdlib validate_legacy function, with Pattern[]. There is further documentation for validate_legacy function in the README. at ["/etc/puppet/modules/dmlite/manifests/plugins/memcache/config.pp", 26]: (location: /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation') Warning: loglevel is a metaparam; this value will inherit to all contained resources in the bdii::config definition Warning: This method is deprecated, please use match expressions with Stdlib::Compat::Array instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions. at ["/etc/puppet/modules/mysql/manifests/db.pp", 20]: (location: /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')") (action: no exit) (log: ['qc_conf.stdout', 'qc_conf.stderr']) 09:25:28 [INFO] Puppet execution ended successfully (changes were applied) 09:25:28 [[QC_SEC_2: SHA-2 Certificates Support]] 09:25:28 [[QC_SEC_5: World Writable Files]] 09:25:28 [localhost] local: sudo -E find / -not \( -path "/proc" -prune \) -not \( -path "/sys" -prune \) -type f -perm -002 -exec ls -l {} \; 09:25:28 [FAIL] Found 6 world-writable file/s. See more information in logs (qc_sec_5.stdout). 09:25:28 [[QC_INFO_1: GlueSchema 1.3 Support]] 09:25:28 [NA] Product does not publish information through BDII. 09:25:28 [[QC_INFO_2: GlueSchema 2.0 Support]] 09:25:28 [NA] Product does not publish information through BDII. 09:25:28 [[QC_INFO_3: Middleware Version Information]] 09:25:28 [NA] Product does not publish information through BDII. 09:25:28 [[QC_MON_1: Service Probes]] 09:25:28 [NA] Product cannot be tested by Nagios. 09:25:28 [INFO] No QC-specific ID provided: no specific QC probes will be ran.