Difference between revisions of "EMI gLExec release test plan and report"

From PDP/Grid Wiki
Jump to navigationJump to search
(Created page with "This test plan is following the [https://twiki.cern.ch/twiki/bin/view/EMI/EMITestPlan EMI SA2 template]. == gLExec Test Plan == === Service Description === gLExec is a program...")
 
 
(18 intermediate revisions by 2 users not shown)
Line 242: Line 242:
 
  sh glexec-lcas-lcmaps-compound-test.sh
 
  sh glexec-lcas-lcmaps-compound-test.sh
  
Output:
+
=== Regression tests ===
  http://www.nikhef.nl/grid/ndpf/files/EMI_1_SAC_documentation/certification_output/glexec-lcas-lcmaps-compound-test.28-april-2011.out
+
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?64057 ====
 +
DESCRIPTION: glexec fails with a misleading error message if the configuration cannot be read
 +
 
 +
REPRODUCE: install glexec in setuid mode
 +
-r-sr-sr-s  root.glexec  /usr/sbin/glexec
 +
and the config file as
 +
-r--r-----  root.root    /etc/glexec.conf
 +
 
 +
CHECK: Error message
 +
 
 +
FAILED: Get
 +
[gLExec]:   The user, uid=502(tester), is not whitelisted. The calling user account is not privileged to execute and use gLExec.
 +
 
 +
PASSED:
 +
[gLExec]: User tester (uid=502) is not whitelisted, i.e. may not invoke gLExec.
 +
          If this is unexpected, ask the sysadmin to check the syslog and the
 +
          permissions of the config file.
 +
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?77767 ====
 +
DESCRIPTION: yaim-glexec-wn must put GLEXEC_LOCATION in grid-env.sh
 +
 
 +
REPRODUCE: install YAIM, run yaim-glexec-wn
 +
 
 +
CHECK: content of grid-env.sh
 +
 
 +
FAILED: No GLEXEC_LOCATION exported in the shell
 +
 
 +
PASSED: GLEXEC_LOCATION available and set
 +
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?82714 ====
 +
DESCRIPTION: YAIM should not configure LCAS when Argus is used
 +
 
 +
REPRODUCE:
 +
* install and configure yaim-glexec-wn
 +
* configure site-info.def to use ARGUS: set in <tt>siteinfo/services/glite-glexec_wn</tt>
 +
GLEXEC_WN_ARGUS_ENABLED=yes
 +
* run YAIM
 +
 
 +
CHECK: contents of <tt>/etc/glexec.conf</tt>
 +
 
 +
FAILED: configuration file contains <tt>use_lcas = yes</tt>
 +
 
 +
PASSED: configuration file must contain <tt>use_lcas = no</tt> (default is to use LCAS).
 +
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?86453 ====
 +
DESCRIPTION: Permissions on glexec in RPM are not setuid root
 +
 
 +
REPRODUCE: rpm -qvl glexec
 +
 
 +
CHECK: permission of /usr/sbin/glexec
 +
 
 +
FAILED:
 +
---x--x--x 1 root root      147456 Apr  3 02:59 /usr/sbin/glexec
 +
PASSED:
 +
---s--x--x 1 root root      147456 Apr  3 02:59 /usr/sbin/glexec
 +
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?88318 ====
 +
DESCRIPTION: LCMAPS excessive logging (2)
 +
 
 +
REPRODUCE: Normal installation with LCMAPS =<1.4.x, log with gLExec to Syslog, configure to log LOG_INFO
 +
 
 +
CHECK: Amount of log lines
 +
 
 +
FAILED: More then O(10) log lines
 +
 
 +
-ins that each failed to signify a false-positive
 +
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?89773 ====
 +
REFERENCES:
 +
https://rt.egi.eu/rt/Ticket/Display.html?id=1474
 +
https://rt.egi.eu/rt/Ticket/Display.html?id=1475
 +
https://rt.egi.eu/rt/Ticket/Display.html?id=1476
 +
https://rt.egi.eu/rt/Ticket/Display.html?id=1641
 +
Mirror bug for gLExec
 +
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?89792 ====
 +
DESCRIPTION: YAIM-gLExec-wn should let gLExec do the userswitch
 +
 
 +
REPRODUCE: Run YAIM to observe the configuration in the glexec.conf and lcmaps.db
 +
 
 +
 +
 
 +
FAILED: If the configuration in the glexec.conf or lcmaps
 +
 
 +
PASSED: On successful switch by glexec
 +
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?91835 ====
 +
REFERENCES:
 +
https://savannah.cern.ch/bugs/index.php?72377
 +
https://savannah.cern.ch/bugs/index.php?72378
 +
https://rt.egi.eu/rt/Ticket/Display.html?id=465
 +
https://rt.egi.eu/rt/Ticket/Display.html?id=466
 +
Mirror bug for gLExec
 +
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?91836 ====
 +
DESCRIPTION: Signal handling in gLExec 0.9.0 can hang up gLExec
 +
 
 +
REPRODUCE: run glexec and flood it with signals after a very small delay, such that it traps signals e.g. during a syslog call. E.g. run several times:
 +
<pre>
 +
#!/bin/bash
 +
export GLEXEC_CLIENT_CERT=/tmp/x509up_u`id -u`
 +
export X509_USER_PROXY=/tmp/x509up_u`id -u`
 +
/usr/sbin/glexec /usr/bin/id -a &
 +
pid=$!
 +
ps -fp $pid
 +
for ((i=1; i<100; i++));do
 +
      s=$((i%64+1))
 +
      ((s==9 || s==19 || s==32 || s==33)) && s=11
 +
      kill -$s $pid
 +
done
 +
</pre>
 +
 
 +
CHECK: gLExec does not hang up, even after many times.
 +
 
 +
FAIL: gLExec locks up and can only be killed with a kill -9, an strace will show gLExec hangs in a lock.
 +
 
 +
PASSED: gLExec will get interrupted or killed in a clean way.
  
=== Regression tests ===
+
==== Savannah: https://savannah.cern.ch/bugs/?91963 ====
 +
DESCRIPTION: gLExec should check whether stdin/stdout/stderr exists
 +
 
 +
REPRODUCE: run in non-setuid mode:
 +
/usr/sbin/glexec /bin/sleep 60 1>&- 2>&- 0<&-
 +
 
 +
CHECK: run:
 +
ls -l /proc/`ps -o pid= -C glexec`/fd/[012]
 +
 
 +
FAILED: e.g. filedescriptor 2 is missing, and filedescriptors 0 and 1 point to a socket (from syslog)
 +
 
 +
PASSED: filedescriptors 0-2 point to /dev/null
 +
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?92667 ====
 +
DESCRIPTION: gLExec 0.9.3 segfaults when preserve_env_variables is used in config
 +
 
 +
REMARKS: Bug is cross-platform, but segfault occurs on SL6
 +
 
 +
REPRODUCE: install glexec-0.9.3 on RH6 system and add preserve_env_variables = anything to the /etc/glexec.conf, then run /usr/sbin/glexec /usr/bin/id
 +
 
 +
CHECK: with preserve_env_variables there should be no problem in running glexec
 +
 
 +
FAILED:
 +
[gLExec]:  Premature exit due to signal, signal: 11
 +
 
 +
PASSED: no error message, normal execution.
 +
 
 +
==== Savannah: https://savannah.cern.ch/bugs/?92812 ====
 +
DESCRIPTION: LCMAPS without GSI SIGABORTs in StoRM EMI 2 RC3
 +
 
 +
REPRODUCE: install lcmaps version 1.5.2 (EMI RC 3)
 +
 
 +
CHECK: run llrun using the without GSI interface.
 +
 
 +
PASSED: On successful llrun
 +
 
 +
FAILED: On segmentation fault or abort based on an invalid free.
 +
 
 +
REMARKS: The 1.5.3 version and newer of LCMAPS fixes the problem observed here
  
Savannah bug [https://savannah.cern.ch/bugs/?53192 53192]: '''scas-client: segfaults with malformed lcmaps-glexec.db''' (implemented):
+
==== Savannah: https://savannah.cern.ch/bugs/?92818 ====
 +
DESCRIPTION: glite_wms_wmproxy_server crashes with a SEGV when using the LCMAPS 1.5.2
  
The SCAS-client plugin will not trigger a segmentation fault and pull gLExec with it when the SCAS host is not a FQDN.
+
REPRODUCE: install lcmaps version 1.5.2 (EMI RC 3)
  
Savannah bug [https://savannah.cern.ch/bugs/?77130 77130 ]: '''[lcmaps-plugins-scas] crashes on invalid -capath''' (implemented):
+
CHECK: run llrun using the without GSI interface.
  
Verified by moving the CA path and reconfiguring the SCAS plugin to use an non-existing directory as -capath value.
+
PASSED: On successful llrun
  
Savannah bug [https://savannah.cern.ch/bugs/?80927 80927]: '''bug #80927: [LCMAPS] Mapping fails if VOMS AC contains a generic attribute''' (implemented):
+
FAILED: On segmentation fault or abort based on an invalid free.
  
Added VOMS generic attributes to the VO registration in the VOMS service.
+
REMARKS: The 1.5.3 version and newer of LCMAPS fixes the problem observed here
  
Savannah bug [https://savannah.cern.ch/bugs/?80822 80882]: '''LCMAPS-plugins-c-pep cannot read proxy from NFS partition''' (not implemented):
+
REMARKS: Similar to Savannah bug 92812
  
Tested but turns out that the tests were not done properly with a false-positive as a result. The package version 1.1.4 fixes this problem. The 1.1.3 works as advertised on all other use cases.
+
==== Savannah: https://savannah.cern.ch/bugs/?93187 ====
 +
DESCRIPTION: glexec-configure script contains some errors
  
Savannah bug [https://savannah.cern.ch/bugs/?80815 80815]: '''GLExec support for tracking group ids''' (implemented):
+
REPRODUCE: run
 +
/usr/sbin/glexec-configure -o /tmp/glexec.conf -d /tmp/lcmaps.db argus argus.testbed
  
The gLExec and LCMAPS suite now has a plugin called the [[LCMAPS_Tracking_GroupID_plugin]] and supports the tracking groupid feature of Condor, Sun Grid Engine and other batch systems.
+
CHECK: the contents of /tmp/glexec.conf and /tmp/lcmaps.db
  
Savannah bug [https://savannah.cern.ch/bugs/?80548 80548]: '''GLExec possible segfault when reading proxy''' (implemented):
+
FAIL: e.g. endpoint line in pepc entry is missing a " at the end of the line
  
When reading a proxy file, the '\0' is added at the end, before we're sure if we didn't have an I/O error.
+
PASS: glexec-configure produces valid, working glexec.conf and lcmaps.db files
  
Savannah bug [https://savannah.cern.ch/bugs/?80547 80547]: ''GLExec segfaults if argc == 0'''' (implemented):
+
==== Savannah: https://savannah.cern.ch/bugs/?93190 ====
 +
DESCRIPTION: LCMAPS gives misleading error when PDL parsing fails
  
When gLExec is called using e.g. execve with NULL as argument list (i.e. resulting internally in argc==0) it segfaults.
+
.db file
  
Savannah bug [https://savannah.cern.ch/bugs/?79988 79988]: '''gLExec crashes when no explicit linger option is set in the glexec.conf''' (implemented):
+
CHECK: Error message from LCMAPS
  
When the glexec.conf does not contain either linger=yes or linger=no, gLExec crashes. Since the default is equivalent to specifying linger=yes, it's easy to work around.
+
PASSED: Error message flags it as a parse error
  
Savannah bug [https://savannah.cern.ch/bugs/?57746 57746]: '''Error "could not get X509 cred from gss credential!" when using gridftp but normal job submission works''' (implemented):
+
FAILED: Error message flags it as an out of memory error
  
The proxy handling from the lcas-lcmaps-gt4-interface to the LCAS and LCMAPS interface has been fixed to cope with this.
+
==== Savannah: https://savannah.cern.ch/bugs/?93248 ====
 +
DESCRIPTION: gLExec in non-linger mode does not set umask() correctly.
  
Savannah bug [https://savannah.cern.ch/bugs/?60825 60825]: '''Strange characters in LCAS plugin string''' (implemented):
+
REPRODUCE: Install glexec version 0.9.5 and disable linger mode (linger=no)
  
A fix was made in the LCAS framework and the problem doesn't occur anymore.
+
CHECK:
 +
umask 0123; /tmp/dummy/usr/sbin/glexec /bin/bash -c umask
  
Savannah bug [https://savannah.cern.ch/bugs/?64535 64535]: '''no lcmaps/lcas logs for gridftp''' (implemented):
+
PASSED: output should be 0123
  
The logs appear in both the log files, when the proper LCAS_LOG_FILE or LCMAPS_LOG_FILE are exported. Also Syslog will be used by default and works.
+
FAILED: output is 0077 (internal umask setting for glexec)
  
Savannah bug [https://savannah.cern.ch/bugs/?80647 80647]: '''LCAS authorizes me but reports that I am not''' (implemented):
+
==== Savannah: https://savannah.cern.ch/bugs/?101238 ====
 +
DESCRIPTION: mkgltempdir -t option does not work
  
This is fixed. The LCAS framework authorization decision isn't ignored anymore for the lcas-lcmaps-gt4-interface.
+
REPRODUCE:
 +
    export X509_USER_PROXY=<location of valid proxy>
 +
    export GLEXEC_CLIENT_CERT=$X509_USER_PROXY
 +
    gldir=`/usr/sbin/mkgltempdir -t 404` && ls -ld $gldir && /usr/sbin/mkgltempdir -r $gldir
  
Savannah bug [https://savannah.cern.ch/bugs/?80900 80900]: '''LCAS fails to find the VOMS credentials on a GridFTPd''' (implemented):
+
PASSED: lists directory with permissions dr-----r--
  
The proxy handling from the lcas-lcmaps-gt4-interface to LCAS is now fixed to the older (and faster) method and grabs the right credentials for a decision and passing to the VOMS api.</pre>
+
FAILED: gives error messages starting with /bin/chmod: cannot access `<directory name>': Permission denied

Latest revision as of 11:17, 19 April 2013