Custom Query (431 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (70 - 72 of 431)

Ticket Resolution Summary Owner Reporter
#1413 fixed qalter -w reports "job is already running" for held job Dave Love <d.love@…> dlove
Description

$ qstat job-ID prior name user state submit/start at queue slots ja-task-ID


147 0.00000 true dlove hqw 02/27/2012 16:43:41 1

$ qalter -w p 147 verification: job is already running

#1423 fixed renew_all_certs creates CRL which expires after one month Dave Love <d.love@…> aylee
Description

I've stumbled over an effect which seems to be the same as described in:

http://arc.liv.ac.uk/pipermail/gridengine-users/2007-September/015678.html http://www.mail-archive.com/users@gridengine.org/msg03479.html

One year after I setup SGE we got SSL errors: no wonder because the certificates expired... Consequently I ran renew_all_certs, distributed the files on all nodes and everything was running fine again.

After about a month we had certificate errors again! I checked the certficate files and they all seemed correct, e.g.:

[root@tsqm sgeCA]# openssl x509 -in /gridware/cst-gridengine/default/common/sgeCA/cacert.pem -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            cd:4e:f8:ac:e0:53:85:7b
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=DE, ST=Hessen, L=Darmstadt, O=CST AG, OU=Research and Development, CN=SGE Certificate Authority/UID=CA/emailAddress=thimo.neubauer@cst.com
        Validity
            Not Before: Jun  7 18:14:59 2012 GMT
            Not After : Jun  7 18:14:59 2013 GMT

I dug further and found that the CRL seems to be the problem! It claims that a new version has to be available every month:

[root@tsqm sgeCA]# openssl crl -in /gridware/cst-gridengine/default/common/sgeCA/ca-crl.pem -noout -text
Certificate Revocation List (CRL):
        Version 1 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: /C=DE/ST=Hessen/L=Darmstadt/O=CST AG/OU=Research and Development/CN=SGE Certificate Authority/UID=CA/emailAddress=thimo.neubauer@cst.com
        Last Update: Jun  7 18:15:00 2012 GMT
        Next Update: Jul  7 18:15:00 2012 GMT

I'd propose to set the same expiry period for the CRL as for the CA certificates.

IMHO this is a pretty subtle pitfall which easily breaks a CSP enabled installation completely; also others were already bitten by this. That is the reason why I've set "major" severity

#1430 fixed inst_template.conf improvement Dave Love <d.love@…> Florian.LaRoche@…
Description

Hello all,

the following changes inst_template.conf into a config file, so that upgrades keep this file unchanged. Also the default value for SHADOW_HOST should be empty.

best regards from Germany,

Florian La Roche

--- gridengine.spec +++ gridengine.spec @@ -297,6 +297,7 @@

%{sge_home}/mpi %{sge_home}/pvm %{sge_home}/util

+%config %{sge_home}/util/install_modules/inst_template.conf

%{sge_home}/utilbin %attr(4755,root,root) %{sge_home}/utilbin/*/testsuidroot #%attr(4755,root,root) %{sge_home}/utilbin/*/authuser

--- sge-8.1.1/source/dist/util/install_modules/inst_template.conf +++ sge-8.1.1/source/dist/util/install_modules/inst_template.conf @@ -182,7 +182,7 @@ SCHEDD_CONF="1"

# to the qmaster spool directory # If you want to setup a shadow host, you must enter the servername # (mandatory for shadow host installation)

-SHADOW_HOST="hostname" +SHADOW_HOST=""

# Remove these execution hosts in automatic mode # (mandatory for uninstallation of execution hosts)

Note: See TracQuery for help on using queries.