Custom Query (431 matches)


Show under each result:

Results (100 - 102 of 431)

Ticket Resolution Summary Owner Reporter
#1432 fixed qstat -s z shows jobs as waiting Dave Love <…> dlove

qstat -s z shows the jobs' status is show as "qw", which is at least confusing. Perhaps zombie jobs should have a JFINISHED status?

#1430 fixed inst_template.conf improvement Dave Love <…> Florian.LaRoche@…

Hello all,

the following changes inst_template.conf into a config file, so that upgrades keep this file unchanged. Also the default value for SHADOW_HOST should be empty.

best regards from Germany,

Florian La Roche

--- gridengine.spec +++ gridengine.spec @@ -297,6 +297,7 @@

%{sge_home}/mpi %{sge_home}/pvm %{sge_home}/util

+%config %{sge_home}/util/install_modules/inst_template.conf

%{sge_home}/utilbin %attr(4755,root,root) %{sge_home}/utilbin/*/testsuidroot #%attr(4755,root,root) %{sge_home}/utilbin/*/authuser

--- sge-8.1.1/source/dist/util/install_modules/inst_template.conf +++ sge-8.1.1/source/dist/util/install_modules/inst_template.conf @@ -182,7 +182,7 @@ SCHEDD_CONF="1"

# to the qmaster spool directory # If you want to setup a shadow host, you must enter the servername # (mandatory for shadow host installation)


# Remove these execution hosts in automatic mode # (mandatory for uninstallation of execution hosts)

#1423 fixed renew_all_certs creates CRL which expires after one month Dave Love <…> aylee

I've stumbled over an effect which seems to be the same as described in:

One year after I setup SGE we got SSL errors: no wonder because the certificates expired... Consequently I ran renew_all_certs, distributed the files on all nodes and everything was running fine again.

After about a month we had certificate errors again! I checked the certficate files and they all seemed correct, e.g.:

[root@tsqm sgeCA]# openssl x509 -in /gridware/cst-gridengine/default/common/sgeCA/cacert.pem -noout -text
        Version: 3 (0x2)
        Serial Number:
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=DE, ST=Hessen, L=Darmstadt, O=CST AG, OU=Research and Development, CN=SGE Certificate Authority/UID=CA/
            Not Before: Jun  7 18:14:59 2012 GMT
            Not After : Jun  7 18:14:59 2013 GMT

I dug further and found that the CRL seems to be the problem! It claims that a new version has to be available every month:

[root@tsqm sgeCA]# openssl crl -in /gridware/cst-gridengine/default/common/sgeCA/ca-crl.pem -noout -text
Certificate Revocation List (CRL):
        Version 1 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: /C=DE/ST=Hessen/L=Darmstadt/O=CST AG/OU=Research and Development/CN=SGE Certificate Authority/UID=CA/
        Last Update: Jun  7 18:15:00 2012 GMT
        Next Update: Jul  7 18:15:00 2012 GMT

I'd propose to set the same expiry period for the CRL as for the CA certificates.

IMHO this is a pretty subtle pitfall which easily breaks a CSP enabled installation completely; also others were already bitten by this. That is the reason why I've set "major" severity

Note: See TracQuery for help on using queries.