Dear Stephen,
> > For this reason, I would say it's safe to upgrade all services except those ones.
> Although I will check with MW Officer to see what he considers we should
> recommend to do. And in any case we will report this back to openldap team.
>
> Thanks Maria.
>
> At Liverpool we use a configuration control system (Puppet) that uses
> hierarchical inheritance to reduce repetition. Since security updates pertain to
> the vast majority of our systems, it is deep in the structure, making it harder to
> turn off for a particular system; we either do security updates, or we don't do
> them.
>
> So we turned security updates off to keep our ARC/Condor system going.
> We can't go on like that, so I'll do something special to allow security updates
> but not for openldap (or perhaps not on particular systems.) But the priority of
> the fix should be high enough to get us back to routine version control as soon
> as practicable. We don't like special cases because they always cause trouble in
> the end.
I understand. Our Linux colleagues at CERN are following up with Redhat and we have explained that this is high priority for us. We have provided them with all the debugging material they have asked for and we are still waiting.
The problem we have for ARC CEs is that we don't have a workaround. For top BDII, in the worst case, we could release something on the BDII side to get rid of the LDAP configuration pieces that are related to the crashes. But this won't work for ARC. Anyway, I will contact the ARC developers to see whether they can investigate a possible woraound.
Regards,
Maria
|