Hi Maarten, Dietrich,
I'm also not sure that still running that 2.5.13 is such a good idea.
Note that it's almost 3 years old. There are indeed no known
vulnerabilities to it, but I wouldn't rely too much on that.
Cheers,
Mischa
On Mon, Sep 11, 2017 at 06:23:50PM +0000, Maarten Litmaath wrote:
> Hallo Dietrich,
> the good old 2.5.13 with all known important security issues fixed
> is available from the new third-party repo for UMD:
>
> http://repository.egi.eu/community/software/third.party.distribution/1.0/releases/sl/6/x86_64/RPMS/
>
> To let yum prefer that repo over EPEL, you need to give it priority=1 or so.
>
> Torque 4.2.10 from EPEL works with these provisos:
>
> - YAIM does not know about the new "trqauthd" daemon -->
> you need to deal with that "manually" or add a local, pre- or post-function
> as described in the YAIM manual:
>
> https://twiki.cern.ch/twiki/bin/view/LCG/YaimGuide400#Use_local_functions
>
> - That unmaintained Torque version quite probably has security issues -->
> you need to apply the Torque firewall rules very precisely to avoid that
> your service might "easily" get hacked into.
>
> The EMI-3 repos are unmaintained and should no longer be used;
> at some point we may block access altogether.
>
> ________________________________________
> From: LHC Computer Grid - Rollout [[log in to unmask]] on behalf of Dietrich Liko [[log in to unmask]]
> Sent: 11 September 2017 18:29
> To: [log in to unmask]
> Subject: [LCG-ROLLOUT] Torque and UMD-4
>
> Hello everybody!
>
>
> I have a question to what is the recommended combination of running
> CREAMCE and torque, as I run in some problems .
>
>
> 1) In EMI-3 there was a version of 2.5.13 included, which was compatible
> with the EGI setup.
>
> 2) In UMD-4 I do not find it, but I get a version 4.2.10 from EPEL
>
>
> If I remember correctly, the objective of version 2.5 was to be
> compatible with the yaim configuration and munge, as the version
>
> from EPEL had some issues with that.
>
>
> Now the question is if somebody knows if the current version from EPEL
> works fine ? Can I configure it with yaim or is there some other
>
> way ? Evidently I can do it from scratch, but why to reinvent the wheel
> ....
>
>
> I understand that I can find at various places puppet configs for torque
> and creamce and so on ... but these seem to need some work to get going
> ... does somebody have an opinion, if this is a better way to go ? If
> somebody would have a pointer to some info, it would be great ...
>
>
> I see on the list, that there might be the need to apply some patches to
> torque. I assume I should configure my CE and see if these issues are
> coming up ..
>
>
> Cheers, Dietrich
>
>
> P.S.: Extra question: I assume EMI-3 repos are getting old, but they are
> still around. Alas, EMi-3-base and EMI-3-thirdparty is missing the
> repodata directory, so the repos are not useable. Is this on purpose or
> a bug ?
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email [log in to unmask]
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
|