Argus 1.7.0 (09-02-2016)

The Argus 1.7.0 release provides fixes for some outstanding bugs and introduces support for Centos 7. The highlights of this release are:

  • Centos7 support

  • Argus services now require Java 8

  • Upgraded core dependencies to latest versions:

    • Jetty upgraded to version 9.2.13.v20150730
    • VOMS upgraded to version 3.1
    • CANL upgraded to version 2.2.0
    • OpenSAML upgraded to version 2.6.4
  • Introduced a load testing test suite based on Grinder

  • Introduced an integration test suite based on Robot Framework

  • Documentation has been migrated to ReadTheDocs

Packages

Packages for this release can be obtained from the Argus product team package repository:

http://argus-authz.github.io/repo

Service configuration

Instructions on how to configure and run the services are provided in the following documentation sections:

Configuration for the services has not changed, so existing SL6 installation can upgrade and reconfigure services as usual (YAIM on SL6 is still supported).

YAIM configuration support is not provided on CENTOS 7; sites are free to use their favourite configuration management tool (Ansible, Puppet, Quattor) to manage the Argus services.

Changes in the mapping logic behaviour (pep-7 , pep-11), and in particular in the handling of secondary group names, could produce different mappings for user jobs, so it’s safer to drain the site before upgrading the Argus services to version 1.7.0 if you want to avoid potential job failures due to the upgrade. More details can be found here.

Note (added 2017-07-19):

If needed, to keep compatibility with the LCMAPS “-do_not_use_secondary_gids” option used by the CREAM YAIM module, in Argus 1.7 you would need to add:

useSecondaryGroupNamesForMapping = false

in the [ACCOUNTMAP_OH] section of the /etc/argus/pepd/pepd.ini and restart the service.

Main fixes

PDP-PEP-COMMON

  • Update to CANL 2.2.0 to get more scalable certificate validation [pdp-pep-common-11].

PEP Server

  • Improper synchronization may lead to corrupted mappings in the Gridmapdir [pep-3].
  • Incorrect mapping for secondary group names [pep-7] , [pep-11] .
  • Incorrect handling of CNs with internal slash characters [pep-9].

PAP

  • Init script fails if shutdown command is changed in configuration [pap-7].
  • BDII for Argus cannot check service status [pap-8].
  • Prevent to creation of policy rules with empty subject [pap-6].