Necessary Maintenance #9839
Test new dcache rpm for security fix
new version to fix vulnerability in dCache, see comment.
#1 Updated by Natalia Ratnikova over 5 years ago
we will update the whole thing as it makes it easier to push...
Natalia, we just need to put the RPM in our YUM repo and run the update procedure. The same procedure we developed for kernel updates will work, we can just follow that and this way we'll get the lastest kernel in (2.6.32-573.3.1) as it fixes some important bugs.
The RPM is in usual place:
Please take it and install it on your test system ASAP.
NB: if you have separate GFTP door nodes, you can install this RPM only
on these nodes. On the other hand if you have downtime anyway, then
why not update the whole thing?
#2 Updated by Natalia Ratnikova over 5 years ago
The rpm version provided by Dmitry is older than what we currently have installed. see [1-2-3] below.
So to force the upgrade I need to uninstall the old version. Which is fine for testing security fix on the testbed.
Below is the actions logs.
The cmsstor154 failure is normal ,as pssh retirns last command exit code, which for dcache status not running is 1, and we do not run dcache on backup server.
[root@cmsadmin1 Aug-18-2015]# touch testbed-server-nodes
[root@cmsadmin1 Aug-18-2015]# for n in cmsstor153 cmsstor152 cmspnfs1 cmsstor154
do echo $n >> testbed-server-nodes
[root@cmsadmin1 Aug-18-2015]# cat testbed-server-nodes
[root@cmsadmin1 Aug-18-2015]# pssh -h testbed-server-nodes -l root -t0 -p 4 -o upgr.log -e upgr.err 'puppet agent --disable; service dcache-server stop; rpm -ev dcache; rpm -ivh -p /root/dcache-2.2.29-1.noarch.rpm; puppet agent --enable; puppet agent -t; dcache status'
 18:35:38 [FAILURE] cmsstor154 Exited with error code 1
 18:35:58 [SUCCESS] cmspnfs1
 18:35:58 [SUCCESS] cmsstor152
 18:35:59 [SUCCESS] cmsstor153