Patch-ID# 113136-05 Keywords: security qstat qhost scheduler execd pe jobs qacct i18n l10n ssl Synopsis: Sun Grid Engine 5.3: maintenance/security patch Date: Apr/07/2004 Install Requirements: See Special Install Instructions Solaris Release: 2.6 7 8 9 SunOS Release: 5.6 5.7 5.8 5.9 Unbundled Product: Sun Grid Engine Unbundled Release: 5.3 Xref: This patch is available for SPARC 64-bit as patch 113137 and for x86 as patch 113138 Topic: Relevant Architectures: sparc BugId's fixed with this patch: 4658716 4665780 4668148 4670664 4670669 4673738 4675410 4676340 4677087 4682966 4683852 4686157 4692957 4696768 4697491 4699665 4700286 4701640 4706929 4708235 4708239 4712023 4713013 4716824 4718880 4719218 4719755 4721129 4721134 4722060 4723543 4727515 4728293 4731288 4731347 4732031 4733043 4733089 4733859 4735258 4735972 4739596 4740335 4740350 4740578 4741230 4742082 4742189 4744523 4745387 4745399 4745404 4746705 4747829 4749151 4753668 4753669 4754435 4755931 4756556 4756557 4760981 4769608 4775325 4776016 4776754 4776821 4778757 4778758 4778762 4780316 4787598 4787623 4790540 4790547 4790592 4791238 4791908 4792036 4794242 4795475 4802171 4802831 4805423 4807677 4811230 4813188 4813965 4815774 4815795 4816529 4816541 4818741 4819479 4822799 4833346 4835832 4838549 4838595 4838650 4841414 4842844 4842878 4844838 4845505 4847814 4847819 4851939 4859658 4860391 4866711 4869784 4876169 4881949 4885719 4885906 4885930 4886017 4886025 4886026 4893432 4930786 4930789 4949917 4952236 4952767 4969825 5018669 5018695 5018726 5018733 5018757 5018884 5019595 5019601 5019624 5019635 5020131 5020134 5020139 5020141 5020143 5020153 5020278 5020371 5021405 Changes incorporated in this version: 4930786 4930789 4949917 4952236 4952767 4969825 5018669 5018695 5018726 5018733 5018757 5018884 5019595 5019601 5019624 5019635 5020131 5020134 5020139 5020141 5020143 5020153 5020278 5020371 5021405 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /bin/solaris /bin/solaris/qacct /bin/solaris/qalter /bin/solaris/qconf /bin/solaris/qdel /bin/solaris/qhost /bin/solaris/qmake /bin/solaris/qmod /bin/solaris/qmon /bin/solaris/qsh /bin/solaris/qstat /bin/solaris/qsub /bin/solaris/qtcsh /bin/solaris/sge_commd /bin/solaris/sge_coshepherd /bin/solaris/sge_execd /bin/solaris/sge_qmaster /bin/solaris/sge_schedd /bin/solaris/sge_shadowd /bin/solaris/sge_shepherd /bin/solaris/sgecommdcntl /lib/solaris /lib/solaris/libXltree.so /utilbin/solaris /utilbin/solaris/adminrun /utilbin/solaris/checkprog /utilbin/solaris/checkuser /utilbin/solaris/filestat /utilbin/solaris/gethostbyaddr /utilbin/solaris/gethostbyname /utilbin/solaris/gethostname /utilbin/solaris/getservbyname /utilbin/solaris/infotext /utilbin/solaris/loadcheck /utilbin/solaris/now /utilbin/solaris/openssl /utilbin/solaris/qrsh_starter /utilbin/solaris/rlogin /utilbin/solaris/rsh /utilbin/solaris/rshd /utilbin/solaris/testsuidroot /utilbin/solaris/uidgid Problem Description: 5021405 CSP reconnect problem of scheduler and execd 5020371 sge_shepherd creates world writable files 5020278 a colon in a job name breaks qacct 5020153 mail bomb upon abort with tightly integrated par jobs 5020143 qdel XXX.YY- will delete the first array task of job XXX 5020141 qsh and qlogin accepted the options -h and -hold_jid and ignored them later 5020139 a stored job template in qmon sets -hold_jid to a wrong value 5020134 qhost output broken for global consumables 5020131 renaming a user deletes the user 5019635 schedd_job_info=true causes large delays with parallel job scheduling 5019624 qselect/qstat -l selection wrongly considers load and utilization 5019601 "vmem" in qstat -j keeps the max value 5019595 Dateformat YYMMDDhhmm was interpreted wrong (qacct, qsub, qalter,...) 5018884 SSL vulnerabilities stated in Sun Alert 57524 5018757 HPCT jobs may fail - add variable to job environment which point to SGE binaries 5018733 Empty parameters crashes qstat and qhost 5018726 qalter lacks -dl option! 5018695 loadsensor doing output to stderr can block 5018669 qrsh/qlogin: "Connection refused" due to race condition in shepherd 4969825 not supported array task dependencies are not rejected 4930786 global load values are ignored 4930789 An overwritten string attribut was ignored in the scheduler 4949917 qmon seg faults with a user hold job from qtcsh qtask file 4952236 Broken mail option with SGE 5.3p4 qrsh 4952767 qrsh -notify doesn't work (from 113136-04) 4749151 Adding user to CSP secure system fails on S2.6, 7, 8. 4775325 wrong qstat -j diagnosis message indicates not enough PE slots 4813965 tightly integrated parallel array jobs do not work 4815795 qstat -alarm broken 4819479 qhost -q -l arch=xx crashes if a grid execution host is down 4822799 SGE(EE) cannot be installed on Solaris 10 4833346 qsh/qrsh/qlogin might core with segementation violation 4835832 NOTIFY_SUSP signal only sent for first suspension of job 4838549 maxujobs scheduler config functionality is broken 4838595 maxujobs does not count jobs with certain state 4838650 Array job tasks may set queue in error state when started 4841414 Unable to delete task array job with negative increment 4842844 some jobs may stay long time in transferring state for hosts with many slots 4842878 qdel -u does not delete all jobs of the user 4844838 sge_shepherd does not exit on SIGTERM 4845505 cannot qalter/qhold/qrls several tasks of same job 4847814 jobs in rescheduling state are not scheduled due to wrong ticket calculation 4847819 util/sge_update.sh fails to upgrade sge to sgeee 4851939 qmon->job control->pending jobs->Why? fails if not enough free slots in pe 4859658 scheduler crashes if user_sort=true and job priorities are changed with qalter 4860391 qmake dumps core when starting recursive make calls 4866711 SGE_O_* variables incorrectly set for tasks of tighly integrated jobs 4869784 qmon "Qmon" resource file contains syntax errors 4876169 qrsh -l =1 -now no cause sge_qmaster to crash 4881949 Parallel jobs exceeding wall clock time are not killed 4885719 during installation error message about unset SGE_ROOT is printed 4885906 NSLOTS and NHOSTS incorrectly set in environment of tightly integrated tasks 4885930 failure of master task of a tightly integrated parallel job does not delete job 4886017 qstat -r -s z command aborts 4886025 queuenames in qstat and in gui need more characters 4886026 max_u_jobs settings rejects submission though limit not reached 4893432 upgrade to openssl 0.9.7a (from 113136-03) 4713013 qacct may display incorrect accounting information 4756556 .cshrc error causes [pro|epi]log,pe-[start|stop] failure 4756557 non-resolvable hosts in host_aliases file cause wrong hostname resolving 4760981 Empty sge_request file causes submission error 4769608 qalter shows wrong priority number when using negative priorities with -p option 4776016 execd does res. consuming process tracking even if no job is to be controlled 4776754 complex values for user defined complexes are rejected with global host 4776821 qtcsh can't be used as normal tcsh 4778757 stepsize 0 in array job specification results in qmaster exception 4778758 memcpy leak in execd 4778762 Array jobs which contain only one task (id=1) will be handled as single job 4780316 race condition if signals are to be delivered in job's startup phase 4787598 schedd_job_info messages shown by qstat -j even if it is set to false 4787623 failover to shadow master leaves sge_schedd on the original qmaster host 4790540 sge_schedd process consumes more memory than needed if schedd_job_info=true 4790547 Job notification signals won't be delivered if user redefines suspend_method ... 4790592 conflicting policies can cause job being started and immediately suspended 4791238 SGE may create duplicate accounting entries for parallel jobs 4791908 job logging file exists but is empty in certain configurations 4792036 job arguments larger than 10k crash qmaster 4794242 wrong usage reported by qstat -j 4795475 qstat -f output broken for pe jobs on same queue 4802171 qacct -l selection broken 4802831 cannot set -C to null string as described in man qsub 4805423 STRING complex attribute handling with RELOP "!=" is broken 4807677 qrsh crash when command line arguments are longer than 4K 4811230 qconf -Muser and qconf -Auser report no success messages 4813188 qstat -r shows wrong dependencies 4815774 Uninitialized pointer cause segmentation fault in qsh/qrsh on submit only hosts 4816529 qmon crash when pressing Why for a list of selected jobs 4816541 no newline character at end of sge_aliases file may crash qsub 4818741 startup failure of qrsh job is reported as regular job exit (from 113136-02) 4755931 possible file access problems on 64-bit file system with 32-bit binaries 4754435 OpenSSL 0.9.6c security vulnerability 4753669 qconf gets commd timeout 4753668 prevent deletion of still referenced objects 4747829 accounting record about qrsh termination incomplete 4746705 Typo in the message 4745404 qmake does an incorrect resource request if ARCH is an empty string 4745399 qmake without any information about parallel execution fails 4745387 qsh, qrsh and qlogin silently ignore options -ac, -dc, -sc and -w 4744523 no error message for interactive job start failure due to wrong DISPLAY settings 4742189 schedd_job_info = true causes immense daemons memory growth in large systems 4742082 Calculation failure in Functional policy 4741230 qmod help output is incomplete 4740578 load formula of the scheduler 4740350 problems with destin_id_list syntax 4740335 qmon dies with changes in Edit Tickets on Solaris64. 4739596 rlim_fd_max > 1024 can cause 32 bit daemons to crash at startup phase 4735972 scheduler crashes if all subnodes of a node have 0 shares in sharetree 4735258 CLI: Wrong info for usage 4733859 Userset "defaultdepartment" accepts users in CLI 4733089 qmon dies after checking 'transfer' in 'queue control' window 4733043 qmon dumps core when mouse over an interactive job in Job Control window 4732031 OK without hostname in host_configuration kill sge_qmaster 4731347 can configure fshare/otickets in acls of type DEPT 4731288 qmon cluster config dialog does not show gid_range in SGE product mode 4728293 qmon gets shutdown with a word "global" in Cluster Configuration 4727515 maxujobs prevents dispatching even if job limit is not reached 4723543 Too small panes and cells to display some item names 4722060 CLI: invalid option "-jid jid" for qconf in qconf -help 4721134 qmon gets shutdown with the message "Segmentation Fault" in terminal 4721129 A misoperation in host configuration on qmon leads to qmaster daemon's death 4719755 wrong port output in qstat error message when qmaster not reachable 4719218 "Job Submission" GUI: blank text in pop out window 4718880 qsub/qalter -l ... might select wrong resource. 4716824 qlogin and qrsh accept unsupported options 4658716 protocol doing termin. on failure for tightly integr. par. job could be leaner (from 113136-01) 4712023 global load values can prevent dispatching of jobs 4708239 Allow specification of arguments to [rsh|rlogin|qlogin]_[daemon|command] 4708235 SGE should allow to start qrsh jobs when /etc/nologin exits 4706929 qmon does not display job predecessors in job control 4701640 problems launching jobs from qtcsh with "&" 4700286 complex default value not considered for load/suspend thresholds 4699665 qstat resource based job selection broken 4697491 signal notification can prevent delivery of actual suspend/termination signal 4696768 SGE(EE) allows to submit binary job scripts 4692957 non-privileged users can submit jobs with priority higher than 0 4686157 qhost -j is broken 4683852 qalter on running jobs can confuse consumable mgmt 4682966 qsh(1) ignores -S in sge_request(5) files 4677087 execd could crash when executing tightly integrated parallel jobs 4676340 Memory leak in sge_schedd 4675410 queue suspend threshold alarm nsuspend>1 does not susp. multiple jobs 4673738 allow or disallow "none" load formula 4670669 error message "can't set additional group id for job" for interactive jobs 4670664 parallel jobs (e.g. qmake) fail 4668148 solaris psets won't be used by SGE 4665780 qmaster error message during startup: global configuration doesn't exist - creat Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7, 8, and 9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Important note if Sun Grid Engine has been installed with openSSL support ------------------------------------------------------------------------- If Sun Grid Engine has been installed with openSSL support ("CSP mode") prior to SGE 5.3p3 (which was linked with openSSL 0.9.6.c), the certificates which have been installed with these versions are incompatible with certificates installed with SGE 5.3p4 or later. All such certificates will need to be recreated after installing this patch and before restarting Sun Grid Engine. Please refer to the Sun Grid Engine Administration and User Manual for how to create new certificates with the utility script "sge_ca", which comes with the distribution. The reason for the incompatibility is a changed field name between openSSL version 0.9.6 and 0.9.7 in the certificates, where "uniqueIdentifier" has been renamed to "userId". Note for bug id 5020371 ("sge_shepherd creates world writable files") --------------------------------------------------------------------- If the execution daemon spool directory is located on NFS and the execution host machine does not have read/write permissions for user root (which is often the case due to security reasons) the shepherd process will continue to create some of the files in its job directory with world writable permissions. If the NFS client has write permissions the fix will be effective without further changes after patch installation. To make the fix effective it is required to install the execution daemon spool directory on a local file system. Also for performance reasons it is recommended to install the execution daemon spool directory on a local file system. 1. Changing the execution daemon spool directory for all hosts simultaneously - there may be no running jobs in the cluster - shut down qmaster - shutdown all execution daemons - edit the global cluster configuration file //common/configuration and change the path to the configuration value execd_spool_dir - restart qmaster - restart your execution daemons 2. Changing the execution daemon spool directory for each execution host individually: - no jobs may be running on the execution host where the spool directory is going to be changed - edit the local configuration for this execution host: % qconf -mconf and add the local spool directory: execd_spool_dir - shutdown and restart the execution daemons In addition to these notes please read the "Install Instructions" section below about requirements when the patch itself can be installed. Install Instructions: --------------------- These installation instructions assume that you are running a homogenous Sun Grid Engine cluster where all hosts share the same directory for the binaries. If you are running Sun Grid Engine in a heterogenous environment (mix of 32-bit and 64-bit binaries for Solaris and/or other operating systems) it is only necessary to shutdown the daemons for the architecture for which the patch is applied. If you installed the binaries on a local partition, you only need to stop the Sun Grid Engine daemons for that host on which you are installing the patch. By default there may by no running jobs when the patch is installed. There may pending batch jobs, but no pending interactive jobs (qrsh, qmake, qsh, qtcsh). It is possible to install the patch with running batch jobs. To avoid a failure of the active "sge_shepherd" binary it is necessary to move the old shepherd binary (and copy it back prior the installation of the patch). In no case it is supported to install the patch with running interactive jobs, 'qmake' jobs or with running parallel jobs which use the tight integration support (control_slaves=true in PE configuration is set). Stopping the Sun Grid Engine cluster to start jobs -------------------------------------------------- Disable all queues that no new jobs are started: # qmod -d '*' Optional (only needed if there are running jobs which should continue to run when the patch is installed): # cd $SGE_ROOT/bin # mv /sge_shepherd /sge_shepherd.sge53 # cp -p /sge_shepherd.sge53 /sge_shepherd It is important that the binary is first moved and then copied back to the original location using the "-p" switch of the cp command. Shutting down Sun Grid Engine qmaster and scheduler --------------------------------------------------- You need to shutdown (and restart) the qmaster and scheduler daemon and all execution daemons on all Sun Grid Engine hosts. Shutdown all your execution hosts. Login to all your execution hosts and stop the 'sge_execd' and 'sge_commd': # /etc/init.d/rcsge stop Then login to your qmaster machine and stop 'sge_qmaster', 'sge_schedd', 'sge_commd' and if the machine is also an execution host 'sge_execd' # /etc/init.d/rcsge stop Now verify with the 'ps' command that all Sun Grid Engine daemons on all hosts are stopped. If you decided to rename the shepherd binary that running patch job continue to run during the patch installation you may not kill the 'sge_shepherd' binary. Installing the patch and restarting Sun Grid Engine --------------------------------------------------- Now please install the patch with 'patchadd'. After installing the patch you need to restart your Sun Grid Engine cluster. Please login to your qmaster machine and enter: # /etc/init.d/rcsge Now you should repeat this step on all your execution hosts. After restarting Sun Grid Engine you may again enable your queues: # qmod -e '*' If you renamed the shepherd binary you may safely delete the old binary when all jobs finished which where running prior the patch installation. README -- Last modified date: Wednesday, April 7, 2004