Hi again.
Apparently the error message I was seeing while trying edg-rm to your
site was due to the disappearance of the whole LCG west region. RAL, who
is hosting the lcgwest MDS server, is currently not reachable from CERN.
I'll try again the test when RAL is back.
The fixes to the SE configuration are needed anyway, or you won't get
CRL and grid-mapfile updates.
Cheers
Emanuele
Emanuele LEONARDI wrote:
> Not there, yet.
>
> (leonardi@adc0014) ~/grid/test> edg-rm --vo=dteam replicateFile
> lfn:EL_test -d hotdog48.fnal.gov
> No SE found in the Info Service with host hotdog48.fnal.gov
>
> Looking at your SE configuration file, assuming that it corrseponds to
> what you are using now, I see that you have several lines which should
> have been removed since version 1_0_0 of the LCG software:
>
> @---------------------------------------------------
> /* What the f%^&k is this??? */
> EXTRA(boot.services) se
>
> /*
> * The grid-security area is shared with the CE: let it do the update work
> */
> DELETE(cron.additions,gmf)
> DELETE(cron.additions,crl)
> @---------------------------------------------------
>
> You should also check that you are not mounting the /etc/grid-security
> directory from the CE anymore (this was the reason for the two DELETE
> commands back in July).
>
> This is how your config file should look now:
>
> @---------------------------------------------------
> #define HOSTNAME hotdog48
>
> #include "cfgdir-cfg.h"
>
> #include CFGDIR/macros-cfg.h"
> #include "site-cfg.h"
> #include CFGDIR/redhat73-cfg.h"
> #include CFGDIR/flatfiles-dirs-SECLASSIC-cfg.h"
> #include CFGDIR/serialconsole-cfg.h"
> #include CFGDIR/Users-cfg.h"
> #include CFGDIR/StorageElement-cfg.h"
> #include "local-cfg.h"
> @---------------------------------------------------
>
> Please let me know when I can try again.
>
> Cheers
>
> Emanuele
>
> Joe Kaiser wrote:
>
>> Ah! Please try it now.
>>
>> On Thu, 2003-11-13 at 15:47, Ricardo Graciani wrote:
>>
>>> Hi,
>>>
>>> if i'm not wrong you need the line:
>>>
>>> #include CFGDIR/Users-cfg.h"
>>>
>>> on the profile of your SE. I just had a look at your CVS entry and could
>>> not see it.
>>>
>>> Ricardo
>>>
>>> On Thu, 13 Nov 2003, Joseph L. Kaiser wrote:
>>>
>>>
>>>> How do I force the poolaccounts to be created on my SE. They are not
>>>> there. I have done a do_mkprof and rebooted the node. There does not
>>>> appear to be anything wrong in my config and I followed the notes as
>>>> given in LCG1-1_1_1 lcg1-notes.txt.
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Joe
>>>>
>>>> On Thu, 2003-11-13 at 10:40, Emanuele LEONARDI wrote:
>>>>
>>>>> Hi Joe.
>>>>>
>>>>> Almost there:
>>>>>
>>>>> (leonardi@adc0014) ~/grid/test> edg-rm --vo=dteam replicateFile
>>>>> lfn:EL_test -d hotdog48.fnal.gov
>>>>> GridFTP: existDir operation failed. the server sent an error response:
>>>>> 530 530 No local mapping for Globus ID
>>>>>
>>>>> Can you please check to which VO my certificate is mapped (look in
>>>>> /etc/grid-security/grid-mapfile: my cert should be mapped to
>>>>> .dteam) and
>>>>> then check if the dteamXXX accounts are present on your SE. They
>>>>> should
>>>>> be both in the /etc/passwd file and in the /home directory...
>>>>>
>>>>> Emanuele
>>>>>
>>>>> Joe Kaiser wrote:
>>>>>
>>>>>> Doh! Okay, I have gotten a new one. Please try again.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Joe
>>>>>>
>>>>>>
>>>>>> On Thu, 2003-11-13 at 09:33, Emanuele LEONARDI wrote:
>>>>>>
>>>>>>
>>>>>>> It still fails but the message is different:
>>>>>>>
>>>>>>> (leonardi@adc0014) ~/grid/test> edg-rm --vo=dteam replicateFile
>>>>>>> lfn:EL_test -d hotdog48.fnal.gov
>>>>>>> GridFTP: existDir operation failed.
>>>>>>> globus_l_ftp_control_send_cmd_cb:
>>>>>>> gss_init_sec_context failed
>>>>>>>
>>>>>>> GSS failure:
>>>>>>> GSS Major Status: Authentication Failed
>>>>>>> GSS Minor Status Error Chain:
>>>>>>>
>>>>>>> init_sec_context.c:189: gss_init_sec_context: Unable to verify
>>>>>>> remote
>>>>>>> side's credentials
>>>>>>> globus_i_gsi_gss_utils.c:851: globus_i_gsi_gss_handshake: SSLv3
>>>>>>> handshake problems: Couldn't do ssl handshake
>>>>>>> OpenSSL Error: s3_clnt.c:840: in library: SSL routines, function
>>>>>>> SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
>>>>>>> globus_gsi_callback.c:351: globus_i_gsi_callback_handshake_callback:
>>>>>>> Could not verify credential
>>>>>>> globus_gsi_callback.c:468: globus_i_gsi_callback_cred_verify:
>>>>>>> Could not
>>>>>>> verify credential
>>>>>>> globus_gsi_callback.c:778: globus_i_gsi_callback_check_revoked: The
>>>>>>> certificate has been revoked: Serial number = 406 (0x196)
>>>>>>> Subject=/DC=org/DC=doegrids/OU=Services/CN=hotdog48.fnal.gov
>>>>>>>
>>>>>>> Apparently the certificate on your SE was revoked by your CA...
>>>>>>>
>>>>>>> Emanuele
>>>>>>>
>>>>>>> Joe Kaiser wrote:
>>>>>>>
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Sorry about taking so long. We are in the middle of a horrible
>>>>>>>> experience with a new vendor. Please try the SE now. I think I
>>>>>>>> have
>>>>>>>> the right cert.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> Joe
>>>>>>>>
>>>>>>>> --
>>>>>>>> ===================================================================
>>>>>>>> Joe Kaiser - Systems Administrator
>>>>>>>>
>>>>>>>> Fermi Lab
>>>>>>>> CD/OSS-SCS Never laugh at live dragons.
>>>>>>>> 630-840-6444
>>>>>>>> [log in to unmask]
>>>>>>>> ===================================================================
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> /------------------- Emanuele Leonardi -------------------\
>>>>>>> | eMail: [log in to unmask] - Tel.: +41-22-7674066 |
>>>>>>> | IT division - Bat.31 2-012 - CERN - CH-1211 Geneva 23 |
>>>>>>> \---------------------------------------------------------/
>>>>>>
>>>>>>
>>>>>> --
>>>>>> ===================================================================
>>>>>> Joe Kaiser - Systems Administrator
>>>>>>
>>>>>> Fermi Lab
>>>>>> CD/OSS-SCS Never laugh at live dragons.
>>>>>> 630-840-6444
>>>>>> [log in to unmask]
>>>>>> ===================================================================
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> /------------------- Emanuele Leonardi -------------------\
>>>>> | eMail: [log in to unmask] - Tel.: +41-22-7674066 |
>>>>> | IT division - Bat.31 2-012 - CERN - CH-1211 Geneva 23 |
>>>>> \---------------------------------------------------------/
>>>>
>>>>
>>> --
>>> ================================================================================
>>>
>>>
>>> Ricardo Graciani Diaz
>>>
>>> Dept. Estructura i Constituents de la Materia
>>> Facultat de Fisica Tel: +34 93 403 7062
>>> Universitat de Barcelona Fax: +34 93 402 1198
>>>
>>> Diagonal, 647
>>> E-08028 Barcelona
>>>
>>> ================================================================================
>>>
>>
>>
>> --
>> ===================================================================
>> Joe Kaiser - Systems Administrator
>>
>> Fermi Lab
>> CD/OSS-SCS Never laugh at live dragons.
>> 630-840-6444
>> [log in to unmask]
>> ===================================================================
>
>
>
--
/------------------- Emanuele Leonardi -------------------\
| eMail: [log in to unmask] - Tel.: +41-22-7674066 |
| IT division - Bat.31 2-012 - CERN - CH-1211 Geneva 23 |
\---------------------------------------------------------/
|