This is an answer to the question raised by Maxim Kovgan, Piotr Siwczak
and others:
The reason for the errors seen at times during gridmap file generation are
due to the tomcat instabilities that led to many many announcements about
changes on the CERN VOMS servers broadcasted via the CIC portal.
The error output that Maxim includes refers to voms.cern.ch which is
not published with LCG2 2_6_0. We'll include it in addition into LCG2
2_7_0. This is the edg-mkgridmap.conf extract we distributed last July
with the release concerning DTEAM:
#-----------------------------------------------------------------------------
# DTEAM
# Map VO members (Role) dteamsgm
group vomss://lcg-voms.cern.ch:8443/voms/dteam?/dteam/Role=lcgadmin
dteamsgm
# Map VO members (root Group) dteam
group vomss://lcg-voms.cern.ch:8443/voms/dteam?/dteam .dteam
# If all above fails map from LDAP
# LDAP lines for all VOs (as we do today):
group ldap://lcg-vo.cern.ch/ou=lcg1,o=dteam,dc=lcg,dc=org .dteam
group ldap://lcg-vo.cern.ch/ou=lcgadmin,o=dteam,dc=lcg,dc=org dteamsgm
The whole of this configuration file is viewable at
http://cern.ch/dimou/lcg/registrar/TF/edg-mkgridmap.conf
Regards
- maria
On Tue, 25 Oct 2005, Maxim Kovgan wrote:
> On ?', 2005-10-25 at 18:11 +0200, Oscar Koeroo wrote:
> > Which host is causing the problem?
>
> Hello,
> I wasn't sure this error has anything to do with the servers, since
> we're behind a firewall that blocks outgoing traffic and we still have
> are in JS for , but we have tried to use both lcg-voms.cern.ch and
> voms.cern.ch from ds-lcg-ce01.cs.technion.ac.il,
> and this error is _consistent_ any attempt to run edg-mkgrimap resulted
> in this message.
>
> An exact sample of this error is:
> /opt/edg/libexec/edg-mkgridmap/edg-mkgridmap.pl
> --output=/etc/grid-security/grid-mapfile --safe
> vomssearch(https://voms.cern.ch:8443/voms/dteam/services/VOMSCompatibility?method=getGridmapUsers&container=%2Fdteam%2FRole%3Dlcgadmin): SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher
>
> I've read through google, and founf this has occured earlier, and
> supposedly has been "patched".
>
> well.... it isn't working..
> Max,
>
>
>
> >
> >
> > Piotr Siwczak wrote:
> >
> > > Hi,
> > >
> > > This can sound strange, but I sometimes get errors in the output of
> > > edg-mkgridmap script. The error is as follows:
> > >
> > > "SSl negotiation failed"
> > >
> > > Don't know the reason for this because it happens sometimes only.
> > > Isuppose this is not my site's issue but some external Vo server is
> > > not responding at times.
> > >
> > > Can anyone clear this up?
> > >
> > > Cheers,
> > > Piotr
> > >
> > >
> > > --
> > > Piotr Siwczak <[log in to unmask]>
> > > System Administrator
> > >
> > > Poznan Supercomputing and Networking Center
> > > Supercomputing Department
> > >
> > > (www.eu-egee.org <[log in to unmask]>)
> > > --
>
--
Maria Dimou-Zacharova http://cern.ch/dimou
CERN, CH-1211 Geneva 23, Switzerland
[log in to unmask], Tel:+41227673356, Fax:+41227669820,+41227674900
|