On Tue, 31 May 2005, Vega Forneris wrote:
> Hi again Daniel,
>
> > lcg-bdii is running
>
> what kind of element is suffering this problem? Here at ESA-ESRIN had same
> problems with our WNs which are NATted behind MasterNode/CE : I found the
> problem was related to the lcg-bdii startup and update scripts : they
> write a redirection on the CE from port 2170 to others (range 2171-2173)
> in iptables chain...to check it lauch:
>
> $ iptables -t nat -L
>
> Try to stop lcg-bdii service and flush all entries (save your
> configuration first of course)
>
> $ service lcg-bdii stop
> $ iptables -F
>
> (check all rules are flushed: $ iptables -t nat -L)
To flush the "nat" rules, you need to do this:
iptables -F -t nat
In any case this may not be enough: I have seen some of our nodes get into
a state where iptables did not report any rules, netstat showed port 2170
being listened on (with the BDII just restarted), yet connections were refused.
In such cases a reboot is a solution.
> and launch a ldapsearch:
>
> ldapsearch -x -H ldap://egeebdii.ifca.org.es:2170 -b
> "mds-vo-name=local,o=grid"
>
> Anyway, I repeat i'm not able to contact egeebdii.ifca.org.es ldap while i
> can do it with my BDII (once again...are we sure the problem is not from
> egeebdii side?)
>
> Cheers
> Vega
>
>
>
>
>
> Daniel Cano Fernandez <[log in to unmask]>
> Sent by: LHC Computer Grid - Rollout <[log in to unmask]>
> 31/05/2005 20:40
> Please respond to LHC Computer Grid - Rollout
>
>
> To: [log in to unmask]
> cc:
> Subject: Re: [LCG-ROLLOUT] lcg-infosites
>
>
> It even refuses conections on that port with the firewall stopped!!!!!!!,
> I have to check who is filtering our ports (the firewall was accepting
> connections on that port), and there are no dead processes or strange
> things. lcg-bdii is running, so I will look for the "misterious filterer"
> that it's the only thing that I think it's possibly happening.
>
> Thanks
>
> Dani
>
> ----- Original Message -----
> From: Maarten Litmaath <[log in to unmask]>
> Date: Tuesday, May 31, 2005 8:02 pm
> Subject: Re: [LCG-ROLLOUT] lcg-infosites
>
> > Daniel Cano Fernandez wrote:
> >
> > > $LCG_GFAL_INFOSYS points to our BDII
> > >
> > > [cano@egeeui cano]$ echo $LCG_GFAL_INFOSYS
> > > egeebdii.ifca.org.es:2170
> > >
> > > and the firewall is not blocking outgoing connections.
> >
> > That node does not accept connections on port 2170,
> > so either the BDII is not running, or the node's firewall
> > returns "Connection refused" to anybody attempting to
> > connect to that port.
> >
> > > ----- Original Message -----
> > > From: Maarten Litmaath <[log in to unmask]>
> > > Date: Tuesday, May 31, 2005 6:26 pm
> > > Subject: Re: [LCG-ROLLOUT] lcg-infosites
> > >
> > >
> > >>Daniel Cano wrote:
> > >>
> > >>
> > >>>Hello,
> > >>>After some time of electrical problems at our site, I'm trying
> > >>
> > >>to set it
> > >>
> > >>>back. I'm finding hard to overcome a problem generated by lcg-
> > >>
> > >>infosites>
> > >>
> > >>>ldap_bind: Can't contact LDAP server
> > >>>A LDAP connection with the BDII has not been possible
> > >>>
> > >>>and whe running ldapsearch
> > >>>
> > >>>ldap_sasl_interactive_bind_s: Can't contact LDAP server
> > >>>
> > >>>I have restarted services, checked that things like
> > >>
> > >>LCG_GFAL_INFOSYS are
> > >>
> > >>>ok, and I don't know what else to try, so any help is welcomed
> > >>
> > >>What is your LCG_GFAL_INFOSYS?
> > >>
> > >>Does your firewall put restrictions on outgoing connections?
> > >>
> > >>
> > >
> > >
> >
>
>
>
|