Are you sure about that? I was told that SAM checks the fingerprint of
every CA cert in the release. They have to do that because not every
site uses rpm. This is why it is not as simple as saying release level
.GE. 1.20
John
> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Alessandra Forti
> Sent: 20 May 2008 10:31
> To: [log in to unmask]
> Subject: Re: New LCG CA release 1.21: breaks site
>
> hi john,
>
> the official sam tests check the rpm version.
>
> steve's tests are run with a proxy that has been signed with
> the old ca.
> manchester hasn't upgraded yet and we are not failing. it
> seems we are not failing the test not centrally nor steve's.
>
> cheers
> alessandra
>
> Gordon, JC (John) wrote:
> > What was this point Alessandra? After your mail the thread assumes
> > that people are failing the SAM tests.
> > http://pprc.qmul.ac.uk/~lloyd/gridpp/samtest.html suggests that
> > Bristol and Brunel failed for a few hours but no-one else.
> >
> > If job submission is broken then the SAM tests will fail
> but is there
> > evidence that a successful upgrade breaks the SAM test?
> >
> > When the CA is upgraded the SAM test should check for the
> new version
> > right away but the test should pass for a day then WARN for several
> > days
> > (6?) before failing.
> >
> > Remaining time for sites to upgrade is : 7 days, 13 hours.
> > ca_DFN-GridGermany-User : NOTIFICATION !
> > 0 days, 13 hours, 57 min delay left before warning for the
> site will
> > be switched on!
> > It seems you have an old version of CA ca_DFN-GridGermany-User
> > installed.
> > Highest detected is : 1.20
> > Latest known version : 1.21
> > File was : /etc/grid-security/certificates/34f8e29c.0
> >
> > John
> >> -----Original Message-----
> >> From: Testbed Support for GridPP member institutes
> >> [mailto:[log in to unmask]] On Behalf Of Alessandra Forti
> >> Sent: 19 May 2008 18:18
> >> To: [log in to unmask]
> >> Subject: Re: New LCG CA release 1.21: breaks site
> >>
> >> i guess the point was that if you update you fail the sam tests.
> >>
> >> Graeme Stewart wrote:
> >>> In contrast to these tales of woe, I just upgraded all nodes at
> >>> Glasgow and we're fine from the UI to upgraded and
> >> non-upgraded sites:
> >>> svr020:~$ rpm -q lcg-CA
> >>> lcg-CA-1.21-1.noarch
> >>> svr020:~$ globus-job-run svr021.gla.scotgrid.ac.uk /bin/rpm
> >> -q lcg-CA
> >>> lcg-CA-1.21-1.noarch svr020:~$ globus-job-run
> >> ce.glite.ecdf.ed.ac.uk
> >>> /bin/rpm -q lcg-CA
> >>> lcg-CA-1.20-1
> >>> svr020:~$
> >>>
> >>> I checked fetch-crl manually and it's a happy bunny.
> >>>
> >>> However, Bristol and Durham are both broken:
> >>>
> >>> svr020:~$ globus-job-run
> >>> lcgce01.phy.bris.ac.uk:2119/jobmanager-lcgpbs-atlas
> >> /bin/rpm -q lcg-CA
> >>> GRAM Job submission failed because the connection to the
> >> server failed
> >>> (check host and port) (error code 12)
> >>>
> >>> svr020:~$ globus-job-run
> >>> ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q30m
> >> /bin/rpm -q lcg-CA
> >>> GRAM Job submission failed because the connection to the
> >> server failed
> >>> (check host and port) (error code 12)
> >>>
> >>> This might be a side effect of a failed update, but your
> >> downgrade to
> >>> 1.20 appears to have left things still dead.
> >>>
> >>> Cheers
> >>>
> >>> Graeme
> >>>
> >>> PS
> >>>
> >>> svr020:~$ voms-proxy-info -all
> >>> subject :
> >> /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart/CN=proxy
> >>> issuer :
> /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
> >>> identity :
> /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
> >>> type : proxy
> >>> strength : 512 bits
> >>> path : /tmp/x509up_u218012
> >>> timeleft : 6:08:24
> >>> === VO atlas extension information ===
> >>> VO : atlas
> >>> subject :
> /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
> >>> issuer : /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
> >>> attribute : /atlas/Role=production/Capability=NULL
> >>> attribute : /atlas/lcg1/Role=NULL/Capability=NULL
> >>> attribute : /atlas/Role=NULL/Capability=NULL timeleft : 6:08:24
> >>>
> >> --
> >> "Well you'll still need a tray"
> >>
> >
>
> --
> "Well you'll still need a tray"
>
|