Hi Esteban,
Everything seems exactly as in your configuration files... Regarding the
permission and certificate expiration date, everything seems also OK:
[root@mon01 gip]# locate /hostcert.pem
/opt/glite/var/rgma/.certs/hostcert.pem
/home/glite/.certs/hostcert.pem
/etc/tomcat5/hostcert.pem
/etc/grid-security/hostcert.pem
[root@mon01 gip]# openssl x509 -enddate -noout -in
/etc/grid-security/hostcert.pem
notAfter=Jan 7 16:45:46 2009 GMT
[root@mon01 gip]# openssl x509 -enddate -noout -in
/opt/glite/var/rgma/.certs/hostcert.pem
notAfter=Jan 7 16:45:46 2009 GMT
[root@mon01 gip]# openssl x509 -enddate -noout -in
/home/glite/.certs/hostcert.pem
notAfter=Jan 7 16:45:46 2009 GMT
[root@mon01 gip]# openssl x509 -enddate -noout -in /etc/tomcat5/hostcert.pem
notAfter=Jan 7 16:45:46 2009 GMT
[root@mon01 gip]# openssl x509 -enddate -noout -in
/etc/grid-security/hostcert.pem
notAfter=Jan 7 16:45:46 2009 GMT
[root@mon01 gip]# ll /etc/grid-security/host*
-rw-r--r-- 1 root root 1826 Jun 6 20:57 /etc/grid-security/hostcert.pem
-r-------- 1 root root 1057 Jun 6 20:56 /etc/grid-security/hostkey.pem
[root@mon01 gip]# ll /opt/glite/var/rgma/.certs/host*
-rw-r--r-- 1 rgma rgma 1826 Jun 6 20:57
/opt/glite/var/rgma/.certs/hostcert.pem
-r-------- 1 rgma rgma 1057 Jun 6 20:56
/opt/glite/var/rgma/.certs/hostkey.pem
[root@mon01 gip]# ll /home/glite/.certs/host*
-rw-r--r-- 1 glite glite 1826 Jun 12 15:30 /home/glite/.certs/hostcert.pem
-r-------- 1 glite glite 1057 Jun 12 15:30 /home/glite/.certs/hostkey.pem
[root@mon01 gip]# ll /etc/tomcat5/host*
-rw-r--r-- 1 tomcat tomcat 1826 Jun 6 20:57 /etc/tomcat5/hostcert.pem
-r-------- 1 tomcat tomcat 1057 Jun 6 20:56 /etc/tomcat5/hostkey.pem
I'll open a GGUS ticket
Cheers
Goncalo
Esteban Freire wrote:
> Hi Gonçalo,
>
> I don't know if I'll help you, but I try it :).. Indeed, it seems a
> problem related to some certificate problem, in any case, I send you
> how we have our configuration, we have installed Mon + BDII_site service.
>
> cat /opt/bdii/etc/bdii.conf
>
> BDII_PORT_READ=2170
> BDII_PORTS_WRITE="2171 2172"
> BDII_USER=edguser
> BDII_BIND=mds-vo-name=local,o=grid
> BDII_SEARCH_FILTER='*'
> BDII_SEARCH_TIMEOUT=180
> BDII_BREATHE_TIME=60
> BDII_AUTO_UPDATE=no
> BDII_AUTO_MODIFY=no
> BDII_MODIFY_DN=no
> BDII_IS_CACHE=yes
> BDII_DIR=/opt/bdii
> BDII_UPDATE_URL=http://
> BDII_UPDATE_LDIF=http://
> SLAPD=/usr/sbin/slapd
> SLAPADD=/usr/sbin/slapadd
>
> [root@mon ~]# rpm -qa | grep python
> libxml2-python-2.6.16-10.1
> rpm-python-4.3.3-23_nonptl
> python-elementtree-1.2.6-4
> python-sqlite-1.1.6-1
> python-2.3.4-14.4.el4_6.1
> glite-rgma-api-python-5.0.12-3
>
> [root@mon gip]# grep GlueServiceVersion ldif/*
> ldif/glite-info-service-bdii-site.ldif:GlueServiceVersion: 3.9.0
> ldif/glite-info-service-browser.ldif:GlueServiceVersion: 5.0.49
> ldif/glite-info-service-consumer.ldif:GlueServiceVersion: 5.0.49
> ldif/glite-info-service-on-demand-producer.ldif:GlueServiceVersion:
> 5.0.49
> ldif/glite-info-service-primary-producer.ldif:GlueServiceVersion: 5.0.49
> ldif/glite-info-service-secondary-producer.ldif:GlueServiceVersion:
> 5.0.49
>
> Could be the machine certificate expired or maybe with wrong permissions?
>
> Let me know if you need that I send you any information.
>
> Thanks,
> Esteban
>
> Gonçalo Borges escribió:
>> Hi All,
>>
>> After instaling MON glite 3.1 (and winning in my personal battle
>> against tomcat and jpackage repositories), I see that the information
>> system is not working:
>>
>> [root@mon01 tmp]# ldapsearch -x -h mon01.lip.pt -p 2170 -b
>> "mds-vo-name=resource,o=grid"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <mds-vo-name=resource,o=grid> with scope sub
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # resource, grid
>> dn: Mds-Vo-name=resource,o=grid
>> objectClass: GlueTop
>> Mds-Vo-name: resource
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> On /opt/bdii/var/bdii.log I see:
>>
>> Time to load DB: 62 s
>> Grabbing port 2170 for 2172
>> Error for Traceback (most recent call last): File "<string>",line
>> 1,in ? File "/usr/lib/python2.3/urllib.py",line 181,in open return
>> getattr(self,name)(url) File "/usr/lib/python2.3/urllib.py",line
>> 375,in open_https h.endheaders() File
>> "/usr/lib/python2.3/httplib.py",line 712,in endheaders
>> self._send_output() File "/usr/lib/python2.3/httplib.py",line 597,in
>> _send_output self.send(msg) File
>> "/usr/lib/python2.3/httplib.py",line 564,in send self.connect()
>> File "/usr/lib/python2.3/httplib.py",line 985,in connect ssl =
>> socket.ssl(sock,self.key_file,self.cert_file) File
>> "/usr/lib/python2.3/socket.py",line 73,in ssl return
>> _realssl(sock,keyfile,certfile)
>> ==> slapadd: could not parse entry (line=15)
>> Error for dn:
>> GlueServiceUniqueID=mon01.lip.pt_org.glite.rgma.PrimaryProducer,mds-vo-name=resource,o=grid
>>
>> ==> str2entry: invalid value for attribute GlueServiceVersion (syntax
>> 1.3.6.1.4.1.1466.115.121.1.26)
>> ==> slapadd: could not parse entry (line=38)
>> Error for dn:
>> GlueServiceUniqueID=mon01.lip.pt_org.glite.rgma.OnDemandProducer,mds-vo-name=resource,o=grid
>>
>> ==> str2entry: invalid value for attribute GlueServiceVersion (syntax
>> 1.3.6.1.4.1.1466.115.121.1.26)
>> ==> slapadd: could not parse entry (line=61)
>> Error for dn:
>> GlueServiceUniqueID=mon01.lip.pt_org.glite.rgma.SecondaryProducer,mds-vo-name=resource,o=grid
>>
>> ==> str2entry: invalid value for attribute GlueServiceVersion (syntax
>> 1.3.6.1.4.1.1466.115.121.1.26)
>> ==> slapadd: could not parse entry (line=84)
>> Error for dn:
>> GlueServiceUniqueID=mon01.lip.pt_org.glite.rgma.Browser,mds-vo-name=resource,o=grid
>>
>> ==> str2entry: invalid value for attribute GlueServiceVersion (syntax
>> 1.3.6.1.4.1.1466.115.121.1.26)
>> ==> slapadd: could not parse entry (line=107)
>> Error for dn:
>> GlueServiceUniqueID=mon01.lip.pt_org.glite.rgma.Consumer,mds-vo-name=resource,o=grid
>>
>> ==> str2entry: invalid value for attribute GlueServiceVersion (syntax
>> 1.3.6.1.4.1.1466.115.121.1.26)
>> ==> slapadd: could not parse entry (line=138)
>> Thu Jun 12 15:36:24 WEST 2008
>> Sleeping for 60
>>
>> I don't understand the python error but it seems related to some
>> certificate problem which I'm not able to disentangle.
>> Regarding the "GlueServiceVersion" error, I do not see anything wrong
>> with it in the ldif files:
>>
>> [root@mon01 gip]# grep GlueServiceVersion ldif/*
>> ldif/glite-info-service-browser.ldif:GlueServiceVersion: 5.0.49
>> ldif/glite-info-service-consumer.ldif:GlueServiceVersion: 5.0.49
>> ldif/glite-info-service-on-demand-producer.ldif:GlueServiceVersion:
>> 5.0.49
>> ldif/glite-info-service-primary-producer.ldif:GlueServiceVersion: 5.0.49
>> ldif/glite-info-service-secondary-producer.ldif:GlueServiceVersion:
>> 5.0.49
>>
>> The most strange of all is that if I manually run
>> "/opt/glite/libexec/glite-info-generic
>> /opt/glite/etc/gip/glite-info-generic.conf", the right information
>> seems to be produced.
>>
>> Any hints?
>>
>> Cheers
>> Goncalo
>>
|