Hi Gianfranco,
Did you run yaim after you installed the new certificates? The DPM head
node also requires copies of the certificate (with the right
permissions) in /etc/grid-security/dpmmgr. YAIM would have done this for
you.
Cheers,
Greig
On 28/07/08 11:22, Gianfranco Sciacca wrote:
> Hi All,
>
> at UCL-HEP we had a new re-signed certificate for the CE, after
> installing it the SAM test ran again. Btu the Replica Management tests
> fail since:
>
> Destination specified: pc55.hep.ucl.ac.uk
> Destination URL for copy:
> gsiftp://pc30.hep.ucl.ac.uk/pc30.hep.ucl.ac.uk:/storage/ops/2008-07-27/file93589b62-c960-4c36-b7c7-f7e3f91126ab.555293.0
>
> # streams: 1
> # set timeout to 0 seconds
> Alias registered in Catalog:
> lfn:/grid/ops/SAM/sft-lcg-rm-cr-farm16.hep.ucl.ac.uk.080727131449.1684658
> 0 bytes 0.00 KB/sec avg 0.00 KB/sec
> instglobus_ftp_control: gss_init_sec_context failed
> Copy Failed: Unregistering alias from catalog.
> lcg_cr: Transport endpoint is not connected
>
>
> The certificates on the DPM head node and the pool involved:
>
> [root@pc55 grid-security]# openssl x509 -in hostcert.pem -startdate
> -enddate -issuer -subject -noout
> notBefore=May 23 16:11:50 2008 GMT
> notAfter=Jun 22 16:11:50 2009 GMT
> issuer= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
> subject=
> [log in to unmask]
>
>
> [root@pc30 grid-security]# openssl x509 -in hostcert.pem -startdate
> -enddate -issuer -subject -noout
> notBefore=Dec 3 16:20:08 2007 GMT
> notAfter=Jan 1 16:20:08 2009 GMT
> issuer= /C=UK/O=eScienceCA/OU=Authority/CN=CA
> subject=
> [log in to unmask]
>
>
>
> No obvious errors in the logs:
>
> Jul 27 04:30:33 pc30 gridftpd[10502]: connection from sam111.cern.ch
> [128.142.142.86]
> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- 220 pc30.hep.ucl.ac.uk DPM
> GridFTP Server 1.12 GSSAPI type Globus/GSI wu-2.6.2 (gcc32dbg,
> 1069715860-42) ready.
> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- 334 Using authentication type
> GSSAPI; ADAT must follow
> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- ADAT (13181 bytes)
> Jul 27 04:30:33 pc30 gridftpd[10502]: QUIT
> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- 221 Goodbye.
> Jul 27 04:30:33 pc30 gridftpd[10502]: FTP session closed
>
>
> 07/28 04:10:16 31334,5 dpm_srv_proc_put: processing request 555572 from
> /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=samoper/CN=582979/CN=Judit
> Novak
> 07/28 04:10:16 31334,5 dpm_srv_proc_put: calling Cns_stat
> 07/28 04:10:17 31334,5 dpm_srv_proc_put: calling Cns_creatx
> 07/28 04:10:17 31334,5 dpm_srv_proc_put: calling dpm_selectfs
> 07/28 04:10:17 31334,5 dpm_selectfs: selected pool: classicSE
> 07/28 04:10:17 31334,5 dpm_selectfs: selected file system:
> pc30.hep.ucl.ac.uk:/storage
> 07/28 04:10:17 31334,5 dpm_selectfs: pc30.hep.ucl.ac.uk:/storage
> reqsize=232, elemp->free=33074592847, poolp->free=33074592847
> 07/28 04:10:17 31334,5 dpm_srv_proc_put: returns 0, status=DPM_SUCCESS
> 07/28 04:10:17 31334,6 dpm_srv_proc_get: returns 0, status=DPM_SUCCESS
> 07/28 04:10:21 31334,25 dpm_srv_rm: DP092 - rm request by
> /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=samoper/CN=582979/CN=Judit
> Novak (19278,2692,1311) from pc55.hep.ucl.ac.uk
> 07/28 04:10:21 31334,25 dpm_srv_rm: DP098 - rm 0
> srm://pc55.hep.ucl.ac.uk/dpm/hep.ucl.ac.uk/home/ops/generated/2008-07-28/file05e85f7f-447d-4976-8ed8-62cf5c7a6c7e
>
> 07/28 04:10:21 31334,25 dpm_updfreespace: pc30.hep.ucl.ac.uk:/storage
> incr=232, elemp->free=33074593079, poolp->free=33074593079
> 07/28 04:10:21 31334,25 dpm_srv_rm: returns 0, status=DPM_SUCCESS
>
>
> Any suggestion?? Not sure it's certificate related, but the timing of
> the errors is a bit suspicious.
>
> Thanks,
> Gianfranco
>
>
>
>
>
>
> On 25 Jul 2008, at 15:37, Brew, CAJ (Chris) wrote:
>
>> Hi All,
>>
>> Just noticed RALPP, Oxford, Cambridge, Durham, Glasgow, UCL-HEP, RHUL
>> and IC all seem to have started failing tests since 12:00. I had got and
>> replaced my certificates so I've just restarted my services to make sure
>> they are picked up. That seems to have fixed it for me.
>>
>> Yours,
>> Chris.
>>
>>> -----Original Message-----
>>> From: Testbed Support for GridPP member institutes
>>> [mailto:[log in to unmask]] On Behalf Of David Ambrose-Griffith
>>> Sent: 25 July 2008 14:29
>>> To: [log in to unmask]
>>> Subject: Re: Finalising UK CA rollover
>>>
>>> Jensen, J (Jens) wrote:
>>>> Ah, so you expect them to still depend on the certificate
>>> itself rather
>>>> than the DN. Good point, that will need updating.
>>>>
>>>> For everyone out there, the VOMS certificate is available here:
>>>> http://ca.grid-support.ac.uk/pub/rollover/certs/5530.pem
>>>>
>>>> I am fairly confident that the whole scheme will work and
>>> also that it
>>>> will be worth the effort, although given past experience some things
>>>> will break, as they somehow always do, despite all the efforts to
>>>> prevent breakage. There has been a lot of testing behind this.
>>>>
>>>> Thanks for pointing it out - can people who depend on the
>>> VOMS server
>>>> certificate please ensure they have the above certificate installed?
>>>>
>>>> Thanks
>>>> --jens
>>>>
>>>>
>>> Hmmn, at the moment Durham's SE has a certificate signed by
>>> the old root
>>> CA, but we didn't get the rollover email for it, and with the CRL now
>>> expired, we're failing tests.
>>>
>>> Our local RA Operator will be revoking and re-issuing the certificate
>>> this afternoon, but the lack of rollover email is a bit concerning.
>>>
>>> --
>>> David Ambrose-Griffith - [log in to unmask]
>>>
>>> IPPP, Department of Physics, Durham University,
>>> Science Laboratories, South Road, Durham, DH1 3LE
>>> Direct Dial: +44 (0)191 3343704
>>> Office: +44 (0)191 334 3811
>>>
>
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|