Hi Gang,
typical on a Friday afternoon we started to fail sam tests with the dreaded
10 data transfer to the server failed
looking at the gatekeeper logs we have a problem with the lcas_voms plugin:
going from
TIME: Fri Aug 8 14:17:27 2008
PID: 5511 -- Notice: 5: Authenticated globus user:
/C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
lcas client name: /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
LCAS 0:
LCAS 1: Initialization LCAS version 1.3.7
allowing empty credentials
LCAS 2: LCAS authorization request
LCAS 0: lcas_userban.mod-plugin_confirm_authorization():
checking banned users in /opt/glite/etc/lcas/ban_users.db
LCAS 0: 2008-08-08.14:17:27 :
lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
succeeded
LCAS 0: lcas.mod-lcas_run_va(): succeeded
LCAS 1: Termination LCAS
to
TIME: Fri Aug 8 14:17:54 2008
PID: 5949 -- Notice: 5: Authenticated globus user:
/C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
lcas client name: /C=UK/O=eScience/OU=Glasgow/L=Compserv/CN=graeme stewart
LCAS 0:
LCAS 1: Initialization LCAS version 1.3.7
allowing empty credentials
LCAS 2: LCAS authorization request
LCAS 0: lcas_userban.mod-plugin_confirm_authorization():
checking banned users in /opt/glite/etc/lcas/ban_users.db
LCAS 0:
lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Did not
find a matching VO entry in the authorization file
LCAS 0: 2008-08-08.14:17:54 :
lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
failed
LCAS 0: lcas.mod-lcas_run_va(): authorization failed for plugin
/opt/glite/lib/modules/lcas_voms.mod
LCAS 0: lcas.mod-lcas_run_va(): failed
TIME: Fri Aug 8 14:17:58 2008
PID: 6023 -- Notice: 6: Got connection 192.36.236.93 at Fri Aug 8
14:17:58 2008
-- any thoughts on where to start hunting?
We commented out the lcas.db entry to get the site alive again but
this isn't sustainable
svr021:~# cat /opt/glite/etc/lcas/lcas.db
# LCAS database/plugin list
#
# Format of each line:
# pluginname="<name/path of plugin>", pluginargs="<arguments>"
#
pluginname=lcas_userban.mod,pluginargs=ban_users.db
##pluginname=lcas_voms.mod,pluginargs="-vomsdir
/etc/grid-security/vomsdir/ -certdir /etc/grid-security/certificates/
-authfile /etc/grid-security/grid-mapfile -authformat simple
-use_user_dn"
svr021:~# ls -ld /etc/grid-security/vomsdir/
/etc/grid-security/certificates/ /etc/grid-security/grid-mapfile
drwxr-xr-x 2 root root 20480 Aug 8 14:26 /etc/grid-security/certificates/
-rw-r--r-- 1 root root 867344 Aug 8 14:17 /etc/grid-security/grid-mapfile
drwxr-xr-x 21 root root 4096 Jul 22 23:16 /etc/grid-security/vomsdir/
yes the grid-mapfile was altered at this time as we'd added a new user
but diffing doesn't look bad.
Andrew
|