Hello
we have set up a new sl5 machine with site BDII and glite-APEL instead of old sl4 machine with site-bdii and monbox. The new machine has the name and certificate from the old one. Two machines were not running at the same time.
GOC page has been changed accordingly.
Since that time we have a problem with publishing.
When we are trying to run the script:
APEL_HOME=/opt/glite /opt/glite/bin/apel-publisher -f /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml
we see the error:
[root@lcg ~]# APEL_HOME=/opt/glite /opt/glite/bin/apel-publisher -f /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml
=====Starting APEL Publisher=====
Mon Dec 13 13:05:33 GMT 2010
Current versions of APEL RPMS:
glite-apel-publisher-2.0.13-6.noarch
glite-apel-core-2.0.13-8.noarch
glite-apel-yaim-1.0.2-1.noarch
Copying certificates from /etc/grid-security to the Java key store used by the APEL Publisher
Mon Dec 13 13:06:06 UTC 2010: apel-publisher - Read-in configuration: [logenabled, p, inspectTables, j] [DBUsername=accounting, DBURL=jdbc:mysql://localhost:3306/accounting, DBPassword=****, site=UKI-NORTHGRID-SHEF-HEP, Timeout for awaiting a reply from the consumer.=1800000, The max. num of accounting records in each JMS message=2000, Batch size=300000, republish=missing]
Mon Dec 13 13:06:06 UTC 2010: apel-publisher - ------ Starting the apel application ------
Mon Dec 13 13:06:06 UTC 2010: apel-publisher - **** APEL is examining the schema ****
Mon Dec 13 13:06:06 UTC 2010: apel-publisher - Checking the LcgRecords table
Mon Dec 13 13:06:06 UTC 2010: apel-publisher - The LcgRecords schema is up-to-date
Mon Dec 13 13:06:06 UTC 2010: apel-publisher - Checking the BlahdRecords table
Mon Dec 13 13:06:15 UTC 2010: apel-publisher - The BlahdRecords schema is up-to-date
Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking the LcgProcessedFiles table
Mon Dec 13 13:06:15 UTC 2010: apel-publisher - The LcgProcessedFiles schema is up-to-date
Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking the SpecRecords table for patch 28593
Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking the SpecRecords table for patch 65723
Mon Dec 13 13:06:15 UTC 2010: apel-publisher - The SpecRecords schema is up-to-date
Mon Dec 13 13:06:15 UTC 2010: apel-publisher - **** Schema checks complete ****
Mon Dec 13 13:06:15 UTC 2010: apel-publisher - **** Combining tables and republishing in LcgRecords ****
Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking valid CPU spec data exists
Mon Dec 13 13:06:15 UTC 2010: apel-publisher - CPU spec values found
Mon Dec 13 13:06:17 UTC 2010: apel-publisher - program aborted
org.glite.apel.core.ApelException: org.glite.apel.core.ApelException: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
at org.glite.apel.publisher.AccountPublisher.<init>(Unknown Source)
at org.glite.apel.publisher.AccountManager.run(Unknown Source)
at org.glite.apel.publisher.ApelPublisher.runJoinProcessor(Unknown Source)
at org.glite.apel.publisher.ApelPublisher.run(Unknown Source)
at org.glite.apel.publisher.ApelPublisher.main(Unknown Source)
Caused by: org.glite.apel.core.ApelException: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
at org.glite.apel.publisher.AccountPublisher.createActiveMQProducer(Unknown Source)
... 5 more
Caused by: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1255)
at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1350)
at org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:300)
at org.apache.activemq.ActiveMQConnection.createTopicSession(ActiveMQConnection.java:1047)
... 6 more
Caused by: java.lang.SecurityException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:102)
at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:686)
at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:134)
at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:308)
at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:182)
at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:210)
at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
at org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.security.auth.login.FailedLoginException: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
at org.apache.activemq.jaas.CertificateLoginModule.login(CertificateLoginModule.java:91)
at sun.reflect.GeneratedMethodAccessor1340.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:87)
... 14 more
[root@lcg ~]# APEL_HOME=/opt/glite /opt/glite/bin/apel-publisher -f /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml
=====Starting APEL Publisher=====
Mon Dec 13 14:41:40 GMT 2010
Current versions of APEL RPMS:
glite-apel-publisher-2.0.13-6.noarch
glite-apel-core-2.0.13-8.noarch
glite-apel-yaim-1.0.2-1.noarch
Copying certificates from /etc/grid-security to the Java key store used by the APEL Publisher
Mon Dec 13 14:42:14 UTC 2010: apel-publisher - Read-in configuration: [logenabled, p, inspectTables, j] [DBUsername=accounting, DBURL=jdbc:mysql://localhost:3306/accounting, DBPassword=****, site=UKI-NORTHGRID-SHEF-HEP, Timeout for awaiting a reply from the consumer.=1800000, The max. num of accounting records in each JMS message=2000, Batch size=300000, republish=missing]
Mon Dec 13 14:42:14 UTC 2010: apel-publisher - ------ Starting the apel application ------
Mon Dec 13 14:42:14 UTC 2010: apel-publisher - **** APEL is examining the schema ****
Mon Dec 13 14:42:14 UTC 2010: apel-publisher - Checking the LcgRecords table
Mon Dec 13 14:42:14 UTC 2010: apel-publisher - The LcgRecords schema is up-to-date
Mon Dec 13 14:42:14 UTC 2010: apel-publisher - Checking the BlahdRecords table
Mon Dec 13 14:42:23 UTC 2010: apel-publisher - The BlahdRecords schema is up-to-date
Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking the LcgProcessedFiles table
Mon Dec 13 14:42:23 UTC 2010: apel-publisher - The LcgProcessedFiles schema is up-to-date
Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking the SpecRecords table for patch 28593
Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking the SpecRecords table for patch 65723
Mon Dec 13 14:42:23 UTC 2010: apel-publisher - The SpecRecords schema is up-to-date
Mon Dec 13 14:42:23 UTC 2010: apel-publisher - **** Schema checks complete ****
Mon Dec 13 14:42:23 UTC 2010: apel-publisher - **** Combining tables and republishing in LcgRecords ****
Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking valid CPU spec data exists
Mon Dec 13 14:42:23 UTC 2010: apel-publisher - CPU spec values found
Mon Dec 13 14:42:25 UTC 2010: apel-publisher - program aborted
org.glite.apel.core.ApelException: org.glite.apel.core.ApelException: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
at org.glite.apel.publisher.AccountPublisher.<init>(Unknown Source)
at org.glite.apel.publisher.AccountManager.run(Unknown Source)
at org.glite.apel.publisher.ApelPublisher.runJoinProcessor(Unknown Source)
at org.glite.apel.publisher.ApelPublisher.run(Unknown Source)
at org.glite.apel.publisher.ApelPublisher.main(Unknown Source)
Caused by: org.glite.apel.core.ApelException: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
at org.glite.apel.publisher.AccountPublisher.createActiveMQProducer(Unknown Source)
... 5 more
Caused by: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1255)
at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1350)
at org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:300)
at org.apache.activemq.ActiveMQConnection.createTopicSession(ActiveMQConnection.java:1047)
... 6 more
Caused by: java.lang.SecurityException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:102)
at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:686)
at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:134)
at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:308)
at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:182)
at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:210)
at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
at org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.security.auth.login.FailedLoginException: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
at org.apache.activemq.jaas.CertificateLoginModule.login(CertificateLoginModule.java:91)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:87)
... 14 more
I have opened https://gus.fzk.de/ws/ticket_info.php?ticket=65138 but it hasn't been replied yet.
Any ideas what is going wrong.
Your help is greatly appreciated.
Elena
__________________________________________________
Dr Elena Korolkova
Email: [log in to unmask]
Tel.: +44 (0)114 2223553
Fax: +44 (0)114 2223555
Department of Physics and Astronomy
University of Sheffield
Sheffield, S3 7RH, United Kingdom
|