Hi Elena,
Yes, it's the stupid email address in the host cert.
Try changing it to [log in to unmask] in the GOCDB.
I don't know if the apel people will still have to edit something on
their side, but it usually gets fixed rather quickly.
Here's my ticket:
https://gus.fzk.de/ws/ticket_info.php?ticket=64172
Cheers,
Daniela
On 13 December 2010 15:29, Elena Korolkova <[log in to unmask]> wrote:
> Hello
>
> we have set up a new sl5 machine with site BDII and glite-APEL instead of old sl4 machine with site-bdii and monbox. The new machine has the name and certificate from the old one. Two machines were not running at the same time.
> GOC page has been changed accordingly.
>
> Since that time we have a problem with publishing.
>
> When we are trying to run the script:
> APEL_HOME=/opt/glite /opt/glite/bin/apel-publisher -f /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml
>
> we see the error:
> [root@lcg ~]# APEL_HOME=/opt/glite /opt/glite/bin/apel-publisher -f /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml
> =====Starting APEL Publisher=====
> Mon Dec 13 13:05:33 GMT 2010
> Current versions of APEL RPMS:
> glite-apel-publisher-2.0.13-6.noarch
> glite-apel-core-2.0.13-8.noarch
> glite-apel-yaim-1.0.2-1.noarch
> Copying certificates from /etc/grid-security to the Java key store used by the APEL Publisher
> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - Read-in configuration: [logenabled, p, inspectTables, j] [DBUsername=accounting, DBURL=jdbc:mysql://localhost:3306/accounting, DBPassword=****, site=UKI-NORTHGRID-SHEF-HEP, Timeout for awaiting a reply from the consumer.=1800000, The max. num of accounting records in each JMS message=2000, Batch size=300000, republish=missing]
> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - ------ Starting the apel application ------
> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - **** APEL is examining the schema ****
> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - Checking the LcgRecords table
> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - The LcgRecords schema is up-to-date
> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - Checking the BlahdRecords table
> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - The BlahdRecords schema is up-to-date
> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking the LcgProcessedFiles table
> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - The LcgProcessedFiles schema is up-to-date
> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking the SpecRecords table for patch 28593
> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking the SpecRecords table for patch 65723
> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - The SpecRecords schema is up-to-date
> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - **** Schema checks complete ****
> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - **** Combining tables and republishing in LcgRecords ****
> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking valid CPU spec data exists
> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - CPU spec values found
> Mon Dec 13 13:06:17 UTC 2010: apel-publisher - program aborted
> org.glite.apel.core.ApelException: org.glite.apel.core.ApelException: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
> at org.glite.apel.publisher.AccountPublisher.<init>(Unknown Source)
> at org.glite.apel.publisher.AccountManager.run(Unknown Source)
> at org.glite.apel.publisher.ApelPublisher.runJoinProcessor(Unknown Source)
> at org.glite.apel.publisher.ApelPublisher.run(Unknown Source)
> at org.glite.apel.publisher.ApelPublisher.main(Unknown Source)
> Caused by: org.glite.apel.core.ApelException: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
> at org.glite.apel.publisher.AccountPublisher.createActiveMQProducer(Unknown Source)
> ... 5 more
> Caused by: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
> at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
> at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1255)
> at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1350)
> at org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:300)
> at org.apache.activemq.ActiveMQConnection.createTopicSession(ActiveMQConnection.java:1047)
> ... 6 more
> Caused by: java.lang.SecurityException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
> at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:102)
> at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
> at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:686)
> at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
> at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:134)
> at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:308)
> at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:182)
> at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
> at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:210)
> at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
> at org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.security.auth.login.FailedLoginException: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
> at org.apache.activemq.jaas.CertificateLoginModule.login(CertificateLoginModule.java:91)
> at sun.reflect.GeneratedMethodAccessor1340.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:87)
> ... 14 more
> [root@lcg ~]# APEL_HOME=/opt/glite /opt/glite/bin/apel-publisher -f /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml
> =====Starting APEL Publisher=====
> Mon Dec 13 14:41:40 GMT 2010
> Current versions of APEL RPMS:
> glite-apel-publisher-2.0.13-6.noarch
> glite-apel-core-2.0.13-8.noarch
> glite-apel-yaim-1.0.2-1.noarch
> Copying certificates from /etc/grid-security to the Java key store used by the APEL Publisher
> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - Read-in configuration: [logenabled, p, inspectTables, j] [DBUsername=accounting, DBURL=jdbc:mysql://localhost:3306/accounting, DBPassword=****, site=UKI-NORTHGRID-SHEF-HEP, Timeout for awaiting a reply from the consumer.=1800000, The max. num of accounting records in each JMS message=2000, Batch size=300000, republish=missing]
> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - ------ Starting the apel application ------
> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - **** APEL is examining the schema ****
> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - Checking the LcgRecords table
> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - The LcgRecords schema is up-to-date
> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - Checking the BlahdRecords table
> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - The BlahdRecords schema is up-to-date
> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking the LcgProcessedFiles table
> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - The LcgProcessedFiles schema is up-to-date
> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking the SpecRecords table for patch 28593
> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking the SpecRecords table for patch 65723
> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - The SpecRecords schema is up-to-date
> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - **** Schema checks complete ****
> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - **** Combining tables and republishing in LcgRecords ****
> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking valid CPU spec data exists
> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - CPU spec values found
> Mon Dec 13 14:42:25 UTC 2010: apel-publisher - program aborted
> org.glite.apel.core.ApelException: org.glite.apel.core.ApelException: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
> at org.glite.apel.publisher.AccountPublisher.<init>(Unknown Source)
> at org.glite.apel.publisher.AccountManager.run(Unknown Source)
> at org.glite.apel.publisher.ApelPublisher.runJoinProcessor(Unknown Source)
> at org.glite.apel.publisher.ApelPublisher.run(Unknown Source)
> at org.glite.apel.publisher.ApelPublisher.main(Unknown Source)
> Caused by: org.glite.apel.core.ApelException: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
> at org.glite.apel.publisher.AccountPublisher.createActiveMQProducer(Unknown Source)
> ... 5 more
> Caused by: javax.jms.JMSException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
> at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
> at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1255)
> at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1350)
> at org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:300)
> at org.apache.activemq.ActiveMQConnection.createTopicSession(ActiveMQConnection.java:1047)
> ... 6 more
> Caused by: java.lang.SecurityException: User name or password is invalid: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
> at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:102)
> at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
> at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:686)
> at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
> at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:134)
> at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:308)
> at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:182)
> at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
> at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:210)
> at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
> at org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
> at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.security.auth.login.FailedLoginException: No user for client certificate: [log in to unmask], CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK
> at org.apache.activemq.jaas.CertificateLoginModule.login(CertificateLoginModule.java:91)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:87)
> ... 14 more
>
>
> I have opened https://gus.fzk.de/ws/ticket_info.php?ticket=65138 but it hasn't been replied yet.
>
> Any ideas what is going wrong.
>
> Your help is greatly appreciated.
>
> Elena
>
> __________________________________________________
> Dr Elena Korolkova
> Email: [log in to unmask]
> Tel.: +44 (0)114 2223553
> Fax: +44 (0)114 2223555
> Department of Physics and Astronomy
> University of Sheffield
> Sheffield, S3 7RH, United Kingdom
>
--
-----------------------------------------------------------
[log in to unmask]
HEP Group/Physics Dep
Imperial College
Tel: +44-(0)20-75947810
http://www.hep.ph.ic.ac.uk/~dbauer/
|