msg from release manager (D Groep)
Hi Stephen,
On 2017-11-28 14:35, Stephen Jones wrote:
> The newest trust anchors, 1.88-1, have stopped our ARGUS servers from working.
Looking at the issue right now - at least I can reproduce it.
Meanwhile, use:
https://egi-igtf.ndpf.info/distribution/egi-1.87-1/
which has the previous one!
DavidG.
On 28/11/17 13:42, Linda Cornwall wrote:
> I've forwarded to David Groep.
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of Robert Frank
>> Sent: 28 November 2017 13:41
>> To: [log in to unmask]
>> Subject: Re: We think trust anchors 1.88-1 breaks on SL6
>>
>> We have a local mirror of the EGI CA repository which keeps the old versions. I
>> can just change the version in puppet which then points yum to the old version.
>> After that and a yum clean all, yum history rollback works.
>>
>> Cheers,
>> Robert
>>
>> On 28/11/17 13:32, Daniela Bauer wrote:
>>> How did you roll back to 1.87 ?
>>>
>>> Cheers,
>>> Daniela
>>>
>>> On 28 November 2017 at 13:30, Robert Frank
>>> <[log in to unmask]>
>>> wrote:
>>>
>>>> I've seen it as well in Manchester when I tried to update this morning.
>>>> I've rolled everything back to 1.87 for now.
>>>> I got the impression that it works when both, the server and the
>>>> client use the same version, but more testing is needed to confirm this.
>>>>
>>>> Cheers,
>>>> Robert
>>>>
>>>> On 28/11/17 13:21, Stephen Jones wrote:
>>>>
>>>>> Don't update to 1.88-1
>>>>>
>>>>> We have same problems too!
>>>>>
>>>>> Working on it; site is down because ARGUS (SL6) is clobbered by this...
>>>>>
>>>>> Cheers,
>>>>>
>>>>>
>>>>> Ste
>>>>>
>>>>>
>>>>> On 28/11/17 13:17, Daniela Bauer wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> the latest trust anchor release contains this chage:
>>>>>>
>>>>>> * updated UKeScience 2B ICA based on a SHA-2 family digest (UK)
>>>>>>
>>>>>> When I try and run the cvmfs UI on SL6 I get the following error:
>>>>>>
>>>>>> lx01:~ > voms-proxy-init --voms gridpp Enter GRID pass phrase for
>>>>>> this identity:
>>>>>> Contacting voms03.gridpp.ac.uk:15000
>>>>>> <http://voms03.gridpp.ac.uk:15000>
>>>>>> [/C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk <
>>>>>> http://voms03.gridpp.ac.uk>] "gridpp"...
>>>>>> Certificate validation error: Can not verify the CRL as its
>>>>>> issuer's public key is unknown or can not be validated Cause:
>>>>>> Certification path could not be validated. Cause:
>>>>>> NullPointerException Error contacting voms03.gridpp.ac.uk:15000 <
>>>>>> http://voms03.gridpp.ac.uk:15000> for VO gridpp:
>>>>>> java.security.cert.CertificateException: The peer's certificate
>>>>>> with subject's DN CN=voms03.gridpp.ac.uk
>>>>>> <http://voms03.gridpp.ac.uk>,L =Physics,OU=Imperial,O=eScience,C=UK
>>>>>> was rejected. The peer's certificate status is: FAILED The following
>> validation errors were found:
>>>>>> error at position 0 in chain, problematic certificate subject: CN=
>>>>>> voms03.gridpp.ac.uk <http://voms03.gridpp.ac.uk>,L
>>>>>> =Physics,OU=Imperial,O=eScience,C=UK (category: CRL): Can not
>>>>>> verify the CRL as its issuer's public key is unknown or can not be
>>>>>> validated
>>>>>> Cause: Certification path could not be validated. Cause:
>>>>>> NullPointerException
>>>>>> Certificate validation error: Can not verify the CRL as its
>>>>>> issuer's public key is unknown or can not be validated Cause:
>>>>>> Certification path could not be validated. Cause:
>>>>>> NullPointerException Error contacting voms03.gridpp.ac.uk:15000 <
>>>>>> http://voms03.gridpp.ac.uk:15000> for VO gridpp: peer not
>>>>>> authenticated Error contacting voms03.gridpp.ac.uk:15000 <
>>>>>> http://voms03.gridpp.ac.uk:15000> for VO gridpp: REST and legacy
>>>>>> VOMS endpoints failed.
>>>>>> Contacting voms02.gridpp.ac.uk:15000
>>>>>> <http://voms02.gridpp.ac.uk:15000>
>>>>>> [/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=voms02.gridpp.ac.uk <
>>>>>> http://voms02.gridpp.ac.uk>] "gridpp"...
>>>>>> Certificate validation error: Can not verify the CRL as its
>>>>>> issuer's public key is unknown or can not be validated Cause:
>>>>>> Certification path could not be validated. Cause:
>>>>>> NullPointerException Error contacting voms02.gridpp.ac.uk:15000 <
>>>>>> http://voms02.gridpp.ac.uk:15000> for VO gridpp:
>>>>>> java.security.cert.CertificateException: The peer's certificate
>>>>>> with subject's DN CN=voms02.gridpp.ac.uk
>>>>>> <http://voms02.gridpp.ac.uk>,L =OeSC,OU=Oxford,O=eScience,C=UK was
>>>>>> rejected. The peer's certificate status is: FAILED The following validation
>> errors were found:
>>>>>> error at position 0 in chain, problematic certificate subject: CN=
>>>>>> voms02.gridpp.ac.uk <http://voms02.gridpp.ac.uk>,L
>>>>>> =OeSC,OU=Oxford,O=eScience,C=UK (category: CRL): Can not verify the
>>>>>> CRL as its issuer's public key is unknown or can not be validated Cause:
>>>>>> Certification path could not be validated. Cause:
>>>>>> NullPointerException Certificate validation error: Can not verify
>>>>>> the CRL as its issuer's public key is unknown or can not be
>>>>>> validated Cause: Certification path could not be validated. Cause:
>>>>>> NullPointerException Error contacting voms02.gridpp.ac.uk:15000 <
>>>>>> http://voms02.gridpp.ac.uk:15000> for VO gridpp: peer not
>>>>>> authenticated Error contacting voms02.gridpp.ac.uk:15000 <
>>>>>> http://voms02.gridpp.ac.uk:15000> for VO gridpp: REST and legacy
>>>>>> VOMS endpoints failed.
>>>>>> Contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000>
>>>>>> [/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk <
>>>>>> http://voms.gridpp.ac.uk>] "gridpp"...
>>>>>> Certificate validation error: Can not verify the CRL as its
>>>>>> issuer's public key is unknown or can not be validated Cause:
>>>>>> Certification path could not be validated. Cause:
>>>>>> NullPointerException Error contacting voms.gridpp.ac.uk:15000
>>>>>> <http://voms.gridpp.ac.uk:15000> for VO gridpp:
>>>>>> java.security.cert.CertificateException: The peer's certificate
>>>>>> with subject's DN CN=voms.gridpp.ac.uk <
>>>>>> http://voms.gridpp.ac.uk>,L=HEP,OU=Manchester,O=eScience,C=UK was
>>>>>> rejected. The peer's certificate status is: FAILED The following validation
>> errors were found:
>>>>>> error at position 0 in chain, problematic certificate subject: CN=
>>>>>> voms.gridpp.ac.uk <http://voms.gridpp.ac.uk>,L=H
>>>>>> EP,OU=Manchester,O=eScience,C=UK (category: CRL): Can not verify
>>>>>> the CRL as its issuer's public key is unknown or can not be validated Cause:
>>>>>> Certification path could not be validated. Cause:
>>>>>> NullPointerException Certificate validation error: Can not verify
>>>>>> the CRL as its issuer's public key is unknown or can not be
>>>>>> validated Cause: Certification path could not be validated. Cause:
>>>>>> NullPointerException Error contacting voms.gridpp.ac.uk:15000
>>>>>> <http://voms.gridpp.ac.uk:15000> for VO gridpp: peer not
>>>>>> authenticated Error contacting voms.gridpp.ac.uk:15000
>>>>>> <http://voms.gridpp.ac.uk:15000> for VO gridpp: REST and legacy VOMS
>> endpoints failed.
>>>>>> None of the contacted servers for gridpp were capable of returning
>>>>>> a valid AC for the user.
>>>>>> User's request for VOMS attributes could not be fulfilled.
>>>>>>
>>>>>>
>>>>>> It works on SL7.
>>>>>>
>>>>>> This error is fairly deadly for a lot of stuff we are doing here.
>>>>>>
>>>>>> Any ideas ?
>>>>>>
>>>>>> Regards,
>>>>>> Daniela
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Sent from the pit of despair
>>>>>>
>>>>>> -----------------------------------------------------------
>>>>>> [log in to unmask] <mailto:[log in to unmask]>
>>>>>> HEP Group/Physics Dep
>>>>>> Imperial College
>>>>>> London, SW7 2BW
>>>>>> Tel: +44-(0)20-75947810
>>>>>> http://www.hep.ph.ic.ac.uk/~dbauer/ <http://www.hep.ph.ic.ac.uk/%7
>>>>>> Edbauer/>
>>>>>>
>>>>>
>>>>>
>>>
--
Steve Jones [log in to unmask]
Grid System Administrator office: 220
High Energy Physics Division tel (int): 43396
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 3396
University of Liverpool http://www.liv.ac.uk/physics/hep/
|