 |
 |
Many thanks to all for their help. Elena ____________________________________________________________________________ Dr Elena Korolkova Email: [log in to unmask] Tel.: +44 (0)114 2223553 Fax: +44 (0)114 2223555 Department of Physics and Astronomy University of Sheffield Sheffield, S3 7RH, United Kingdom On Mon, 13 Dec 2010, John Gordon wrote: > This is glite-APEL which is the one you are all migrating to. I don't think glite-APEL is actually involved at all. When you use openssl to get the DN of your host certificate to enter this in GOCDB, it returns lowercase for the emailaddress attribute name. ActiveMQ, used by glite-APEL demands this to be in upper case. > > > Elena has raised a ticket now about her publishing but this change should be enough. > > John > >> -----Original Message----- >> From: Testbed Support for GridPP member institutes [mailto:TB- >> [log in to unmask]] On Behalf Of Christopher J.Walker >> Sent: 13 December 2010 16:16 >> To: [log in to unmask] >> Subject: Re: problem with apel publishing (glite-apel) >> >> Alessandra Forti wrote: >>> Hi Elena, >>> >>> it's a problem with the format of the email field in the DN. ActiveMQ >>> wants something different from what you put in the GOCDB. >>> >>> You need to open a GGUS ticket for Apel and Cristina will tell you >> what >>> to do or tell gocdb people to change things internally (as it >> happened >>> for Manchester). >>> >> >> I assume a ticket has been filed about this generic problem. >> >> Does it look like it be fixed by the time APEL is phased out? >> >> Chris >> >>> cheers >>> alessandra >>> >>> >>> On 13/12/10 15:29, Elena Korolkova wrote: >>>> Hello >>>> >>>> we have set up a new sl5 machine with site BDII and glite-APEL >>>> instead of old sl4 machine with site-bdii and monbox. The new >> machine >>>> has the name and certificate from the old one. Two machines were not >>>> running at the same time. >>>> GOC page has been changed accordingly. >>>> >>>> Since that time we have a problem with publishing. >>>> >>>> When we are trying to run the script: >>>> APEL_HOME=/opt/glite /opt/glite/bin/apel-publisher -f >>>> /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml >>>> >>>> we see the error: >>>> [root@lcg ~]# APEL_HOME=/opt/glite /opt/glite/bin/apel-publisher -f >>>> /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml >>>> =====Starting APEL Publisher===== >>>> Mon Dec 13 13:05:33 GMT 2010 >>>> Current versions of APEL RPMS: >>>> glite-apel-publisher-2.0.13-6.noarch >>>> glite-apel-core-2.0.13-8.noarch >>>> glite-apel-yaim-1.0.2-1.noarch >>>> Copying certificates from /etc/grid-security to the Java key store >>>> used by the APEL Publisher >>>> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - Read-in >> configuration: >>>> [logenabled, p, inspectTables, j] [DBUsername=accounting, >>>> DBURL=jdbc:mysql://localhost:3306/accounting, DBPassword=****, >>>> site=UKI-NORTHGRID-SHEF-HEP, Timeout for awaiting a reply from the >>>> consumer.=1800000, The max. num of accounting records in each JMS >>>> message=2000, Batch size=300000, republish=missing] >>>> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - ------ Starting the >>>> apel application ------ >>>> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - **** APEL is >> examining >>>> the schema **** >>>> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - Checking the >> LcgRecords >>>> table >>>> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - The LcgRecords schema >>>> is up-to-date >>>> Mon Dec 13 13:06:06 UTC 2010: apel-publisher - Checking the >>>> BlahdRecords table >>>> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - The BlahdRecords >> schema >>>> is up-to-date >>>> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking the >>>> LcgProcessedFiles table >>>> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - The LcgProcessedFiles >>>> schema is up-to-date >>>> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking the >>>> SpecRecords table for patch 28593 >>>> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking the >>>> SpecRecords table for patch 65723 >>>> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - The SpecRecords >> schema >>>> is up-to-date >>>> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - **** Schema checks >>>> complete **** >>>> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - **** Combining tables >>>> and republishing in LcgRecords **** >>>> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - Checking valid CPU >> spec >>>> data exists >>>> Mon Dec 13 13:06:15 UTC 2010: apel-publisher - CPU spec values found >>>> Mon Dec 13 13:06:17 UTC 2010: apel-publisher - program aborted >>>> org.glite.apel.core.ApelException: >> org.glite.apel.core.ApelException: >>>> javax.jms.JMSException: User name or password is invalid: No user >> for >>>> client certificate: [log in to unmask], >>>> CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK >>>> at org.glite.apel.publisher.AccountPublisher.<init>(Unknown >> Source) >>>> at org.glite.apel.publisher.AccountManager.run(Unknown Source) >>>> at >> org.glite.apel.publisher.ApelPublisher.runJoinProcessor(Unknown >>>> Source) >>>> at org.glite.apel.publisher.ApelPublisher.run(Unknown Source) >>>> at org.glite.apel.publisher.ApelPublisher.main(Unknown Source) >>>> Caused by: org.glite.apel.core.ApelException: >> javax.jms.JMSException: >>>> User name or password is invalid: No user for client certificate: >>>> [log in to unmask], CN=lcg.shef.ac.uk, >>>> L=CICS, OU=Sheffield, O=eScience, C=UK >>>> at >>>> >> org.glite.apel.publisher.AccountPublisher.createActiveMQProducer(Unknow >> n >>>> Source) >>>> ... 5 more >>>> Caused by: javax.jms.JMSException: User name or password is invalid: >>>> No user for client certificate: >>>> [log in to unmask], CN=lcg.shef.ac.uk, >>>> L=CICS, OU=Sheffield, O=eScience, C=UK >>>> at >>>> >> org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport >> .java:49) >>>> >>>> at >>>> >> org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnectio >> n.java:1255) >>>> >>>> at >>>> >> org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveM >> QConnection.java:1350) >>>> >>>> at >>>> >> org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection >> .java:300) >>>> >>>> at >>>> >> org.apache.activemq.ActiveMQConnection.createTopicSession(ActiveMQConne >> ction.java:1047) >>>> >>>> ... 6 more >>>> Caused by: java.lang.SecurityException: User name or password is >>>> invalid: No user for client certificate: >>>> [log in to unmask], CN=lcg.shef.ac.uk, >>>> L=CICS, OU=Sheffield, O=eScience, C=UK >>>> at >>>> >> org.apache.activemq.security.JaasCertificateAuthenticationBroker.addCon >> nection(JaasCertificateAuthenticationBroker.java:102) >>>> >>>> at >>>> >> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBro >> kerFilter.java:89) >>>> >>>> at >>>> >> org.apache.activemq.broker.TransportConnection.processAddConnection(Tra >> nsportConnection.java:686) >>>> >>>> at >>>> >> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddCon >> nection(ManagedTransportConnection.java:86) >>>> >>>> at >>>> >> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:13 >> 4) >>>> at >>>> >> org.apache.activemq.broker.TransportConnection.service(TransportConnect >> ion.java:308) >>>> >>>> at >>>> >> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportCon >> nection.java:182) >>>> >>>> at >>>> >> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter >> .java:68) >>>> >>>> at >>>> >> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormat >> Negotiator.java:113) >>>> >>>> at >>>> >> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMon >> itor.java:210) >>>> >>>> at >>>> >> org.apache.activemq.transport.TransportSupport.doConsume(TransportSuppo >> rt.java:84) >>>> >>>> at >>>> >> org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.j >> ava:91) >>>> >>>> at >>>> >> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java: >> 203) >>>> >>>> at >>>> >> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:18 >> 5) >>>> at java.lang.Thread.run(Thread.java:619) >>>> Caused by: javax.security.auth.login.FailedLoginException: No user >> for >>>> client certificate: [log in to unmask], >>>> CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK >>>> at >>>> >> org.apache.activemq.jaas.CertificateLoginModule.login(CertificateLoginM >> odule.java:91) >>>> >>>> at sun.reflect.GeneratedMethodAccessor1340.invoke(Unknown >> Source) >>>> at >>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso >> rImpl.java:25) >>>> >>>> at java.lang.reflect.Method.invoke(Method.java:597) >>>> at >>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) >>>> at >>>> >> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186 >> ) >>>> at >>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) >>>> at java.security.AccessController.doPrivileged(Native Method) >>>> at >>>> >> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680 >> ) >>>> at >>>> javax.security.auth.login.LoginContext.login(LoginContext.java:579) >>>> at >>>> >> org.apache.activemq.security.JaasCertificateAuthenticationBroker.addCon >> nection(JaasCertificateAuthenticationBroker.java:87) >>>> >>>> ... 14 more >>>> [root@lcg ~]# APEL_HOME=/opt/glite /opt/glite/bin/apel-publisher -f >>>> /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml >>>> =====Starting APEL Publisher===== >>>> Mon Dec 13 14:41:40 GMT 2010 >>>> Current versions of APEL RPMS: >>>> glite-apel-publisher-2.0.13-6.noarch >>>> glite-apel-core-2.0.13-8.noarch >>>> glite-apel-yaim-1.0.2-1.noarch >>>> Copying certificates from /etc/grid-security to the Java key store >>>> used by the APEL Publisher >>>> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - Read-in >> configuration: >>>> [logenabled, p, inspectTables, j] [DBUsername=accounting, >>>> DBURL=jdbc:mysql://localhost:3306/accounting, DBPassword=****, >>>> site=UKI-NORTHGRID-SHEF-HEP, Timeout for awaiting a reply from the >>>> consumer.=1800000, The max. num of accounting records in each JMS >>>> message=2000, Batch size=300000, republish=missing] >>>> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - ------ Starting the >>>> apel application ------ >>>> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - **** APEL is >> examining >>>> the schema **** >>>> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - Checking the >> LcgRecords >>>> table >>>> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - The LcgRecords schema >>>> is up-to-date >>>> Mon Dec 13 14:42:14 UTC 2010: apel-publisher - Checking the >>>> BlahdRecords table >>>> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - The BlahdRecords >> schema >>>> is up-to-date >>>> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking the >>>> LcgProcessedFiles table >>>> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - The LcgProcessedFiles >>>> schema is up-to-date >>>> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking the >>>> SpecRecords table for patch 28593 >>>> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking the >>>> SpecRecords table for patch 65723 >>>> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - The SpecRecords >> schema >>>> is up-to-date >>>> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - **** Schema checks >>>> complete **** >>>> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - **** Combining tables >>>> and republishing in LcgRecords **** >>>> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - Checking valid CPU >> spec >>>> data exists >>>> Mon Dec 13 14:42:23 UTC 2010: apel-publisher - CPU spec values found >>>> Mon Dec 13 14:42:25 UTC 2010: apel-publisher - program aborted >>>> org.glite.apel.core.ApelException: >> org.glite.apel.core.ApelException: >>>> javax.jms.JMSException: User name or password is invalid: No user >> for >>>> client certificate: [log in to unmask], >>>> CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK >>>> at org.glite.apel.publisher.AccountPublisher.<init>(Unknown >> Source) >>>> at org.glite.apel.publisher.AccountManager.run(Unknown Source) >>>> at >> org.glite.apel.publisher.ApelPublisher.runJoinProcessor(Unknown >>>> Source) >>>> at org.glite.apel.publisher.ApelPublisher.run(Unknown Source) >>>> at org.glite.apel.publisher.ApelPublisher.main(Unknown Source) >>>> Caused by: org.glite.apel.core.ApelException: >> javax.jms.JMSException: >>>> User name or password is invalid: No user for client certificate: >>>> [log in to unmask], CN=lcg.shef.ac.uk, >>>> L=CICS, OU=Sheffield, O=eScience, C=UK >>>> at >>>> >> org.glite.apel.publisher.AccountPublisher.createActiveMQProducer(Unknow >> n >>>> Source) >>>> ... 5 more >>>> Caused by: javax.jms.JMSException: User name or password is invalid: >>>> No user for client certificate: >>>> [log in to unmask], CN=lcg.shef.ac.uk, >>>> L=CICS, OU=Sheffield, O=eScience, C=UK >>>> at >>>> >> org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport >> .java:49) >>>> >>>> at >>>> >> org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnectio >> n.java:1255) >>>> >>>> at >>>> >> org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveM >> QConnection.java:1350) >>>> >>>> at >>>> >> org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection >> .java:300) >>>> >>>> at >>>> >> org.apache.activemq.ActiveMQConnection.createTopicSession(ActiveMQConne >> ction.java:1047) >>>> >>>> ... 6 more >>>> Caused by: java.lang.SecurityException: User name or password is >>>> invalid: No user for client certificate: >>>> [log in to unmask], CN=lcg.shef.ac.uk, >>>> L=CICS, OU=Sheffield, O=eScience, C=UK >>>> at >>>> >> org.apache.activemq.security.JaasCertificateAuthenticationBroker.addCon >> nection(JaasCertificateAuthenticationBroker.java:102) >>>> >>>> at >>>> >> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBro >> kerFilter.java:89) >>>> >>>> at >>>> >> org.apache.activemq.broker.TransportConnection.processAddConnection(Tra >> nsportConnection.java:686) >>>> >>>> at >>>> >> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddCon >> nection(ManagedTransportConnection.java:86) >>>> >>>> at >>>> >> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:13 >> 4) >>>> at >>>> >> org.apache.activemq.broker.TransportConnection.service(TransportConnect >> ion.java:308) >>>> >>>> at >>>> >> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportCon >> nection.java:182) >>>> >>>> at >>>> >> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter >> .java:68) >>>> >>>> at >>>> >> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormat >> Negotiator.java:113) >>>> >>>> at >>>> >> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMon >> itor.java:210) >>>> >>>> at >>>> >> org.apache.activemq.transport.TransportSupport.doConsume(TransportSuppo >> rt.java:84) >>>> >>>> at >>>> >> org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.j >> ava:91) >>>> >>>> at >>>> >> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java: >> 203) >>>> >>>> at >>>> >> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:18 >> 5) >>>> at java.lang.Thread.run(Thread.java:619) >>>> Caused by: javax.security.auth.login.FailedLoginException: No user >> for >>>> client certificate: [log in to unmask], >>>> CN=lcg.shef.ac.uk, L=CICS, OU=Sheffield, O=eScience, C=UK >>>> at >>>> >> org.apache.activemq.jaas.CertificateLoginModule.login(CertificateLoginM >> odule.java:91) >>>> >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja >> va:39) >>>> >>>> at >>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso >> rImpl.java:25) >>>> >>>> at java.lang.reflect.Method.invoke(Method.java:597) >>>> at >>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) >>>> at >>>> >> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186 >> ) >>>> at >>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) >>>> at java.security.AccessController.doPrivileged(Native Method) >>>> at >>>> >> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680 >> ) >>>> at >>>> javax.security.auth.login.LoginContext.login(LoginContext.java:579) >>>> at >>>> >> org.apache.activemq.security.JaasCertificateAuthenticationBroker.addCon >> nection(JaasCertificateAuthenticationBroker.java:87) >>>> >>>> ... 14 more >>>> >>>> >>>> I have opened https://gus.fzk.de/ws/ticket_info.php?ticket=65138 but >>>> it hasn't been replied yet. >>>> >>>> Any ideas what is going wrong. >>>> >>>> Your help is greatly appreciated. >>>> >>>> Elena >>>> >>>> __________________________________________________ >>>> Dr Elena Korolkova >>>> Email: [log in to unmask] >>>> Tel.: +44 (0)114 2223553 >>>> Fax: +44 (0)114 2223555 >>>> Department of Physics and Astronomy >>>> University of Sheffield >>>> Sheffield, S3 7RH, United Kingdom >