 |
 |
Hi The false errors were not due to change of repo but it was a bug with wlcg Nagios. It has been fixed and I have updated gridppnagios machine. In an hour time all false alarms will go away. Cheers Kashif -----Original Message----- From: Testbed Support for GridPP member institutes [mailto:[log in to unmask]] On Behalf Of Matt Doidge Sent: 11 February 2011 11:13 To: [log in to unmask] Subject: Re: the EGI-trustanchors I'm in the same boat is Daniela up here in Lancaster, I upgraded yesterday using the new lcg-CA rpm from the new repo, and now I'm seeing the same false errors. I assume this is an error with the SAM tests not being ready for the upgrade? It never pays to go first with these things! On the upside though, user jobs don't seem to be affected so at least our site wasn't broken by the upgrade.... Cheers, Matt Daniela Bauer wrote: > Hi Peter, > > just get the new repo linked from the email and get the lcg-CAs from there. > > > Having said this, I updated my site yesterday and I get a strange > nagios warning: > > The "org.sam.WN-CAver-/ops/Role=lcgadmin" test claims to see 1.37 > certs when there aren't any: > > [this is for ceprod03.grid.hep.ph.ic.ac.uk] > > we048.grid.hep.ph.ic.ac.uk: WARNING > Installed CA RPMs version > Checking the list of all CAs > Configuration Details : > X509_CERT_DIR is : /vols/grid/certificates > Configuration timestamp : Mon, 04 Oct 2010 12:27:36 +0000 > Allowed delay for update : 8 day(s), 0 hour(s), 0 min > Delay of warning : 1 day(s), 0 hour(s), 0 min > Test Results : > No time is left for sites to upgrade. Any of the following will throw > a critical error : > - CA is missing. > - CA has disappeared from the latest release but certificate is still > on the site. > > > ca_NIIF : WARNING ! > No known version could be detected, but it seems one that has a valid > modulus is installed. > > ca_IUCC : OK - detected version is 1.37 > ca_PolishGrid : OK - detected version is 1.37 > > [snip] > > now if I log on to we048: > [root@we048 certificates]# pwd > /vols/grid/certificates > > [root@we048 certificates]# grep "1.38" * > [snip] > AAACertificateServices.info:version = 1.38 > AddTrust-External-CA-Root.info:version = 1.38 > AEGIS.info:version = 1.38 > AIST.info:version = 1.38 > APAC.info:version = 1.38 > ArmeSFo.info:version = 1.38 > ASGCCA-2007.info:version = 1.38 > AustrianGrid.info:version = 1.38 > BalticGrid.info:version = 1.38 > BEGrid2008.info:version = 1.38 > BG-ACAD-CA.info:version = 1.38 > BrGrid.info:version = 1.38 > BYGCA.info:version = 1.38 > CALG.info:version = 1.38 > CERN-Root.info:version = 1.38 > CERN-TCA.info:version = 1.38 > CESNET-CA-3.info:version = 1.38 > CESNET-CA-Root.info:version = 1.38 > CESNET.info:version = 1.38 > [snap] > > there's no sign of any 1.37 certificates. > > ??? > > Daniela > > On 11 February 2011 00:30, Peter Grandi <[log in to unmask]> wrote: >> I have noticed that the old 'lcg-CA' repository is supposedly no >> longer to be used and the new 'EGI-trustanchors' one has been >> updated and published as of the 7th: >> >> https://wiki.egi.eu/wiki/EGI_IGTF_Release >> >> The CA packages therein seem good and fresh, and someone told me >> that this point has been raised before, but I'll ask again: what >> to do? > > > > -- > ----------------------------------------------------------- > [log in to unmask] > HEP Group/Physics Dep > Imperial College > Tel: +44-(0)20-75947810 > http://www.hep.ph.ic.ac.uk/~dbauer/