Hi Steve, Thanks for the ideas. There's nothing in the ARGUS logs, which does suggest a misconfigured CREAM CE - though I can't at present see what. At the moment I don't have a functional gLExec WN (this was part of the upgrade I am trying to implement) - which leads me on to a followup question: where is it documented what to put in the whitelist on the WN? I can find nothing which tells me clearly what should be in there. Indeed the documentation on how to implement gLExec seems so poor that I wonder how anyone else managed to do it. Cheers, John On 10/10/2013 13:51, Stephen Jones wrote: > Hi John, > > On 10/10/2013 12:53 PM, John Hill wrote: >> Unable to read response from PEP Server > > Here are some ideas. Are there any logs on the ARGUS server, and what do > they say? > > cd /var/log/argus; > find . -name "*.log" -exec ls -lrt {} \; > > You may find either a sign that it connected and then some message, or > no sign at all. If there is no sign at all, then maybe it's a network, > socket, port or config error on cream (assuming ARGUS firewall off). If > there is a sign that it connected and failed, then maybe there will be > another sign of why. Also, this test should work from any server (e.g. > WN). See if it works: > > Be on a UI in your user account. Make a proxy. > > voms-proxy-init --voms dteam > > voms-proxy-info > > Be on test worker node, as root. Copy in the proxy with scp from > location shown in voms-proxy-init to /tmp/x509up_u460 > > Change ownership of proxy to some valid user of the ARGUS server (I use > a pilot account). > > chown pilatl01:atlas /tmp/x509up_u460 > > Change permissions. > > chmod 600 /tmp/x509up_u460 > > Switch to the ARGUS user. > > su - pilatl01 > > Run these commands to setup for the test. > > export GLEXEC_CLIENT_CERT=/tmp/x509up_u460 > export GLEXEC_SOURCE_PROXY=/tmp/x509up_u460 > export X509_USER_PROXY=/tmp/x509up_u460 > > Do the test > > /opt/glite/sbin/glexec /usr/bin/id > > Note: In EMI2, use /usr/sbin/glexec. If all is well, you will see > something like this: > > uid=24683(dteam184) gid=2028(dteam) groups=2028(dteam) > > If you don't see that, something is wrong. Check the ARGUS policies if > it says "Not Applicable". > > Steve >