JISCMail - TB-SUPPORT Archives

Hi Steve,
    Thanks for the ideas. There's nothing in the ARGUS logs, which does 
suggest a misconfigured CREAM CE - though I can't at present see what. 
At the moment I don't have a functional gLExec WN (this was part of the 
upgrade I am trying to implement) - which leads me on to a followup 
question: where is it documented what to put in the whitelist on the WN? 
I can find nothing which tells me clearly what should be in there. 
Indeed the documentation on how to implement gLExec seems so poor that I 
wonder how anyone else managed to do it.
Cheers,
John

On 10/10/2013 13:51, Stephen Jones wrote:
> Hi John,
>
> On 10/10/2013 12:53 PM, John Hill wrote:
>> Unable to read response from PEP Server
>
> Here are some ideas. Are there any logs on the ARGUS server, and what do
> they say?
>
> cd /var/log/argus;
> find . -name "*.log" -exec ls -lrt {} \;
>
> You may find either a sign that it connected and then some message, or
> no sign at all. If there is no sign at all, then maybe it's a network,
> socket, port or config error on cream (assuming ARGUS firewall off). If
> there is a sign that it connected and failed, then maybe there will be
> another sign of why.  Also, this test should work from any server (e.g.
> WN). See if it works:
>
> Be on a UI in your user account. Make a proxy.
>
> voms-proxy-init --voms dteam
>
> voms-proxy-info
>
> Be on test worker node, as root. Copy in the proxy with scp from
> location shown in voms-proxy-init to /tmp/x509up_u460
>
> Change ownership of proxy to some valid user of the ARGUS server (I use
> a pilot account).
>
> chown pilatl01:atlas /tmp/x509up_u460
>
> Change permissions.
>
> chmod 600 /tmp/x509up_u460
>
> Switch to the ARGUS user.
>
> su - pilatl01
>
> Run these commands to setup for the test.
>
> export GLEXEC_CLIENT_CERT=/tmp/x509up_u460
> export GLEXEC_SOURCE_PROXY=/tmp/x509up_u460
> export X509_USER_PROXY=/tmp/x509up_u460
>
> Do the test
>
> /opt/glite/sbin/glexec /usr/bin/id
>
> Note: In EMI2, use /usr/sbin/glexec. If all is well, you will see
> something like this:
>
> uid=24683(dteam184) gid=2028(dteam) groups=2028(dteam)
>
> If you don't see that, something is wrong. Check the ARGUS policies if
> it says "Not Applicable".
>
> Steve
>