I just changed it all to rfcp, since it's the natural way to do it (until
DPM removes rfio) :)
Plus, I don't strictly have an ATLAS role, so I felt like mapping myself to
ATLAS in the gridmaps would be bad form. (And it wouldn't necessarily work
for xrootd, if vomsxrd was enabled?)
Sam
On Tue, Mar 29, 2016 at 4:36 PM Alessandra Forti <[log in to unmask]>
wrote:
> Hi Elena,
>
> in other words you need to check your are mapping the host DN in
> /etc/lcgdm-mapfile-local (and /etc/grid-mapfile-local?)
>
> how did other people do it? I have rfcp working I'd like not to test xrdcp
> if other people made it work already.
>
> cheers
>
> alessandra
>
>
> On 29/03/2016 15:29, Sam Skipsey wrote:
>
> Hi Elena,
>
> The mistake you're making here is in assuming that the script is doing
> what it should do :)
>
> xrdcp needs to be given a credential with permissions to write into the
> directory you're pointing it at. If your credential (without any VOMS
> roles) has permissions to do that, then this will work. However, the fact
> that you're getting a Permission Denied means that your bare proxy does not
> have the required permissions.
>
> I would check to see what permission your bare DN has on your DPM server.
> And then, either give yourself the right permissions, or get the
> voms-proxy-init to give you a proper ATLAS role (which is what it should be
> doing in the first place).
>
> Sam
>
>
>
> On Tue, Mar 29, 2016 at 3:10 PM Elena Korolkova <
> [log in to unmask]> wrote:
>
>> Hi Sam,
>>
>> the command in script does:
>>
>> voms-proxy-init -cert /etc/grid-security/hostcert.pem -key
>> /etc/grid-security/hostkey.pem.
>>
>> So it shouldn’t be any atlas credential.
>>
>> Then the script does:
>>
>> dpns-mkdir -p ${atlas_path}/atlasgroupdisk/${i}/dumps
>> dpns-setacl -m g:atlas:rwx,m:rwx ${atlas_path}/atlasgroupdisk/${i}/dumps
>>
>>
>> What is I missing here? How can I make it work?
>>
>> Many thanks
>> Elena
>>
>> On 29 Mar 2016, at 15:04, Sam Skipsey <
>> [log in to unmask]> wrote:
>>
>> > Well, xrdcp definitely won't work - it doesn't have permissions (your
>> proxy doesn't seem to have any ATLAS VOMS roles in it?)
>> >
>> > Sam
>> >
>> > On Tue, Mar 29, 2016 at 2:08 PM Elena Korolkova <
>> [log in to unmask]> wrote:
>> > Hi,
>> >
>> > A related question. I don’t have a cron job because I first tried to
>> copy the dump with rfcp command which didn’t work in Sheffield.
>> > Now I’ve switched to xrdcp and it doesn’t work either:
>> >
>> > xrdcp ./${i}-dump_${yesterday}
>> root://${se_hostname}/${atlas_path}/${i}/dumps/dump_${yesterday}
>> > [0B/0B][100%][==================================================][0B/s]
>> > Run: [ERROR] Server responded with an error: [3010] Unable to create
>> /dpm/shef.ac.uk/home/atlas/atlasscratchdisk/dumps/dump_20160328;
>> Permission denied
>> >
>> > [root@lcgse0 tmp.JSAOI1Epz8]# voms-proxy-info -all
>> > subject : /C=UK/O=eScience/OU=Sheffield/L=CICS/CN=
>> lcgse0.shef.ac.uk/CN=proxy
>> > issuer : /C=UK/O=eScience/OU=Sheffield/L=CICS/CN=lcgse0.shef.ac.uk
>> > identity : /C=UK/O=eScience/OU=Sheffield/L=CICS/CN=lcgse0.shef.ac.uk
>> > type : full legacy globus proxy
>> > strength : 1024
>> > path : /tmp/x509up_u0
>> > timeleft : 11:18:14
>> > key usage : Digital Signature, Key Encipherment, Data Encipherment
>> >
>> > [root@lcgse0 tmp.JSAOI1Epz8]# dpns-getacl /dpm/
>> shef.ac.uk/home/atlas/atlasscratchdisk/dumps/
>> > # file: /dpm/shef.ac.uk/home/atlas/atlasscratchdisk/dumps/
>> > # owner: root
>> > # group: root
>> > user::rwx
>> > group::rwx #effective:rwx
>> > group:atlas:rwx #effective:rwx
>> > group:atlas/Role=production:rwx #effective:rwx
>> > mask::rwx
>> > other::r-x
>> > default:user::rwx
>> > default:group::rwx
>> > default:group:atlas:rwx
>> > default:group:atlas/Role=production:rwx
>> > default:mask::rwx
>> > default:other::r-x
>> > [root@lcgse0 tmp.JSAOI1Epz8]
>> >
>> > Any thoughts what’s going wrong?
>> >
>> > Thanks
>> > Elena
>> >
>> >
>> > On 29 Mar 2016, at 13:26, Alessandra Forti <[log in to unmask]>
>> wrote:
>> >
>> > > Hello,
>> > >
>> > > there are currently 4 tickets open and we can say they are in
>> progress a couple may almost be on the verge of being closed.... However I
>> did a sweep check on all the UK endpoints and I'm araid even the sites
>> with ticket already closed don't have a cron setup which means that there
>> is nothing to check. Kudos to Cambridge and Liverpool that look fine, all
>> the others can I ask you to setup the cron or to check why it isn't working
>> please?
>> > >
>> > > thanks
>> > >
>> > > cheers
>> > > "Lu-Tze the sweeper"
>> > > alessandra
>> > >
>> > >
>> > > --
>> > > Respect is a rational process. \\//
>> > > Fatti non foste a viver come bruti (Dante)
>>
>
> --
> Respect is a rational process. \\//
> Fatti non foste a viver come bruti (Dante)
>
>
