[log in to unmask]">Hi Alessandra,
My firewall ports that are open on the CE are below:
rich rules:
rule family="ipv4" port port="6445" protocol="tcp" accept
rule family="ipv4" port port="2135" protocol="tcp" accept
rule family="ipv4" port port="2811" protocol="tcp" accept
rule family="ipv4" port port="443" protocol="tcp" accept
rule family="ipv4" port port="9000-9300" protocol="tcp" accept
rule family="ipv4" port port="9000-9300" protocol="udp" accept
rule family="ipv4" port port="8443" protocol="tcp" accept
rule family="ipv4" port port="2170" protocol="tcp" accept
Our perimeter firewall might be blocking access from outside but I am connecting from the local network and still getting the same issues so I don't believe it is a firewall issue. I have temporarily turned the firewall off on the ARC CE server if you want to try again?
I am using firewalld rather than IP tables as it is CentOS7.
ThanksPatrick
From: Testbed Support for GridPP member institutes [[log in to unmask]] on behalf of Gareth Roy [[log in to unmask]]
Sent: 29 November 2019 13:31
To: [log in to unmask]
Subject: Re: ARC CE6/LCMAPS/BDII
Hi Partrick,
I’ve not seen that error before, if I try and contact your CE from externally I can’t get access to it on 443 or 2135 (for ldap) so there may still be firewall issues somewhere.
If you try a:
arcinfo -d DEBUG -c grid-arc-01.hpc.susx.ac.uk
It will try and contact all of the standard endpoints to gather info and print out a large amount of information about it… We don't actually have a 443 endpoint up at Glasgow, for instance if you try:
[vagrant@localhost vagrant]$ arcinfo -c ce01.gla.scotgrid.ac.uk:443/arex
ERROR: Failed to retrieve information from the following endpoints:
ce01.gla.scotgrid.ac.uk:443/arex
but:
[vagrant@localhost vagrant]$ arcinfo -c ce01.gla.scotgrid.ac.uk
Computing service: (production)
Information endpoint: ldap://ce01.gla.scotgrid.ac.uk:2135/Mds-Vo-Name=local,o=grid
Information endpoint: ldap://ce01.gla.scotgrid.ac.uk:2135/o=glue
Information endpoint: https://ce01.gla.scotgrid.ac.uk:443/arex
Information endpoint: https://ce01.gla.scotgrid.ac.uk:443/arex
Submission endpoint: https://ce01.gla.scotgrid.ac.uk:443/arex (status: critical, interface: org.nordugrid.arcrest)
Submission endpoint: https://ce01.gla.scotgrid.ac.uk:443/arex (status: critical, interface: org.ogf.glue.emies.activitycreation)
Submission endpoint: gsiftp://ce01.gla.scotgrid.ac.uk:2811/jobs (status: ok, interface: org.nordugrid.gridftpjob)
As it's actually scraping data from the ldap endpoint.
The -d DEBUG flag should hopefully give you more info to try and see what's going on. You could also see if there is an upstream filter blocking traffic.
Thanks,
Gareth
From: Testbed Support for GridPP member institutes <[log in to unmask]> On Behalf Of Patrick Smith
Sent: 29 November 2019 12:41
To: [log in to unmask]
Subject: ARC CE6/LCMAPS/BDII
Hello,
I have setup our ARC CE6/LCMAPS/BDII but get the following error when I try to test it remotely. Has anyone seen this before? I don't appear to have any SSL certificates installed in the usual places.
Thanks
Patrick
$ arcinfo -c grid-arc-01.hpc.susx.ac.uk/arex
ERROR: Failed to retrieve information from the following endpoints:
grid-arc-01.hpc.susx.ac.uk/arex (Fault received from https://grid-arc-01.hpc.susx.ac.uk:443/arex: Failed to send SOAP message: TLS: GENERIC_ERROR (SSL error, "sslv3 alert certificate expired", in "SSL3_READ_BYTES" function, at "SSL routines" library, with "decryption failed" alert))
$ arcinfo -c grid-arc-01.hpc.susx.ac.uk/arex
ERROR: Failed to retrieve information from the following endpoints:
grid-arc-01.hpc.susx.ac.uk/arex (Fault received from https://grid-arc-01.hpc.susx.ac.uk:443/arex: Not authorized: GENERIC_ERROR (Security error: 1))
on grid-arc-01.hpc.susx.ac.uk:
----------------------------------------------------------------------------------------------------------------
# arcctl service list
arc-acix-index (Not installed, Disabled, Stopped)
arc-acix-scanner (Not installed, Disabled, Stopped)
arc-arex (Installed, Enabled, Running)
arc-datadelivery-service (Not installed, Disabled, Stopped)
arc-gridftpd (Installed, Enabled, Running)
arc-infosys-ldap (Installed, Enabled, Running)----------------------------------------------------------------------------------------------------------------
● arc-gridftpd.service - ARC gridftpd
Loaded: loaded (/usr/lib/systemd/system/arc-gridftpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-11-28 16:11:27 GMT; 19h ago
● arc-arex.service - ARC Resource-coupled EXecution service
Loaded: loaded (/usr/lib/systemd/system/arc-arex.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-11-28 16:11:32 GMT; 19h ago----------------------------------------------------------------------------------------------------------------
rich rules:
rule family="ipv4" port port="6445" protocol="tcp" accept
rule family="ipv4" port port="2135" protocol="tcp" accept
rule family="ipv4" port port="2811" protocol="tcp" accept
rule family="ipv4" port port="443" protocol="tcp" accept
rule family="ipv4" port port="9000-9300" protocol="tcp" accept
rule family="ipv4" port port="9000-9300" protocol="udp" accept
rule family="ipv4" port port="8443" protocol="tcp" accept
rule family="ipv4" port port="2170" protocol="tcp" accept----------------------------------------------------------------------------------------------------------------
/etc/grid-security/hostcert.pem:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 56252 (0xdbbc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UK, O=eScienceCA, OU=Authority, CN=UK e-Science CA 2B
Validity
Not Before: Sep 30 14:46:02 2019 GMT
Not After : Oct 29 14:46:02 2020 GMT
Subject: C=UK, O=eScience, OU=Sussex, L=PhysicsAndAstronomy, CN=grid-arc-01.hpc.susx.ac.uk
To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
-- Inference: a conclusion reached on the basis of evidence and reasoning Respect is a rational process. \\// For Ur-Fascism, disagreement is treason. (U. Eco)