Thank you all for the help.
It turns out we had received (but mislaid) the new certificate. I have
now installed 5501.pem on pc30
cheers,
Gianfranco
Jensen, J (Jens) wrote:
> pc30:
> http://ca.grid-support.ac.uk/pub/rollover/certs/5501.pem
>
> Ma, M (Mingchao) wrote:
>
>> Hi Gianfranco,
>>
>> As indicated in your email:
>>
>>
>>>> [root@pc30 grid-security]# openssl x509 -in hostcert.pem -
>>>> startdate -enddate -issuer -subject -noout
>>>> notBefore=Dec 3 16:20:08 2007 GMT
>>>> notAfter=Jan 1 16:20:08 2009 GMT
>>>> issuer= /C=UK/O=eScienceCA/OU=Authority/CN=CA
>>>> subject=
>>>>
>> [log in to unmask]
>> uk
>>
>> Certificate on pc30 need to be replaced and you should have a re-signed one
>> by now.
>>
>> Cheers,
>>
>> Mingchao
>>
>>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes
>> [mailto:[log in to unmask]] On Behalf Of Gianfranco Sciacca
>> Sent: 28 July 2008 11:56
>> To: [log in to unmask]
>> Subject: Re: Finalising UK CA rollover
>>
>> We had a new (re-signed) certificate for the CE only. I have installed in
>> the required locations and restarted the services. By the way, I have just
>> checked and Steve Lloyds tests run fine, which rules out a DPM head problem.
>> Ops writes to a different pool, so that might be the problem, but the logs
>> below do not seem to indicate a problem at all.
>>
>> cheers,
>> Gianfranco
>>
>>
>> On 28 Jul 2008, at 11:44, Greig A. Cowan wrote:
>>
>>
>>> Hi Gianfranco,
>>>
>>> Did you run yaim after you installed the new certificates? The DPM
>>> head node also requires copies of the certificate (with the right
>>> permissions) in /etc/grid-security/dpmmgr. YAIM would have done this
>>> for you.
>>>
>>> Cheers,
>>> Greig
>>>
>>> On 28/07/08 11:22, Gianfranco Sciacca wrote:
>>>
>>>> Hi All,
>>>> at UCL-HEP we had a new re-signed certificate for the CE, after
>>>> installing it the SAM test ran again. Btu the Replica Management
>>>> tests fail since:
>>>> Destination specified: pc55.hep.ucl.ac.uk
>>>> Destination URL for copy:
>>>>
>> gsiftp://pc30.hep.ucl.ac.uk/pc30.hep.ucl.ac.uk:/storage/ops/2008-07-27/file9
>> 3589b62-c960-4c36-b7c7-f7e3f91126ab.555293.0
>>
>>>> # streams: 1
>>>> # set timeout to 0 seconds
>>>> Alias registered in Catalog: lfn:/grid/ops/SAM/sft-lcg-rm-cr-
>>>> farm16.hep.ucl.ac.uk.080727131449.1684658
>>>> 0 bytes 0.00 KB/sec avg 0.00 KB/sec
>>>> instglobus_ftp_control: gss_init_sec_context failed
>>>> Copy Failed: Unregistering alias from catalog.
>>>> lcg_cr: Transport endpoint is not connected
>>>> The certificates on the DPM head node and the pool involved:
>>>> [root@pc55 grid-security]# openssl x509 -in hostcert.pem -startdate
>>>> -enddate -issuer -subject -noout
>>>> notBefore=May 23 16:11:50 2008 GMT
>>>> notAfter=Jun 22 16:11:50 2009 GMT
>>>> issuer= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
>>>> subject=
>>>>
>> [log in to unmask]
>> uk
>>
>>>> [root@pc30 grid-security]# openssl x509 -in hostcert.pem -
>>>> startdate -enddate -issuer -subject -noout
>>>> notBefore=Dec 3 16:20:08 2007 GMT
>>>> notAfter=Jan 1 16:20:08 2009 GMT
>>>> issuer= /C=UK/O=eScienceCA/OU=Authority/CN=CA
>>>> subject=
>>>>
>> [log in to unmask]
>> uk
>>
>>>> No obvious errors in the logs:
>>>> Jul 27 04:30:33 pc30 gridftpd[10502]: connection from
>>>> sam111.cern.ch [128.142.142.86]
>>>> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- 220 pc30.hep.ucl.ac.uk
>>>> DPM GridFTP Server 1.12 GSSAPI type Globus/GSI wu-2.6.2 (gcc32dbg,
>>>> 1069715860-42) ready.
>>>> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- 334 Using authentication
>>>> type GSSAPI; ADAT must follow
>>>> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- ADAT (13181 bytes)
>>>> Jul 27 04:30:33 pc30 gridftpd[10502]: QUIT
>>>> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- 221 Goodbye.
>>>> Jul 27 04:30:33 pc30 gridftpd[10502]: FTP session closed
>>>> 07/28 04:10:16 31334,5 dpm_srv_proc_put: processing request 555572
>>>> from /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=samoper/CN=582979/
>>>> CN=Judit Novak
>>>> 07/28 04:10:16 31334,5 dpm_srv_proc_put: calling Cns_stat
>>>> 07/28 04:10:17 31334,5 dpm_srv_proc_put: calling Cns_creatx
>>>> 07/28 04:10:17 31334,5 dpm_srv_proc_put: calling dpm_selectfs
>>>> 07/28 04:10:17 31334,5 dpm_selectfs: selected pool: classicSE
>>>> 07/28 04:10:17 31334,5 dpm_selectfs: selected file system:
>>>> pc30.hep.ucl.ac.uk:/storage
>>>> 07/28 04:10:17 31334,5 dpm_selectfs: pc30.hep.ucl.ac.uk:/storage
>>>> reqsize=232, elemp->free=33074592847, poolp->free=33074592847
>>>> 07/28 04:10:17 31334,5 dpm_srv_proc_put: returns 0,
>>>> status=DPM_SUCCESS
>>>> 07/28 04:10:17 31334,6 dpm_srv_proc_get: returns 0,
>>>> status=DPM_SUCCESS
>>>> 07/28 04:10:21 31334,25 dpm_srv_rm: DP092 - rm request by /DC=ch/
>>>> DC=cern/OU=Organic Units/OU=Users/CN=samoper/CN=582979/CN=Judit
>>>> Novak (19278,2692,1311) from pc55.hep.ucl.ac.uk
>>>> 07/28 04:10:21 31334,25 dpm_srv_rm: DP098 - rm 0 srm://
>>>> pc55.hep.ucl.ac.uk/dpm/hep.ucl.ac.uk/home/ops/generated/2008-07-28/
>>>> file05e85f7f-447d-4976-8ed8-62cf5c7a6c7e 07/28 04:10:21 31334,25
>>>> dpm_updfreespace: pc30.hep.ucl.ac.uk:/storage incr=232, elemp-
>>>>
>>>>> free=33074593079, poolp->free=33074593079
>>>>>
>>>> 07/28 04:10:21 31334,25 dpm_srv_rm: returns 0, status=DPM_SUCCESS
>>>> Any suggestion?? Not sure it's certificate related, but the timing
>>>> of the errors is a bit suspicious.
>>>> Thanks,
>>>> Gianfranco
>>>> On 25 Jul 2008, at 15:37, Brew, CAJ (Chris) wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> Just noticed RALPP, Oxford, Cambridge, Durham, Glasgow, UCL-HEP,
>>>>> RHUL
>>>>> and IC all seem to have started failing tests since 12:00. I had
>>>>> got and
>>>>> replaced my certificates so I've just restarted my services to
>>>>> make sure
>>>>> they are picked up. That seems to have fixed it for me.
>>>>>
>>>>> Yours,
>>>>> Chris.
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Testbed Support for GridPP member institutes
>>>>>> [mailto:[log in to unmask]] On Behalf Of David Ambrose-
>>>>>> Griffith
>>>>>> Sent: 25 July 2008 14:29
>>>>>> To: [log in to unmask]
>>>>>> Subject: Re: Finalising UK CA rollover
>>>>>>
>>>>>> Jensen, J (Jens) wrote:
>>>>>>
>>>>>>> Ah, so you expect them to still depend on the certificate
>>>>>>>
>>>>>> itself rather
>>>>>>
>>>>>>> than the DN. Good point, that will need updating.
>>>>>>>
>>>>>>> For everyone out there, the VOMS certificate is available here:
>>>>>>> http://ca.grid-support.ac.uk/pub/rollover/certs/5530.pem
>>>>>>>
>>>>>>> I am fairly confident that the whole scheme will work and
>>>>>>>
>>>>>> also that it
>>>>>>
>>>>>>> will be worth the effort, although given past experience some
>>>>>>> things
>>>>>>> will break, as they somehow always do, despite all the efforts to
>>>>>>> prevent breakage. There has been a lot of testing behind this.
>>>>>>>
>>>>>>> Thanks for pointing it out - can people who depend on the
>>>>>>>
>>>>>> VOMS server
>>>>>>
>>>>>>> certificate please ensure they have the above certificate
>>>>>>> installed?
>>>>>>>
>>>>>>> Thanks
>>>>>>> --jens
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Hmmn, at the moment Durham's SE has a certificate signed by
>>>>>> the old root
>>>>>> CA, but we didn't get the rollover email for it, and with the CRL
>>>>>> now
>>>>>> expired, we're failing tests.
>>>>>>
>>>>>> Our local RA Operator will be revoking and re-issuing the
>>>>>> certificate
>>>>>> this afternoon, but the lack of rollover email is a bit concerning.
>>>>>>
>>>>>> --
>>>>>> David Ambrose-Griffith - [log in to unmask]
>>>>>>
>>>>>> IPPP, Department of Physics, Durham University,
>>>>>> Science Laboratories, South Road, Durham, DH1 3LE
>>>>>> Direct Dial: +44 (0)191 3343704
>>>>>> Office: +44 (0)191 334 3811
>>>>>>
>>>>>>
>>> --
>>> The University of Edinburgh is a charitable body, registered in
>>> Scotland, with registration number SC005336.
>>>
--
Dr. Gianfranco Sciacca Tel: +44 (0)20 7679 3044
Dept of Physics and Astronomy Internal: 33044
University College London D15 - Physics Building
London WC1E 6BT
|