We had a new (re-signed) certificate for the CE only. I have installed
in the required locations and restarted the services. By the way, I
have just checked and Steve Lloyds tests run fine, which rules out a
DPM head problem. Ops writes to a different pool, so that might be the
problem, but the logs below do not seem to indicate a problem at all.
cheers,
Gianfranco
On 28 Jul 2008, at 11:44, Greig A. Cowan wrote:
> Hi Gianfranco,
>
> Did you run yaim after you installed the new certificates? The DPM
> head node also requires copies of the certificate (with the right
> permissions) in /etc/grid-security/dpmmgr. YAIM would have done this
> for you.
>
> Cheers,
> Greig
>
> On 28/07/08 11:22, Gianfranco Sciacca wrote:
>> Hi All,
>> at UCL-HEP we had a new re-signed certificate for the CE, after
>> installing it the SAM test ran again. Btu the Replica Management
>> tests fail since:
>> Destination specified: pc55.hep.ucl.ac.uk
>> Destination URL for copy: gsiftp://pc30.hep.ucl.ac.uk/pc30.hep.ucl.ac.uk:/storage/ops/2008-07-27/file93589b62-c960-4c36-b7c7-f7e3f91126ab.555293.0
>> # streams: 1
>> # set timeout to 0 seconds
>> Alias registered in Catalog: lfn:/grid/ops/SAM/sft-lcg-rm-cr-
>> farm16.hep.ucl.ac.uk.080727131449.1684658
>> 0 bytes 0.00 KB/sec avg 0.00 KB/sec
>> instglobus_ftp_control: gss_init_sec_context failed
>> Copy Failed: Unregistering alias from catalog.
>> lcg_cr: Transport endpoint is not connected
>> The certificates on the DPM head node and the pool involved:
>> [root@pc55 grid-security]# openssl x509 -in hostcert.pem -startdate
>> -enddate -issuer -subject -noout
>> notBefore=May 23 16:11:50 2008 GMT
>> notAfter=Jun 22 16:11:50 2009 GMT
>> issuer= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
>> subject= [log in to unmask]
>> [root@pc30 grid-security]# openssl x509 -in hostcert.pem -
>> startdate -enddate -issuer -subject -noout
>> notBefore=Dec 3 16:20:08 2007 GMT
>> notAfter=Jan 1 16:20:08 2009 GMT
>> issuer= /C=UK/O=eScienceCA/OU=Authority/CN=CA
>> subject= [log in to unmask]
>> No obvious errors in the logs:
>> Jul 27 04:30:33 pc30 gridftpd[10502]: connection from
>> sam111.cern.ch [128.142.142.86]
>> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- 220 pc30.hep.ucl.ac.uk
>> DPM GridFTP Server 1.12 GSSAPI type Globus/GSI wu-2.6.2 (gcc32dbg,
>> 1069715860-42) ready.
>> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- 334 Using authentication
>> type GSSAPI; ADAT must follow
>> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- ADAT (13181 bytes)
>> Jul 27 04:30:33 pc30 gridftpd[10502]: QUIT
>> Jul 27 04:30:33 pc30 gridftpd[10502]: <--- 221 Goodbye.
>> Jul 27 04:30:33 pc30 gridftpd[10502]: FTP session closed
>> 07/28 04:10:16 31334,5 dpm_srv_proc_put: processing request 555572
>> from /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=samoper/CN=582979/
>> CN=Judit Novak
>> 07/28 04:10:16 31334,5 dpm_srv_proc_put: calling Cns_stat
>> 07/28 04:10:17 31334,5 dpm_srv_proc_put: calling Cns_creatx
>> 07/28 04:10:17 31334,5 dpm_srv_proc_put: calling dpm_selectfs
>> 07/28 04:10:17 31334,5 dpm_selectfs: selected pool: classicSE
>> 07/28 04:10:17 31334,5 dpm_selectfs: selected file system:
>> pc30.hep.ucl.ac.uk:/storage
>> 07/28 04:10:17 31334,5 dpm_selectfs: pc30.hep.ucl.ac.uk:/storage
>> reqsize=232, elemp->free=33074592847, poolp->free=33074592847
>> 07/28 04:10:17 31334,5 dpm_srv_proc_put: returns 0,
>> status=DPM_SUCCESS
>> 07/28 04:10:17 31334,6 dpm_srv_proc_get: returns 0,
>> status=DPM_SUCCESS
>> 07/28 04:10:21 31334,25 dpm_srv_rm: DP092 - rm request by /DC=ch/
>> DC=cern/OU=Organic Units/OU=Users/CN=samoper/CN=582979/CN=Judit
>> Novak (19278,2692,1311) from pc55.hep.ucl.ac.uk
>> 07/28 04:10:21 31334,25 dpm_srv_rm: DP098 - rm 0 srm://
>> pc55.hep.ucl.ac.uk/dpm/hep.ucl.ac.uk/home/ops/generated/2008-07-28/
>> file05e85f7f-447d-4976-8ed8-62cf5c7a6c7e 07/28 04:10:21 31334,25
>> dpm_updfreespace: pc30.hep.ucl.ac.uk:/storage incr=232, elemp-
>> >free=33074593079, poolp->free=33074593079
>> 07/28 04:10:21 31334,25 dpm_srv_rm: returns 0, status=DPM_SUCCESS
>> Any suggestion?? Not sure it's certificate related, but the timing
>> of the errors is a bit suspicious.
>> Thanks,
>> Gianfranco
>> On 25 Jul 2008, at 15:37, Brew, CAJ (Chris) wrote:
>>> Hi All,
>>>
>>> Just noticed RALPP, Oxford, Cambridge, Durham, Glasgow, UCL-HEP,
>>> RHUL
>>> and IC all seem to have started failing tests since 12:00. I had
>>> got and
>>> replaced my certificates so I've just restarted my services to
>>> make sure
>>> they are picked up. That seems to have fixed it for me.
>>>
>>> Yours,
>>> Chris.
>>>
>>>> -----Original Message-----
>>>> From: Testbed Support for GridPP member institutes
>>>> [mailto:[log in to unmask]] On Behalf Of David Ambrose-
>>>> Griffith
>>>> Sent: 25 July 2008 14:29
>>>> To: [log in to unmask]
>>>> Subject: Re: Finalising UK CA rollover
>>>>
>>>> Jensen, J (Jens) wrote:
>>>>> Ah, so you expect them to still depend on the certificate
>>>> itself rather
>>>>> than the DN. Good point, that will need updating.
>>>>>
>>>>> For everyone out there, the VOMS certificate is available here:
>>>>> http://ca.grid-support.ac.uk/pub/rollover/certs/5530.pem
>>>>>
>>>>> I am fairly confident that the whole scheme will work and
>>>> also that it
>>>>> will be worth the effort, although given past experience some
>>>>> things
>>>>> will break, as they somehow always do, despite all the efforts to
>>>>> prevent breakage. There has been a lot of testing behind this.
>>>>>
>>>>> Thanks for pointing it out - can people who depend on the
>>>> VOMS server
>>>>> certificate please ensure they have the above certificate
>>>>> installed?
>>>>>
>>>>> Thanks
>>>>> --jens
>>>>>
>>>>>
>>>> Hmmn, at the moment Durham's SE has a certificate signed by
>>>> the old root
>>>> CA, but we didn't get the rollover email for it, and with the CRL
>>>> now
>>>> expired, we're failing tests.
>>>>
>>>> Our local RA Operator will be revoking and re-issuing the
>>>> certificate
>>>> this afternoon, but the lack of rollover email is a bit concerning.
>>>>
>>>> --
>>>> David Ambrose-Griffith - [log in to unmask]
>>>>
>>>> IPPP, Department of Physics, Durham University,
>>>> Science Laboratories, South Road, Durham, DH1 3LE
>>>> Direct Dial: +44 (0)191 3343704
>>>> Office: +44 (0)191 334 3811
>>>>
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
--
Dr. Gianfranco Sciacca Tel: +44 (0)20 7679 3044
Dept of Physics and Astronomy Internal: 33044
University College London D15 - Physics Building
London WC1E 6BT
|