Hi all,
We've just switched our old SCAS to Argus, and reconfigured the WNs to
use glexec with the new server.
According to the ops and cms nagios tests, glexec is working fine (see
grid106.kfki.hu and grid109.kfki.hu on
https://sam-glexec.cern.ch/nagios/cgi-bin/status.cgi?servicegroup=SERVICE_CREAM-CE&style=detail
<https://sam-glexec.cern.ch/nagios/cgi-bin/status.cgi?servicegroup=SERVICE_CREAM-CE&style=detail>),
but our site got a ticket from CMS that glidein pilot user framework is
failing to switch identity.
All I can see in the log is identity changing goes fine with glexec, but
there is a strange "could not find the poolindex" message at the end:
Jul 15 00:29:44 grid68 glexec[30879]: LCAS authorization request
Jul 15 00:29:44 grid68 glexec[30879]:
lcas_userban.mod-plugin_confirm_authorization(): checking banned users
in /opt/glite/etc/
lcas/ban_users.db
Jul 15 00:29:44 grid68 glexec[30879]: lcas.mod-lcas_run_va(): succeeded
Jul 15 00:29:44 grid68 glexec[30879]: Termination LCAS
Jul 15 00:29:44 grid68 glexec[30879]: Termination LCAS
Jul 15 00:29:44 grid68 glexec[30879]: 2011-07-14.22:29:44Z-30879 :
Initialization LCMAPS version 1.4.11-1
Jul 15 00:29:44 grid68 glexec[30879]: 2011-07-14.22:29:44Z-30879 :
lcmaps.mod-startPluginManager(): Reading LCMAPS database /opt/
glite/etc/lcmaps/lcmaps-glexec.db
Jul 15 00:29:44 grid68 glexec[30879]: 2011-07-14.22:29:44Z-30879 :
LCMAPS credential mapping request
Jul 15 00:29:44 grid68 glexec[30879]: 2011-07-14.22:29:44Z-30879 :
lcmaps_plugin_verify_proxy-plugin_run(): verify proxy plu
gin succeeded
Jul 15 00:29:45 grid68 glexec[30879]: 2011-07-14.22:29:44Z-30879 :
lcmaps_plugin_c_pep-plugin_run(): C-PEP plugin succeeded
Jul 15 00:29:45 grid68 glexec[30879]:
lcmaps_plugin_posix_enf-plugin_run(): pre-id-switch:
uid=42208(pilcms009),euid=0(root),gid
=42208(pilcms),egid=27001(glexec),sgid=1398(pilcms),sgid=1399(cms),sgid=20064
Jul 15 00:29:45 grid68 glexec[30879]:
lcmaps_plugin_posix_enf-plugin_run(): post-id-switch:
uid=18594(cms037),euid=18594(cms037),
gid=18594(cms),egid=1399(cms),sgid=1399(cms)
Jul 15 00:29:45 grid68 glexec[30879]: 2011-07-14.22:29:44Z-30879 :
lcmaps_plugin_posix_enf-plugin_run(): posix_enf plugin succeed
ed
Jul 15 00:29:45 grid68 glexec[30879]: LCMAPS CRED FINAL:
DN:"/DC=org/DC=doegrids/OU=People/CN=Igor Sfiligoi 673872"->mapped uid:'
18594',pgid:'1399',sgid:'1399'
Jul 15 00:29:45 grid68 glexec[30879]:
lcmaps.mod-lcmaps_run_with_pem_and_return_account(): LCMAPS could not
find the poolindex
Jul 15 00:29:45 grid68 glexec[30879]: 2011-07-14.22:29:44Z-30879 :
lcmaps.mod-lcmaps_run_with_pem_and_return_account(): succeeded
Jul 15 00:29:45 grid68 glexec[30879]: 2011-07-14.22:29:44Z-30879 :
Termination LCMAPS
Jul 15 00:29:45 grid68 glexec[30879]: 2011-07-14.22:29:44Z-30879 :
lcmaps.mod-lcmaps_term(): terminating
Jul 15 00:29:45 grid68 glexec[30879]: 2011-07-14.22:29:45 : Termination
LCMAPS
Jul 15 00:29:45 grid68 glexec[30879]: 2011-07-14.22:29:45 :
lcmaps.mod-lcmaps_term(): terminating
So, is there any problem with the identity switch or not? Maybe the
"could not find the poolindex" message is because gridmapdir should be
present on all WNs? Yaim is supposed to create the gridmapdir when Argus
is used with glexec?
Please enlighten me.
Thanks,
Benjamin
|