Hi Chris,
On 01/20/2014 03:15 PM, Christopher J. Walker wrote:
> Indeed. However I suspect that such flip flopping is unintentional.
I thimnk there are two distinct favours of flip/flopping. The first is
as you say, related to
https://ggus.eu/ws/ticket_info.php?ticket=99430
We'll call that "unintentional" flip/flopping, and it's due to server
access problems that result
in missing certificate fields, and the apparent missing server due to
incompletion.
The second favour of flip/flopping happens when the record keeping
system works properly. In
this case, I would suggest that (the managers of) CDF, DZERO and ILC
misunderstood the
impact of changing server coordinates, i.e. the great fan-out when it
hits the sites.
I would venture to say that they quickly reversed the decision when it
became apparent.
But that's all guesswork. All I know if that the Operations Portal and
XML were
complete and edited properly, but the effect was quickly reversed.
Thus a working system with poor planning can be easily turned into a
broken system.
Steve
>> b) We need to investigate why this happened and stop it happening again,
>> as it creates chaos.
>>
> From:
>
> https://ggus.eu/ws/ticket_info.php?ticket=99430
>
> It sounds like the problem is that if the VOMS server is down, the ops
> portal doesn't fill in the certificate fields when it generates the xml
> file you download.
>
> For me, the ops portal should be reporting the information the sites
> should configure when they setup the VO - and that means the DN of the
> VOMS servers that might be used. The public key is less necessary for me
> - it is the DN that is important. If that information is sometimes not
> in the XML file that strikes me as a major bug in the ops portal - but
> that's where the bug is.
>
>
>> c) Before doing anything, I suggest to chat in the ops meeting tomorrow
>> to decide.
>>
>> d) Notwithstanding that, those sites who updated quickly will have to
>> roll back.
>>
>> e) Yes, I know it's a pain.
> Indeed.
>
> Chris
>
>
>> Cheers,
>>
>> Steve
>>
>>
>>
>>
>>
>> -------- Original Message --------
>> Subject: changes to: CDF, DZERO, ILC
>> Date: Tue, 14 Jan 2014 13:05:44 +0000
>> From: Stephen Jones <[log in to unmask]>
>> Reply-To: Testbed Support for GridPP member institutes
>> <[log in to unmask]>
>> To: [log in to unmask]
>>
>>
>>
>> Resending due to cut and paste error (VOMS_CA_DN back to front)
>>
>> ----------------
>>
>> All, ignore previous.
>>
>> as discussed at the ops meeting, there have been changes to: CDF, DZERO,
>> ILC
>>
>> The full changes can be picked up from
>> https://www.gridpp.ac.uk/wiki/GridPP_approved_VOs
>>
>> Steve
>>
>> Summary of changes
>> *********************
>>
>> In all cases, the records for the server at voms.fnal.gov have changed
>> from:
>>
>> VOMSES=" ... 'cdf voms.fnal.gov 15020
>> /DC=org/DC=doegrids/OU=Services/CN=http/voms.fnal.gov cdf' "
>> VOMS_CA_DN=" ... '/DC=org/DC=DOEGrids/OU=Certificate
>> Authorities/CN=DOEGrids CA 1 ' "
>>
>> to
>>
>> VOMSES=" ... 'cdf voms.fnal.gov 15020 /DC=com/DC=DigiCert-Grid/O=Open
>> Science Grid/OU=Services/CN=voms.fnal.gov cdf' "
>> VOMS_CA_DN=" ... '/DC=com/DC=DigiCert-Grid/O=DigiCert Grid/CN=DigiCert
>> Grid CA-1 ' "
>>
>>
--
Steve Jones [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpool http://www.liv.ac.uk/physics/hep/
|