Aren't they meant to send out an EGI Broadcast ? This is what
everyone else is doing when they change their vomsserver certificate.
Cheers,
Daniela
On 22 April 2016 at 18:35, sjones <[log in to unmask]> wrote:
> Hi All,
>
> Admins supporting fermilab VOs should read this.
>
> I'll make a proper assessment and update next week.
>
> Sorry for all the flip/flopping about upstream which is the cause of this.
>
> All I can do is relay the situation.
>
> Regards,
>
> Ste
>
>
> -------- Original Message --------
> Subject: Re: one liner to show problem
> Date: 2016-04-22 15:58
> From: Alessandra Forti <[log in to unmask]>
> To: Stephen Jones <[log in to unmask]>
>
> Hi,
>
> I spoke to VOMS support now. They've updated also the voms1 certificate now.
> This will affect also CDF, and fermilab VOs (I don't know if the latter is
> in your list I recall i had to add it to the list of VOs in the wiki). The
> real problem is that in the US they have an rpm to distribute changes to the
> VOMS, VO managers are not required to know about the changes. They said
> they'll contact the VO managers in question to update the portal. So expect
> further changes to announce.
>
> cheers
> alessandra
>
> On 19/04/2016 14:09, Stephen Jones wrote:
>>
>> Hi Alessandra,
>>
>> This one-liner shows the problem -
>>
>> # wget -qO- http://operations-portal.egi.eu/xml/voIDCard/public/all/true |
>> sed -e '1,/IDCard .* Name="lsst"/d' -e '/IDCard/,$d' VOIDCardInfo.xml | grep
>> -A 2 "<VOMS_Server"
>>
>> --- output ---
>>
>> <VOMS_Server HttpsPort="8443" VomsesPort="15003"
>> IsVomsAdminServer="1"
>> MembersListUrl="https://voms.fnal.gov:8443/voms/lsst/services/VOMSAdmin?method=listMembers">
>> <hostname>voms.fnal.gov</hostname>
>> <X509Cert>
>> -- <VOMS_Server HttpsPort="8443" VomsesPort="15003"
>> IsVomsAdminServer="0"
>> MembersListUrl="https://voms1.fnal.gov:8443/voms/fermilab/services/VOMSAdmin?method=listMembers">
>> <hostname>voms1.fnal.gov</hostname>
>> </VOMS_Server>
>> <VOMS_Server HttpsPort="8443" VomsesPort="15003"
>> IsVomsAdminServer="1"
>> MembersListUrl="https://voms2.fnal.gov:8443/voms/fermilab/services/VOMSAdmin?method=listMembers">
>> <hostname>voms2.fnal.gov</hostname>
>> </VOMS_Server>
>>
>> The problem is that the first server (voms.fnal.gov) contains the X509Cert
>> tag, needed for DN and CA_DN. The voms1.fnal.gov and voms2.fnal.gov servers
>> do not show that tag.
>>
>> Ste
>>
>>
>>
>>
>
--
Sent from the pit of despair
-----------------------------------------------------------
[log in to unmask]
HEP Group/Physics Dep
Imperial College
London, SW7 2BW
Tel: +44-(0)20-75947810
http://www.hep.ph.ic.ac.uk/~dbauer/
|