We have a local mirror of the EGI CA repository which keeps the old versions. I can just change the version in puppet which then points yum to the old version. After that and a yum clean all, yum history rollback works.
Cheers,
Robert
On 28/11/17 13:32, Daniela Bauer wrote:
> How did you roll back to 1.87 ?
>
> Cheers,
> Daniela
>
> On 28 November 2017 at 13:30, Robert Frank <[log in to unmask]>
> wrote:
>
>> I've seen it as well in Manchester when I tried to update this morning.
>> I've rolled everything back to 1.87 for now.
>> I got the impression that it works when both, the server and the client
>> use the same version, but more testing is needed to confirm this.
>>
>> Cheers,
>> Robert
>>
>> On 28/11/17 13:21, Stephen Jones wrote:
>>
>>> Don't update to 1.88-1
>>>
>>> We have same problems too!
>>>
>>> Working on it; site is down because ARGUS (SL6) is clobbered by this...
>>>
>>> Cheers,
>>>
>>>
>>> Ste
>>>
>>>
>>> On 28/11/17 13:17, Daniela Bauer wrote:
>>>
>>>> Hi All,
>>>>
>>>> the latest trust anchor release contains this chage:
>>>>
>>>> * updated UKeScience 2B ICA based on a SHA-2 family digest (UK)
>>>>
>>>> When I try and run the cvmfs UI on SL6 I get the following error:
>>>>
>>>> lx01:~ > voms-proxy-init --voms gridpp
>>>> Enter GRID pass phrase for this identity:
>>>> Contacting voms03.gridpp.ac.uk:15000 <http://voms03.gridpp.ac.uk:15000>
>>>> [/C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk <
>>>> http://voms03.gridpp.ac.uk>] "gridpp"...
>>>> Certificate validation error: Can not verify the CRL as its issuer's
>>>> public key is unknown or can not be validated Cause: Certification path
>>>> could not be validated. Cause: NullPointerException
>>>> Error contacting voms03.gridpp.ac.uk:15000 <
>>>> http://voms03.gridpp.ac.uk:15000> for VO gridpp:
>>>> java.security.cert.CertificateException: The peer's certificate with
>>>> subject's DN CN=voms03.gridpp.ac.uk <http://voms03.gridpp.ac.uk>,L
>>>> =Physics,OU=Imperial,O=eScience,C=UK was rejected. The peer's
>>>> certificate status is: FAILED The following validation errors were found:
>>>> error at position 0 in chain, problematic certificate subject: CN=
>>>> voms03.gridpp.ac.uk <http://voms03.gridpp.ac.uk>,L
>>>> =Physics,OU=Imperial,O=eScience,C=UK (category: CRL): Can not verify
>>>> the CRL as its issuer's public key is unknown or can not be validated
>>>> Cause: Certification path could not be validated. Cause:
>>>> NullPointerException
>>>> Certificate validation error: Can not verify the CRL as its issuer's
>>>> public key is unknown or can not be validated Cause: Certification path
>>>> could not be validated. Cause: NullPointerException
>>>> Error contacting voms03.gridpp.ac.uk:15000 <
>>>> http://voms03.gridpp.ac.uk:15000> for VO gridpp: peer not authenticated
>>>> Error contacting voms03.gridpp.ac.uk:15000 <
>>>> http://voms03.gridpp.ac.uk:15000> for VO gridpp: REST and legacy VOMS
>>>> endpoints failed.
>>>> Contacting voms02.gridpp.ac.uk:15000 <http://voms02.gridpp.ac.uk:15000>
>>>> [/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=voms02.gridpp.ac.uk <
>>>> http://voms02.gridpp.ac.uk>] "gridpp"...
>>>> Certificate validation error: Can not verify the CRL as its issuer's
>>>> public key is unknown or can not be validated Cause: Certification path
>>>> could not be validated. Cause: NullPointerException
>>>> Error contacting voms02.gridpp.ac.uk:15000 <
>>>> http://voms02.gridpp.ac.uk:15000> for VO gridpp:
>>>> java.security.cert.CertificateException: The peer's certificate with
>>>> subject's DN CN=voms02.gridpp.ac.uk <http://voms02.gridpp.ac.uk>,L
>>>> =OeSC,OU=Oxford,O=eScience,C=UK was rejected. The peer's certificate
>>>> status is: FAILED The following validation errors were found:
>>>> error at position 0 in chain, problematic certificate subject: CN=
>>>> voms02.gridpp.ac.uk <http://voms02.gridpp.ac.uk>,L
>>>> =OeSC,OU=Oxford,O=eScience,C=UK (category: CRL): Can not verify the CRL
>>>> as its issuer's public key is unknown or can not be validated Cause:
>>>> Certification path could not be validated. Cause: NullPointerException
>>>> Certificate validation error: Can not verify the CRL as its issuer's
>>>> public key is unknown or can not be validated Cause: Certification path
>>>> could not be validated. Cause: NullPointerException
>>>> Error contacting voms02.gridpp.ac.uk:15000 <
>>>> http://voms02.gridpp.ac.uk:15000> for VO gridpp: peer not authenticated
>>>> Error contacting voms02.gridpp.ac.uk:15000 <
>>>> http://voms02.gridpp.ac.uk:15000> for VO gridpp: REST and legacy VOMS
>>>> endpoints failed.
>>>> Contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000>
>>>> [/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk <
>>>> http://voms.gridpp.ac.uk>] "gridpp"...
>>>> Certificate validation error: Can not verify the CRL as its issuer's
>>>> public key is unknown or can not be validated Cause: Certification path
>>>> could not be validated. Cause: NullPointerException
>>>> Error contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000>
>>>> for VO gridpp: java.security.cert.CertificateException: The peer's
>>>> certificate with subject's DN CN=voms.gridpp.ac.uk <
>>>> http://voms.gridpp.ac.uk>,L=HEP,OU=Manchester,O=eScience,C=UK was
>>>> rejected. The peer's certificate status is: FAILED The following validation
>>>> errors were found:
>>>> error at position 0 in chain, problematic certificate subject: CN=
>>>> voms.gridpp.ac.uk <http://voms.gridpp.ac.uk>,L=H
>>>> EP,OU=Manchester,O=eScience,C=UK (category: CRL): Can not verify the
>>>> CRL as its issuer's public key is unknown or can not be validated Cause:
>>>> Certification path could not be validated. Cause: NullPointerException
>>>> Certificate validation error: Can not verify the CRL as its issuer's
>>>> public key is unknown or can not be validated Cause: Certification path
>>>> could not be validated. Cause: NullPointerException
>>>> Error contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000>
>>>> for VO gridpp: peer not authenticated
>>>> Error contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000>
>>>> for VO gridpp: REST and legacy VOMS endpoints failed.
>>>> None of the contacted servers for gridpp were capable of returning a
>>>> valid AC for the user.
>>>> User's request for VOMS attributes could not be fulfilled.
>>>>
>>>>
>>>> It works on SL7.
>>>>
>>>> This error is fairly deadly for a lot of stuff we are doing here.
>>>>
>>>> Any ideas ?
>>>>
>>>> Regards,
>>>> Daniela
>>>>
>>>>
>>>> --
>>>> Sent from the pit of despair
>>>>
>>>> -----------------------------------------------------------
>>>> [log in to unmask] <mailto:[log in to unmask]>
>>>> HEP Group/Physics Dep
>>>> Imperial College
>>>> London, SW7 2BW
>>>> Tel: +44-(0)20-75947810
>>>> http://www.hep.ph.ic.ac.uk/~dbauer/ <http://www.hep.ph.ic.ac.uk/%7
>>>> Edbauer/>
>>>>
>>>
>>>
>>>
>
>
|