I can send mail to ci support and cc mike to it and ask what they can do. <br><br>Mihael, is there anyway for Swift to give a little more feedback besides unknown CA or is that a jglobus problem?<br><br><div id="htc_header" style="">----- Reply message -----<br>From: "Sarah Kenny" <skenny@uchicago.edu><br>Date: Thu, Aug 25, 2011 5:11 pm<br>Subject: [Swift-devel] Notes from 0.93 meeting<br>To: "Jonathan Monette" <jonmon@mcs.anl.gov><br>Cc: "Mihael Hategan" <hategan@mcs.anl.gov>, "swift-devel Devel" <swift-devel@ci.uchicago.edu><br><br><br></div>if i had a nickel for every time i dealt with this i'd be rich! :) actually, now that i'm looking at our uci machines i actually have them updating hourly...so, maybe you want to ask the admins to do that to avoid a full day of confusion whenever they expire :P<br>
<br>*usually* i can't gsissh either if the certs have expired but, yeah, they must be using different CA's now for that on ranger as mihael suggests... <br><br><div class="gmail_quote">On Thu, Aug 25, 2011 at 2:46 PM, Jonathan Monette <span dir="ltr"><<a href="mailto:jonmon@mcs.anl.gov" target="_blank">jonmon@mcs.anl.gov</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">True. I did not think that each mechanism would use different CAs. We might want to ask ci support to update the grid certs more frequently then to avoid this situation.<br>
<div><div></div><div><br>
On Aug 25, 2011, at 4:42 PM, Mihael Hategan wrote:<br>
<br>
> On Thu, 2011-08-25 at 16:40 -0500, Jonathan Monette wrote:<br>
>> That is weird. If you were able to gsissh to ranger I would assume<br>
>> that you are able to globus-url-copy to ranger.<br>
><br>
> Not if the two use different CAs. Or if a password was typed at the ssh<br>
> login.<br>
><br>
>> Anyways, what Sarah said should work. I would assume that ci would<br>
>> update more frequently to avoid this problem.<br>
>> On Aug 25, 2011, at 4:38 PM, Sarah Kenny wrote:<br>
>><br>
>>> communicado's certs (/etc/grid-security/certificates) are<br>
>>> out-of-date...if you copy ranger's /etc/grid-security/certificates<br>
>>> directory to communicado and point yr X509_CERT_DIR to it you can<br>
>>> get a job thru (a simple globus-job-run with my vaild cert fails<br>
>>> from communicado at the moment if i don't do this).<br>
>>><br>
>>> i set our machines at uci to update daily...i think it's less<br>
>>> frequently at ci...<br>
>>><br>
>>> On Thu, Aug 25, 2011 at 2:17 PM, Mihael Hategan<br>
>>> <<a href="mailto:hategan@mcs.anl.gov" target="_blank">hategan@mcs.anl.gov</a>> wrote:<br>
>>> Can you try a globus-url-copy to gridftp.ranger?<br>
>>><br>
>>> gridftp.ranger seems to have the NCSA myproxy CA. You say<br>
>>> you have the<br>
>>> proper certificates dir in your X509_CERT_DIR, and that<br>
>>> directory<br>
>>> contains the TACC root cert. So it should work. And so<br>
>>> should swift.<br>
>>><br>
>>> Though I think that jglobus should be more clear about<br>
>>> "Unknown ca"<br>
>>> errors. At least the name of the unknown CA should be part<br>
>>> of the error<br>
>>> message.<br>
>>><br>
>>><br>
>>> On Thu, 2011-08-25 at 15:55 -0500, David Kelly wrote:<br>
>>>> $ grid-proxy-info -all<br>
>>>> subject : /C=US/O=National Center for Supercomputing<br>
>>> Applications/CN=David Kelly<br>
>>>> issuer : /C=US/O=National Center for Supercomputing<br>
>>> Applications/OU=Certificate Authorities/CN=MyProxy<br>
>>>> identity : /C=US/O=National Center for Supercomputing<br>
>>> Applications/CN=David Kelly<br>
>>>> type : end entity credential<br>
>>>> strength : 1024 bits<br>
>>>> path : /tmp/x509up_u1878<br>
>>>> timeleft : 9:56:53<br>
>>>><br>
>>>><br>
>>>> ----- Original Message -----<br>
>>>>> From: "Mihael Hategan" <<a href="mailto:hategan@mcs.anl.gov" target="_blank">hategan@mcs.anl.gov</a>><br>
>>>>> To: "David Kelly" <<a href="mailto:davidk@ci.uchicago.edu" target="_blank">davidk@ci.uchicago.edu</a>><br>
>>>>> Cc: "Ketan Maheshwari" <<a href="mailto:ketancmaheshwari@gmail.com" target="_blank">ketancmaheshwari@gmail.com</a>>,<br>
>>> "swift-devel Devel" <<a href="mailto:swift-devel@ci.uchicago.edu" target="_blank">swift-devel@ci.uchicago.edu</a>><br>
>>>>> Sent: Thursday, August 25, 2011 3:42:57 PM<br>
>>>>> Subject: Re: [Swift-devel] Notes from 0.93 meeting<br>
>>>>> Odd. Can you paste the output of 'grid-proxy-info -all'?<br>
>>>>><br>
>>>>> On Thu, 2011-08-25 at 15:18 -0500, David Kelly wrote:<br>
>>>>>> Sure, here is the full log:<br>
>>>>>><br>
>>>>>><br>
>>> <a href="http://www.ci.uchicago.edu/%7Edavidk/001-catsn-ranger-20110825-1515-5tydro91.log" target="_blank">http://www.ci.uchicago.edu/~davidk/001-catsn-ranger-20110825-1515-5tydro91.log</a><br>
>>>>>><br>
>>>>>> ----- Original Message -----<br>
>>>>>>> From: "Mihael Hategan" <<a href="mailto:hategan@mcs.anl.gov" target="_blank">hategan@mcs.anl.gov</a>><br>
>>>>>>> To: "David Kelly" <<a href="mailto:davidk@ci.uchicago.edu" target="_blank">davidk@ci.uchicago.edu</a>><br>
>>>>>>> Cc: "Ketan Maheshwari" <<a href="mailto:ketancmaheshwari@gmail.com" target="_blank">ketancmaheshwari@gmail.com</a>>,<br>
>>> "swift-devel<br>
>>>>>>> Devel" <<a href="mailto:swift-devel@ci.uchicago.edu" target="_blank">swift-devel@ci.uchicago.edu</a>><br>
>>>>>>> Sent: Thursday, August 25, 2011 2:43:31 PM<br>
>>>>>>> Subject: Re: [Swift-devel] Notes from 0.93 meeting<br>
>>>>>>> It's possible that the CA dir on Ranger is not<br>
>>> properly set up.<br>
>>>>>>> Can<br>
>>>>>>> you<br>
>>>>>>> post the full log?<br>
>>>>>>><br>
>>>>>>> On Thu, 2011-08-25 at 13:56 -0500, David Kelly<br>
>>> wrote:<br>
>>>>>>>> Those environment variables were not set up. I<br>
>>> have them defined<br>
>>>>>>>> now, but I'm still getting the same error.<br>
>>>>>>>><br>
>>>>>>>> [davidk@communicado ranger]$ env |grep 509<br>
>>>>>>>> X509_CERT_DIR=/opt/osg-1.2.16/globus/TRUSTED_CA<br>
>>>>>>>> X509_CADIR=/opt/osg-1.2.16/globus/TRUSTED_CA<br>
>>>>>>>><br>
>>>>>>>> [davidk@communicado ranger]$ swift -sites.file<br>
>>> sites.xml<br>
>>>>>>>> -tc.file<br>
>>>>>>>> tc.data 001-catsn-ranger.swift<br>
>>>>>>>> Swift svn swift-r4987 (swift modified locally)<br>
>>> cog-r3229<br>
>>>>>>>><br>
>>>>>>>> RunID: 20110825-1352-f1v940b4<br>
>>>>>>>> Progress: time: Thu, 25 Aug 2011 13:52:59 -0500<br>
>>>>>>>> Progress: time: Thu, 25 Aug 2011 13:53:00 -0500<br>
>>> Selecting site:7<br>
>>>>>>>> Initializing site shared directory:3<br>
>>>>>>>> Execution failed:<br>
>>>>>>>> Authentication failed [Caused by: Failure<br>
>>> unspecified at<br>
>>>>>>>> GSS-API<br>
>>>>>>>> level [Caused by: Unknown CA]]<br>
>>>>>>>><br>
>>>>>>>><br>
>>>>>>>> ----- Original Message -----<br>
>>>>>>>>> From: "Ketan Maheshwari"<br>
>>> <<a href="mailto:ketancmaheshwari@gmail.com" target="_blank">ketancmaheshwari@gmail.com</a>><br>
>>>>>>>>> To: "David Kelly" <<a href="mailto:davidk@ci.uchicago.edu" target="_blank">davidk@ci.uchicago.edu</a>><br>
>>>>>>>>> Cc: "Jonathan Monette" <<a href="mailto:jonmon@mcs.anl.gov" target="_blank">jonmon@mcs.anl.gov</a>>,<br>
>>> "swift-devel<br>
>>>>>>>>> Devel"<br>
>>>>>>>>> <<a href="mailto:swift-devel@ci.uchicago.edu" target="_blank">swift-devel@ci.uchicago.edu</a>><br>
>>>>>>>>> Sent: Thursday, August 25, 2011 1:32:50 PM<br>
>>>>>>>>> Subject: Re: [Swift-devel] Notes from 0.93<br>
>>> meeting<br>
>>>>>>>>> Hi,<br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> Are your CADIR and CACERT env vars set up?<br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> [communicado:swiftgrid]$ echo $X509_CADIR<br>
>>>>>>>>> /opt/osg-1.2.16/globus/TRUSTED_CA<br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> [communicado:swiftgrid]$ echo $X509_CERT_DIR<br>
>>>>>>>>> /opt/osg-1.2.16/globus/TRUSTED_CA<br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> On Thu, Aug 25, 2011 at 1:29 PM, David Kelly <<br>
>>>>>>>>> <a href="mailto:davidk@ci.uchicago.edu" target="_blank">davidk@ci.uchicago.edu</a><br>
>>>>>>>>>> wrote:<br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> Thanks Jon,<br>
>>>>>>>>><br>
>>>>>>>>> Here is what happens when I try this from<br>
>>> communicado:<br>
>>>>>>>>><br>
>>>>>>>>> [davidk@communicado ~]$ myproxy-logon -l dkelly<br>
>>> -s<br>
>>>>>>>>> <a href="http://myproxy.teragrid.org" target="_blank">myproxy.teragrid.org</a><br>
>>>>>>>>> Enter MyProxy pass phrase:<br>
>>>>>>>>> A credential has been received for user dkelly<br>
>>> in<br>
>>>>>>>>> /tmp/x509up_u1878.<br>
>>>>>>>>><br>
>>>>>>>>> [davidk@communicado ranger]$ swift -sites.file<br>
>>> sites.xml<br>
>>>>>>>>> -tc.file<br>
>>>>>>>>> tc.data 001-catsn-ranger.swift<br>
>>>>>>>>> Swift svn swift-r4987 (swift modified locally)<br>
>>> cog-r3229<br>
>>>>>>>>><br>
>>>>>>>>> RunID: 20110825-1326-o3e38fe0<br>
>>>>>>>>> Progress: time: Thu, 25 Aug 2011 13:26:43 -0500<br>
>>>>>>>>> Progress: time: Thu, 25 Aug 2011 13:26:44 -0500<br>
>>> Selecting<br>
>>>>>>>>> site:8<br>
>>>>>>>>> Initializing site shared directory:2<br>
>>>>>>>>> Execution failed:<br>
>>>>>>>>> Authentication failed [Caused by: Failure<br>
>>> unspecified at<br>
>>>>>>>>> GSS-API<br>
>>>>>>>>> level<br>
>>>>>>>>> [Caused by: Unknown CA]]<br>
>>>>>>>>><br>
>>>>>>>>> Any ideas?<br>
>>>>>>>>><br>
>>>>>>>>> Thanks,<br>
>>>>>>>>> David<br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> _______________________________________________<br>
>>>>>>>>> Swift-devel mailing list<br>
>>>>>>>>> <a href="mailto:Swift-devel@ci.uchicago.edu" target="_blank">Swift-devel@ci.uchicago.edu</a><br>
>>>>>>>>><br>
>>> <a href="https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel" target="_blank">https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel</a><br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> --<br>
>>>>>>>>> Ketan<br>
>>>>>>>> _______________________________________________<br>
>>>>>>>> Swift-devel mailing list<br>
>>>>>>>> <a href="mailto:Swift-devel@ci.uchicago.edu" target="_blank">Swift-devel@ci.uchicago.edu</a><br>
>>>>>>>><br>
>>> <a href="https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel" target="_blank">https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel</a><br>
>>><br>
>>><br>
>>> _______________________________________________<br>
>>> Swift-devel mailing list<br>
>>> <a href="mailto:Swift-devel@ci.uchicago.edu" target="_blank">Swift-devel@ci.uchicago.edu</a><br>
>>> <a href="https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel" target="_blank">https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel</a><br>
>>><br>
>>><br>
>>><br>
>>><br>
>>> --<br>
>>> Sarah Kenny<br>
>>> Programmer ~ Brain Circuits Laboratory ~ Rm 2224 Bio Sci III<br>
>>> University of California Irvine, Dept. of Neurology ~ <a href="tel:773-818-8300" value="+17738188300" target="_blank">773-818-8300</a><br>
>>><br>
>>> _______________________________________________<br>
>>> Swift-devel mailing list<br>
>>> <a href="mailto:Swift-devel@ci.uchicago.edu" target="_blank">Swift-devel@ci.uchicago.edu</a><br>
>>> <a href="https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel" target="_blank">https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel</a><br>
>><br>
><br>
><br>
<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Sarah Kenny<br>Programmer ~ Brain Circuits Laboratory ~ Rm 2224 Bio Sci III<br>University of California Irvine, Dept. of Neurology ~ <a href="tel:773-818-8300" value="+17738188300" target="_blank">773-818-8300</a><br>
<br>