Fwd: Re: [AG-TECH] two more certification notes in 2.1.2 early tests

Robert Olson olson at mcs.anl.gov
Wed Jan 21 15:36:36 CST 2004 

More info on this.


>Date: Wed, 21 Jan 2004 13:32:11 -0800
>From: Todd Zimmerman <toddz at sfu.ca>
>Organization: Westgrid
>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) 
>Gecko/20031205 Thunderbird/0.4
>X-Accept-Language: en-us, en
>To: Robert Olson <olson at mcs.anl.gov>
>Subject: Re: [AG-TECH] two more certification notes in 2.1.2 early tests
>X-Spam-Status: No, hits=-3.0 required=5.0
>         tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,
>               REPLY_WITH_QUOTES,USER_AGENT_MOZILLA_UA
>         version=2.55
>X-Spam-Level:
>X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
>
>Actually, I am (currently) only trying this on a single machine node 
>(windows); however I have tested on Linux with the same results. If if 
>would be helpful, I can try it on a multi-machine node also.
>
>So, to clarify -
>
>With Grid Canada usercert set as default:
>Start VenueClient --personalNode
>Preferences -> Manage My Node...
>Set node service URL dialog appears with:
>https://localhost:11000/NodeService Press OK
>Dialog: "Can not open node service management based on the URL specified." 
>(although a netstat shows a python service listening on port 11000)
>
>Then, _without_ shutting down the venueclient:
>
>Preferences-> Manage Certificates-> View User Certificates -> Set ANL cert 
>as default
>Enter passphrase for creating a globus proxy
>Close Certificate Management
>Preferences -> Manage My Node...
>Node Management window appears and is connected.  localhost:12000 listed 
>in the service managers.
>
>Thanks again!
>
>
>Todd
>
>Robert Olson wrote:
>
>>did you install the CA certs on the machiens the node services are 
>>running on (I assume this is a multimachine node)?
>>
>>I actually may have run into something similar this week.
>>
>>--bob
>>
>>At 03:17 PM 1/21/2004, Todd Zimmerman wrote:
>>
>>>Hi Robert,
>>>
>>>Thought I'd forward this to you also....
>>>
>>>This is an old thread from October 2003 - however I'm running into the 
>>>same nodeservice problem.
>>>
>>>Was this issue ever resolved???
>>>
>>>I've imported another CA  (gridcanada) and when using my grid Canada 
>>>user cert, I'm unable to manage my node (or contact my node service at 
>>>all for that matter...).  However, the nodeservice is running and 
>>>listening.  If I switch back to my ANL cert, all works fine again.
>>>
>>>Any advice would help
>>>
>>>Thanks
>>>
>>>todd
>>>
>>>--
>>>Collaboration & Visualization Technician
>>>WestGrid - www.westgrid.ca
>>>Ph. 604.268.6979
>>>Todd Zimmerman - toddz at sfu.ca
>>>
>>>Robert Olson wrote:
>>>
>>>>Hi --
>>>>
>>>>If you send me the logfiles from your Application Data\AccessGrid 
>>>>directory I can try to figure out what's going on.
>>>>
>>>>thanks,
>>>>--bob
>>>>
>>>>At 11:32 AM 10/27/2003, Lewis Grantham wrote:
>>>>
>>>>>Hi AG team,
>>>>>
>>>>>great job on 2.1.2.. I finally got it to go, and looks good.  the cert
>>>>>management opens up some interesting avenues, and no doubt this will 
>>>>>develop
>>>>>further.
>>>>>
>>>>>have noticed two points in this respect for the record though:
>>>>>
>>>>>a. at sometime setting up 2.1.1b I suppose, I managed to create empty
>>>>>directories in the Application Data\AccessGrid\certRepo\certificates 
>>>>>folder
>>>>>(with names like d9f469c3c3133747f615ff01fc121f21).  could be part of the
>>>>>(fixed) issue with policies from 0-starting CAs, or just me. Had no 
>>>>>luck getting
>>>>>things settled until i cleared these.  the aguninstall.py script seemed to
>>>>>preserve them too, so my problems just carried on with 2.1.2 intially.
>>>>>
>>>>>b. the AGTK can use a UK E-Science cert in some repsects.  Imports ok 
>>>>>after CA
>>>>>import, and seems to proxy ok when set as default.  However, any 
>>>>>AGService and
>>>>>AGNodeService I run with this set up dont seem to work properly.
>>>>>The scripts
>>>>>run, and logs look like:
>>>>>
>>>>>C:\Program Files\Access Grid Toolkit\bin>AGNodeservice -d
>>>>>AGNodeService URL:
>>>>>https://boshtv.mediares.ucl.ac.uk:11000/NodeService
>>>>>
>>>>>C:\Program Files\Access Grid Toolkit\bin>AGserviceManager -d
>>>>>AGServiceManager URL:
>>>>>https://boshtv.mediares.ucl.ac.uk:12000/ServiceManager
>>>>>
>>>>>VenueClient logs look ok, but when you connect to a venue, no services are
>>>>>spawned to handle video or audio.
>>>>>
>>>>>If I try to 'Manage my node' from the prefs menu, it fails with the 
>>>>>following
>>>>>debugs:
>>>>>
>>>>>10/27/03 17:15:59 DEBUG HaveValidProxy: found proxy ident 
>>>>>/C=UK/O=eScience/OU=UC
>>>>>L/L=EISD/CN=lewis grantham/CN=proxy
>>>>>Invalid Node Service URI: 
>>>>>https://boshtv.mediares.ucl.ac.uk:11000/NodeService
>>>>>
>>>>>and a dialogue saying a more human version of same (Cannot open node..)
>>>>>
>>>>>This only occurs with a different default user cert, and concerns me 
>>>>>if end
>>>>>users can make these sorts of changes to installed systems and stop them
>>>>>working.
>>>>>
>>>>>so,
>>>>>
>>>>>Is it the case that the node configuration and service parameters are 
>>>>>unique to
>>>>>each imported/default ID?
>>>>>
>>>>>Since NodeManagement script doesn't seem to run from the command line 
>>>>>anymore
>>>>>reliably (i've only successfully managed my node with the 
>>>>>venueclient>prefs
>>>>>entry), any way I can check whether this is a null or missing service 
>>>>>config or
>>>>>something deeper?
>>>>>
>>>>>if simple config issue, any way to brace the systems here to hold a 
>>>>>solid config
>>>>>even if some user imports a personal certificate (from wherever) and 
>>>>>sets it as
>>>>>default?
>>>>>
>>>>>sounds like it goes against the spirit of the latest changes I know.
>>>>>I am all
>>>>>for user/group personalisations, as its one of the main area of this as a
>>>>>service that worries me.  but seems somethings might be amiss here.
>>>>>
>>>>>many thanks
>>>>>lewis
>>>>>
>>>>>
>>>>>
>>>>>--
>>>>>......................................................
>>>>>Lewis Grantham LLB MSc
>>>>>Project Leader, Multimedia Unit
>>>>>Media Resources, UCL (University College London)
>>>>>Windeyer Building, Cleveland Street, London W1P 6DB
>>>>>
>>>>>Tel: (+44) 020 7679 9258    Fax: (+44) 020 7580 0995
>>>>>URL: http://www.ucl.ac.uk/mediares/mmedia
>>>>
>>>>
>
>--
>Collaboration & Visualization Technician
>WestGrid - www.westgrid.ca
>Ph. 604.268.6979
>Todd Zimmerman - toddz at sfu.ca

More information about the ag-dev mailing list