[AG-TECH] Problems getting started with AG2.1
pns at soc.soton.ac.uk
pns at soc.soton.ac.uk
Wed Oct 22 08:50:54 CDT 2003
Hi -
I'm just trying to get started with AG2 on a single-node XP machine. This
is really for familiarisation purposes before we go ahead with a
room-based node (probably Linux-only)
I should add a caveat that I've no experience of AG1 to build on, so
please bear that in mind when dealing with my questions!!
I had initially installed AG2.1.1b, and have now tried again with the new
2.1.2 release, with similar results.
My initial problem seems to be with creating the Globus proxy when using
the Venue client.
I have a UK e-Science certificate. I believe that I've successfully
imported this into the AG environment, and it's set as my default
certificate.
I've also imported the e-Science root CA & signing policy. I can see my
cert in the 'Preferences / Manage certificates / View user identity
certificates' window, and the e-Science CA in the 'View trusted CA
certificates' window,
Here's what happens when I start the Venue Client in debug mode:
-----
10/22/03 12:11:34 DEBUG Creating thread 0
10/22/03 12:11:34 DEBUG Starting thread 0
10/22/03 12:11:34 DEBUG Worker 0 starting
10/22/03 12:11:34 DEBUG Waiting thread 0
10/22/03 12:11:34 DEBUG Done creating workers
10/22/03 12:11:34 DEBUG Reading persisted data from: C:\Documents and
Settings\p
ns\Application Data\AccessGrid\personalDataStore\DataStore.dat
C:\PROGRA~1\ACCESS~1\bin\agpm.py:57: RuntimeWarning: tmpnam is a potential
secur
ity risk to your program
workingDir = os.path.join(GetTempDir(), os.path.basename(os.tmpnam()))
C:\PROGRA~1\ACCESS~1\bin\agpm.py:57: RuntimeWarning: tmpnam is a potential
secur
ity risk to your program
workingDir = os.path.join(GetTempDir(), os.path.basename(os.tmpnam()))
10/22/03 12:11:44 DEBUG userConfigDir: C:\Documents and
Settings\pns\Application
Data\AccessGrid
10/22/03 12:11:44 DEBUG Opened repository C:\Documents and
Settings\pns\Applicat
ion Data\AccessGrid\certRepo
10/22/03 12:11:44 DEBUG Unlink C:\Documents and Settings\pns\Application
Data\Ac
cessGrid\trustedCACerts\1621954.0
10/22/03 12:11:44 DEBUG Unlink C:\Documents and Settings\pns\Application
Data\Ac
cessGrid\trustedCACerts\42864e48.0
10/22/03 12:11:44 DEBUG Unlink C:\Documents and Settings\pns\Application
Data\Ac
cessGrid\trustedCACerts\42864e48.signing_policy
10/22/03 12:11:44 DEBUG Unlink C:\Documents and Settings\pns\Application
Data\Ac
cessGrid\trustedCACerts\45cc9e80.0
10/22/03 12:11:44 DEBUG Unlink C:\Documents and Settings\pns\Application
Data\Ac
cessGrid\trustedCACerts\45cc9e80.signing_policy
10/22/03 12:11:44 DEBUG Using default identity
/C=UK/O=eScience/OU=Southampton/L
=SOC/CN=phil stanford
10/22/03 12:11:44 DEBUG Initializing environment with proxy cert for
/C=UK/O=eSc
ience/OU=Southampton/L=SOC/CN=phil stanford
====================================
The 'Create a Globus Proxy' window comes up here, and asks for the
passphrase to my e-Science key.
When I give it, I get the following in the debug window, and an 'Invalid
passphrase' message from the venue client.
Your identity: /C=UK/O=eScience/OU=Southampton/L=SOC/CN=phil stanford
user_key loaded
user_proxy cert_chain
verify failed
Error:
-->
error:80066421:lib(128):verify_callback:cannot find CA certificate for
local cre
dential:\software\AccessGrid\WinGlobus\source\gsi\ssl_utils\library\sslutils.c:2
140
Got error verify_callback
-->
error:80066412:lib(128):verify_callback:certificate::\software\AccessGrid\WinGlo
bus\source\gsi\ssl_utils\library\sslutils.c:2706
subject=/C=UK/O=eScience/OU=Southampton/L=SOC/CN=phil stanford
issuer
=/C=UK/O=eScience/OU=Authority/CN=CA/Email=ca-operator at grid-suppo
rt.ac.uk
===================================
It *looks* as if it's not finding the e-Science CA certificate - yet as I
say if in the Venue client I do Preferences / Manage Certificates / View
trusted CA certificates, it's there correctly.
I've run the 'Reconfigure Globus' utility - in the 'Certificate
configuration' window I come up with an 'OK' on all the certificate
locations - these are given as:
User certificate: C:\Documents and Settings\pns\Application
Data\globus\usercert.pem
User key file: C:\Documents and Settings\pns\Application
Data\globus\userkey.pem
Proxy certificate file: C:\DOCUME~1\pns\LOCALS~1\Temp\proxy
Trusted certificate directory: C:\Documents and Settings\All
Users\Application Data\AccessGrid\certificates
I should add that when using this e-Science personal certificate and CA
certificate on UNIX Globus I have no problems running grid-proxy-init,
which suggests that the certificate & passphrase are correct.
I have also requested the normal AG certificate but am not sure how to
receive this!
I have had the 'Certificate approved' mail, telling me to run the venue
client and look at 'view pending requests' - but if I do that, there is
nothing in the 'view certificate status' window.
So any help resolving the certificates issue would be welcome!
Finally, I am confused as to what I may or may not be able to do once the
certificates are sorted out.
We are not yet multicast enabled on this site (but it's coming). Does
this mean that there's no point in my trying to connect to the (a?) venues
server anyway? (I know I will not be able to connect to video/audio
streams, but would I see venues etc?)
(I notice that the option Preferences / Use Unicast seems to be greyed out
in the new AGTK, I do think I could select it in 2.1.1b (even though I
didn't know where to go then!)
Could I use the venues server to give me venues and port numbers, and then
directly connect vic/rat via a quickbridge (eg george.ag.mcc.ac.uk)
(I guess that leads onto one final question (for now!) .... it appears to
me that one instance of the quickbridge s/w is run to connect to a
specific venue - is there any way of determining to what venues a
quickbridge server is connecting? I've tried a few sites via 'george'
without any luck!
Apologies for all the questions, but any attempts to make some of my
mental fog evaporate would be appreciated!!
Regards
Phil
More information about the ag-tech
mailing list