[AG-TECH] Problems getting started with AG2.1

Wed Oct 22 08:50:54 CDT 2003

Hi - 
I'm just trying to get started with AG2 on a single-node XP machine. This 
is really for familiarisation purposes before we go ahead with a 
room-based node (probably Linux-only)
I should add a caveat that I've no experience of AG1 to build on, so 
please bear that in mind when dealing with my questions!!

I had initially installed AG2.1.1b, and have now tried again with the new 
2.1.2 release, with similar results.

My initial problem seems to be with creating the Globus proxy when using 
the Venue client.
I have a UK e-Science certificate. I believe that I've successfully 
imported this into the AG environment, and it's set as my default 
certificate.
I've also imported the e-Science root CA & signing policy. I can see my 
cert in the 'Preferences / Manage certificates / View user identity 
certificates' window, and the e-Science CA in the 'View trusted CA 
certificates' window, 
Here's what happens when I start the Venue Client in debug mode:
-----
10/22/03 12:11:34 DEBUG Creating thread 0
10/22/03 12:11:34 DEBUG Starting thread 0
10/22/03 12:11:34 DEBUG Worker 0 starting
10/22/03 12:11:34 DEBUG Waiting thread 0
10/22/03 12:11:34 DEBUG Done creating workers
10/22/03 12:11:34 DEBUG Reading persisted data from: C:\Documents and 
Settings\p
ns\Application Data\AccessGrid\personalDataStore\DataStore.dat
C:\PROGRA~1\ACCESS~1\bin\agpm.py:57: RuntimeWarning: tmpnam is a potential 
secur
ity risk to your program
  workingDir = os.path.join(GetTempDir(), os.path.basename(os.tmpnam()))
C:\PROGRA~1\ACCESS~1\bin\agpm.py:57: RuntimeWarning: tmpnam is a potential 
secur
ity risk to your program
  workingDir = os.path.join(GetTempDir(), os.path.basename(os.tmpnam()))
10/22/03 12:11:44 DEBUG userConfigDir: C:\Documents and 
Settings\pns\Application
 Data\AccessGrid
10/22/03 12:11:44 DEBUG Opened repository C:\Documents and 
Settings\pns\Applicat
ion Data\AccessGrid\certRepo
10/22/03 12:11:44 DEBUG Unlink C:\Documents and Settings\pns\Application 
Data\Ac
cessGrid\trustedCACerts\1621954.0
10/22/03 12:11:44 DEBUG Unlink C:\Documents and Settings\pns\Application 
Data\Ac
cessGrid\trustedCACerts\42864e48.0
10/22/03 12:11:44 DEBUG Unlink C:\Documents and Settings\pns\Application 
Data\Ac
cessGrid\trustedCACerts\42864e48.signing_policy
10/22/03 12:11:44 DEBUG Unlink C:\Documents and Settings\pns\Application 
Data\Ac
cessGrid\trustedCACerts\45cc9e80.0
10/22/03 12:11:44 DEBUG Unlink C:\Documents and Settings\pns\Application 
Data\Ac
cessGrid\trustedCACerts\45cc9e80.signing_policy
10/22/03 12:11:44 DEBUG Using default identity 
/C=UK/O=eScience/OU=Southampton/L
=SOC/CN=phil stanford
10/22/03 12:11:44 DEBUG Initializing environment with proxy cert for 
/C=UK/O=eSc
ience/OU=Southampton/L=SOC/CN=phil stanford

====================================

The 'Create a Globus Proxy' window comes up here, and asks for the 
passphrase to my e-Science key.
When I give it, I get the following in the debug window, and an 'Invalid 
passphrase' message from the venue client. 

Your identity: /C=UK/O=eScience/OU=Southampton/L=SOC/CN=phil stanford
user_key loaded
user_proxy cert_chain
verify failed
Error:
-->
error:80066421:lib(128):verify_callback:cannot find CA certificate for 
local cre
dential:\software\AccessGrid\WinGlobus\source\gsi\ssl_utils\library\sslutils.c:2
140
Got error verify_callback
-->
error:80066412:lib(128):verify_callback:certificate::\software\AccessGrid\WinGlo
bus\source\gsi\ssl_utils\library\sslutils.c:2706
        subject=/C=UK/O=eScience/OU=Southampton/L=SOC/CN=phil stanford
        issuer 
=/C=UK/O=eScience/OU=Authority/CN=CA/Email=ca-operator at grid-suppo
rt.ac.uk

===================================

It *looks* as if it's not finding the e-Science CA certificate - yet as I 
say if in the Venue client I do Preferences / Manage Certificates / View 
trusted CA certificates, it's there correctly.

I've run the 'Reconfigure Globus' utility  - in the 'Certificate 
configuration' window I come up with an 'OK' on all the certificate 
locations - these are given as:

User certificate: C:\Documents and Settings\pns\Application 
Data\globus\usercert.pem
User key file: C:\Documents and Settings\pns\Application 
Data\globus\userkey.pem
Proxy certificate file: C:\DOCUME~1\pns\LOCALS~1\Temp\proxy
Trusted certificate directory:  C:\Documents and Settings\All 
Users\Application Data\AccessGrid\certificates

I should add that when using this e-Science personal certificate and CA 
certificate on UNIX Globus I have no problems running grid-proxy-init, 
which suggests that the certificate & passphrase are correct.

I have also requested  the normal AG certificate but am not sure how to 
receive this!
I have had the 'Certificate approved' mail, telling me to run the venue 
client and look at 'view pending requests' - but if I do that, there is 
nothing in the 'view certificate status' window.

So any help resolving the certificates issue would be welcome!

Finally, I am confused as to what I may or may not be able to do once the 
certificates are sorted out.
We are not yet multicast enabled on this site (but it's coming).   Does 
this mean that there's no point in my trying to connect to the (a?) venues 
server anyway? (I know I will not be able to connect to video/audio 
streams, but would I see venues etc?) 
(I notice that the option Preferences / Use Unicast seems to be greyed out 
in the new AGTK, I do think I could select it in 2.1.1b (even though I 
didn't know where to go then!)

Could I use the venues server to give me venues and port numbers, and then 
directly connect  vic/rat via a quickbridge (eg george.ag.mcc.ac.uk)

(I guess that leads onto one final question (for now!) .... it appears to 
me that one instance of the quickbridge s/w is run to connect to a 
specific venue - is there any way of determining to what venues a 
quickbridge server is connecting? I've tried a few sites via 'george' 
without any luck! 

Apologies for all the questions, but any attempts to make some of my 
mental fog evaporate would be appreciated!!
Regards

Phil