[AG-TECH] 회신: Problems of VenueManagement

Christoph Willing c.willing at uq.edu.au
Fri Aug 6 00:14:52 CDT 2010 

Unfortunately, I found that the procedure below isn't sufficient for  
Fedora 13, even though it shows all the same error messages. More  
debugging needed ...


chris



On 06/08/2010, at 11:28 AM, Christoph Willing wrote:

> Further to Tom's suggestion about checking the CA certificate, I  
> have just tested 3 different Linux systems: Ubuntu Lucid, Slackware  
> 13.1 and Fedora 11.
>
> 1. All showed exactly the same symptoms (inability to connect with  
> VenueManagement) and log outputs.
> 2. All were "missing" the AG-Dev CA certificate
>
> (where "missing" may just mean out of date and so not showing up in  
> the certificate manager)
>
> The cure for all three systems was to find and put in place the  
> correct (up to date) CA certificate. The correct CA certificate is  
> available at:
>    https://svn.ci.uchicago.edu/svn/accessgrid/trunk/packaging/config/CAcertificates/45cc9e80.0
>
> Download it and copy it into /etc/AccessGrid3/Config/ 
> CAcertificates/, replacing the existing file of the same name. There  
> is also a 45cc9e80.signing_policy file at the same place - you can  
> download it too but I think its the same as the already installed one.
>
>
> Now load the newly downloaded CA certificate using:
>    1. CertificateManager3.py (plain CertificateManager on some  
> systems) "Trusted CA Certificates" tab
> or  2. certmgr3.py (or certmgr_agtk) command line tool in its "ca"  
> mode
>
> Once loaded, check its validity ("View Certificate" button for gui  
> tool, "show" command for command line tool). The correct one has  
> Subject and Issuer "CN=Access Grid Developers CA" and "Not valid  
> after 01/28/20"
>
>
> If the correct CA is loaded _and_ you have a current service  
> certificate, then the VenueServer will run and the VenueManagement  
> tool will connect to it correctly. The three systems mentioned  
> above, previously broken, are all now working as expected after the  
> procedure outlined above.
>
>
> chris
>
>
>
> On 06/08/2010, at 4:05 AM, Thomas Uram wrote:
>
>> From the log I can see that you are using a VenueServer service  
>> certificate, which is good.
>>
>> Based on the 'unknown ca' error message, I wonder about the  
>> validity of the CA certificate. Could you enter certificate  
>> management and check the validity of the AG-Dev CA certificate?
>>
>> Tom
>>
>> On Aug 3, 2010, at 9:27 AM, Sangil Choi wrote:
>>
>>> I checked URL of my server (Server : https://210.125.84.210:8000/VenueServer) 
>>>  but there is no changes in result. I think the cause seems to be  
>>> elsewhere.
>>>
>>>
>>>
>>> In addition, I used 'https://210.125.84.210:8000/Venues' and the  
>>> result is consistent.
>>>
>>>
>>>
>>> Thanks for your help.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Sangil Choi.
>>>
>>> ________________________________________
>>> 보낸 사람: Christoph Willing [c.willing at uq.edu.au]
>>> 보낸 날짜: 2010년 8월 3일 화요일 오후 9:59
>>> 받는 사람: Sangil Choi
>>> 제목: Re: [AG-TECH]  Problems of VenueManagement
>>>
>>> Sangil,
>>>
>>> Sometimes there is confusion about the name which the VenueServer is
>>> running. Look in the server log file (~/.ACcessGrid/Logs/
>>> VenueServer.log) for the line containing:
>>> ....... Venue.py:344 DEBUG ------------ STARTING VENUE
>>>
>>> Then the next line will contain the name of that the server is  
>>> running
>>> as. It will be something like:
>>> ....... Venue.py:383 INFO  Venue URI https://a.b.c.d:8000/Venues/0a0101ce20dd1d9654fb10b37feec5410c
>>>
>>> Use that name (https://a.b.c.d:8000/Venues) when connecting with the
>>> VenueManager
>>>
>>>
>>> If you can't find the correct lines in the log file, restart the
>>> VenueServer so they will be generated again.
>>>
>>>
>>> chris
>>>
>>>
>>> On 03/08/2010, at 8:10 PM, Sangil Choi wrote:
>>>
>>>> Hi, everyone.
>>>>
>>>> I've problem about VenueManagement Tool.
>>>>
>>>> I install 'AGTk3.2 beta 1' on Fedora Core 12 and send certificate
>>>> request message to agdev-ca at mcs.anl.gov<mailto:agdev- 
>>>> ca at mcs.anl.gov>.
>>>> After I got a replied message, I install that certificate and check
>>>> the '/usr/bin/certmgr_agtk' to make sure of its installation. In
>>>> addition, VenueServer works well.
>>>>
>>>> I found some problem when I use VenueManagement Tool to create new
>>>> venues in our venue server.
>>>>
>>>> I make an entry of “Venue Server Address” as follow:
>>>>
>>>> https://localhost:8000/VenueServer
>>>> https://NFRI-AG-Server.nm.gist.ac.kr:8000/VenueServer - It is DNS  
>>>> of
>>>> server machine
>>>> https://NFRI-AG-Server.gist.ac.kr:8000/VenueServer - It is the name
>>>> that uses in certificate request message.
>>>>
>>>> After I clinks go button, below message is shown.
>>>>
>>>> =========================================================
>>>> You were unable to connect to the venue server at: https://localhost:8000/VenueServer
>>>> =========================================================
>>>>
>>>> In command window that execute VenueServer prints error message  
>>>> like
>>>> this.
>>>>
>>>> =========================================================
>>>> Traceback (nost recent call last):
>>>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/SSLServer.py",
>>>> line 32, in handle_request
>>>> request, client_address = self.get_request()
>>>> File "/usr/lib/python2.6/SocketServer.py", line 444, in get_request
>>>> return self.socket.accept()
>>>> File "/usr/lib/python2.6/site-packages/AccessGrid3/hosting/ZSI/
>>>> ServiceContainer.py", line 156, in M2CrytoConnectionAccept
>>>> ret = ssl.accept_ssl()
>>>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/Connection.py",
>>>> line 152, in accept_ssl
>>>> return m2.ssl_accept(self.ssl, self._timeout)
>>>> SSLError : tlsv1 alert unknown ca
>>>> =========================================================
>>>>
>>>> Last, the following message was printed in VenueManagement.log  
>>>> file.
>>>>
>>>> =========================================================
>>>> 08/03/2010 04:36:50 PM -1216825664 Platform     Config.py:897 INFO
>>>> gnome directory /home/ag/.gnome/application-info or /home/ 
>>>> ag/.gnome/
>>>> mime-info not found, not registering file type .agpkg3 with gnome
>>>> 08/03/2010 04:36:50 PM -1216825664 Platform     Config.py:897 INFO
>>>> gnome directory /home/ag/.gnome/application-info or /home/ 
>>>> ag/.gnome/
>>>> mime-info not found, not registering file type .vv3d with gnome
>>>> 08/03/2010 04:36:50 PM -1216825664 VenueClient     Preferences.py:
>>>> 206 DEBUG Preferences.LoadPreferences: open file
>>>> 08/03/2010 04:36:50 PM -1216825664 Toolkit     Toolkit.py:166 INFO
>>>> Logfile Name: VenueManagement.log
>>>> 08/03/2010 04:36:50 PM -1216825664 CertificateManager
>>>> CertificateManager.py:212 DEBUG Opened repository /home/
>>>> ag/.AccessGrid3/Config/certRepo
>>>> 08/03/2010 04:36:50 PM -1216825664 Toolkit     Toolkit.py:472 INFO
>>>> Initialized certificate manager.
>>>> 08/03/2010 04:36:50 PM -1216825664 CertificateManager
>>>> CertificateManager.py:575 DEBUG Configuring standard environment
>>>> 08/03/2010 04:36:50 PM -1216825664 CertificateManager
>>>> CertificateManager.py:625 DEBUG Using default identity /O=Access
>>>> Grid/OU=agdev-ca.mcs.anl.gov/CN=VenueServer/NFRI-AG- 
>>>> Server.gist.ac.kr
>>>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement
>>>> VenueManagement:422 DEBUG VenueManagementClient.ConnectToServer:
>>>> Connect to server https://localhost:8000/VenueServer
>>>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement
>>>> VenueManagement:430 DEBUG VenueManagementClient.ConnectToServer:
>>>> Connect to server
>>>> 08/03/2010 04:36:52 PM -1216825664 Toolkit     Toolkit.py:262 INFO
>>>> Using unencrypted certificate: /home/ag/.AccessGrid3/Config/ 
>>>> certRepo/
>>>> certificates/174973e21fb8d6e777cf0199e079762b/
>>>> c922e6eac654d6475a33f6e48af375e7/cert.pem /home/ag/.AccessGrid3/
>>>> Config/certRepo/privatekeys/fb186c081f585da9ba71017c637bd452.pem
>>>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement
>>>> VenueManagement:435 DEBUG VenueManagementClient.ConnectToServer:  
>>>> Get
>>>> venues from server
>>>> 08/03/2010 04:36:52 PM -1216825664 VenueManagement
>>>> VenueManagement:521 ERROR VenueManagementClient.ConnectToServer:  
>>>> Can
>>>> not connect.:
>>>> Traceback (most recent call last):
>>>> File "/usr/bin/VenueManagement", line 438, in ConnectToServer
>>>> vl = self.server.GetVenues()
>>>> File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/
>>>> interfaces/VenueServer_client.py", line 168, in GetVenues
>>>> self.binding.Send(None, None, request,
>>>> soapaction="urn:#GetVenues", **kw)
>>>> File "/usr/lib/python2.6/site-packages/ZSI/client.py", line 266, in
>>>> Send
>>>> self.h.connect()
>>>> File "/usr/lib/python2.6/site-packages/M2Crypto/httpslib.py", line
>>>> 50, in connect
>>>> self.sock.connect((self.host, self.port))
>>>> File "/usr/lib/python2.6/site-packages/M2Crypto/SSL/Connection.py",
>>>> line 177, in connect
>>>> self.socket.connect(addr)
>>>> File "<string>", line 1, in connect
>>>> error: [Errno 111] Connection refused
>>>> =========================================================
>>>>
>>>> What should I do to solve this problem?
>>>>
>>>> Regard,
>>>> Sangil Choi
>>>
>>> Christoph Willing                       +61 7 3365 8316
>>> QCIF Access Grid Manager
>>> University of Queensland
>>
>
> Christoph Willing                       +61 7 3365 8316
> QCIF Access Grid Manager
> University of Queensland
>

Christoph Willing                       +61 7 3365 8316
QCIF Access Grid Manager
University of Queensland

More information about the ag-tech mailing list