[Swift-devel] Notes from 0.93 meeting

Sarah Kenny skenny at uchicago.edu
Thu Aug 25 17:11:57 CDT 2011 

if i had a nickel for every time i dealt with this i'd be rich! :)
actually, now that i'm looking at our uci machines i actually have them
updating hourly...so, maybe you want to ask the admins to do that to avoid a
full day of confusion whenever they expire :P

*usually* i can't gsissh either if the certs have expired but, yeah, they
must be using different CA's now for that on ranger as mihael suggests...

On Thu, Aug 25, 2011 at 2:46 PM, Jonathan Monette <jonmon at mcs.anl.gov>wrote:

> True.  I did not think that each mechanism would use different CAs.  We
> might want to ask ci support to update the grid certs more frequently then
> to avoid this situation.
>
> On Aug 25, 2011, at 4:42 PM, Mihael Hategan wrote:
>
> > On Thu, 2011-08-25 at 16:40 -0500, Jonathan Monette wrote:
> >> That is weird.  If you were able to gsissh to ranger I would assume
> >> that you are able to globus-url-copy to ranger.
> >
> > Not if the two use different CAs. Or if a password was typed at the ssh
> > login.
> >
> >>  Anyways, what Sarah said should work.  I would assume that ci would
> >> update more frequently to avoid this problem.
> >> On Aug 25, 2011, at 4:38 PM, Sarah Kenny wrote:
> >>
> >>> communicado's certs (/etc/grid-security/certificates) are
> >>> out-of-date...if you copy ranger's /etc/grid-security/certificates
> >>> directory to communicado and point yr X509_CERT_DIR to it you can
> >>> get a job thru (a simple globus-job-run with my vaild cert fails
> >>> from communicado at the moment if i don't do this).
> >>>
> >>> i set our machines at uci to update daily...i think it's less
> >>> frequently at ci...
> >>>
> >>> On Thu, Aug 25, 2011 at 2:17 PM, Mihael Hategan
> >>> <hategan at mcs.anl.gov> wrote:
> >>>        Can you try a globus-url-copy to gridftp.ranger?
> >>>
> >>>        gridftp.ranger seems to have the NCSA myproxy CA. You say
> >>>        you have the
> >>>        proper certificates dir in your X509_CERT_DIR, and that
> >>>        directory
> >>>        contains the TACC root cert. So it should work. And so
> >>>        should swift.
> >>>
> >>>        Though I think that jglobus should be more clear about
> >>>        "Unknown ca"
> >>>        errors. At least the name of the unknown CA should be part
> >>>        of the error
> >>>        message.
> >>>
> >>>
> >>>        On Thu, 2011-08-25 at 15:55 -0500, David Kelly wrote:
> >>>> $ grid-proxy-info -all
> >>>> subject  : /C=US/O=National Center for Supercomputing
> >>>        Applications/CN=David Kelly
> >>>> issuer   : /C=US/O=National Center for Supercomputing
> >>>        Applications/OU=Certificate Authorities/CN=MyProxy
> >>>> identity : /C=US/O=National Center for Supercomputing
> >>>        Applications/CN=David Kelly
> >>>> type     : end entity credential
> >>>> strength : 1024 bits
> >>>> path     : /tmp/x509up_u1878
> >>>> timeleft : 9:56:53
> >>>>
> >>>>
> >>>> ----- Original Message -----
> >>>>> From: "Mihael Hategan" <hategan at mcs.anl.gov>
> >>>>> To: "David Kelly" <davidk at ci.uchicago.edu>
> >>>>> Cc: "Ketan Maheshwari" <ketancmaheshwari at gmail.com>,
> >>>        "swift-devel Devel" <swift-devel at ci.uchicago.edu>
> >>>>> Sent: Thursday, August 25, 2011 3:42:57 PM
> >>>>> Subject: Re: [Swift-devel] Notes from 0.93 meeting
> >>>>> Odd. Can you paste the output of 'grid-proxy-info -all'?
> >>>>>
> >>>>> On Thu, 2011-08-25 at 15:18 -0500, David Kelly wrote:
> >>>>>> Sure, here is the full log:
> >>>>>>
> >>>>>>
> >>>
> http://www.ci.uchicago.edu/~davidk/001-catsn-ranger-20110825-1515-5tydro91.log
> >>>>>>
> >>>>>> ----- Original Message -----
> >>>>>>> From: "Mihael Hategan" <hategan at mcs.anl.gov>
> >>>>>>> To: "David Kelly" <davidk at ci.uchicago.edu>
> >>>>>>> Cc: "Ketan Maheshwari" <ketancmaheshwari at gmail.com>,
> >>>        "swift-devel
> >>>>>>> Devel" <swift-devel at ci.uchicago.edu>
> >>>>>>> Sent: Thursday, August 25, 2011 2:43:31 PM
> >>>>>>> Subject: Re: [Swift-devel] Notes from 0.93 meeting
> >>>>>>> It's possible that the CA dir on Ranger is not
> >>>        properly set up.
> >>>>>>> Can
> >>>>>>> you
> >>>>>>> post the full log?
> >>>>>>>
> >>>>>>> On Thu, 2011-08-25 at 13:56 -0500, David Kelly
> >>>        wrote:
> >>>>>>>> Those environment variables were not set up. I
> >>>        have them defined
> >>>>>>>> now, but I'm still getting the same error.
> >>>>>>>>
> >>>>>>>> [davidk at communicado ranger]$ env |grep 509
> >>>>>>>> X509_CERT_DIR=/opt/osg-1.2.16/globus/TRUSTED_CA
> >>>>>>>> X509_CADIR=/opt/osg-1.2.16/globus/TRUSTED_CA
> >>>>>>>>
> >>>>>>>> [davidk at communicado ranger]$ swift -sites.file
> >>>        sites.xml
> >>>>>>>> -tc.file
> >>>>>>>> tc.data 001-catsn-ranger.swift
> >>>>>>>> Swift svn swift-r4987 (swift modified locally)
> >>>        cog-r3229
> >>>>>>>>
> >>>>>>>> RunID: 20110825-1352-f1v940b4
> >>>>>>>> Progress: time: Thu, 25 Aug 2011 13:52:59 -0500
> >>>>>>>> Progress: time: Thu, 25 Aug 2011 13:53:00 -0500
> >>>        Selecting site:7
> >>>>>>>> Initializing site shared directory:3
> >>>>>>>> Execution failed:
> >>>>>>>>      Authentication failed [Caused by: Failure
> >>>        unspecified at
> >>>>>>>>      GSS-API
> >>>>>>>>      level [Caused by: Unknown CA]]
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> ----- Original Message -----
> >>>>>>>>> From: "Ketan Maheshwari"
> >>>        <ketancmaheshwari at gmail.com>
> >>>>>>>>> To: "David Kelly" <davidk at ci.uchicago.edu>
> >>>>>>>>> Cc: "Jonathan Monette" <jonmon at mcs.anl.gov>,
> >>>        "swift-devel
> >>>>>>>>> Devel"
> >>>>>>>>> <swift-devel at ci.uchicago.edu>
> >>>>>>>>> Sent: Thursday, August 25, 2011 1:32:50 PM
> >>>>>>>>> Subject: Re: [Swift-devel] Notes from 0.93
> >>>        meeting
> >>>>>>>>> Hi,
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Are your CADIR and CACERT env vars set up?
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> [communicado:swiftgrid]$ echo $X509_CADIR
> >>>>>>>>> /opt/osg-1.2.16/globus/TRUSTED_CA
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> [communicado:swiftgrid]$ echo $X509_CERT_DIR
> >>>>>>>>> /opt/osg-1.2.16/globus/TRUSTED_CA
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> On Thu, Aug 25, 2011 at 1:29 PM, David Kelly <
> >>>>>>>>> davidk at ci.uchicago.edu
> >>>>>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Thanks Jon,
> >>>>>>>>>
> >>>>>>>>> Here is what happens when I try this from
> >>>        communicado:
> >>>>>>>>>
> >>>>>>>>> [davidk at communicado ~]$ myproxy-logon -l dkelly
> >>>        -s
> >>>>>>>>> myproxy.teragrid.org
> >>>>>>>>> Enter MyProxy pass phrase:
> >>>>>>>>> A credential has been received for user dkelly
> >>>        in
> >>>>>>>>> /tmp/x509up_u1878.
> >>>>>>>>>
> >>>>>>>>> [davidk at communicado ranger]$ swift -sites.file
> >>>        sites.xml
> >>>>>>>>> -tc.file
> >>>>>>>>> tc.data 001-catsn-ranger.swift
> >>>>>>>>> Swift svn swift-r4987 (swift modified locally)
> >>>        cog-r3229
> >>>>>>>>>
> >>>>>>>>> RunID: 20110825-1326-o3e38fe0
> >>>>>>>>> Progress: time: Thu, 25 Aug 2011 13:26:43 -0500
> >>>>>>>>> Progress: time: Thu, 25 Aug 2011 13:26:44 -0500
> >>>        Selecting
> >>>>>>>>> site:8
> >>>>>>>>> Initializing site shared directory:2
> >>>>>>>>> Execution failed:
> >>>>>>>>> Authentication failed [Caused by: Failure
> >>>        unspecified at
> >>>>>>>>> GSS-API
> >>>>>>>>> level
> >>>>>>>>> [Caused by: Unknown CA]]
> >>>>>>>>>
> >>>>>>>>> Any ideas?
> >>>>>>>>>
> >>>>>>>>> Thanks,
> >>>>>>>>> David
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> _______________________________________________
> >>>>>>>>> Swift-devel mailing list
> >>>>>>>>> Swift-devel at ci.uchicago.edu
> >>>>>>>>>
> >>>
> https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> Ketan
> >>>>>>>> _______________________________________________
> >>>>>>>> Swift-devel mailing list
> >>>>>>>> Swift-devel at ci.uchicago.edu
> >>>>>>>>
> >>>
> https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel
> >>>
> >>>
> >>>        _______________________________________________
> >>>        Swift-devel mailing list
> >>>        Swift-devel at ci.uchicago.edu
> >>>
> https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Sarah Kenny
> >>> Programmer ~ Brain Circuits Laboratory ~ Rm 2224 Bio Sci III
> >>> University of California Irvine, Dept. of Neurology ~ 773-818-8300
> >>>
> >>> _______________________________________________
> >>> Swift-devel mailing list
> >>> Swift-devel at ci.uchicago.edu
> >>> https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel
> >>
> >
> >
>
>


-- 
Sarah Kenny
Programmer ~ Brain Circuits Laboratory ~ Rm 2224 Bio Sci III
University of California Irvine, Dept. of Neurology ~ 773-818-8300
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/swift-devel/attachments/20110825/bfe78c15/attachment.html>

More information about the Swift-devel mailing list