RT for crt.cs.wisc.edu
RT for crt.cs.wisc.edu
|
|
| # | Fri Oct 03 12:49:31 2008 | garzoglio@fnal.gov - Ticket created | [Reply] | |||||||||||
Hi Alain, I've talked to Adam Lyon today: they are ready now to start testing SAM-Grid with condor 7 from the new VDT. While there are some tests that can be done on condor without involving grid-proxy-info, the SAM- Grid software that integrate condor does rely on grid-proxy-info to function. So real tests can only be done with a patched version of globus. For DZero this has a high priority at this point. So the time line is asap... is a couple of weeks a reasonable to have a release? Thanks Gabriele Alain Roy wrote: > Yup, that's true. > > I'll also be interested in a timeline for when you need the update. > > Thanks, > -alain > > On Oct 1, 2008, at 2:40 PM, Charles Bacon wrote: >> If you or Parag test it and say it's okay, my bet is that Alain >> would be happy to apply it. I'm pretty sure we're just going to >> merge it into globus_4_0_branch and have it show up in the next >> point release of the toolkit. >> >> >> Charles >> >> On Oct 1, 2008, at 11:57 AM, Gabriele Garzoglio wrote: >> >>> Are you planning to apply this path to globus in the next release >>> of VDT? >>> >>> Gabriele >>> >>> Charles Bacon wrote: >>>> There's already a patch at http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=4696 >>>> to search for the BEGIN CERTIFICATE header of a pem certificate. >>>> >>>> >>>> Charles >>>> >>>> On Oct 1, 2008, at 9:33 AM, Gabriele Garzoglio wrote: >>>> >>>>> mhmm... one needs to be careful getting the format of a file >>>>>>>>> from the extension (a la MS Windows). >>>>> In this case, certificates can legitimately have any number >>>>> extension (.0, .1, .2)... >>>>> >>>>> Please, keep us appraised as to how fast this issue is estimated >>>>> to be resolved. In the SAM-Grid, we use these X509 commands all >>>>> over and, on one hand, this seems a show stopper for us to >>>>> upgrade to the newer VDT, on the other hand, there are features >>>>> of new VDT (like condor version) that we would really like to >>>>> have. >>>>> >>>>> Thanks >>>>> Gabriele >>>>> >>>>> Charles Bacon wrote: >>>>>> Hmm. This behavior appeared in gt4.0.6 as part of a fix for bug >>>>>> 4696 (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=4696 >>>>>> [grid-cert-info cannot extract info from .p12 files]) this >>>>>> block of logic was added to auto-detect the certificate format: >>>>>> >>>>>> if test "$certfile" = ""; then >>>>>> echo "Error: Cannot locate certificate" 1>&2 >>>>>> exit 1; >>>>>> elif echo "$certfile" | grep '\.p12' > /dev/null 2>&1 ; then >>>>>> cert_format=pkcs12 >>>>>> elif echo "$certfile" | grep '\.pem' > /dev/null 2>&1 ; then >>>>>> cert_format=x509 >>>>>> else >>>>>> echo "Error: certificate file \"$certfile\" is not .pem >>>>>> or .p12" 1>&2 >>>>>> exit 1; >>>>>> fi >>>>>> >>>>>> It looks like there should either be an extra stanza reading: >>>>>> elif echo "$certfile" | grep '\.0' > /dev/null 2>&1 ; then >>>>>> cert_format=x509 >>>>>> >>>>>> or it should default to assuming the certificate is x509 for >>>>>> backwards compatibility. I'll let the developers know. >>>>>> >>>>>> >>>>>> Charles >>>>>> >>>>>> >>>>>> On Sep 30, 2008, at 5:21 PM, Parag Mhashilkar wrote: >>>>>> >>>>>>> I don't think it is a matter of which CA cert I use as an >>>>>>> option. I get >>>>>>> same response for doegrids cert as well as other random CA I >>>>>>> used. >>>>>>> >>>>>>> --------- >>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep >>>>>>> GlobusYou >>>>>>> have installed a subset of VDT version 1.8.1a: >>>>>>> Globus Toolkit, pre web-services, client 4.0.5 >>>>>>> Globus Toolkit, pre web-services, server 4.0.5 >>>>>>> [sam@fapl063 ~]$ grid-cert-info >>>>>>> -file /diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/ >>>>>>> globus/TRUSTED_CA/1c3f2ca8.0 -subject >>>>>>> /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1 >>>>>>> >>>>>>> >>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep >>>>>>> GlobusYou >>>>>>> have installed a subset of VDT version 1.10.1j: >>>>>>> Globus Toolkit, pre web-services, client 4.0.7 >>>>>>> Globus Toolkit, pre web-services, server 4.0.7 >>>>>>> [sam@fapl063 ~]$ grid-cert-info >>>>>>> -file /diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/ >>>>>>> globus/TRUSTED_CA/1c3f2ca8.0 -subject >>>>>>> Error: certificate file >>>>>>> "/diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/globus/ >>>>>>> TRUSTED_CA/1c3f2ca8.0" is not .pem or .p12 >>>>>>> ---------- >>>>>>> >>>>>>> CA certs are installed by VDT. I don't think the cert is >>>>>>> corrupted as I >>>>>>> can use grid-cert-info from Globus 4.0.5 but not from Globus >>>>>>> 4.0.7 on >>>>>>> same cert file. >>>>>>> >>>>>>> >>>>>>> Here is the result from openssl commands >>>>>>> >>>>>>> -------- >>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep >>>>>>> GlobusYou >>>>>>> have installed a subset of VDT version 1.8.1a: >>>>>>> Globus Toolkit, pre web-services, client 4.0.5 >>>>>>> Globus Toolkit, pre web-services, server 4.0.5 >>>>>>> [sam@fapl063 ~]$ $GLOBUS_LOCATION/bin/openssl x509 >>>>>>> -in /diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/globus/ >>>>>>> TRUSTED_CA/e1fce4e9.0 -noout -subject >>>>>>> subject= /DC=gov/DC=fnal/O=Fermilab/OU=Certificate >>>>>>> Authorities/CN=Kerberized CA >>>>>>> [sam@fapl063 ~]$ >>>>>>> >>>>>>> >>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep >>>>>>> GlobusYou >>>>>>> have installed a subset of VDT version 1.10.1j: >>>>>>> Globus Toolkit, pre web-services, client 4.0.7 >>>>>>> Globus Toolkit, pre web-services, server 4.0.7 >>>>>>> [sam@fapl063 ~]$ $GLOBUS_LOCATION/bin/openssl x509 >>>>>>> -in /diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/globus/ >>>>>>> TRUSTED_CA/e1fce4e9.0 -noout -subject >>>>>>> subject= /DC=gov/DC=fnal/O=Fermilab/OU=Certificate >>>>>>> Authorities/CN=Kerberized CA >>>>>>> [sam@fapl063 ~]$ >>>>>>> -------- >>>>>>> >>>>>>> Some more system info if that helps >>>>>>> >>>>>>> ------ >>>>>>> [sam@fapl063 ~]$ cat /etc/issue >>>>>>> Scientific Linux Fermi LTS release 4.2 (Wilson) >>>>>>> Kernel \r on an \m >>>>>>> >>>>>>> [sam@fapl063 ~]$ which openssl >>>>>>> /usr/bin/openssl >>>>>>> [sam@fapl063 ~]$ openssl version >>>>>>> OpenSSL 0.9.7a Feb 19 2003 >>>>>>> [sam@fapl063 ~]$ >>>>>>> ------ >>>>>>> >>>>>>> >>>>>>> On Tue, 2008-09-30 at 16:49 -0500, Alain Roy wrote: >>>>>>>> Yeah, what Charles said. We changed how we link against SSL, >>>>>>> -- >>>>>>>> and that >>>>>>>> might affect you. >>>>>>>> >>>>>>>> I don't have any problem with grid-cert-info, but I have a >>>>>>>> DOEGrids >>>>>>>> cert, and it looks like yours is a Fermi KCA cert. Is there >>>>>>>> something >>>>>>>> odd about the Fermi KCA cert? >>>>>>>> >>>>>>>> Is there anything odd about the e1fce4e9.0 file? Is yours >>>>>>>> corrupted, >>>>>>>> by chance? >>>>>>>> >>>>>>>> -alain >>>>>>>> >>>>>>>> On Sep 30, 2008, at 4:35 PM, Charles Bacon wrote: >>>>>>>> >>>>>>>>> I've asked the GSI developers about it, I'll let you know >>>>>>>>> what I >>>>>>>>> hear back. >>>>>>>>> >>>>>>>>> However, one obvious difference is that VDT 1.10.x uses your >>>>>>>>> system >>>>>>>>> openssl instead of the globus-built openssl. For a sanity >>>>>>>>> check, >>>>>>>>> can you check the difference between running: >>>>>>>>> $GLOBUS_LOCATION/bin/openssl -in /diska/samgrid/products/ups/ >>>>>>>>> prd/ >>>>>>>>> vdt/v1_10_1_1/Linux/globus/TRUSTED_CA/e1fce4e9.0 -noout - >>>>>>>>> subject >>>>>>>>> >>>>>>>>> for the two globus locations? The 4.0.5-vdt one will use the >>>>>>>>> globus- >>>>>>>>> built openssl, and the 4.0.7-vdt one will use a symlink to a >>>>>>>>> system >>>>>>>>> openssl. >>>>>>>>> >>>>>>>>> >>>>>>>>> Charles >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sep 30, 2008, at 4:16 PM, Parag Mhashilkar wrote: >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> Not sure if any one noticed, but there have been changes to >>>>>>>>>> grid-cert-info command from Globus 4.0.5 to 4.0.7. Does any >>>>>>>>>> one know >>>>>>>>>> details about this and similar changes? I am trying to >>>>>>>>>> figure out >>>>>>>>>> what >>>>>>>>>> the changes were and understand how it will be affecting >>>>>>>>>> the Samgrid >>>>>>>>>> infrastructure. >>>>>>>>>> >>>>>>>>>> ------- >>>>>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep >>>>>>>>>> Globus >>>>>>>>>> You have installed a subset of VDT version 1.8.1a: >>>>>>>>>> Globus Toolkit, pre web-services, client 4.0.5 >>>>>>>>>> Globus Toolkit, pre web-services, server 4.0.5 >>>>>>>>>> [sam@fapl063 ~]$ grid-cert-info >>>>>>>>>> -file /diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/ >>>>>>>>>> globus/ >>>>>>>>>> TRUSTED_CA/e1fce4e9.0 -subject >>>>>>>>>> /DC=gov/DC=fnal/O=Fermilab/OU=Certificate Authorities/ >>>>>>>>>> CN=Kerberized >>>>>>>>>> CA >>>>>>>>>> [sam@fapl063 ~]$ >>>>>>>>>> -------- >>>>>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep >>>>>>>>>> Globus >>>>>>>>>> You have installed a subset of VDT version 1.10.1j: >>>>>>>>>> Globus Toolkit, pre web-services, client 4.0.7 >>>>>>>>>> Globus Toolkit, pre web-services, server 4.0.7 >>>>>>>>>> [sam@fapl063 ~]$ grid-cert-info >>>>>>>>>> -file /diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/ >>>>>>>>>> globus/ >>>>>>>>>> TRUSTED_CA/e1fce4e9.0 -subject >>>>>>>>>> Error: certificate file >>>>>>>>>> "/diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/globus/ >>>>>>>>>> TRUSTED_CA/e1fce4e9.0" is not .pem or .p12 >>>>>>>>>> -------- >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Thanks & Regards >>>>>>>>>> ============================================================= >>>>>>>>>> Parag Mhashilkar>>>>>>>>>> Fermi National Accelerator Laboratory, MS 120 >>>>>>>>>> Wilson & Kirk Road, Batavia, IL - 60510. >>>>>>>>>> >>>>>>>>>> Location: Wilson Hall, WH863 >>>>>>>>>> Phone: +1 (630) 840-6530 >>>>>>>>>> Fax: +1 (630) 840-2783 >>>>>>>>>> Email: parag@fnal.gov >>>>>>>>>> ============================================================= >>>>>>> Thanks & Regards >>>>>>> ============================================================= >>>>>>> Parag Mhashilkar>>>>>>> Fermi National Accelerator Laboratory, MS 120 >>>>>>> Wilson & Kirk Road, Batavia, IL - 60510. >>>>>>> >>>>>>> Location: Wilson Hall, WH863 >>>>>>> Phone: +1 (630) 840-6530 >>>>>>> Fax: +1 (630) 840-2783 >>>>>>> Email: parag@fnal.gov >>>>>>> ============================================================= |
||||||||||||||
| # | Fri Oct 03 12:57:20 2008 | roy - Taken | ||
| # | Fri Oct 03 12:57:41 2008 | roy - Cc parag@fnal.gov added | ||
| # | Fri Oct 03 13:00:04 2008 | roy - Correspondence added | [Reply] | |
|
Hi Gabriele-- I've made your request into a ticket. You and Parag are on the ticket--let me know if I should add anyone else. We're busy finalizing a VDT incremental update to be released on Monday. Let me think about this and get back to you early next week (like Tuesday). But the short answer is "I think so". My uncertainty is about exactly what the update will look like, because there are a few things that might go into it simultaneously, to deal with multiple requests. I need to figure out exactly what we'll do. Thanks, -alain ----------------------------------------------------------------- Alain Roy vdt-support@opensciencegrid.org VDT Support http://vdt.cs.wisc.edu/support.html On Fri Oct 03 12:49:31 2008, garzoglio@fnal.gov wrote: > Hi Alain, > I've talked to Adam Lyon today: they are ready now to start testing > SAM-Grid with condor 7 from the new VDT. While there are some tests > that can be done on condor without involving grid-proxy-info, the SAM- > Grid software that integrate condor does rely on grid-proxy-info to > function. So real tests can only be done with a patched version of > globus. > > For DZero this has a high priority at this point. So the time line is > asap... is a couple of weeks a reasonable to have a release? > > Thanks > Gabriele > > Alain Roy wrote: > > Yup, that's true. > http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=4696> > > > I'll also be interested in a timeline for when you need the update. > > > > Thanks, > > -alain > > > > On Oct 1, 2008, at 2:40 PM, Charles Bacon wrote: > >> If you or Parag test it and say it's okay, my bet is that Alain > >> would be happy to apply it. I'm pretty sure we're just going to > >> merge it into globus_4_0_branch and have it show up in the next > >> point release of the toolkit. > >> > >> > >> Charles > >> > >> On Oct 1, 2008, at 11:57 AM, Gabriele Garzoglio wrote: > >> > >>> Are you planning to apply this path to globus in the next release > >>> of VDT? > >>> > >>> Gabriele > >>> > >>> Charles Bacon wrote: > >>>> There's already a patch at > >>>> to search for the BEGIN CERTIFICATE header of a pem certificate. > 1> >>>> > >>>> > >>>> Charles > >>>> > >>>> On Oct 1, 2008, at 9:33 AM, Gabriele Garzoglio wrote: > >>>> > >>>>> mhmm... one needs to be careful getting the format of a file > >>>>> from the extension (a la MS Windows). > >>>>> In this case, certificates can legitimately have any number > >>>>> extension (.0, .1, .2)... > >>>>> > >>>>> Please, keep us appraised as to how fast this issue is estimated > >>>>> to be resolved. In the SAM-Grid, we use these X509 commands all > >>>>> over and, on one hand, this seems a show stopper for us to > >>>>> upgrade to the newer VDT, on the other hand, there are features > >>>>> of new VDT (like condor version) that we would really like to > >>>>> have. > >>>>> > >>>>> Thanks > >>>>> Gabriele > >>>>> > >>>>> Charles Bacon wrote: > >>>>>> Hmm. This behavior appeared in gt4.0.6 as part of a fix for bug > >>>>>> 4696 (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=4696 > >>>>>> [grid-cert-info cannot extract info from .p12 files]) this > >>>>>> block of logic was added to auto-detect the certificate format: > >>>>>> > >>>>>> if test "$certfile" = ""; then > >>>>>> echo "Error: Cannot locate certificate" 1>&2 > >>>>>> exit 1; > >>>>>> elif echo "$certfile" | grep '\.p12' > /dev/null 2>&1 ; then > >>>>>> cert_format=pkcs12 > >>>>>> elif echo "$certfile" | grep '\.pem' > /dev/null 2>&1 ; then > >>>>>> cert_format=x509 > >>>>>> else > >>>>>> echo "Error: certificate file \"$certfile\" is not .pem > >>>>>> or .p12" 1>&2 > >>>>>> exit 1; > >>>>>> fi > >>>>>> > >>>>>> It looks like there should either be an extra stanza reading: > >>>>>> elif echo "$certfile" | grep '\.0' > /dev/null 2>&1 ; then > >>>>>> cert_format=x509 > >>>>>> > >>>>>> or it should default to assuming the certificate is x509 for > >>>>>> backwards compatibility. I'll let the developers know. > >>>>>> > >>>>>> > >>>>>> Charles > >>>>>> > >>>>>> > >>>>>> On Sep 30, 2008, at 5:21 PM, Parag Mhashilkar wrote: > >>>>>> > >>>>>>> I don't think it is a matter of which CA cert I use as an > >>>>>>> option. I get > >>>>>>> same response for doegrids cert as well as other random CA I > >>>>>>> used. > >>>>>>> > >>>>>>> --------- > >>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep > >>>>>>> GlobusYou > >>>>>>> have installed a subset of VDT version 1.8.1a: > >>>>>>> Globus Toolkit, pre web-services, client 4.0.5 > >>>>>>> Globus Toolkit, pre web-services, server 4.0.5 > >>>>>>> [sam@fapl063 ~]$ grid-cert-info > >>>>>>> -file /diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/ > >>>>>>> globus/TRUSTED_CA/1c3f2ca8.0 -subject > >>>>>>> /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA > >>>>>>> > >>>>>>> > >>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep > >>>>>>> GlobusYou > >>>>>>> have installed a subset of VDT version 1.10.1j: > >>>>>>> Globus Toolkit, pre web-services, client 4.0.7 > >>>>>>> Globus Toolkit, pre web-services, server 4.0.7 > >>>>>>> [sam@fapl063 ~]$ grid-cert-info > >>>>>>> -file /diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/ > >>>>>>> globus/TRUSTED_CA/1c3f2ca8.0 -subject > >>>>>>> Error: certificate file > >>>>>>> "/diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/globus/ > >>>>>>> TRUSTED_CA/1c3f2ca8.0" is not .pem or .p12 > >>>>>>> ---------- > >>>>>>> > >>>>>>> CA certs are installed by VDT. I don't think the cert is > >>>>>>> corrupted as I > >>>>>>> can use grid-cert-info from Globus 4.0.5 but not from Globus > >>>>>>> 4.0.7 on > >>>>>>> same cert file. > >>>>>>> > >>>>>>> > >>>>>>> Here is the result from openssl commands > >>>>>>> > >>>>>>> -------- > >>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep > >>>>>>> GlobusYou > >>>>>>> have installed a subset of VDT version 1.8.1a: > >>>>>>> Globus Toolkit, pre web-services, client 4.0.5 > >>>>>>> Globus Toolkit, pre web-services, server 4.0.5 > >>>>>>> [sam@fapl063 ~]$ $GLOBUS_LOCATION/bin/openssl x509 > >>>>>>> -in > >>>>>>> TRUSTED_CA/e1fce4e9.0 -noout -subject > >>>>>>> subject= /DC=gov/DC=fnal/O=Fermilab/OU=Certificate > >>>>>>> Authorities/CN=Kerberized CA > >>>>>>> [sam@fapl063 ~]$ > >>>>>>> > >>>>>>> > >>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep > >>>>>>> GlobusYou > >>>>>>> have installed a subset of VDT version 1.10.1j: > >>>>>>> Globus Toolkit, pre web-services, client 4.0.7 > >>>>>>> Globus Toolkit, pre web-services, server 4.0.7 > >>>>>>> [sam@fapl063 ~]$ $GLOBUS_LOCATION/bin/openssl x509 > >>>>>>> -in > >>>>>>> TRUSTED_CA/e1fce4e9.0 -noout -subject > >>>>>>> subject= /DC=gov/DC=fnal/O=Fermilab/OU=Certificate > >>>>>>> Authorities/CN=Kerberized CA > >>>>>>> [sam@fapl063 ~]$ > >>>>>>> -------- > >>>>>>> > >>>>>>> Some more system info if that helps > >>>>>>> > >>>>>>> ------ > >>>>>>> [sam@fapl063 ~]$ cat /etc/issue > >>>>>>> Scientific Linux Fermi LTS release 4.2 (Wilson) > >>>>>>> Kernel \r on an \m > >>>>>>> > >>>>>>> [sam@fapl063 ~]$ which openssl > >>>>>>> /usr/bin/openssl > >>>>>>> [sam@fapl063 ~]$ openssl version > >>>>>>> OpenSSL 0.9.7a Feb 19 2003 > >>>>>>> [sam@fapl063 ~]$ > >>>>>>> ------ > >>>>>>> > >>>>>>> > >>>>>>> On Tue, 2008-09-30 at 16:49 -0500, Alain Roy wrote: > >>>>>>>> Yeah, what Charles said. We changed how we link against SSL, > >>>>>>>> and that > >>>>>>>> might affect you. > >>>>>>>> > >>>>>>>> I don't have any problem with grid-cert-info, but I have a > >>>>>>>> DOEGrids > >>>>>>>> cert, and it looks like yours is a Fermi KCA cert. Is there > >>>>>>>> something > >>>>>>>> odd about the Fermi KCA cert? > >>>>>>>> > >>>>>>>> Is there anything odd about the e1fce4e9.0 file? Is yours > >>>>>>>> corrupted, > >>>>>>>> by chance? > >>>>>>>> > >>>>>>>> -alain > >>>>>>>> > >>>>>>>> On Sep 30, 2008, at 4:35 PM, Charles Bacon wrote: > >>>>>>>> > >>>>>>>>> I've asked the GSI developers about it, I'll let you know > >>>>>>>>> what I > >>>>>>>>> hear back. > >>>>>>>>> > >>>>>>>>> However, one obvious difference is that VDT 1.10.x uses your > >>>>>>>>> system > >>>>>>>>> openssl instead of the globus-built openssl. For a sanity > >>>>>>>>> check, > >>>>>>>>> can you check the difference between running: > >>>>>>>>> $GLOBUS_LOCATION/bin/openssl -in > >>>>>>>>> prd/ > >>>>>>>>> vdt/v1_10_1_1/Linux/globus/TRUSTED_CA/e1fce4e9.0 -noout - > >>>>>>>>> subject > >>>>>>>>> > >>>>>>>>> for the two globus locations? The 4.0.5-vdt one will use the > >>>>>>>>> globus- > >>>>>>>>> built openssl, and the 4.0.7-vdt one will use a symlink to a > >>>>>>>>> system > >>>>>>>>> openssl. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> Charles > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> On Sep 30, 2008, at 4:16 PM, Parag Mhashilkar wrote: > >>>>>>>>> > >>>>>>>>>> Hi, > >>>>>>>>>> > >>>>>>>>>> Not sure if any one noticed, but there have been changes to > >>>>>>>>>> grid-cert-info command from Globus 4.0.5 to 4.0.7. Does any > >>>>>>>>>> one know > >>>>>>>>>> details about this and similar changes? I am trying to > >>>>>>>>>> figure out > >>>>>>>>>> what > >>>>>>>>>> the changes were and understand how it will be affecting > >>>>>>>>>> the Samgrid > >>>>>>>>>> infrastructure. > >>>>>>>>>> > >>>>>>>>>> ------- > >>>>>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep > >>>>>>>>>> Globus > >>>>>>>>>> You have installed a subset of VDT version 1.8.1a: > >>>>>>>>>> Globus Toolkit, pre web-services, client 4.0.5 > >>>>>>>>>> Globus Toolkit, pre web-services, server 4.0.5 > >>>>>>>>>> [sam@fapl063 ~]$ grid-cert-info > >>>>>>>>>> -file /diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/ > >>>>>>>>>> globus/ > >>>>>>>>>> TRUSTED_CA/e1fce4e9.0 -subject > >>>>>>>>>> /DC=gov/DC=fnal/O=Fermilab/OU=Certificate Authorities/ > >>>>>>>>>> CN=Kerberized > >>>>>>>>>> CA > >>>>>>>>>> [sam@fapl063 ~]$ > >>>>>>>>>> -------- > >>>>>>>>>> [sam@fapl063 ~]$ vdt-version | grep VDT; vdt-version |grep > >>>>>>>>>> Globus > >>>>>>>>>> You have installed a subset of VDT version 1.10.1j: > >>>>>>>>>> Globus Toolkit, pre web-services, client 4.0.7 > >>>>>>>>>> Globus Toolkit, pre web-services, server 4.0.7 > >>>>>>>>>> [sam@fapl063 ~]$ grid-cert-info > >>>>>>>>>> -file /diska/samgrid/products/ups/prd/vdt/v1_10_1_1/Linux/ > >>>>>>>>>> globus/ > >>>>>>>>>> TRUSTED_CA/e1fce4e9.0 -subject > >>>>>>>>>> Error: certificate file > >>>>>>>>>> > >>>>>>>>>> TRUSTED_CA/e1fce4e9.0" is not .pem or .p12 > >>>>>>>>>> -------- > >>>>>>>>>> > >>>>>>>>>> -- > >>>>>>>>>> Thanks & Regards > >>>>>>>>>> > ============================================================= > >>>>>>>>>> Parag Mhashilkar > >>>>>>>>>> Fermi National Accelerator Laboratory, MS 120 > >>>>>>>>>> Wilson & Kirk Road, Batavia, IL - 60510. > >>>>>>>>>> > >>>>>>>>>> Location: Wilson Hall, WH863 > >>>>>>>>>> Phone: +1 (630) 840-6530 > >>>>>>>>>> Fax: +1 (630) 840-2783 > >>>>>>>>>> Email: parag@fnal.gov > >>>>>>>>>> > ============================================================= > >>>>>>> -- > >>>>> >>>>>>> Thanks & Regards > >>>>>>> ============================================================= > >>>>>>> Parag Mhashilkar> >>>>>>> Fermi National Accelerator Laboratory, MS 120 > >>>>>>> Wilson & Kirk Road, Batavia, IL - 60510. > >>>>>>> > >>>>>>> Location: Wilson Hall, WH863 > >>>>>>> Phone: +1 (630) 840-6530 > >>>>>>> Fax: +1 (630) 840-2783 > >>>>>>> Email: parag@fnal.gov > >>>>>>> ============================================================= |
||||
| # | Fri Oct 03 13:00:05 2008 | RT_System - Status changed from 'new' to 'open' | ||
| # | Fri Oct 03 13:05:08 2008 | roy - Priority changed from (no value) to '3' | ||
| # | Fri Oct 03 13:05:09 2008 | roy - Fix scheduled CUR added | ||
| # | Mon Oct 06 19:37:24 2008 | roy - Comments added | [Reply] | |
|
From vdt-discuss: > From: Parag Mhashilkar <parag@fnal.gov> <vdt-discuss@OPENSCIENCEGRID.ORG>> Date: October 6, 2008 5:33:20 PM CDT > To: Gabriele Garzoglio <garzoglio@fnal.gov> > Cc: Alain Roy <roy@cs.wisc.edu>, vdt discuss > Subject: Re: Changes to grid-cert-info in Globus 4.0.5 and Globus 4.0.7? > > Hi Alain, > > I tested the whole process chain after applying the patch from Charles. > It looks ok now. Any idea when this patch to grid-cert-info will be > available in vdt? I do not see the patch in the list > http://vdt.cs.wisc.edu/patches/1.10.1/ |
||||
| # | Mon Oct 20 16:09:49 2008 | roy - Comments added | [Reply] | |||||||
Commit comment: Apply patch to grid-cert-info so that you can pass it .0 files and it won't reject them. This was requested as high-priority by DZero. Because we're applying it from the .pacman file, it's not part of our Globus build and not listed in our patch list. I expect we'll add this to our next Globus rebuild though, and remove this method of applying the patch at that time. Changed files: U vdt/branches/vdt-1.10.1/Globus-Base-Essentials/Globus-Base-Essentials.pacman To generate a diff: svn diff -c 8226 file:///p/vdt/workspace/svn |
||||||||||
| # | Tue Oct 21 12:20:39 2008 | roy - Comments added | [Reply] | |||||||
Commit comment: Test if grid-cert-info works, to ensure bug affecting DZero isn't occuring anymore. Changed files: U vdt/branches/vdt-1.10.1/VDT-Certification-Tests/vdt/tests/tests/globus.t To generate a diff: svn diff -c 8229 file:///p/vdt/workspace/svn |
||||||||||
| # | Fri Oct 24 16:40:32 2008 | roy - Status changed from 'open' to 'resolved' | ||
Time to display: 1.641166
»|« RT 3.8.2 Copyright 1996-2008 Best Practical Solutions, LLC.
