 |
 |
Hi, Just to clarify the timeline 1) using 3.3.6 on one of the machines for months with cert/proxy based authentication, no problems 2) got 3 identical machines, same software, same local user, same cert (copied the cert files) 3) Ivan installed xrootd 4.0.4 from scratch on the new machines and upgraded the existing machine 4) xrdcp as mentioned worked on the 3 new machines, not the old one 5) now they all don't work Cheers Dirk On 10/24/2014 5:06 PM, Dirk Hufnagel wrote: > > Hi Marian, > > No, the same command worked on 3 machines but not on another. > Same xrootd version, same local user, same certificate to > authenticate. > > This was only a temporary state of affair though, as now it > fails on all 4 machines with 4.0.4. > > [2014-10-24 17:02:44.604930 +0200][Debug ][XRootDTransport ] > [eoscms.cern.ch:1094 #0.0] Trying to authenticate using gsi > 141024 17:02:44 750 crypto_X509CreateProxy: Your identity: > /DC=ch/DC=cern/OU=computers/CN=tier0/vocms15.cern.ch > [2014-10-24 17:02:44.625317 +0200][Dump ][AsyncSock ] > [eoscms.cern.ch:1094 #0.0] Wrote a message: (0x18042d60), 136 bytes > [2014-10-24 17:02:44.652569 +0200][Dump ][XRootDTransport ] [msg: > 0x18042d60] Expecting 3407 bytes of message body > [2014-10-24 17:02:44.652591 +0200][Dump ][AsyncSock ] > [eoscms.cern.ch:1094 #0.0] Received message header, size: 8 > [2014-10-24 17:02:44.652606 +0200][Dump ][AsyncSock ] > [eoscms.cern.ch:1094 #0.0] Received a message of 3415 bytes > [2014-10-24 17:02:44.652616 +0200][Debug ][XRootDTransport ] > [eoscms.cern.ch:1094 #0.0] Sending more authentication data for gsi > [2014-10-24 17:02:44.653645 +0200][Debug ][XRootDTransport ] > [eoscms.cern.ch:1094 #0.0] Auth protocol handler for gsi refuses to give > us more credentials Secgsi: ErrParseBuffer: certificate chain > verification failed: :chain is inconsistent: kXGS_cert > [2014-10-24 17:02:44.653702 +0200][Error ][AsyncSock ] > [eoscms.cern.ch:1094 #0.0] Socket error while handshaking: [FATAL] Auth > failed > [2014-10-24 17:02:44.653716 +0200][Debug ][AsyncSock ] > [eoscms.cern.ch:1094 #0.0] Closing the socket > [2014-10-24 17:02:44.653727 +0200][Debug ][Poller ] > <[::ffff:128.142.152.60]:37595><--><[::ffff:128.142.38.82]:1094> > Removing socket from the poller > [2014-10-24 17:02:44.653783 +0200][Error ][PostMaster ] > [eoscms.cern.ch:1094 #0] Unable to recover: [FATAL] Auth failed. > > I've used 3.3.6 on one of the machines for a long time > before this, never had a problem. > > Cheers > > Dirk > > On 10/24/2014 4:47 PM, Marian Zvada wrote: >> Hi, >> >> I believe this particular thing from developers thread went into 4.0.4. >> >> @Lukasz: is this fix present in XrdClCopy.cc in the recent release >> please? Or can we get patch in case not? Seems like annoying artifact... >> >> Btw, is this really your problem Dirk? I think this part is more of >> interest: >> >>> Run: [ERROR] Server responded with an error: [3010] Unable to open >> >>> file /eos/cms/store/unmerged/tier0_harvest/zzz; Operation not >> >>> permitted >> >> You're saying same command line works just fine in 4.0.4 but not in >> version of client below that? Can you post here exact command line with >> '-d 2' perhaps? When I tried copy/paste from the thread into terminal >> where I run v4.0.3. it's weird but obvious: >> >> # xrdcp -d 1 zzz >> root://eoscms.cern.ch//eos/cms/store/unmerged/tier0_harvest/zzz >> xrdcp: No such file or directory processing zzz >> >> Is your xrdcp some alias or wrapper? How come you could execute it on >> vocms001 getting such output? >> >> Thanks, >> Marian >> >> On 10/24/14, 4:50 AM, Dirk Hufnagel wrote: >>> >>> The reporter of the bug, Marian ? >>> >>> Marian, is there a fixed release yet ? >>> >>> Cheers >>> >>> Dirk >>> >>> On 10/24/2014 11:25 AM, Ivan Glushkov wrote: >>>> Hi Dirk, >>>> >>>> It actually works - at least when I tried exactly the same command >>>> like yours and then I checked on eos, the file was copied there. The >>>> xrootd is throwing an error due to this bug found by Marian [1]. The >>>> only thing I don’t understand is why it shows only on vocms001.. I am >>>> actually not sure whom should we ask about that.. CERN IT has nothing >>>> to do with that.. Some xrootd experts? Do you have an idea? >>>> >>>> Kind regards, >>>> Ivan Glushkov >>>> >>>> [1] >>>> https://listserv.slac.stanford.edu/cgi-bin/wa?A2=ind1408&L=XROOTD-DEV&D=0&P=36536 >>>> >>>> >>>> >>>> >>>> >>>> >>>> On 23.10.2014, at 22:35, Dirk Hufnagel <[log in to unmask]> wrote: >>>> >>>>> >>>>> Ok, it works on vocms015 and vocms062 and presumably also on vocms047. >>>>> >>>>> It does not work on vocms001 >>>>> >>>>> cmst1@vocms001:/data/tier0 $ xrdcp -d 1 zzz >>>>> root://eoscms.cern.ch//eos/cms/store/unmerged/tier0_harvest/zzz >>>>> [2014-10-23 22:22:22.253218 +0200][Error ][XRootD ] >>>>> [eoscms.cern.ch:1094] Handling error while processing kXR_stat (path: >>>>> /eos/cms/store/unmerged/tier0_harvest/zzz, flags: none): [ERROR] >>>>> Error response. >>>>> [2014-10-23 22:22:22.255062 +0200][Error ][XRootD ] >>>>> [eoscms.cern.ch:1094] Handling error while processing kXR_open (file: >>>>> /eos/cms/store/unmerged/tier0_harvest/zzz?oss.asize=8, mode: 0644, >>>>> flags: kXR_new kXR_open_updt kXR_async kXR_retstat ): [ERROR] Error >>>>> response. >>>>> [0B/0B][100%][==================================================][0B/s] >>>>> >>>>> Run: [ERROR] Server responded with an error: [3010] Unable to open >>>>> file /eos/cms/store/unmerged/tier0_harvest/zzz; Operation not >>>>> permitted >>>>> >>>>> Any idea ? I don't see any difference in the rpm packages >>>>> installed on the box. >>>>> >>>>> Cheers >>>>> >>>>> Dirk >>>>> >>>>> On 10/23/2014 10:12 PM, Dirk Hufnagel wrote: >>>>>> >>>>>> Actually, wait a second, have to check with Luis >>>>>> why it works for him... >>>>>> >>>>>> Dirk >>>>>> >>>>>> On 10/23/2014 10:08 PM, Dirk Hufnagel wrote: >>>>>>> >>>>>>> Hi Ivan, >>>>>>> >>>>>>> The new xrootd client doesn't work with proxy authentication. >>>>>>> >>>>>>> Just tried it, same proxy, copying to the same place. 4.0.4 >>>>>>> throws and 'operation not permitted', 3.3.6 works. >>>>>>> >>>>>>> Cheers >>>>>>> >>>>>>> Dirk >>>> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1