 |
 |
On 10/24/2014 05:10 PM, Dirk Hufnagel wrote: > Hi, > > Just to clarify the timeline > > 1) using 3.3.6 on one of the machines for months > with cert/proxy based authentication, no problems > > 2) got 3 identical machines, same software, same local > user, same cert (copied the cert files) > > 3) Ivan installed xrootd 4.0.4 from scratch on the > new machines and upgraded the existing machine > > 4) xrdcp as mentioned worked on the 3 new machines, > not the old one > > 5) now they all don't work We suspect that the host certificate used by EOS had expired (the certificate got renewed on the machine yesterday, but it seems that xrootd does not pick up the new cert automatically). I have just restarted EOSCMS (still booting, i.e. stalling clients). Perhaps you could redo you test in a few minutes. (please note that at least one of the "zzz" tests from vocms001 mentioned below was using Kerberos authentication, the user "cmst1" does not have permissions to write into /eos/cms/store/unmerged/tier0_harvest/ as herself). Will post something on ITSSB. sorry, jan > Cheers > > Dirk > > On 10/24/2014 5:06 PM, Dirk Hufnagel wrote: >> >> Hi Marian, >> >> No, the same command worked on 3 machines but not on another. >> Same xrootd version, same local user, same certificate to >> authenticate. >> >> This was only a temporary state of affair though, as now it >> fails on all 4 machines with 4.0.4. >> >> [2014-10-24 17:02:44.604930 +0200][Debug ][XRootDTransport ] >> [eoscms.cern.ch:1094 #0.0] Trying to authenticate using gsi >> 141024 17:02:44 750 crypto_X509CreateProxy: Your identity: >> /DC=ch/DC=cern/OU=computers/CN=tier0/vocms15.cern.ch >> [2014-10-24 17:02:44.625317 +0200][Dump ][AsyncSock ] >> [eoscms.cern.ch:1094 #0.0] Wrote a message: (0x18042d60), 136 bytes >> [2014-10-24 17:02:44.652569 +0200][Dump ][XRootDTransport ] [msg: >> 0x18042d60] Expecting 3407 bytes of message body >> [2014-10-24 17:02:44.652591 +0200][Dump ][AsyncSock ] >> [eoscms.cern.ch:1094 #0.0] Received message header, size: 8 >> [2014-10-24 17:02:44.652606 +0200][Dump ][AsyncSock ] >> [eoscms.cern.ch:1094 #0.0] Received a message of 3415 bytes >> [2014-10-24 17:02:44.652616 +0200][Debug ][XRootDTransport ] >> [eoscms.cern.ch:1094 #0.0] Sending more authentication data for gsi >> [2014-10-24 17:02:44.653645 +0200][Debug ][XRootDTransport ] >> [eoscms.cern.ch:1094 #0.0] Auth protocol handler for gsi refuses to give >> us more credentials Secgsi: ErrParseBuffer: certificate chain >> verification failed: :chain is inconsistent: kXGS_cert >> [2014-10-24 17:02:44.653702 +0200][Error ][AsyncSock ] >> [eoscms.cern.ch:1094 #0.0] Socket error while handshaking: [FATAL] Auth >> failed >> [2014-10-24 17:02:44.653716 +0200][Debug ][AsyncSock ] >> [eoscms.cern.ch:1094 #0.0] Closing the socket >> [2014-10-24 17:02:44.653727 +0200][Debug ][Poller ] >> <[::ffff:128.142.152.60]:37595><--><[::ffff:128.142.38.82]:1094> >> Removing socket from the poller >> [2014-10-24 17:02:44.653783 +0200][Error ][PostMaster ] >> [eoscms.cern.ch:1094 #0] Unable to recover: [FATAL] Auth failed. >> >> I've used 3.3.6 on one of the machines for a long time >> before this, never had a problem. >> >> Cheers >> >> Dirk >> >> On 10/24/2014 4:47 PM, Marian Zvada wrote: >>> Hi, >>> >>> I believe this particular thing from developers thread went into 4.0.4. >>> >>> @Lukasz: is this fix present in XrdClCopy.cc in the recent release >>> please? Or can we get patch in case not? Seems like annoying artifact... >>> >>> Btw, is this really your problem Dirk? I think this part is more of >>> interest: >>> >>> Run: [ERROR] Server responded with an error: [3010] Unable to open >>> >>> file /eos/cms/store/unmerged/tier0_harvest/zzz; Operation not >>> >>> permitted >>> >>> You're saying same command line works just fine in 4.0.4 but not in >>> version of client below that? Can you post here exact command line with >>> '-d 2' perhaps? When I tried copy/paste from the thread into terminal >>> where I run v4.0.3. it's weird but obvious: >>> >>> # xrdcp -d 1 zzz >>> root://eoscms.cern.ch//eos/cms/store/unmerged/tier0_harvest/zzz >>> xrdcp: No such file or directory processing zzz >>> >>> Is your xrdcp some alias or wrapper? How come you could execute it on >>> vocms001 getting such output? >>> >>> Thanks, >>> Marian >>> >>> On 10/24/14, 4:50 AM, Dirk Hufnagel wrote: >>>> >>>> The reporter of the bug, Marian ? >>>> >>>> Marian, is there a fixed release yet ? >>>> >>>> Cheers >>>> >>>> Dirk >>>> >>>> On 10/24/2014 11:25 AM, Ivan Glushkov wrote: >>>>> Hi Dirk, >>>>> >>>>> It actually works - at least when I tried exactly the same command >>>>> like yours and then I checked on eos, the file was copied there. The >>>>> xrootd is throwing an error due to this bug found by Marian [1]. The >>>>> only thing I don’t understand is why it shows only on vocms001.. I am >>>>> actually not sure whom should we ask about that.. CERN IT has nothing >>>>> to do with that.. Some xrootd experts? Do you have an idea? >>>>> >>>>> Kind regards, >>>>> Ivan Glushkov >>>>> >>>>> [1] >>>>> https://listserv.slac.stanford.edu/cgi-bin/wa?A2=ind1408&L=XROOTD-DEV&D=0&P=36536 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 23.10.2014, at 22:35, Dirk Hufnagel <[log in to unmask]> wrote: >>>>> >>>>>> >>>>>> Ok, it works on vocms015 and vocms062 and presumably also on >>>>>> vocms047. >>>>>> >>>>>> It does not work on vocms001 >>>>>> >>>>>> cmst1@vocms001:/data/tier0 $ xrdcp -d 1 zzz >>>>>> root://eoscms.cern.ch//eos/cms/store/unmerged/tier0_harvest/zzz >>>>>> [2014-10-23 22:22:22.253218 +0200][Error ][XRootD ] >>>>>> [eoscms.cern.ch:1094] Handling error while processing kXR_stat (path: >>>>>> /eos/cms/store/unmerged/tier0_harvest/zzz, flags: none): [ERROR] >>>>>> Error response. >>>>>> [2014-10-23 22:22:22.255062 +0200][Error ][XRootD ] >>>>>> [eoscms.cern.ch:1094] Handling error while processing kXR_open (file: >>>>>> /eos/cms/store/unmerged/tier0_harvest/zzz?oss.asize=8, mode: 0644, >>>>>> flags: kXR_new kXR_open_updt kXR_async kXR_retstat ): [ERROR] Error >>>>>> response. >>>>>> [0B/0B][100%][==================================================][0B/s] >>>>>> >>>>>> >>>>>> Run: [ERROR] Server responded with an error: [3010] Unable to open >>>>>> file /eos/cms/store/unmerged/tier0_harvest/zzz; Operation not >>>>>> permitted >>>>>> >>>>>> Any idea ? I don't see any difference in the rpm packages >>>>>> installed on the box. >>>>>> >>>>>> Cheers >>>>>> >>>>>> Dirk >>>>>> >>>>>> On 10/23/2014 10:12 PM, Dirk Hufnagel wrote: >>>>>>> >>>>>>> Actually, wait a second, have to check with Luis >>>>>>> why it works for him... >>>>>>> >>>>>>> Dirk >>>>>>> >>>>>>> On 10/23/2014 10:08 PM, Dirk Hufnagel wrote: >>>>>>>> >>>>>>>> Hi Ivan, >>>>>>>> >>>>>>>> The new xrootd client doesn't work with proxy authentication. >>>>>>>> >>>>>>>> Just tried it, same proxy, copying to the same place. 4.0.4 >>>>>>>> throws and 'operation not permitted', 3.3.6 works. >>>>>>>> >>>>>>>> Cheers >>>>>>>> >>>>>>>> Dirk >>>>> > > ######################################################################## > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-L list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1